diff options
| author | Eric W. Biederman <ebiederm@xmission.com> | 2016-07-23 11:20:44 -0500 |
|---|---|---|
| committer | Bruno Martins <bgcngm@gmail.com> | 2022-10-28 15:39:29 +0100 |
| commit | 7903280ee07aa58074ba6ec9ef4e55c25e86bfea (patch) | |
| tree | a1b2adabe051793fec2bb396cdfda875a1ef91de | |
| parent | b87fb50ff1cd523e48681d3f0715619d90150b6f (diff) | |
fs: Call d_automount with the filesystems creds
Seth Forshee reported a mount regression in nfs autmounts
with "fs: Add user namespace member to struct super_block".
It turns out that the assumption that current->cred is something
reasonable during mount while necessary to improve support of
unprivileged mounts is wrong in the automount path.
To fix the existing filesystems override current->cred with the
init_cred before calling d_automount and restore current->cred after
d_automount completes.
To support unprivileged mounts would require a more nuanced cred
selection, so fail on unprivileged mounts for the time being. As none
of the filesystems that currently set FS_USERNS_MOUNT implement
d_automount this check is only good for preventing future problems.
Fixes: 6e4eab577a0c ("fs: Add user namespace member to struct super_block")
Tested-by: Seth Forshee <seth.forshee@canonical.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Change-Id: I972485e9da3f2883e4ec9b38da3374e0993b1af6
| -rw-r--r-- | fs/namei.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/fs/namei.c b/fs/namei.c index fe1612ac009d..6614fc381ee7 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -35,6 +35,7 @@ #include <linux/fs_struct.h> #include <linux/posix_acl.h> #include <linux/hash.h> +#include <linux/init_task.h> #include <asm/uaccess.h> #include "internal.h" @@ -1229,6 +1230,7 @@ static int follow_automount(struct path *path, struct nameidata *nd, bool *need_mntput) { struct vfsmount *mnt; + const struct cred *old_cred; int err; if (!path->dentry->d_op || !path->dentry->d_op->d_automount) @@ -1250,11 +1252,16 @@ static int follow_automount(struct path *path, struct nameidata *nd, path->dentry->d_inode) return -EISDIR; + if (path->dentry->d_sb->s_user_ns != &init_user_ns) + return -EACCES; + nd->total_link_count++; if (nd->total_link_count >= 40) return -ELOOP; + old_cred = override_creds(&init_cred); mnt = path->dentry->d_op->d_automount(path); + revert_creds(old_cred); if (IS_ERR(mnt)) { /* * The filesystem is allowed to return -EISDIR here to indicate |