On Thu, Oct 01, 2015 at 10:40:08AM -0500, Eric W. Biederman wrote: > Seth Forshee <seth.forshee@xxxxxxxxxxxxx> writes: > > > When mounting a filesystem on a block device there is currently > > no verification that the user has appropriate access to the > > device file passed to mount. This has not been an issue so far > > since the user in question has always been root, but this must > > be changed before allowing unprivileged users to mount in user > > namespaces. > > > > To fix this, add an argument to lookup_bdev() to specify the > > required permissions. If the mask of permissions is zero, or > > if the user has CAP_SYS_ADMIN, the permission check is skipped, > > otherwise the lookup fails if the user does not have the > > specified access rights for the inode at the supplied path. > > > > Callers associated with mounting are updated to pass permission > > masks to lookup_bdev() so that these mounts will fail for an > > unprivileged user who lacks permissions for the block device > > inode. All other callers pass 0 to maintain their current > > behaviors. > > > > Seth can you split this patch? > > One patch to add an argument to lookup_bdev, > and then for each kind of callsite a follow-on patch (if we are ready > for that). > > That will separate the logical changes and make things easier to track > via bisect and more importantly easier to review things. Sure, I'll do that. Seth -- dm-devel mailing list dm-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/dm-devel
