From: Serge Hallyn <serue at us.ibm.com>
Subject: [RFC] [PATCH 2/3] user ns: hook permission
Hook permission to check vfsmnt->user_ns against current.
Signed-off-by: Serge E. Hallyn <serue at us.ibm.com>
---
fs/namei.c | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/fs/namei.c b/fs/namei.c
index dc4ff80..edf7c16 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -246,6 +246,8 @@ int permission(struct inode *inode, int
return -EACCES;
}
+ if (nd && !task_mnt_same_uid(current, nd->mnt))
+ return -EACCES;
/*
* MAY_EXEC on regular files requires special handling: We override
@@ -433,6 +435,8 @@ static int exec_permission_lite(struct i
{
umode_t mode = inode->i_mode;
+ if (!task_mnt_same_uid(current, nd->mnt))
+ return -EACCES;
if (inode->i_op && inode->i_op->permission)
return -EAGAIN;
--
1.4.1
