Re: [PATCH v10 bpf-next 03/17] bpf: introduce BPF token object

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> +	if (path.mnt->mnt_root != path.dentry) {

You want to verify that you can only create tokens from the root of the
bpffs mount. So for

  sudo mount -t bpf bpf /mnt

you want bpf tokens to be creatable from:

  fd = open("/mnt")

or from bind-mounts of the fs root:

  sudo mount --bind /mnt /srv
  fd = open("/srv")

but not from

  sudo mount --bind /mnt/foo /opt
  fd = open("/opt")

But I think your current check allows for that because if you bind-mount
/mnt/foo to /opt then fd = open("/opt")

  path.mnt->mnt_root == foo and path.dentry == foo

I think

path.dentry != path.mnt->mnt_sb->s_root

should give you what you want.
[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [NTFS 3]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [NTFS 3]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux