On Tue, 2025-03-18 at 12:29 -0400, trondmy@xxxxxxxxxx wrote:
> From: Trond Myklebust <trond.myklebust@xxxxxxxxxxxxxxx>
>
> Loosen the permission check on forced umount to allow users holding
> CAP_SYS_ADMIN privileges in namespaces that are privileged with respect
> to the userns that originally mounted the filesystem.
>
> Signed-off-by: Trond Myklebust <trond.myklebust@xxxxxxxxxxxxxxx>
> ---
> fs/namespace.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/fs/namespace.c b/fs/namespace.c
> index 8f1000f9f3df..d401486fe95d 100644
> --- a/fs/namespace.c
> +++ b/fs/namespace.c
> @@ -2026,6 +2026,7 @@ static void warn_mandlock(void)
> static int can_umount(const struct path *path, int flags)
> {
> struct mount *mnt = real_mount(path->mnt);
> + struct super_block *sb = path->dentry->d_sb;
>
> if (!may_mount())
> return -EPERM;
> @@ -2035,7 +2036,7 @@ static int can_umount(const struct path *path, int flags)
> return -EINVAL;
> if (mnt->mnt.mnt_flags & MNT_LOCKED) /* Check optimistically */
> return -EINVAL;
> - if (flags & MNT_FORCE && !capable(CAP_SYS_ADMIN))
> + if (flags & MNT_FORCE && !ns_capable(sb->s_user_ns, CAP_SYS_ADMIN))
> return -EPERM;
> return 0;
> }
Reviewed-by: Jeff Layton <jlayton@xxxxxxxxxx>
