[GIT PULL] userns: proc and sysfs mount fix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Linus,

Please pull the for-linus branch from the git tree:

   git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git for-linus

   HEAD: 7e96c1b0e0f495c5a7450dc4aa7c9a24ba4305bd mnt: Fix fs_fully_visible to verify the root directory is visible

Eric Windish recently reported a really bug that allows mounting fresh
copies of proc and sysfs when it really should not be allowed.  The code
attempted to verify that proc and sysfs were fully visible but there is
a test missing to ensure that the root of the filesystem is visible.
Doh!

The following patch fixes that.

This fixes a containment issue that the docker folks are seeing.

I see one or two more issues that I would like to correct in the check
for mounting proc and sysfs but those look like they have a non-trivial
chance of breaking working user space so they are going to need more
review and testing before I send them your way.

commit 7e96c1b0e0f495c5a7450dc4aa7c9a24ba4305bd
Author: Eric W. Biederman <ebiederm@xxxxxxxxxxxx>
Date:   Fri May 8 16:36:50 2015 -0500

    mnt: Fix fs_fully_visible to verify the root directory is visible
    
    This fixes a dumb bug in fs_fully_visible that allows proc or sys to
    be mounted if there is a bind mount of part of /proc/ or /sys/ visible.
    
    Cc: stable@xxxxxxxxxxxxxxx
    Reported-by: Eric Windisch <ewindisch@xxxxxxxxxx>
    Signed-off-by: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>
---
 fs/namespace.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/fs/namespace.c b/fs/namespace.c
index 1f4f9dac6e5a..1b9e11167bae 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -3179,6 +3179,12 @@ bool fs_fully_visible(struct file_system_type *type)
                if (mnt->mnt.mnt_sb->s_type != type)
                        continue;
 
+               /* This mount is not fully visible if it's root directory
+                * is not the root directory of the filesystem.
+                */
+               if (mnt->mnt.mnt_root != mnt->mnt.mnt_sb->s_root)
+                       continue;
+
                /* This mount is not fully visible if there are any child mounts
                 * that cover anything except for empty directories.
                 */
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]
  Powered by Linux