On Mon, Jan 04, 2016 at 12:03:56PM -0600, Seth Forshee wrote: > Unprivileged users are normally restricted from mounting with the > allow_other option by system policy, but this could be bypassed > for a mount done with user namespace root permissions. In such > cases allow_other should not allow users outside the userns > to access the mount as doing so would give the unprivileged user > the ability to manipulate processes it would otherwise be unable > to manipulate. Restrict allow_other to apply to users in the same > userns used at mount or a descendant of that namespace. > > Signed-off-by: Seth Forshee <seth.forshee@xxxxxxxxxxxxx> > Acked-by: Serge Hallyn <serge.hallyn@xxxxxxxxxxxxx> Acked-by: Miklos Szeredi <mszeredi@xxxxxxxxxx> > --- > fs/fuse/dir.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c > index 8fd9fe4dcd43..24e4cdb554f1 100644 > --- a/fs/fuse/dir.c > +++ b/fs/fuse/dir.c > @@ -1015,7 +1015,7 @@ int fuse_allow_current_process(struct fuse_conn *fc) > const struct cred *cred; > > if (fc->flags & FUSE_ALLOW_OTHER) > - return 1; > + return current_in_userns(fc->user_ns); > > cred = current_cred(); > if (uid_eq(cred->euid, fc->user_id) && > -- > 1.9.1 > -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
