Forbidding a bind mount due to a locked child on a permanently
empty directory provides no security benefit since the
directory cannot contain any contents which have been overmounted
for security reasons.
Cc: stable@xxxxxxxxxxxxxxx # v4.1+
Signed-off-by: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
---
fs/namespace.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/fs/namespace.c b/fs/namespace.c
index 4fb1691b4355..930f5557b1d1 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -2065,6 +2065,8 @@ static bool has_locked_children(struct mount *mnt, struct dentry *dentry)
list_for_each_entry(child, &mnt->mnt_mounts, mnt_child) {
if (!is_subdir(child->mnt_mountpoint, dentry))
continue;
+ if (is_empty_dir_inode(child->mnt_mountpoint->d_inode))
+ continue;
if (child->mnt.mnt_flags & MNT_LOCKED)
return true;
--
1.9.1
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
