Quoting Seth Forshee (seth.forshee@xxxxxxxxxxxxx):
> Forbidding a bind mount due to a locked child on a permanently
> empty directory provides no security benefit since the
> directory cannot contain any contents which have been overmounted
> for security reasons.
>
> Cc: stable@xxxxxxxxxxxxxxx # v4.1+
> Signed-off-by: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
Acked-by: Serge Hallyn <serge.hallyn@xxxxxxxxxxxxx>
> ---
> fs/namespace.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/fs/namespace.c b/fs/namespace.c
> index 4fb1691b4355..930f5557b1d1 100644
> --- a/fs/namespace.c
> +++ b/fs/namespace.c
> @@ -2065,6 +2065,8 @@ static bool has_locked_children(struct mount *mnt, struct dentry *dentry)
> list_for_each_entry(child, &mnt->mnt_mounts, mnt_child) {
> if (!is_subdir(child->mnt_mountpoint, dentry))
> continue;
> + if (is_empty_dir_inode(child->mnt_mountpoint->d_inode))
> + continue;
>
> if (child->mnt.mnt_flags & MNT_LOCKED)
> return true;
> --
> 1.9.1
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
