On Mon, Jun 20, 2016 at 12:21:28PM -0500, Eric W. Biederman wrote: > Verify all filesystems that we check in mount_too_revealing set > SB_I_NOEXEC and SB_I_NODEV in sb->s_iflags. That is true for today > and it should remain true in the future. > > Remove the now unnecessary checks from mnt_already_visibile that > ensure MNT_LOCK_NOSUID, MNT_LOCK_NOEXEC, and MNT_LOCK_NODEV are > preserved. Making the code shorter and easier to read. > > Relying on SB_I_NOEXEC and SB_I_NODEV instead of the user visible > MNT_NOSUID, MNT_NOEXEC, and MNT_NODEV ensures the many current > systems where proc and sysfs are mounted with "nosuid, nodev, noexec" > and several slightly buggy container applications don't bother to > set those flags continue to work. > > Signed-off-by: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx> Acked-by: Seth Forshee <seth.forshee@xxxxxxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
