Jann Horn <jannh@xxxxxxxxxx> writes:
> diff --git a/fs/orangefs/devorangefs-req.c b/fs/orangefs/devorangefs-req.c
> index db170be..a287a66 100644
> --- a/fs/orangefs/devorangefs-req.c
> +++ b/fs/orangefs/devorangefs-req.c
> @@ -116,6 +116,13 @@ static int orangefs_devreq_open(struct inode *inode, struct file *file)
> {
> int ret = -EINVAL;
>
> + /* in order to ensure that the filesystem driver sees correct UIDs */
> + if (file->f_cred->user_ns != &init_user_ns) {
> + gossip_err("%s: device cannot be opened outside init_user_ns\n",
> + __func__);
> + goto out;
> + }
> +
Not necessarily in this patch but the code should also verify that the
opener is also in the initial pid namespace as pids are transferred in
the upcalls as well.
> if (!(file->f_flags & O_NONBLOCK)) {
> gossip_err("%s: device cannot be opened in blocking mode\n",
> __func__);
Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
