Hi Eric, Here's an update to the last round of patches for mounts in user namespaces. The only change since last time is to split up the patch to verify access towards block devices when mounting into several patches, one to update lookup_bdev and one patch each for the call sites which require updates. Thanks, Seth Andy Lutomirski (1): fs: Treat foreign mounts as nosuid Seth Forshee (6): block_dev: Support checking inode permissions in lookup_bdev() block_dev: Check permissions towards block device inode when mounting mtd: Check permissions towards mtd block device inode when mounting selinux: Add support for unprivileged mounts from user namespaces userns: Replace in_userns with current_in_userns Smack: Handle labels consistently in untrusted mounts drivers/md/bcache/super.c | 2 +- drivers/md/dm-table.c | 2 +- drivers/mtd/mtdsuper.c | 6 +++++- fs/block_dev.c | 18 +++++++++++++++--- fs/exec.c | 2 +- fs/namespace.c | 13 +++++++++++++ fs/quota/quota.c | 2 +- include/linux/fs.h | 2 +- include/linux/mount.h | 1 + include/linux/user_namespace.h | 6 ++---- kernel/user_namespace.c | 6 +++--- security/commoncap.c | 4 ++-- security/selinux/hooks.c | 25 ++++++++++++++++++++++++- security/smack/smack_lsm.c | 28 ++++++++++++++++++---------- 14 files changed, 88 insertions(+), 29 deletions(-) _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
