This is a note to let you know that I've just added the patch titled
vfs: Fix a regression in mounting proc
to the 3.12-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
vfs-fix-a-regression-in-mounting-proc.patch
and it can be found in the queue-3.12 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 41301ae78a99ead04ea42672a1ab72c6f44cc81d Mon Sep 17 00:00:00 2001
From: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>
Date: Thu, 14 Nov 2013 21:22:25 -0800
Subject: vfs: Fix a regression in mounting proc
From: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>
commit 41301ae78a99ead04ea42672a1ab72c6f44cc81d upstream.
Gao feng <gaofeng@xxxxxxxxxxxxxx> reported that commit
e51db73532955dc5eaba4235e62b74b460709d5b
userns: Better restrictions on when proc and sysfs can be mounted
caused a regression on mounting a new instance of proc in a mount
namespace created with user namespace privileges, when binfmt_misc
is mounted on /proc/sys/fs/binfmt_misc.
This is an unintended regression caused by the absolutely bogus empty
directory check in fs_fully_visible. The check fs_fully_visible replaced
didn't even bother to attempt to verify proc was fully visible and
hiding proc files with any kind of mount is rare. So for now fix
the userspace regression by allowing directory with nlink == 1
as /proc/sys/fs/binfmt_misc has.
I will have a better patch but it is not stable material, or
last minute kernel material. So it will have to wait.
Acked-by: Serge Hallyn <serge.hallyn@xxxxxxxxxxxxx>
Acked-by: Gao feng <gaofeng@xxxxxxxxxxxxxx>
Tested-by: Gao feng <gaofeng@xxxxxxxxxxxxxx>
Signed-off-by: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
fs/namespace.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -2888,7 +2888,7 @@ bool fs_fully_visible(struct file_system
struct inode *inode = child->mnt_mountpoint->d_inode;
if (!S_ISDIR(inode->i_mode))
goto next;
- if (inode->i_nlink != 2)
+ if (inode->i_nlink > 2)
goto next;
}
visible = true;
Patches currently in stable-queue which might be from ebiederm@xxxxxxxxxxxx are
queue-3.12/fork-allow-clone_parent-after-setns-clone_newpid.patch
queue-3.12/vfs-in-d_path-don-t-call-d_dname-on-a-mount-point.patch
queue-3.12/vfs-fix-a-regression-in-mounting-proc.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html