From mboxrd@z Thu Jan 1 00:00:00 1970 From: Al Viro Subject: Re: [PATCH 4/4] Allow unprivileged chroot when safe Date: Mon, 16 Jan 2012 20:06:18 +0000 Message-ID: <20120116200618.GN23916@ZenIV.linux.org.uk> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: Casey Schaufler , Linus Torvalds , Jamie Lokier , Will Drewry , linux-kernel@vger.kernel.org, keescook@chromium.org, john.johansen@canonical.com, serge.hallyn@canonical.com, coreyb@linux.vnet.ibm.com, pmoore@redhat.com, eparis@redhat.com, djm@mindrot.org, segoon@openwall.com, rostedt@goodmis.org, jmorris@namei.org, scarybeasts@gmail.com, avi@redhat.com, penberg@cs.helsinki.fi, mingo@elte.hu, akpm@linux-foundation.org, khilman@ti.com, borislav.petkov@amd.com, amwang@redhat.com, oleg@redhat.com, ak@linux.intel.com, eric.dumazet@gmail.com, gregkh@suse.de, dhowells@redhat.com, daniel.lezcano@free.fr, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, olofj@chromium.org, mhalcrow@google.com, dlaor@redhat.com, corbet@lwn.net, alan@lxorguk.ukuu.org.uk To: Andy Lutomirski Return-path: Content-Disposition: inline In-Reply-To: Sender: linux-security-module-owner@vger.kernel.org List-Id: linux-fsdevel.vger.kernel.org On Sun, Jan 15, 2012 at 04:37:21PM -0800, Andy Lutomirski wrote: > + is_chrooted = (fs->root.mnt->mnt_mountpoint != > + fs->root.mnt->mnt_parent->mnt_root || > + fs->root.dentry != fs->root.mnt->mnt_root); Folks, is it _that_ hard to at least try to compile your patches? Hint: this one will *not*. That sad detail aside, this test would have been a pile of garbage even on the kernels that used to have mnt_mountpoint in struct vfsmount. What *are* you trying to test here? The last part at least does make some sense - it's "process root happens to be the root of some vfsmount". The first part, though, makes no sense whatsoever; it's "... and that vfsmount is mounted on top of root of some other vfsmount". Grr... NAKed, with extreme prejudice.