[PATCH] mount.2: Add EINVAL error condition when MS_BINDing MNT

linux-man.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] mount.2: Add EINVAL error condition when MS_BINDing MNT_LOCKED submounts
@ 2017-11-27 22:44 Keno Fischer
       [not found] ` <20171127224417.GA5122-9DCaDmOhoh+8M3too/+dENBPR1lH4CV8@public.gmane.org>
  0 siblings, 1 reply; 4+ messages in thread
From: Keno Fischer @ 2017-11-27 22:44 UTC (permalink / raw)
  To: mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w; +Cc: linux-man-u79uwXL29TY76Z2rM5mHXA

When the user creates an unpriviledged mount namespace, the linux
kernel sets the MNT_LOCKED flag [1] on any submounts to prevent
such mounts from being unmounted inside the mount namespace. Such
an unmount would reveal the filesystem tree behind the mount, which
is not otherwise possible from an unpriviledge vantage point.

Attempting to unmount such a mount will fail with EINVAL. However,
less obvious implication is that attempting a bind mount without
MS_REC, where the tree being bound contains locked sub-mounts,
will also fail with EINVAL, because, without MS_REC, such submounts
are effectively being unmounted.

Cursory googling shows several instances of people running into this
problem, so I felt it advantageous to have it documented in the man
page.

[1] https://github.com/torvalds/linux/blob/4fbd8d194f06c8a3fd2af1ce560ddb31f7ec8323/fs/namespace.c#L1110-L1113
---
 man2/mount.2 | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/man2/mount.2 b/man2/mount.2
index 87cb1a9..8d2a347 100644
--- a/man2/mount.2
+++ b/man2/mount.2
@@ -650,6 +650,14 @@ or
 .BR EINVAL
 An attempt was made to bind mount an unbindable mount.
 .TP
+.BR EINVAL
+In an unpriviledged mount namespace, a bind operation
+.RB ( MS_BIND )
+was attempted without specifying
+.RB ( MS_REC ),
+which would have revealed the filesytem tree underneath one of
+the submounts of the directory being bound.
+.TP
 .B ELOOP
 Too many links encountered during pathname resolution.
 .TP
-- 
2.8.1

--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH] mount.2: Add EINVAL error condition when MS_BINDing MNT_LOCKED submounts
       [not found] ` <20171127224417.GA5122-9DCaDmOhoh+8M3too/+dENBPR1lH4CV8@public.gmane.org>
@ 2017-12-04 19:55   ` Michael Kerrisk (man-pages)
       [not found]     ` <b35b0de4-ef4c-702e-b2d0-a78608fe745b-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
  0 siblings, 1 reply; 4+ messages in thread
From: Michael Kerrisk (man-pages) @ 2017-12-04 19:55 UTC (permalink / raw)
  To: Keno Fischer
  Cc: mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w,
	linux-man-u79uwXL29TY76Z2rM5mHXA

Hello Keno,

Question below....

On 11/27/2017 11:44 PM, Keno Fischer wrote:
> When the user creates an unpriviledged mount namespace, the linux
> kernel sets the MNT_LOCKED flag [1] on any submounts to prevent
> such mounts from being unmounted inside the mount namespace. Such
> an unmount would reveal the filesystem tree behind the mount, which
> is not otherwise possible from an unpriviledge vantage point.
> 
> Attempting to unmount such a mount will fail with EINVAL. However,
> less obvious implication is that attempting a bind mount without
> MS_REC, where the tree being bound contains locked sub-mounts,
> will also fail with EINVAL, because, without MS_REC, such submounts
> are effectively being unmounted.
> 
> Cursory googling shows several instances of people running into this
> problem, so I felt it advantageous to have it documented in the man
> page.
> 
> [1] https://github.com/torvalds/linux/blob/4fbd8d194f06c8a3fd2af1ce560ddb31f7ec8323/fs/namespace.c#L1110-L1113
> ---
>  man2/mount.2 | 8 ++++++++
>  1 file changed, 8 insertions(+)
> 
> diff --git a/man2/mount.2 b/man2/mount.2
> index 87cb1a9..8d2a347 100644
> --- a/man2/mount.2
> +++ b/man2/mount.2
> @@ -650,6 +650,14 @@ or
>  .BR EINVAL
>  An attempt was made to bind mount an unbindable mount.
>  .TP
> +.BR EINVAL
> +In an unpriviledged mount namespace, a bind operation

What is meant by "an unprivileged mount namespace"?

Thanks,

Michael

> +.RB ( MS_BIND )
> +was attempted without specifying
> +.RB ( MS_REC ),
> +which would have revealed the filesytem tree underneath one of
> +the submounts of the directory being bound.
> +.TP
>  .B ELOOP
>  Too many links encountered during pathname resolution.
>  .TP
> 


-- 
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] mount.2: Add EINVAL error condition when MS_BINDing MNT_LOCKED submounts
       [not found]     ` <b35b0de4-ef4c-702e-b2d0-a78608fe745b-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
@ 2017-12-04 20:01       ` Keno Fischer
  2017-12-19 13:53         ` Michael Kerrisk (man-pages)
  0 siblings, 1 reply; 4+ messages in thread
From: Keno Fischer @ 2017-12-04 20:01 UTC (permalink / raw)
  To: Michael Kerrisk (man-pages); +Cc: linux-man-u79uwXL29TY76Z2rM5mHXA

On Mon, Dec 4, 2017 at 2:55 PM, Michael Kerrisk (man-pages)
<mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> Hello Keno,
>
> Question below....
>
>> diff --git a/man2/mount.2 b/man2/mount.2
>> index 87cb1a9..8d2a347 100644
>> --- a/man2/mount.2
>> +++ b/man2/mount.2
>> @@ -650,6 +650,14 @@ or
>>  .BR EINVAL
>>  An attempt was made to bind mount an unbindable mount.
>>  .TP
>> +.BR EINVAL
>> +In an unpriviledged mount namespace, a bind operation
>
> What is meant by "an unprivileged mount namespace"?

Hi Michael,

I believe the only way to create an unprivileged mount namespace is to
do so from a user namespace
created by an unprivileged user (that's how I ran into it).

Thanks,
Keno
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] mount.2: Add EINVAL error condition when MS_BINDing MNT_LOCKED submounts
  2017-12-04 20:01       ` Keno Fischer
@ 2017-12-19 13:53         ` Michael Kerrisk (man-pages)
  0 siblings, 0 replies; 4+ messages in thread
From: Michael Kerrisk (man-pages) @ 2017-12-19 13:53 UTC (permalink / raw)
  To: Keno Fischer
  Cc: mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w,
	linux-man-u79uwXL29TY76Z2rM5mHXA

Hello Keno,

On 12/04/2017 09:01 PM, Keno Fischer wrote:
> On Mon, Dec 4, 2017 at 2:55 PM, Michael Kerrisk (man-pages)
> <mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>> Hello Keno,
>>
>> Question below....
>>
>>> diff --git a/man2/mount.2 b/man2/mount.2
>>> index 87cb1a9..8d2a347 100644
>>> --- a/man2/mount.2
>>> +++ b/man2/mount.2
>>> @@ -650,6 +650,14 @@ or
>>>  .BR EINVAL
>>>  An attempt was made to bind mount an unbindable mount.
>>>  .TP
>>> +.BR EINVAL
>>> +In an unpriviledged mount namespace, a bind operation
>>
>> What is meant by "an unprivileged mount namespace"?
> 
> Hi Michael,
> 
> I believe the only way to create an unprivileged mount namespace is to
> do so from a user namespace
> created by an unprivileged user (that's how I ran into it).

Thanks. I applied your patch, and added some words to clarify 
the term "unprivileged mount namespace": 

    (i.e., a mount namespace owned by a user namespace
    that was created by a unprivileged user)

Cheers,

Michael


-- 
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2017-12-19 13:53 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-11-27 22:44 [PATCH] mount.2: Add EINVAL error condition when MS_BINDing MNT_LOCKED submounts Keno Fischer
     [not found] ` <20171127224417.GA5122-9DCaDmOhoh+8M3too/+dENBPR1lH4CV8@public.gmane.org>
2017-12-04 19:55   ` Michael Kerrisk (man-pages)
     [not found]     ` <b35b0de4-ef4c-702e-b2d0-a78608fe745b-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-12-04 20:01       ` Keno Fischer
2017-12-19 13:53         ` Michael Kerrisk (man-pages)

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).