[PATCH] umount: Allow superblock owners to force umount

Linux NFS development
 help / color / mirror / Atom feed

* [PATCH] umount: Allow superblock owners to force umount
@ 2025-03-18 16:29 trondmy
  2025-03-18 20:12 ` Eric W. Biederman
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: trondmy @ 2025-03-18 16:29 UTC (permalink / raw)
  To: Christian Brauner
  Cc: Alexander Viro, Jan Kara, Eric W . Biederman, linux-fsdevel,
	linux-nfs

From: Trond Myklebust <trond.myklebust@hammerspace.com>

Loosen the permission check on forced umount to allow users holding
CAP_SYS_ADMIN privileges in namespaces that are privileged with respect
to the userns that originally mounted the filesystem.

Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
---
 fs/namespace.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/fs/namespace.c b/fs/namespace.c
index 8f1000f9f3df..d401486fe95d 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -2026,6 +2026,7 @@ static void warn_mandlock(void)
 static int can_umount(const struct path *path, int flags)
 {
 	struct mount *mnt = real_mount(path->mnt);
+	struct super_block *sb = path->dentry->d_sb;
 
 	if (!may_mount())
 		return -EPERM;
@@ -2035,7 +2036,7 @@ static int can_umount(const struct path *path, int flags)
 		return -EINVAL;
 	if (mnt->mnt.mnt_flags & MNT_LOCKED) /* Check optimistically */
 		return -EINVAL;
-	if (flags & MNT_FORCE && !capable(CAP_SYS_ADMIN))
+	if (flags & MNT_FORCE && !ns_capable(sb->s_user_ns, CAP_SYS_ADMIN))
 		return -EPERM;
 	return 0;
 }
-- 
2.48.1


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH] umount: Allow superblock owners to force umount
  2025-03-18 16:29 [PATCH] umount: Allow superblock owners to force umount trondmy
@ 2025-03-18 20:12 ` Eric W. Biederman
  2025-03-19  8:19 ` Christian Brauner
  2025-03-19 21:53 ` Jeff Layton
  2 siblings, 0 replies; 4+ messages in thread
From: Eric W. Biederman @ 2025-03-18 20:12 UTC (permalink / raw)
  To: trondmy
  Cc: Christian Brauner, Alexander Viro, Jan Kara, linux-fsdevel,
	linux-nfs

trondmy@kernel.org writes:

> From: Trond Myklebust <trond.myklebust@hammerspace.com>
>
> Loosen the permission check on forced umount to allow users holding
> CAP_SYS_ADMIN privileges in namespaces that are privileged with respect
> to the userns that originally mounted the filesystem.

Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>

Semantically this seems reasonable.  I think forced umounts just got
overlooked when I was relaxing the other permission checks, to allow
things if you own the superblock.

The code has already checked you have permissions on the current mount
namespace.  Which was my immediate concern looking at the code.

Eric

> Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
> ---
>  fs/namespace.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/fs/namespace.c b/fs/namespace.c
> index 8f1000f9f3df..d401486fe95d 100644
> --- a/fs/namespace.c
> +++ b/fs/namespace.c
> @@ -2026,6 +2026,7 @@ static void warn_mandlock(void)
>  static int can_umount(const struct path *path, int flags)
>  {
>  	struct mount *mnt = real_mount(path->mnt);
> +	struct super_block *sb = path->dentry->d_sb;
>  
>  	if (!may_mount())
>  		return -EPERM;
> @@ -2035,7 +2036,7 @@ static int can_umount(const struct path *path, int flags)
>  		return -EINVAL;
>  	if (mnt->mnt.mnt_flags & MNT_LOCKED) /* Check optimistically */
>  		return -EINVAL;
> -	if (flags & MNT_FORCE && !capable(CAP_SYS_ADMIN))
> +	if (flags & MNT_FORCE && !ns_capable(sb->s_user_ns, CAP_SYS_ADMIN))
>  		return -EPERM;
>  	return 0;
>  }

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] umount: Allow superblock owners to force umount
  2025-03-18 16:29 [PATCH] umount: Allow superblock owners to force umount trondmy
  2025-03-18 20:12 ` Eric W. Biederman
@ 2025-03-19  8:19 ` Christian Brauner
  2025-03-19 21:53 ` Jeff Layton
  2 siblings, 0 replies; 4+ messages in thread
From: Christian Brauner @ 2025-03-19  8:19 UTC (permalink / raw)
  To: trondmy
  Cc: Christian Brauner, Alexander Viro, Jan Kara, Eric W . Biederman,
	linux-fsdevel, linux-nfs

On Tue, 18 Mar 2025 12:29:21 -0400, trondmy@kernel.org wrote:
> Loosen the permission check on forced umount to allow users holding
> CAP_SYS_ADMIN privileges in namespaces that are privileged with respect
> to the userns that originally mounted the filesystem.
> 
> 

Sensible.

---

Applied to the vfs-6.15.mount branch of the vfs/vfs.git tree.
Patches in the vfs-6.15.mount branch should appear in linux-next soon.

Please report any outstanding bugs that were missed during review in a
new review to the original patch series allowing us to drop it.

It's encouraged to provide Acked-bys and Reviewed-bys even though the
patch has now been applied. If possible patch trailers will be updated.

Note that commit hashes shown below are subject to change due to rebase,
trailer updates or similar. If in doubt, please check the listed branch.

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs.git
branch: vfs-6.15.mount

[1/1] umount: Allow superblock owners to force umount
      https://git.kernel.org/vfs/vfs/c/e1ff7aa34dec

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] umount: Allow superblock owners to force umount
  2025-03-18 16:29 [PATCH] umount: Allow superblock owners to force umount trondmy
  2025-03-18 20:12 ` Eric W. Biederman
  2025-03-19  8:19 ` Christian Brauner
@ 2025-03-19 21:53 ` Jeff Layton
  2 siblings, 0 replies; 4+ messages in thread
From: Jeff Layton @ 2025-03-19 21:53 UTC (permalink / raw)
  To: trondmy, Christian Brauner
  Cc: Alexander Viro, Jan Kara, Eric W . Biederman, linux-fsdevel,
	linux-nfs

On Tue, 2025-03-18 at 12:29 -0400, trondmy@kernel.org wrote:
> From: Trond Myklebust <trond.myklebust@hammerspace.com>
> 
> Loosen the permission check on forced umount to allow users holding
> CAP_SYS_ADMIN privileges in namespaces that are privileged with respect
> to the userns that originally mounted the filesystem.
> 
> Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
> ---
>  fs/namespace.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/fs/namespace.c b/fs/namespace.c
> index 8f1000f9f3df..d401486fe95d 100644
> --- a/fs/namespace.c
> +++ b/fs/namespace.c
> @@ -2026,6 +2026,7 @@ static void warn_mandlock(void)
>  static int can_umount(const struct path *path, int flags)
>  {
>  	struct mount *mnt = real_mount(path->mnt);
> +	struct super_block *sb = path->dentry->d_sb;
>  
>  	if (!may_mount())
>  		return -EPERM;
> @@ -2035,7 +2036,7 @@ static int can_umount(const struct path *path, int flags)
>  		return -EINVAL;
>  	if (mnt->mnt.mnt_flags & MNT_LOCKED) /* Check optimistically */
>  		return -EINVAL;
> -	if (flags & MNT_FORCE && !capable(CAP_SYS_ADMIN))
> +	if (flags & MNT_FORCE && !ns_capable(sb->s_user_ns, CAP_SYS_ADMIN))
>  		return -EPERM;
>  	return 0;
>  }

Reviewed-by: Jeff Layton <jlayton@kernel.org>

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2025-03-19 21:53 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-03-18 16:29 [PATCH] umount: Allow superblock owners to force umount trondmy
2025-03-18 20:12 ` Eric W. Biederman
2025-03-19  8:19 ` Christian Brauner
2025-03-19 21:53 ` Jeff Layton

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox