From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753299AbdK3AFI (ORCPT ); Wed, 29 Nov 2017 19:05:08 -0500 Received: from out03.mta.xmission.com ([166.70.13.233]:46515 "EHLO out03.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752183AbdK3AFG (ORCPT ); Wed, 29 Nov 2017 19:05:06 -0500 From: ebiederm@xmission.com (Eric W. Biederman) To: Linux Containers Cc: , Miklos Szeredi , Ian Kent , , Seth Forshee References: <874lpck52r.fsf@xmission.com> Date: Wed, 29 Nov 2017 18:04:54 -0600 In-Reply-To: <874lpck52r.fsf@xmission.com> (Eric W. Biederman's message of "Wed, 29 Nov 2017 18:01:16 -0600") Message-ID: <87y3moiqc9.fsf@xmission.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-XM-SPF: eid=1eKCLb-0001KK-Om;;;mid=<87y3moiqc9.fsf@xmission.com>;;;hst=in02.mta.xmission.com;;;ip=67.3.248.7;;;frm=ebiederm@xmission.com;;;spf=neutral X-XM-AID: U2FsdGVkX19IbtNwph0JIT8wIGN4z1SwVfNgYiJ75yg= X-SA-Exim-Connect-IP: 67.3.248.7 X-SA-Exim-Mail-From: ebiederm@xmission.com X-Spam-Report: * -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP * 0.0 TVD_RCVD_IP Message was received from an IP address * 1.5 XMNoVowels Alpha-numberic number with no vowels * 0.7 XMSubLong Long Subject * 0.0 T_TM2_M_HEADER_IN_MSG BODY: No description available. * 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% * [score: 0.5000] * -0.0 DCC_CHECK_NEGATIVE Not listed in DCC * [sa01 1397; Body=1 Fuz1=1 Fuz2=1] * 0.0 T_TooManySym_02 5+ unique symbols in subject * 0.0 T_TooManySym_01 4+ unique symbols in subject X-Spam-DCC: XMission; sa01 1397; Body=1 Fuz1=1 Fuz2=1 X-Spam-Combo: **;Linux Containers X-Spam-Relay-Country: X-Spam-Timing: total 5557 ms - load_scoreonly_sql: 0.05 (0.0%), signal_user_changed: 3.3 (0.1%), b_tie_ro: 2.2 (0.0%), parse: 1.26 (0.0%), extract_message_metadata: 26 (0.5%), get_uri_detail_list: 2.0 (0.0%), tests_pri_-1000: 10 (0.2%), tests_pri_-950: 2.1 (0.0%), tests_pri_-900: 1.61 (0.0%), tests_pri_-400: 28 (0.5%), check_bayes: 26 (0.5%), b_tokenize: 10 (0.2%), b_tok_get_all: 7 (0.1%), b_comp_prob: 3.9 (0.1%), b_tok_touch_all: 2.6 (0.0%), b_finish: 0.82 (0.0%), tests_pri_0: 412 (7.4%), check_dkim_signature: 0.89 (0.0%), check_dkim_adsp: 5 (0.1%), tests_pri_500: 5068 (91.2%), poll_dns_idle: 5060 (91.0%), rewrite_mail: 0.00 (0.0%) Subject: [PATCH 1/2] userns: Don't fail follow_automount based on s_user_ns X-Spam-Flag: No X-SA-Exim-Version: 4.2.1 (built Thu, 05 May 2016 13:38:54 -0600) X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org When vfs_submount was added the test to limit automounts from filesystems that with s_user_ns != &init_user_ns accidentially left in follow_automount. The test was never about any security concerns and was always about how do we implement this for filesystems whose s_user_ns != &init_user_ns. At the moment this check makes no difference as there are no filesystems that both set FS_USERNS_MOUNT and implement d_automount. Remove this check now while I am thinking about it so there will not be odd booby traps for someone who does want to make this combination work. vfs_submount still needs improvements to allow this combination to work, and vfs_submount contains a check that presents a warning. The autofs4 filesystem could be modified to set FS_USERNS_MOUNT and it would need not work on this code path, as userspace performs the mounts. Fixes: 93faccbbfa95 ("fs: Better permission checking for submounts") Fixes: aeaa4a79ff6a ("fs: Call d_automount with the filesystems creds") Signed-off-by: "Eric W. Biederman" --- fs/namei.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/fs/namei.c b/fs/namei.c index f0c7a7b9b6ca..f47118ed36e7 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -1142,9 +1142,6 @@ static int follow_automount(struct path *path, struct nameidata *nd, return -ENOENT; } - if (path->dentry->d_sb->s_user_ns != &init_user_ns) - return -EACCES; - nd->total_link_count++; if (nd->total_link_count >= 40) return -ELOOP; -- 2.14.1