* Patch "mnt: Account for MS_RDONLY in fs_fully_visible" has been added to the 4.6-stable tree
@ 2016-07-11 22:48 gregkh
0 siblings, 0 replies; only message in thread
From: gregkh @ 2016-07-11 22:48 UTC (permalink / raw)
To: ebiederm, gregkh; +Cc: stable, stable-commits
This is a note to let you know that I've just added the patch titled
mnt: Account for MS_RDONLY in fs_fully_visible
to the 4.6-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
mnt-account-for-ms_rdonly-in-fs_fully_visible.patch
and it can be found in the queue-4.6 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.
>From 695e9df010e40f407f4830dc11d53dce957710ba Mon Sep 17 00:00:00 2001
From: "Eric W. Biederman" <ebiederm@xmission.com>
Date: Fri, 10 Jun 2016 12:21:40 -0500
Subject: mnt: Account for MS_RDONLY in fs_fully_visible
From: Eric W. Biederman <ebiederm@xmission.com>
commit 695e9df010e40f407f4830dc11d53dce957710ba upstream.
In rare cases it is possible for s_flags & MS_RDONLY to be set but
MNT_READONLY to be clear. This starting combination can cause
fs_fully_visible to fail to ensure that the new mount is readonly.
Therefore force MNT_LOCK_READONLY in the new mount if MS_RDONLY
is set on the source filesystem of the mount.
In general both MS_RDONLY and MNT_READONLY are set at the same for
mounts so I don't expect any programs to care. Nor do I expect
MS_RDONLY to be set on proc or sysfs in the initial user namespace,
which further decreases the likelyhood of problems.
Which means this change should only affect system configurations by
paranoid sysadmins who should welcome the additional protection
as it keeps people from wriggling out of their policies.
Fixes: 8c6cf9cc829f ("mnt: Modify fs_fully_visible to deal with locked ro nodev and atime")
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/namespace.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -3245,6 +3245,10 @@ static bool fs_fully_visible(struct file
if (mnt->mnt.mnt_sb->s_iflags & SB_I_NOEXEC)
mnt_flags &= ~(MNT_LOCK_NOSUID | MNT_LOCK_NOEXEC);
+ /* Don't miss readonly hidden in the superblock flags */
+ if (mnt->mnt.mnt_sb->s_flags & MS_RDONLY)
+ mnt_flags |= MNT_LOCK_READONLY;
+
/* Verify the mount flags are equal to or more permissive
* than the proposed new mount.
*/
Patches currently in stable-queue which might be from ebiederm@xmission.com are
queue-4.6/mnt-fs_fully_visible-test-the-proper-mount-for-mnt_locked.patch
queue-4.6/mnt-if-fs_fully_visible-fails-call-put_filesystem.patch
queue-4.6/mnt-account-for-ms_rdonly-in-fs_fully_visible.patch
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2016-07-11 23:42 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-07-11 22:48 Patch "mnt: Account for MS_RDONLY in fs_fully_visible" has been added to the 4.6-stable tree gregkh
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).