[REVIEW][0/5] Fixing unprivileged mount -o remount,ro

Eric W. Biederman ebiederm at xmission.com
Wed Jul 30 03:41:43 UTC 2014


This patchset addresses a nasty bug where
"unshare --user --mount mount --bind -o remount,ro /path"
would allow a following "mount --bind -o remount,rw" to succeed even
when /path started out read-only in the initial mount namespace.

The fixes are quite simple and since they are user namespace specific I
plan on carrying them in my user namespace tree and ultimately pushing
them to Linus.

If anyone has any concerns about the code before I do that please speak
up so the issues can be addressed.

Eric W. Biederman (5):
      mnt: Only change user settable mount flags in remount
      mnt: Move the test for MNT_LOCK_READONLY from change_mount_flags into do_remount
      mnt: Correct permission checks in do_remount
      mnt: Change the default remount atime from relatime to the existing value
      mnt: Add tests for unprivileged remount cases that have found to be faulty

 fs/namespace.c                                     |  59 ++++-
 include/linux/mount.h                              |   9 +-
 tools/testing/selftests/Makefile                   |   1 +
 tools/testing/selftests/mount/Makefile             |  17 ++
 .../selftests/mount/unprivileged-remount-test.c    | 242 +++++++++++++++++++++
 5 files changed, 320 insertions(+), 8 deletions(-)

Eric


More information about the Containers mailing list