[REVIEW][0/5] Fixing unprivileged mount -o remount,ro
Eric W. Biederman
ebiederm at xmission.com
Wed Jul 30 03:41:43 UTC 2014
This patchset addresses a nasty bug where
"unshare --user --mount mount --bind -o remount,ro /path"
would allow a following "mount --bind -o remount,rw" to succeed even
when /path started out read-only in the initial mount namespace.
The fixes are quite simple and since they are user namespace specific I
plan on carrying them in my user namespace tree and ultimately pushing
them to Linus.
If anyone has any concerns about the code before I do that please speak
up so the issues can be addressed.
Eric W. Biederman (5):
mnt: Only change user settable mount flags in remount
mnt: Move the test for MNT_LOCK_READONLY from change_mount_flags into do_remount
mnt: Correct permission checks in do_remount
mnt: Change the default remount atime from relatime to the existing value
mnt: Add tests for unprivileged remount cases that have found to be faulty
fs/namespace.c | 59 ++++-
include/linux/mount.h | 9 +-
tools/testing/selftests/Makefile | 1 +
tools/testing/selftests/mount/Makefile | 17 ++
.../selftests/mount/unprivileged-remount-test.c | 242 +++++++++++++++++++++
5 files changed, 320 insertions(+), 8 deletions(-)
Eric
More information about the Containers
mailing list