[REVIEW][PATCH 1/5] mnt: Only change user settable mount flags in remount
Serge Hallyn
serge.hallyn at ubuntu.com
Thu Jul 31 23:13:54 UTC 2014
Quoting Eric W. Biederman (ebiederm at xmission.com):
>
> Kenton Varda <kenton at sandstorm.io> discovered that by remounting a
> read-only bind mount read-only in a user namespace the
> MNT_LOCK_READONLY bit would be cleared, allowing an unprivileged user
> to the remount a read-only mount read-write.
>
> Correct this by replacing the mask of mount flags to preserve
> with a mask of mount flags that may be changed, and preserve
> all others. This ensures that any future bugs with this mask and
> remount will fail in an easy to detect way where new mount flags
> simply won't change.
>
> Cc: stable at vger.kernel.org
> Signed-off-by: "Eric W. Biederman" <ebiederm at xmission.com>
Not exactly sure about the name. Actually seems like it should be
caled MNT_USER_UNCLEARABLE_MASK or something, but
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
> ---
> fs/namespace.c | 2 +-
> include/linux/mount.h | 4 +++-
> 2 files changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/fs/namespace.c b/fs/namespace.c
> index 7187d01329c3..cb40449ea0df 100644
> --- a/fs/namespace.c
> +++ b/fs/namespace.c
> @@ -1937,7 +1937,7 @@ static int do_remount(struct path *path, int flags, int mnt_flags,
> err = do_remount_sb(sb, flags, data, 0);
> if (!err) {
> lock_mount_hash();
> - mnt_flags |= mnt->mnt.mnt_flags & MNT_PROPAGATION_MASK;
> + mnt_flags |= mnt->mnt.mnt_flags & ~MNT_USER_SETTABLE_MASK;
> mnt->mnt.mnt_flags = mnt_flags;
> touch_mnt_namespace(mnt->mnt_ns);
> unlock_mount_hash();
> diff --git a/include/linux/mount.h b/include/linux/mount.h
> index 839bac270904..b637a89e1fae 100644
> --- a/include/linux/mount.h
> +++ b/include/linux/mount.h
> @@ -42,7 +42,9 @@ struct mnt_namespace;
> * flag, consider how it interacts with shared mounts.
> */
> #define MNT_SHARED_MASK (MNT_UNBINDABLE)
> -#define MNT_PROPAGATION_MASK (MNT_SHARED | MNT_UNBINDABLE)
> +#define MNT_USER_SETTABLE_MASK (MNT_NOSUID | MNT_NODEV | MNT_NOEXEC \
> + | MNT_NOATIME | MNT_NODIRATIME | MNT_RELATIME \
> + | MNT_READONLY)
>
> #define MNT_INTERNAL_FLAGS (MNT_SHARED | MNT_WRITE_HOLD | MNT_INTERNAL | \
> MNT_DOOMED | MNT_SYNC_UMOUNT | MNT_MARKED)
> --
> 1.9.1
>
More information about the Containers
mailing list