[PATCH review 0/4] Loopback mount escape fixes
miklos at szeredi.hu
Mon Apr 13 12:18:40 UTC 2015
On Thu, Apr 9, 2015 at 1:31 AM, Eric W. Biederman <ebiederm at xmission.com> wrote:
> After the last round of feedback I sat down and played with my fix
> for the fact that a strategically placed rename, ".." on bind mounts
> go up past the root of the bind mount.
> The code better handles the escaped directory returning into it's bind
> mount, and is now roughly a constant factor cost in all cases from what
> the code costs without the fix.
> So I think I have found a better tradeoff between fixing this bug and
> not slowing down path name lookups in the common case.
Maybe I'm missing something, but I see a much simpler fix:
- When following ".." first just check against the dentry being equal
to the root dentry.
- If so, then check mount being equal to root mount.
- If so, then we are fine, found the root.
- If mount is not root mount, then we either have a bind mount or the
escape scenario. So have a peek at the mount tree to see if we have a
chance of reaching root or not.
- If yes, then we are fine, continue upward.
- Otherwise stop here and act like we found root.
This doesn't have to hook into d_move() and will only trigger the
"violated" mode on an very specific and rare case.
I haven't thought about this very hard, but I don't see how the root
dentry could be avoided without first having access to something
outside the root.
More information about the Containers