[Devel] [patch -mm 14/17] user namespace: maintain user ns for priv_userns mounts to vfsmount
clg at fr.ibm.com
clg at fr.ibm.com
Tue Dec 5 02:28:06 PST 2006
From: Serge E. Hallyn <serue at us.ibm.com>
If a vfsmount is marked priv_userns, then a bind mount should
maintain the old->user_ns. Not doing so presents a simple way
around the priv_userns security mechanism :)
Signed-off-by: Serge E. Hallyn <serue at us.ibm.com>
---
fs/namespace.c | 2 ++
1 file changed, 2 insertions(+)
Index: 2.6.19-rc6-mm2/fs/namespace.c
===================================================================
--- 2.6.19-rc6-mm2.orig/fs/namespace.c
+++ 2.6.19-rc6-mm2/fs/namespace.c
@@ -240,6 +240,8 @@ static struct vfsmount *clone_mnt(struct
if (mnt) {
mnt->mnt_flags = old->mnt_flags;
+ if (mnt->mnt_flags & MNT_PRIV_USERNS)
+ mnt->mnt_user_ns = old->mnt_user_ns;
atomic_inc(&sb->s_active);
mnt->mnt_sb = sb;
mnt->mnt_root = dget(root);
--
_______________________________________________
Containers mailing list
Containers at lists.osdl.org
https://lists.osdl.org/mailman/listinfo/containers
More information about the Devel
mailing list