[Devel] [patch 05/10] Add "permit user submounts" flag to vfsmount
Miklos Szeredi
miklos at szeredi.hu
Mon Apr 16 04:03:13 PDT 2007
From: Miklos Szeredi <mszeredi at suse.cz>
If MNT_USERMNT flag is not set in the target vfsmount, then
unprivileged mounts will be denied.
By default this flag is cleared, and can be set on new mounts, on
remounts or with the MS_SETFLAGS option.
Signed-off-by: Miklos Szeredi <mszeredi at suse.cz>
---
Index: linux/fs/namespace.c
===================================================================
--- linux.orig/fs/namespace.c 2007-04-13 13:20:12.000000000 +0200
+++ linux/fs/namespace.c 2007-04-13 13:35:40.000000000 +0200
@@ -411,6 +411,7 @@ static int show_vfsmnt(struct seq_file *
{ MNT_NOATIME, ",noatime" },
{ MNT_NODIRATIME, ",nodiratime" },
{ MNT_RELATIME, ",relatime" },
+ { MNT_USERMNT, ",usermnt" },
{ 0, NULL }
};
struct proc_fs_info *fs_infop;
@@ -1505,9 +1506,11 @@ long do_mount(char *dev_name, char *dir_
mnt_flags |= MNT_NODIRATIME;
if (flags & MS_RELATIME)
mnt_flags |= MNT_RELATIME;
+ if (flags & MS_USERMNT)
+ mnt_flags |= MNT_USERMNT;
flags &= ~(MS_NOSUID | MS_NOEXEC | MS_NODEV | MS_ACTIVE |
- MS_NOATIME | MS_NODIRATIME | MS_RELATIME);
+ MS_NOATIME | MS_NODIRATIME | MS_RELATIME | MS_USERMNT);
/* ... and get the mountpoint */
retval = path_lookup(dir_name, LOOKUP_FOLLOW, &nd);
Index: linux/include/linux/mount.h
===================================================================
--- linux.orig/include/linux/mount.h 2007-04-13 13:17:08.000000000 +0200
+++ linux/include/linux/mount.h 2007-04-13 13:22:17.000000000 +0200
@@ -28,6 +28,7 @@ struct mnt_namespace;
#define MNT_NOATIME 0x08
#define MNT_NODIRATIME 0x10
#define MNT_RELATIME 0x20
+#define MNT_USERMNT 0x40
#define MNT_SHRINKABLE 0x100
#define MNT_USER 0x200
Index: linux/include/linux/fs.h
===================================================================
--- linux.orig/include/linux/fs.h 2007-04-13 13:23:05.000000000 +0200
+++ linux/include/linux/fs.h 2007-04-13 13:35:34.000000000 +0200
@@ -130,6 +130,7 @@ extern int dir_notify_enable;
#define MS_SETFLAGS (1<<23) /* set specified mount flags */
#define MS_CLEARFLAGS (1<<24) /* clear specified mount flags */
/* MS_SETFLAGS | MS_CLEARFLAGS: change mount flags to specified */
+#define MS_USERMNT (1<<25) /* permit unpriv. submounts under this mount */
#define MS_ACTIVE (1<<30)
#define MS_NOUSER (1<<31)
--
_______________________________________________
Containers mailing list
Containers at lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers
More information about the Devel
mailing list