[Devel] [PATCH] [OpenVZ kernel] Fix for a possible DoS attack via forced umount of a Lustre filesystem from inside a container

Pavel Emelyanov xemul at openvz.org
Fri Apr 3 09:35:31 PDT 2009


> --- linux-2.6.18.i686/fs/namespace.c	2009-03-26 11:09:57.000000000 +0000
> +++ linux-2.6.18.i686-lustre-umount-patch/fs/namespace.c	2009-03-27  
> 01:41:49.000000000 +0000
> @@ -728,10 +728,15 @@ asmlinkage long sys_umount(char __user *
>   	if (!check_mnt(nd.mnt))
>   		goto dput_and_out;
> 
> +	
> +	if (!memcmp(nd.mnt->mnt_sb->s_type->name, "lustre", 6) && ! 
> ve_is_super(get_exec_env()) && (flags & MNT_FORCE)) {
> +		printk(KERN_ALERT "Forced umount of lustre fs is not allowed inside  
> container (%d). Overriding MNT_FORCE flag.\n", get_exec_env()->veid);
> +		flags &= (~MNT_FORCE);
> +	}
> +

As far as I see from the umount kernel code, the only place where filesystem
can see this MNT_FORCE flag is in umount_begin callback. So the better place
for such a check is in there (you can use CAP_SYS_ADMIN capability presence
to distinguish VE0 from VE).

>   	retval = -EPERM;
>   	if (!capable(CAP_VE_SYS_ADMIN))
>   		goto dput_and_out;
> -
>   	retval = do_umount(nd.mnt, flags);
>   dput_and_out:
>   	path_release_on_umount(&nd);
> 
> 
> 
> _______________________________________________
> Devel mailing list
> Devel at openvz.org
> https://openvz.org/mailman/listinfo/devel
> 




More information about the Devel mailing list