[Devel] [PATCH] [OpenVZ kernel] Fix for a possible DoS attack via forced umount of a Lustre filesystem from inside a container
Pavel Emelyanov
xemul at openvz.org
Fri Apr 3 09:35:31 PDT 2009
> --- linux-2.6.18.i686/fs/namespace.c 2009-03-26 11:09:57.000000000 +0000
> +++ linux-2.6.18.i686-lustre-umount-patch/fs/namespace.c 2009-03-27
> 01:41:49.000000000 +0000
> @@ -728,10 +728,15 @@ asmlinkage long sys_umount(char __user *
> if (!check_mnt(nd.mnt))
> goto dput_and_out;
>
> +
> + if (!memcmp(nd.mnt->mnt_sb->s_type->name, "lustre", 6) && !
> ve_is_super(get_exec_env()) && (flags & MNT_FORCE)) {
> + printk(KERN_ALERT "Forced umount of lustre fs is not allowed inside
> container (%d). Overriding MNT_FORCE flag.\n", get_exec_env()->veid);
> + flags &= (~MNT_FORCE);
> + }
> +
As far as I see from the umount kernel code, the only place where filesystem
can see this MNT_FORCE flag is in umount_begin callback. So the better place
for such a check is in there (you can use CAP_SYS_ADMIN capability presence
to distinguish VE0 from VE).
> retval = -EPERM;
> if (!capable(CAP_VE_SYS_ADMIN))
> goto dput_and_out;
> -
> retval = do_umount(nd.mnt, flags);
> dput_and_out:
> path_release_on_umount(&nd);
>
>
>
> _______________________________________________
> Devel mailing list
> Devel at openvz.org
> https://openvz.org/mailman/listinfo/devel
>
More information about the Devel
mailing list