[Devel] [PATCH RH7 10/22] port/block_dev: Check permissions towards block device inode when mounting
Pavel Tikhomirov
ptikhomirov at virtuozzo.com
Thu Mar 10 08:32:03 PST 2016
Unprivileged users should not be able to mount block devices when
they lack sufficient privileges towards the block device inode.
Update blkdev_get_by_path() to validate that the user has the
required access to the inode at the specified path. The check
will be skipped for CAP_SYS_ADMIN, so privileged mounts will
continue working as before.
Signed-off-by: Seth Forshee <seth.forshee at canonical.com>
Acked-by: Serge Hallyn <serge.hallyn at canonical.com>
Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
---
fs/block_dev.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/fs/block_dev.c b/fs/block_dev.c
index 41d9005..fcd2dd7 100644
--- a/fs/block_dev.c
+++ b/fs/block_dev.c
@@ -1326,9 +1326,14 @@ struct block_device *blkdev_get_by_path(const char *path, fmode_t mode,
void *holder)
{
struct block_device *bdev;
+ int perm = 0;
int err;
- bdev = lookup_bdev(path, 0);
+ if (mode & FMODE_READ)
+ perm |= MAY_READ;
+ if (mode & FMODE_WRITE)
+ perm |= MAY_WRITE;
+ bdev = lookup_bdev(path, perm);
if (IS_ERR(bdev))
return bdev;
--
1.9.3
More information about the Devel
mailing list