| From 7236c85e1be51a9e25ba0f6e087a66ca89605a49 Mon Sep 17 00:00:00 2001 |
| From: "Eric W. Biederman" <ebiederm@xmission.com> |
| Date: Wed, 13 May 2015 20:51:09 -0500 |
| Subject: mnt: Update fs_fully_visible to test for permanently empty directories |
| |
| From: "Eric W. Biederman" <ebiederm@xmission.com> |
| |
| commit 7236c85e1be51a9e25ba0f6e087a66ca89605a49 upstream. |
| |
| fs_fully_visible attempts to make fresh mounts of proc and sysfs give |
| the mounter no more access to proc and sysfs than if they could have |
| by creating a bind mount. One aspect of proc and sysfs that makes |
| this particularly tricky is that there are other filesystems that |
| typically mount on top of proc and sysfs. As those filesystems are |
| mounted on empty directories in practice it is safe to ignore them. |
| However testing to ensure filesystems are mounted on empty directories |
| has not been something the in kernel data structures have supported so |
| the current test for an empty directory which checks to see |
| if nlink <= 2 is a bit lacking. |
| |
| proc and sysfs have recently been modified to use the new empty_dir |
| infrastructure to create all of their dedicated mount points. Instead |
| of testing for S_ISDIR(inode->i_mode) && i_nlink <= 2 to see if a |
| directory is empty, test for is_empty_dir_inode(inode). That small |
| change guaranteess mounts found on proc and sysfs really are safe to |
| ignore, because the directories are not only empty but nothing can |
| ever be added to them. This guarantees there is nothing to worry |
| about when mounting proc and sysfs. |
| |
| Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| fs/namespace.c | 5 ++--- |
| 1 file changed, 2 insertions(+), 3 deletions(-) |
| |
| --- a/fs/namespace.c |
| +++ b/fs/namespace.c |
| @@ -3196,9 +3196,8 @@ bool fs_fully_visible(struct file_system |
| /* Only worry about locked mounts */ |
| if (!(mnt->mnt.mnt_flags & MNT_LOCKED)) |
| continue; |
| - if (!S_ISDIR(inode->i_mode)) |
| - goto next; |
| - if (inode->i_nlink > 2) |
| + /* Is the directory permanetly empty? */ |
| + if (!is_empty_dir_inode(inode)) |
| goto next; |
| } |
| visible = true; |