| From 7e96c1b0e0f495c5a7450dc4aa7c9a24ba4305bd Mon Sep 17 00:00:00 2001 |
| From: "Eric W. Biederman" <ebiederm@xmission.com> |
| Date: Fri, 8 May 2015 16:36:50 -0500 |
| Subject: mnt: Fix fs_fully_visible to verify the root directory is visible |
| |
| From: "Eric W. Biederman" <ebiederm@xmission.com> |
| |
| commit 7e96c1b0e0f495c5a7450dc4aa7c9a24ba4305bd upstream. |
| |
| This fixes a dumb bug in fs_fully_visible that allows proc or sys to |
| be mounted if there is a bind mount of part of /proc/ or /sys/ visible. |
| |
| Reported-by: Eric Windisch <ewindisch@docker.com> |
| Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| fs/namespace.c | 6 ++++++ |
| 1 file changed, 6 insertions(+) |
| |
| --- a/fs/namespace.c |
| +++ b/fs/namespace.c |
| @@ -3178,6 +3178,12 @@ bool fs_fully_visible(struct file_system |
| if (mnt->mnt.mnt_sb->s_type != type) |
| continue; |
| |
| + /* This mount is not fully visible if it's root directory |
| + * is not the root directory of the filesystem. |
| + */ |
| + if (mnt->mnt.mnt_root != mnt->mnt.mnt_sb->s_root) |
| + continue; |
| + |
| /* This mount is not fully visible if there are any child mounts |
| * that cover anything except for empty directories. |
| */ |
