| From foo@baz Fri Mar 16 15:43:17 CET 2018 |
| From: "Eric W. Biederman" <ebiederm@xmission.com> |
| Date: Wed, 29 Nov 2017 17:29:20 -0600 |
| Subject: userns: Don't fail follow_automount based on s_user_ns |
| |
| From: "Eric W. Biederman" <ebiederm@xmission.com> |
| |
| |
| [ Upstream commit bbc3e471011417598e598707486f5d8814ec9c01 ] |
| |
| When vfs_submount was added the test to limit automounts from |
| filesystems that with s_user_ns != &init_user_ns accidentially left |
| in follow_automount. The test was never about any security concerns |
| and was always about how do we implement this for filesystems whose |
| s_user_ns != &init_user_ns. |
| |
| At the moment this check makes no difference as there are no |
| filesystems that both set FS_USERNS_MOUNT and implement d_automount. |
| |
| Remove this check now while I am thinking about it so there will not |
| be odd booby traps for someone who does want to make this combination |
| work. |
| |
| vfs_submount still needs improvements to allow this combination to work, |
| and vfs_submount contains a check that presents a warning. |
| |
| The autofs4 filesystem could be modified to set FS_USERNS_MOUNT and it would |
| need not work on this code path, as userspace performs the mounts. |
| |
| Fixes: 93faccbbfa95 ("fs: Better permission checking for submounts") |
| Fixes: aeaa4a79ff6a ("fs: Call d_automount with the filesystems creds") |
| Acked-by: Ian Kent <raven@themaw.net> |
| Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> |
| Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| fs/namei.c | 3 --- |
| 1 file changed, 3 deletions(-) |
| |
| --- a/fs/namei.c |
| +++ b/fs/namei.c |
| @@ -1133,9 +1133,6 @@ static int follow_automount(struct path |
| path->dentry->d_inode) |
| return -EISDIR; |
| |
| - if (path->dentry->d_sb->s_user_ns != &init_user_ns) |
| - return -EACCES; |
| - |
| nd->total_link_count++; |
| if (nd->total_link_count >= 40) |
| return -ELOOP; |