| From 41301ae78a99ead04ea42672a1ab72c6f44cc81d Mon Sep 17 00:00:00 2001 |
| From: "Eric W. Biederman" <ebiederm@xmission.com> |
| Date: Thu, 14 Nov 2013 21:22:25 -0800 |
| Subject: vfs: Fix a regression in mounting proc |
| |
| From: "Eric W. Biederman" <ebiederm@xmission.com> |
| |
| commit 41301ae78a99ead04ea42672a1ab72c6f44cc81d upstream. |
| |
| Gao feng <gaofeng@cn.fujitsu.com> reported that commit |
| e51db73532955dc5eaba4235e62b74b460709d5b |
| userns: Better restrictions on when proc and sysfs can be mounted |
| caused a regression on mounting a new instance of proc in a mount |
| namespace created with user namespace privileges, when binfmt_misc |
| is mounted on /proc/sys/fs/binfmt_misc. |
| |
| This is an unintended regression caused by the absolutely bogus empty |
| directory check in fs_fully_visible. The check fs_fully_visible replaced |
| didn't even bother to attempt to verify proc was fully visible and |
| hiding proc files with any kind of mount is rare. So for now fix |
| the userspace regression by allowing directory with nlink == 1 |
| as /proc/sys/fs/binfmt_misc has. |
| |
| I will have a better patch but it is not stable material, or |
| last minute kernel material. So it will have to wait. |
| |
| Acked-by: Serge Hallyn <serge.hallyn@canonical.com> |
| Acked-by: Gao feng <gaofeng@cn.fujitsu.com> |
| Tested-by: Gao feng <gaofeng@cn.fujitsu.com> |
| Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| fs/namespace.c | 2 +- |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| |
| --- a/fs/namespace.c |
| +++ b/fs/namespace.c |
| @@ -2888,7 +2888,7 @@ bool fs_fully_visible(struct file_system |
| struct inode *inode = child->mnt_mountpoint->d_inode; |
| if (!S_ISDIR(inode->i_mode)) |
| goto next; |
| - if (inode->i_nlink != 2) |
| + if (inode->i_nlink > 2) |
| goto next; |
| } |
| visible = true; |