From 67690f937c38bbab1d94cb45f6a32e61612834ae Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Wed, 18 May 2016 13:50:06 -0500 Subject: userns: Remove implicit MNT_NODEV fragility. Replace the implict setting of MNT_NODEV on mounts that happen with just user namespace permissions with an implicit setting of SB_I_NODEV in s_iflags. The visibility of the implicit MNT_NODEV has caused problems in the past. With this change the fragile case where an implicit MNT_NODEV needs to be preserved in do_remount is removed. Using SB_I_NODEV is much less fragile as s_iflags are set during the original mount and never changed. In do_new_mount with the implicit setting of MNT_NODEV gone, the only code that can affect mnt_flags is fs_fully_visible so simplify the if statement and reduce the indentation of the code to make that clear. Acked-by: Seth Forshee Signed-off-by: "Eric W. Biederman" --- fs/super.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'fs/super.c') diff --git a/fs/super.c b/fs/super.c index 78790ada7191..25cdceed2ad3 100644 --- a/fs/super.c +++ b/fs/super.c @@ -206,6 +206,9 @@ static struct super_block *alloc_super(struct file_system_type *type, int flags, init_waitqueue_head(&s->s_writers.wait_unfrozen); s->s_bdi = &noop_backing_dev_info; s->s_flags = flags; + if ((s->s_user_ns != &init_user_ns) && + !(type->fs_flags & FS_USERNS_DEV_MOUNT)) + s->s_iflags |= SB_I_NODEV; INIT_HLIST_NODE(&s->s_instances); INIT_HLIST_BL_HEAD(&s->s_anon); mutex_init(&s->s_sync_lock); -- cgit v1.2.3