• Seth Forshee's avatar
    fs: Add user namesapace member to struct super_block · b2bc2ff7
    Seth Forshee authored
    Initially this will be used to eliminate the implicit MNT_NODEV
    flag for mounts from user namespaces. In the future it will also
    be used for translating ids and checking capabilities for
    filesystems mounted from user namespaces.
    
    s_user_ns is initialized in alloc_super() and is generally set to
    current_user_ns(). To avoid security and corruption issues, two
    additional mount checks are also added:
    
     - do_new_mount() gains a check that the user has CAP_SYS_ADMIN
       in current_user_ns().
    
     - sget() will fail with EBUSY when the filesystem it's looking
       for is already mounted from another user namespace.
    
    proc requires some special handling. The user namespace of
    current isn't appropriate when forking as a result of clone (2)
    with CLONE_NEWPID|CLONE_NEWUSER, as it will set s_user_ns to the
    namespace of the parent and make proc unmountable in the new user
    namespace. Instead, the user namespace which owns the new pid
    namespace is used. sget_userns() is allowed to allow passing in
    a namespace other than that of current, and sget becomes a
    wrapper around sget_userns() which passes current_user_ns().
    
    Changes to original version of this patch
      * Documented @user_ns in sget_userns, alloc_super and fs.h
      * Kept an blank line in fs.h
      * Removed unncessary include of user_namespace.h from fs.h
      * Tweaked the location of get_user_ns and put_user_ns so
        the security modules can (if they wish) depend on it.
      -- EWB
    Signed-off-by: default avatarSeth Forshee <seth.forshee@canonical.com>
    Signed-off-by: default avatarEric W. Biederman <ebiederm@xmission.com>
    b2bc2ff7
namespace.c 81.5 KB