• Christian Brauner's avatar
    fs/namespace: fix unprivileged mount propagation · d728cf79
    Christian Brauner authored
    When propagating mounts across mount namespaces owned by different user
    namespaces it is not possible anymore to move or umount the mount in the
    less privileged mount namespace.
    
    Here is a reproducer:
    
      sudo mount -t tmpfs tmpfs /mnt
      sudo --make-rshared /mnt
    
      # create unprivileged user + mount namespace and preserve propagation
      unshare -U -m --map-root --propagation=unchanged
    
      # now change back to the original mount namespace in another terminal:
      sudo mkdir /mnt/aaa
      sudo mount -t tmpfs tmpfs /mnt/aaa
    
      # now in the unprivileged user + mount namespace
      mount --move /mnt/aaa /opt
    
    Unfortunately, this is a pretty big deal for userspace since this is
    e.g. used to inject mounts into running unprivileged containers.
    So this regression really needs to go away rather quickly.
    
    The problem is that a recent change falsely locked the root of the newly
    added mounts by setting MNT_LOCKED. Fix this by only locking the mounts
    on copy_mnt_ns() and not when adding a new mount.
    
    Fixes: 3bd045cc ("separate copying and locking mount tree on cross-userns copies")
    Cc: Linus Torvalds <torvalds@linux-foundation.org>
    Cc: Al Viro <viro@zeniv.linux.org.uk>
    Cc: <stable@vger.kernel.org>
    Tested-by: default avatarChristian Brauner <christian@brauner.io>
    Acked-by: default avatarChristian Brauner <christian@brauner.io>
    Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
    Signed-off-by: default avatarChristian Brauner <christian@brauner.io>
    Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
    d728cf79
pnode.c 15.1 KB