Commit aee1c13d authored by Eric W. Biederman's avatar Eric W. Biederman

proc: Restrict mounting the proc filesystem

Don't allow mounting the proc filesystem unless the caller has
CAP_SYS_ADMIN rights over the pid namespace.  The principle here is if
you create or have capabilities over it you can mount it, otherwise
you get to live with what other people have mounted.

Andy pointed out that this is needed to prevent users in a user
namespace from remounting proc and specifying different hidepid and gid
options on already existing proc mounts.

Cc: stable@vger.kernel.org
Reported-by: default avatarAndy Lutomirski <luto@amacapital.net>
Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
parent 5ff9d8a6
...@@ -110,7 +110,8 @@ static struct dentry *proc_mount(struct file_system_type *fs_type, ...@@ -110,7 +110,8 @@ static struct dentry *proc_mount(struct file_system_type *fs_type,
ns = task_active_pid_ns(current); ns = task_active_pid_ns(current);
options = data; options = data;
if (!current_user_ns()->may_mount_proc) if (!current_user_ns()->may_mount_proc ||
!ns_capable(ns->user_ns, CAP_SYS_ADMIN))
return ERR_PTR(-EPERM); return ERR_PTR(-EPERM);
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment