• Eric W. Biederman's avatar
    mnt: Add tests for unprivileged remount cases that have found to be faulty · db181ce0
    Eric W. Biederman authored
    Kenton Varda <kenton@sandstorm.io> discovered that by remounting a
    read-only bind mount read-only in a user namespace the
    MNT_LOCK_READONLY bit would be cleared, allowing an unprivileged user
    to the remount a read-only mount read-write.
    
    Upon review of the code in remount it was discovered that the code allowed
    nosuid, noexec, and nodev to be cleared.  It was also discovered that
    the code was allowing the per mount atime flags to be changed.
    
    The first naive patch to fix these issues contained the flaw that using
    default atime settings when remounting a filesystem could be disallowed.
    
    To avoid this problems in the future add tests to ensure unprivileged
    remounts are succeeding and failing at the appropriate times.
    
    Cc: stable@vger.kernel.org
    Acked-by: default avatarSerge E. Hallyn <serge.hallyn@ubuntu.com>
    Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
    db181ce0
unprivileged-remount-test.c 5.19 KB