From 2527b284defaeadf74829b0b0bd3207ca7f165eb Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sun, 12 May 2019 17:09:01 -0400 Subject: move the capability checks from sget_userns() to legacy_get_tree() 1) all call chains leading to sget_userns() pass through ->mount() instances. 2) none of ->mount() instances is ever called directly - the only call site is legacy_get_tree() 3) all remaining ->mount() instances end up calling sget_userns() IOW, we might as well do the capability checks just before calling ->mount(). As for the arguments passed to mount_capable(), in case of call chains to sget_userns() going through sget(), we either don't call mount_capable() at all, or pass current_user_ns() to it. The call chains going through mount_pseudo_xattr() don't call mount_capable() at all (SB_KERNMOUNT in flags on those). That could've been split into smaller steps (lifting the checks into sget(), then callers of sget(), then all the way to the entries of every ->mount() out there, then to the sole caller), but that would be too much churn for little benefit... Signed-off-by: Al Viro --- fs/internal.h | 2 ++ 1 file changed, 2 insertions(+) (limited to 'fs/internal.h') diff --git a/fs/internal.h b/fs/internal.h index 1ac2b8f6c621..65db901420af 100644 --- a/fs/internal.h +++ b/fs/internal.h @@ -18,6 +18,7 @@ struct path; struct mount; struct shrink_control; struct fs_context; +struct user_namespace; /* * block_dev.c @@ -113,6 +114,7 @@ extern struct file *alloc_empty_file_noaccount(int, const struct cred *); extern int reconfigure_super(struct fs_context *); extern bool trylock_super(struct super_block *sb); extern struct super_block *user_get_super(dev_t); +extern bool mount_capable(struct file_system_type *, struct user_namespace *); /* * open.c -- cgit