lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 4 Dec 2020 00:57:33 +0100 From: Christian Brauner <christian.brauner@...ntu.com> To: Alexander Viro <viro@...iv.linux.org.uk>, Christoph Hellwig <hch@...radead.org>, linux-fsdevel@...r.kernel.org Cc: John Johansen <john.johansen@...onical.com>, James Morris <jmorris@...ei.org>, Mimi Zohar <zohar@...ux.ibm.com>, Dmitry Kasatkin <dmitry.kasatkin@...il.com>, Stephen Smalley <stephen.smalley.work@...il.com>, Casey Schaufler <casey@...aufler-ca.com>, Arnd Bergmann <arnd@...db.de>, Andreas Dilger <adilger.kernel@...ger.ca>, OGAWA Hirofumi <hirofumi@...l.parknet.co.jp>, Geoffrey Thomas <geofft@...reload.com>, Mrunal Patel <mpatel@...hat.com>, Josh Triplett <josh@...htriplett.org>, Andy Lutomirski <luto@...nel.org>, Theodore Tso <tytso@....edu>, Alban Crequy <alban@...volk.io>, Tycho Andersen <tycho@...ho.ws>, David Howells <dhowells@...hat.com>, James Bottomley <James.Bottomley@...senpartnership.com>, Seth Forshee <seth.forshee@...onical.com>, Stéphane Graber <stgraber@...ntu.com>, Aleksa Sarai <cyphar@...har.com>, Lennart Poettering <lennart@...ttering.net>, "Eric W. Biederman" <ebiederm@...ssion.com>, smbarber@...omium.org, Phil Estes <estesp@...il.com>, Serge Hallyn <serge@...lyn.com>, Kees Cook <keescook@...omium.org>, Todd Kjos <tkjos@...gle.com>, Paul Moore <paul@...l-moore.com>, Jonathan Corbet <corbet@....net>, containers@...ts.linux-foundation.org, linux-security-module@...r.kernel.org, linux-api@...r.kernel.org, linux-ext4@...r.kernel.org, linux-integrity@...r.kernel.org, selinux@...r.kernel.org, Christian Brauner <christian.brauner@...ntu.com>, Christoph Hellwig <hch@....de> Subject: [PATCH v4 37/40] overlayfs: do not mount on top of idmapped mounts Prevent overlayfs from being mounted on top of idmapped mounts until we have ported it to handle this case and added proper testing for it. Cc: Christoph Hellwig <hch@....de> Cc: David Howells <dhowells@...hat.com> Cc: Al Viro <viro@...iv.linux.org.uk> Cc: linux-fsdevel@...r.kernel.org Signed-off-by: Christian Brauner <christian.brauner@...ntu.com> --- /* v2 */ patch introduced /* v3 */ - Amir Goldstein <amir73il@...il.com>: - Move check for idmapped lower layers into ovl_mount_dir_noesc(). - David Howells <dhowells@...hat.com>: - Adapt check after removing mnt_idmapped() helper. /* v4 */ unchanged --- fs/overlayfs/super.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c index aed21e569390..2be17c769322 100644 --- a/fs/overlayfs/super.c +++ b/fs/overlayfs/super.c @@ -811,6 +811,10 @@ static int ovl_mount_dir_noesc(const char *name, struct path *path) pr_err("filesystem on '%s' not supported\n", name); goto out_put; } + if (mnt_user_ns(path->mnt) != &init_user_ns) { + pr_err("idmapped layers are currently not supported\n"); + goto out_put; + } if (!d_is_dir(path->dentry)) { pr_err("'%s' not a directory\n", name); goto out_put; -- 2.29.2
Powered by blists - more mailing lists