• Eric W. Biederman's avatar
    mnt: Account for MS_RDONLY in fs_fully_visible · 695e9df0
    Eric W. Biederman authored
    In rare cases it is possible for s_flags & MS_RDONLY to be set but
    MNT_READONLY to be clear.  This starting combination can cause
    fs_fully_visible to fail to ensure that the new mount is readonly.
    Therefore force MNT_LOCK_READONLY in the new mount if MS_RDONLY
    is set on the source filesystem of the mount.
    
    In general both MS_RDONLY and MNT_READONLY are set at the same for
    mounts so I don't expect any programs to care.  Nor do I expect
    MS_RDONLY to be set on proc or sysfs in the initial user namespace,
    which further decreases the likelyhood of problems.
    
    Which means this change should only affect system configurations by
    paranoid sysadmins who should welcome the additional protection
    as it keeps people from wriggling out of their policies.
    
    Cc: stable@vger.kernel.org
    Fixes: 8c6cf9cc ("mnt: Modify fs_fully_visible to deal with locked ro nodev and atime")
    Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
    695e9df0
namespace.c 81.8 KB