Commit 059338aa authored by Al Viro's avatar Al Viro

move mount_capable() calls to vfs_get_tree()

sget_fc() is called only from ->get_tree() instances and
the only instance not calling it is legacy_get_tree(),
which calls mount_capable() directly.

In all sget_fc() callers the checks could be moved to the
very beginning of ->get_tree() - ->user_ns is not changed
in between.  So lifting the checks to the only caller of
->get_tree() is OK.
Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
parent d5f68d33
...@@ -662,11 +662,6 @@ static int legacy_get_tree(struct fs_context *fc) ...@@ -662,11 +662,6 @@ static int legacy_get_tree(struct fs_context *fc)
struct super_block *sb; struct super_block *sb;
struct dentry *root; struct dentry *root;
if (!(fc->sb_flags & (SB_KERNMOUNT|SB_SUBMOUNT))) {
if (!mount_capable(fc))
return -EPERM;
}
root = fc->fs_type->mount(fc->fs_type, fc->sb_flags, root = fc->fs_type->mount(fc->fs_type, fc->sb_flags,
fc->source, ctx->legacy_data); fc->source, ctx->legacy_data);
if (IS_ERR(root)) if (IS_ERR(root))
......
...@@ -514,12 +514,6 @@ struct super_block *sget_fc(struct fs_context *fc, ...@@ -514,12 +514,6 @@ struct super_block *sget_fc(struct fs_context *fc,
struct user_namespace *user_ns = fc->global ? &init_user_ns : fc->user_ns; struct user_namespace *user_ns = fc->global ? &init_user_ns : fc->user_ns;
int err; int err;
if (!(fc->sb_flags & SB_KERNMOUNT) &&
fc->purpose != FS_CONTEXT_FOR_SUBMOUNT) {
if (!mount_capable(fc))
return ERR_PTR(-EPERM);
}
retry: retry:
spin_lock(&sb_lock); spin_lock(&sb_lock);
if (test) { if (test) {
...@@ -1421,6 +1415,12 @@ int vfs_get_tree(struct fs_context *fc) ...@@ -1421,6 +1415,12 @@ int vfs_get_tree(struct fs_context *fc)
if (fc->root) if (fc->root)
return -EBUSY; return -EBUSY;
if (!(fc->sb_flags & SB_KERNMOUNT) &&
fc->purpose != FS_CONTEXT_FOR_SUBMOUNT) {
if (!mount_capable(fc))
return -EPERM;
}
/* Get the mountable root in fc->root, with a ref on the root and a ref /* Get the mountable root in fc->root, with a ref on the root and a ref
* on the superblock. * on the superblock.
*/ */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment