Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ceeb0e5d authored by Eric W. Biederman's avatar Eric W. Biederman
Browse files

vfs: Ignore unlocked mounts in fs_fully_visible 



Limit the mounts fs_fully_visible considers to locked mounts.
Unlocked can always be unmounted so considering them adds hassle
but no security benefit.

Cc: stable@vger.kernel.org
Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
parent 8c6cf9cc

fs/namespace.c

+6 −2
Original line number Diff line number Diff line
@@ -3205,11 +3205,15 @@ static bool fs_fully_visible(struct file_system_type *type, int *new_mnt_flags) 
		    ((mnt->mnt.mnt_flags & MNT_ATIME_MASK) != (new_flags & MNT_ATIME_MASK)))

			continue;



		/* This mount is not fully visible if there are any child mounts

		 * that cover anything except for empty directories.

		/* This mount is not fully visible if there are any

		 * locked child mounts that cover anything except for

		 * empty directories.

		 */

		list_for_each_entry(child, &mnt->mnt_mounts, mnt_child) {

			struct inode *inode = child->mnt_mountpoint->d_inode;

			/* Only worry about locked mounts */

			if (!(mnt->mnt.mnt_flags & MNT_LOCKED))

				continue;

			if (!S_ISDIR(inode->i_mode))

				goto next;

			if (inode->i_nlink > 2)