Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e4102c42 authored by Eric W. Biederman's avatar Eric W. Biederman Committed by Sasha Levin
Browse files

vfs: Ignore unlocked mounts in fs_fully_visible 



[ Upstream commit c89d4319ae55186496c43b7a6e510aa1d09dd387 ]

commit ceeb0e5d39fcdf4dca2c997bf225c7fc49200b37 upstream.

Limit the mounts fs_fully_visible considers to locked mounts.
Unlocked can always be unmounted so considering them adds hassle
but no security benefit.

Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarSasha Levin <sasha.levin@oracle.com>
parent 4f2e3f88

fs/namespace.c

+6 −2
Original line number Diff line number Diff line
@@ -3166,11 +3166,15 @@ static bool fs_fully_visible(struct file_system_type *type, int *new_mnt_flags) 
		    ((mnt->mnt.mnt_flags & MNT_ATIME_MASK) != (new_flags & MNT_ATIME_MASK)))

			continue;



		/* This mount is not fully visible if there are any child mounts

		 * that cover anything except for empty directories.

		/* This mount is not fully visible if there are any

		 * locked child mounts that cover anything except for

		 * empty directories.

		 */

		list_for_each_entry(child, &mnt->mnt_mounts, mnt_child) {

			struct inode *inode = child->mnt_mountpoint->d_inode;

			/* Only worry about locked mounts */

			if (!(mnt->mnt.mnt_flags & MNT_LOCKED))

				continue;

			if (!S_ISDIR(inode->i_mode))

				goto next;

			if (inode->i_nlink > 2)