mnt: Modify fs_fully_visible to deal with locked ro nodev and atime - linux-dev - Linux kernel development work

diff options

author	Eric W. Biederman <ebiederm@xmission.com>	2015-05-08 23:49:47 -0500
committer	Eric W. Biederman <ebiederm@xmission.com>	2015-06-04 10:29:25 -0500
commit	8c6cf9cc829fcd0b179b59f7fe288941d0e31108 (patch)
tree	da5901e5d3b6cc41d7ea30d1fc39be7244254019 /drivers
parent	mnt: Refactor the logic for mounting sysfs and proc in a user namespace (diff)
download	linux-dev-8c6cf9cc829fcd0b179b59f7fe288941d0e31108.tar.xz linux-dev-8c6cf9cc829fcd0b179b59f7fe288941d0e31108.zip

mnt: Modify fs_fully_visible to deal with locked ro nodev and atime

Ignore an existing mount if the locked readonly, nodev or atime attributes are less permissive than the desired attributes of the new mount. On success ensure the new mount locks all of the same readonly, nodev and atime attributes as the old mount. The nosuid and noexec attributes are not checked here as this change is destined for stable and enforcing those attributes causes a regression in lxc and libvirt-lxc where those applications will not start and there are no known executables on sysfs or proc and no known way to create exectuables without code modifications Cc: stable@vger.kernel.org Fixes: e51db73532955 ("userns: Better restrictions on when proc and sysfs can be mounted") Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>

Diffstat (limited to 'drivers')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: