aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEric W. Biederman <ebiederm@xmission.com>2013-11-15 00:22:25 -0500
committerEric W. Biederman <ebiederm@xmission.com>2013-11-26 23:54:52 -0500
commit41301ae78a99ead04ea42672a1ab72c6f44cc81d (patch)
tree1e91ad4811270d5fb3fd8bd64cd5cf096272c5d8
parent1f7f4dde5c945f41a7abc2285be43d918029ecc5 (diff)
vfs: Fix a regression in mounting proc
Gao feng <gaofeng@cn.fujitsu.com> reported that commit e51db73532955dc5eaba4235e62b74b460709d5b userns: Better restrictions on when proc and sysfs can be mounted caused a regression on mounting a new instance of proc in a mount namespace created with user namespace privileges, when binfmt_misc is mounted on /proc/sys/fs/binfmt_misc. This is an unintended regression caused by the absolutely bogus empty directory check in fs_fully_visible. The check fs_fully_visible replaced didn't even bother to attempt to verify proc was fully visible and hiding proc files with any kind of mount is rare. So for now fix the userspace regression by allowing directory with nlink == 1 as /proc/sys/fs/binfmt_misc has. I will have a better patch but it is not stable material, or last minute kernel material. So it will have to wait. Cc: stable@vger.kernel.org Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Acked-by: Gao feng <gaofeng@cn.fujitsu.com> Tested-by: Gao feng <gaofeng@cn.fujitsu.com> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
-rw-r--r--fs/namespace.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/namespace.c b/fs/namespace.c
index ac2ce8a766e1..be32ebccdeb1 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -2886,7 +2886,7 @@ bool fs_fully_visible(struct file_system_type *type)
2886 struct inode *inode = child->mnt_mountpoint->d_inode; 2886 struct inode *inode = child->mnt_mountpoint->d_inode;
2887 if (!S_ISDIR(inode->i_mode)) 2887 if (!S_ISDIR(inode->i_mode))
2888 goto next; 2888 goto next;
2889 if (inode->i_nlink != 2) 2889 if (inode->i_nlink > 2)
2890 goto next; 2890 goto next;
2891 } 2891 }
2892 visible = true; 2892 visible = true;