Commit 20284ab7 authored by Al Viro's avatar Al Viro

switch mount_capable() to fs_context

	now both callers of mount_capable() have access to fs_context;
the only difference is that for sget_fc() we have the possibility
of fc->global being true, while for legacy_get_tree() it's guaranteed
to be impossible.  Unify to more generic variant...
Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
parent fd912087
...@@ -663,7 +663,7 @@ static int legacy_get_tree(struct fs_context *fc) ...@@ -663,7 +663,7 @@ static int legacy_get_tree(struct fs_context *fc)
struct dentry *root; struct dentry *root;
if (!(fc->sb_flags & (SB_KERNMOUNT|SB_SUBMOUNT))) { if (!(fc->sb_flags & (SB_KERNMOUNT|SB_SUBMOUNT))) {
if (!mount_capable(fc->fs_type, fc->user_ns)) if (!mount_capable(fc))
return -EPERM; return -EPERM;
} }
......
...@@ -114,7 +114,7 @@ extern struct file *alloc_empty_file_noaccount(int, const struct cred *); ...@@ -114,7 +114,7 @@ extern struct file *alloc_empty_file_noaccount(int, const struct cred *);
extern int reconfigure_super(struct fs_context *); extern int reconfigure_super(struct fs_context *);
extern bool trylock_super(struct super_block *sb); extern bool trylock_super(struct super_block *sb);
extern struct super_block *user_get_super(dev_t); extern struct super_block *user_get_super(dev_t);
extern bool mount_capable(struct file_system_type *, struct user_namespace *); extern bool mount_capable(struct fs_context *);
/* /*
* open.c * open.c
......
...@@ -476,12 +476,15 @@ void generic_shutdown_super(struct super_block *sb) ...@@ -476,12 +476,15 @@ void generic_shutdown_super(struct super_block *sb)
EXPORT_SYMBOL(generic_shutdown_super); EXPORT_SYMBOL(generic_shutdown_super);
bool mount_capable(struct file_system_type *type, struct user_namespace *userns) bool mount_capable(struct fs_context *fc)
{ {
if (!(type->fs_flags & FS_USERNS_MOUNT)) struct user_namespace *user_ns = fc->global ? &init_user_ns
: fc->user_ns;
if (!(fc->fs_type->fs_flags & FS_USERNS_MOUNT))
return capable(CAP_SYS_ADMIN); return capable(CAP_SYS_ADMIN);
else else
return ns_capable(userns, CAP_SYS_ADMIN); return ns_capable(user_ns, CAP_SYS_ADMIN);
} }
/** /**
...@@ -513,7 +516,7 @@ struct super_block *sget_fc(struct fs_context *fc, ...@@ -513,7 +516,7 @@ struct super_block *sget_fc(struct fs_context *fc,
if (!(fc->sb_flags & SB_KERNMOUNT) && if (!(fc->sb_flags & SB_KERNMOUNT) &&
fc->purpose != FS_CONTEXT_FOR_SUBMOUNT) { fc->purpose != FS_CONTEXT_FOR_SUBMOUNT) {
if (!mount_capable(fc->fs_type, user_ns)) if (!mount_capable(fc))
return ERR_PTR(-EPERM); return ERR_PTR(-EPERM);
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment