Commit 41301ae7 authored by Eric W. Biederman's avatar Eric W. Biederman

vfs: Fix a regression in mounting proc

Gao feng <gaofeng@cn.fujitsu.com> reported that commit
e51db735
userns: Better restrictions on when proc and sysfs can be mounted
caused a regression on mounting a new instance of proc in a mount
namespace created with user namespace privileges, when binfmt_misc
is mounted on /proc/sys/fs/binfmt_misc.

This is an unintended regression caused by the absolutely bogus empty
directory check in fs_fully_visible.  The check fs_fully_visible replaced
didn't even bother to attempt to verify proc was fully visible and
hiding proc files with any kind of mount is rare.  So for now fix
the userspace regression by allowing directory with nlink == 1
as /proc/sys/fs/binfmt_misc has.

I will have a better patch but it is not stable material, or
last minute kernel material.  So it will have to wait.

Cc: stable@vger.kernel.org
Acked-by: default avatarSerge Hallyn <serge.hallyn@canonical.com>
Acked-by: default avatarGao feng <gaofeng@cn.fujitsu.com>
Tested-by: default avatarGao feng <gaofeng@cn.fujitsu.com>
Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
parent 1f7f4dde
...@@ -2886,7 +2886,7 @@ bool fs_fully_visible(struct file_system_type *type) ...@@ -2886,7 +2886,7 @@ bool fs_fully_visible(struct file_system_type *type)
struct inode *inode = child->mnt_mountpoint->d_inode; struct inode *inode = child->mnt_mountpoint->d_inode;
if (!S_ISDIR(inode->i_mode)) if (!S_ISDIR(inode->i_mode))
goto next; goto next;
if (inode->i_nlink != 2) if (inode->i_nlink > 2)
goto next; goto next;
} }
visible = true; visible = true;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment