vfs: Add a mount flag to lock read only bind mounts

When a read-only bind mount is copied from mount namespace in a higher privileged user namespace to a mount namespace in a lesser privileged user namespace, it should not be possible to remove the the read-only restriction. Add a MNT_LOCK_READONLY mount flag to indicate that a mount must remain read-only. CC: stable@vger.kernel.org Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>

vfs: Add a mount flag to lock read only bind mounts
When a read-only bind mount is copied from mount namespace in a higher privileged user namespace to a mount namespace in a lesser privileged user namespace, it should not be possible to remove the the read-only restriction. Add a MNT_LOCK_READONLY mount flag to indicate that a mount must remain read-only. CC: stable@vger.kernel.org Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
90563b19 · Eric W. Biederman · 3151527e · 90563b19 · 90563b19
Commit 90563b19 authored Mar 22, 2013 by Eric W. Biederman
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 0 deletions

fs/namespace.c fs/namespace.c +3 -0

include/linux/mount.h include/linux/mount.h +2 -0

No files found.
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -1713,6 +1713,9 @@ static int change_mount_flags(struct vfsmount *mnt, int ms_flags)
 	if (readonly_request == __mnt_is_readonly(mnt))
 		return 0;
+	if (mnt->mnt_flags & MNT_LOCK_READONLY)
+		return -EPERM;
 	if (readonly_request)
 		error = mnt_make_readonly(real_mount(mnt));
 	else

--- a/include/linux/mount.h
+++ b/include/linux/mount.h
@@ -47,6 +47,8 @@ struct mnt_namespace;
 #define MNT_INTERNAL	0x4000
+#define MNT_LOCK_READONLY	0x400000
 struct vfsmount {
 	struct dentry *mnt_root;	/* root of the mounted tree */
 	struct super_block *mnt_sb;	/* pointer to superblock */