fs: Remove check of s_user_ns for existing mounts in fs_fully_visible()

fs_fully_visible() ignores MNT_LOCK_NODEV when FS_USERS_DEV_MOUNT is not set for the filesystem, but there is a bug in the logic that may cause mounting to fail. It is doing this only when the existing mount is not in init_user_ns but should check the new mount instead. But the new mount is always in a non-init namespace when fs_fully_visible() is called, so that condition can simply be removed. Signed-off-by: Seth Forshee <seth.forshee@canonical.com>

fs: Remove check of s_user_ns for existing mounts in fs_fully_visible()
fs_fully_visible() ignores MNT_LOCK_NODEV when FS_USERS_DEV_MOUNT is not set for the filesystem, but there is a bug in the logic that may cause mounting to fail. It is doing this only when the existing mount is not in init_user_ns but should check the new mount instead. But the new mount is always in a non-init namespace when fs_fully_visible() is called, so that condition can simply be removed. Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
f7be69dd · Seth Forshee · 1b86ddd3 · f7be69dd
Commit f7be69dd authored Mar 29, 2016 by Seth Forshee
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 2 deletions

fs/namespace.c fs/namespace.c +1 -2

No files found.
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -3234,8 +3234,7 @@ static bool fs_fully_visible(struct file_system_type *type, int *new_mnt_flags)
 		mnt_flags = mnt->mnt.mnt_flags;
 		if (mnt->mnt.mnt_sb->s_iflags & SB_I_NOEXEC)
 			mnt_flags &= ~(MNT_LOCK_NOSUID | MNT_LOCK_NOEXEC);
-		if (mnt->mnt.mnt_sb->s_user_ns != &init_user_ns &&
-		    !(mnt->mnt.mnt_sb->s_type->fs_flags & FS_USERNS_DEV_MOUNT))
+		if (!(mnt->mnt.mnt_sb->s_type->fs_flags & FS_USERNS_DEV_MOUNT))
 			mnt_flags &= ~(MNT_LOCK_NODEV);

 		/* Verify the mount flags are equal to or more permissive