Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
Pull namespace fixes from Eric Biederman: "This is a set of 3 regression fixes. This fixes /proc/mounts when using "ip netns add <netns>" to display the actual mount point. This fixes a regression in clone that broke lxc-attach. This fixes a regression in the permission checks for mounting /proc that made proc unmountable if binfmt_misc was in use. Oops. My apologies for sending this pull request so late. Al Viro gave interesting review comments about the d_path fix that I wanted to address in detail before I sent this pull request. Unfortunately a bad round of colds kept from addressing that in detail until today. The executive summary of the review was: Al: Is patching d_path really sufficient? The prepend_path, d_path, d_absolute_path, and __d_path family of functions is a really mess. Me: Yes, patching d_path is really sufficient. Yes, the code is mess. No it is not appropriate to rewrite all of d_path for a regression that has existed for entirely too long already, when a two line change will do" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace: vfs: Fix a regression in mounting proc fork: Allow CLONE_PARENT after setns(CLONE_NEWPID) vfs: In d_path don't call d_dname on a mount point
This commit is contained in:
commit
48ba620aab
|
@ -3061,8 +3061,13 @@ char *d_path(const struct path *path, char *buf, int buflen)
|
|||
* thus don't need to be hashed. They also don't need a name until a
|
||||
* user wants to identify the object in /proc/pid/fd/. The little hack
|
||||
* below allows us to generate a name for these objects on demand:
|
||||
*
|
||||
* Some pseudo inodes are mountable. When they are mounted
|
||||
* path->dentry == path->mnt->mnt_root. In that case don't call d_dname
|
||||
* and instead have d_path return the mounted path.
|
||||
*/
|
||||
if (path->dentry->d_op && path->dentry->d_op->d_dname)
|
||||
if (path->dentry->d_op && path->dentry->d_op->d_dname &&
|
||||
(!IS_ROOT(path->dentry) || path->dentry != path->mnt->mnt_root))
|
||||
return path->dentry->d_op->d_dname(path->dentry, buf, buflen);
|
||||
|
||||
rcu_read_lock();
|
||||
|
|
|
@ -2886,7 +2886,7 @@ bool fs_fully_visible(struct file_system_type *type)
|
|||
struct inode *inode = child->mnt_mountpoint->d_inode;
|
||||
if (!S_ISDIR(inode->i_mode))
|
||||
goto next;
|
||||
if (inode->i_nlink != 2)
|
||||
if (inode->i_nlink > 2)
|
||||
goto next;
|
||||
}
|
||||
visible = true;
|
||||
|
|
|
@ -1172,7 +1172,7 @@ static struct task_struct *copy_process(unsigned long clone_flags,
|
|||
* do not allow it to share a thread group or signal handlers or
|
||||
* parent with the forking task.
|
||||
*/
|
||||
if (clone_flags & (CLONE_SIGHAND | CLONE_PARENT)) {
|
||||
if (clone_flags & CLONE_SIGHAND) {
|
||||
if ((clone_flags & (CLONE_NEWUSER | CLONE_NEWPID)) ||
|
||||
(task_active_pid_ns(current) !=
|
||||
current->nsproxy->pid_ns_for_children))
|
||||
|
|
Loading…
Reference in New Issue
Block a user