Doug / smarc-fsl-linux-kernel

Download as
Browse Code ยป

Commit 90563b198e4c6674c63672fae1923da467215f45

Authored by Eric W. Biederman
1 parent 3151527ee0
Exists in smarc-l5.0.0_1.0.0-ga and in 5 other branches imx_3.10.17_1.0.1_ga, imx_3.10.53_1.1.0_ga, imx_3.14.28_1.0.0_ga, smarc-imx_3.10.53_1.1.0_ga, smarc-imx_3.14.28_1.0.0_ga

vfs: Add a mount flag to lock read only bind mounts 

When a read-only bind mount is copied from mount namespace in a higher
privileged user namespace to a mount namespace in a lesser privileged
user namespace, it should not be possible to remove the the read-only
restriction.

Add a MNT_LOCK_READONLY mount flag to indicate that a mount must
remain read-only.

CC: stable@vger.kernel.org
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>

Showing 2 changed files with 5 additions and 0 deletions Side-by-side Diff

... ... @@ -1713,6 +1713,9 @@
1713 1713 if (readonly_request == __mnt_is_readonly(mnt))
1714 1714 return 0;
1715 1715  
  1716 + if (mnt->mnt_flags & MNT_LOCK_READONLY)
  1717 + return -EPERM;
  1718 +
1716 1719 if (readonly_request)
1717 1720 error = mnt_make_readonly(real_mount(mnt));
1718 1721 else
include/linux/mount.h
Diff comments   View file @ 90563b1
... ... @@ -47,6 +47,8 @@
47 47  
48 48 #define MNT_INTERNAL 0x4000
49 49  
  50 +#define MNT_LOCK_READONLY 0x400000
  51 +
50 52 struct vfsmount {
51 53 struct dentry *mnt_root; /* root of the mounted tree */
52 54 struct super_block *mnt_sb; /* pointer to superblock */