19 Nov, 2012
1 commit
-
Sharing mount subtress with mount namespaces created by unprivileged
users allows unprivileged mounts created by unprivileged users to
propagate to mount namespaces controlled by privileged users.Prevent nasty consequences by changing shared subtrees to slave
subtress when an unprivileged users creates a new mount namespace.Acked-by: Serge Hallyn
Signed-off-by: "Eric W. Biederman"
04 Jan, 2012
17 commits
-
Signed-off-by: Al Viro
-
Signed-off-by: Al Viro
-
Signed-off-by: Al Viro
-
next pile of horrors, similar to mnt_parent one; this time it's
mnt_master.Signed-off-by: Al Viro
-
Signed-off-by: Al Viro
-
Signed-off-by: Al Viro
-
Signed-off-by: Al Viro
-
Signed-off-by: Al Viro
-
Signed-off-by: Al Viro
-
Signed-off-by: Al Viro
-
Signed-off-by: Al Viro
-
Signed-off-by: Al Viro
-
Signed-off-by: Al Viro
-
Signed-off-by: Al Viro
-
a) mount --move is checking that ->mnt_parent is non-NULL before
looking if that parent happens to be shared; ->mnt_parent is never
NULL and it's not even an misspelled !mnt_has_parent()b) pivot_root open-codes is_path_reachable(), poorly.
c) so does path_is_under(), while we are at it.
Signed-off-by: Al Viro
-
vfsmounts have ->mnt_parent pointing either to a different vfsmount
or to itself; it's never NULL and termination condition in loops
traversing the tree towards root is mnt == mnt->mnt_parent. At least
one place (see the next patch) is confused about what's going on;
let's add an explicit helper checking it right way and use it in
all places where we need it. Not that there had been too many,
but...Signed-off-by: Al Viro
-
some stuff in there can actually become static; some belongs to pnode.h
as it's a private interface between namespace.c and pnode.c...Signed-off-by: Al Viro
04 Mar, 2010
2 commits
-
The handling of mount flags in set_mnt_shared() got a little tangled
up during previous cleanups, with the following problems:* MNT_PNODE_MASK is defined as a literal constant when it should be a
bitwise xor of other MNT_* flags
* set_mnt_shared() clears and then sets MNT_SHARED (part of MNT_PNODE_MASK)
* MNT_PNODE_MASK could use a comment in mount.h
* MNT_PNODE_MASK is a terrible name, change to MNT_SHARED_MASKThis patch fixes these problems.
Signed-off-by: Al Viro
-
First of all, get_source() never results in CL_PROPAGATION
alone. We either get CL_MAKE_SHARED (for the continuation
of peer group) or CL_SLAVE (slave that is not shared) or both
(beginning of peer group among slaves). Massage the code to
make that explicit, kill CL_PROPAGATION test in clone_mnt()
(nothing sets CL_MAKE_SHARED without CL_PROPAGATION and in
clone_mnt() we are checking CL_PROPAGATION after we'd found
that there's no CL_SLAVE, so the check for CL_MAKE_SHARED
would do just as well).Fix comments, while we are at it...
Signed-off-by: Al Viro
23 Apr, 2008
1 commit
-
Show peer group ID of nearest dominating group that has intersection
with the mount's namespace.Signed-off-by: Miklos Szeredi
Signed-off-by: Al Viro
22 Apr, 2008
1 commit
-
Allow ->show() return SEQ_SKIP; that will discard all
output from that element and move on.Signed-off-by: Al Viro
21 Oct, 2007
1 commit
-
Get a snapshot of a subtree, creating private clones of vfsmounts
for all its components and release such snapshot resp.Signed-off-by: Al Viro
09 Dec, 2006
1 commit
-
Rename 'struct namespace' to 'struct mnt_namespace' to avoid confusion with
other namespaces being developped for the containers : pid, uts, ipc, etc.
'namespace' variables and attributes are also renamed to 'mnt_ns'Signed-off-by: Kirill Korotaev
Signed-off-by: Cedric Le Goater
Cc: Eric W. Biederman
Cc: Herbert Poetzl
Cc: Sukadev Bhattiprolu
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
08 Nov, 2005
6 commits
-
An unbindable mount does not forward or receive propagation. Also
unbindable mount disallows bind mounts. The semantics is as follows.Bind semantics:
It is invalid to bind mount an unbindable mount.Move semantics:
It is invalid to move an unbindable mount under shared mount.Clone-namespace semantics:
If a mount is unbindable in the parent namespace, the corresponding
cloned mount in the child namespace becomes unbindable too. Note:
there is subtle difference, unbindable mounts cannot be bind mounted
but can be cloned during clone-namespace.Signed-off-by: Ram Pai
Signed-off-by: Al Viro
Signed-off-by: Linus Torvalds -
A slave mount always has a master mount from which it receives
mount/umount events. Unlike shared mount the event propagation does not
flow from the slave mount to the master.Signed-off-by: Ram Pai
Signed-off-by: Al Viro
Signed-off-by: Linus Torvalds -
An unmount of a mount creates a umount event on the parent. If the
parent is a shared mount, it gets propagated to all mounts in the peer
group.Signed-off-by: Ram Pai
Signed-off-by: Al Viro
Signed-off-by: Linus Torvalds -
Implement handling of MS_BIND in presense of shared mounts (see
Documentation/sharedsubtree.txt in the end of patch series for detailed
description).Signed-off-by: Ram Pai
Signed-off-by: Al Viro
Signed-off-by: Linus Torvalds -
This creates shared mounts. A shared mount when bind-mounted to some
mountpoint, propagates mount/umount events to each other. All the
shared mounts that propagate events to each other belong to the same
peer-group.Signed-off-by: Ram Pai
Signed-off-by: Al Viro
Signed-off-by: Linus Torvalds -
A private mount does not forward or receive propagation. This patch
provides user the ability to convert any mount to private.Signed-off-by: Ram Pai
Signed-off-by: Al Viro
Signed-off-by: Linus Torvalds
