summaryrefslogtreecommitdiff
path: root/fs
diff options
context:
space:
mode:
authorEric W. Biederman <ebiederm@xmission.com>2013-03-15 01:45:51 -0700
committerSteven Rostedt <rostedt@goodmis.org>2013-04-11 18:17:16 -0400
commitadb1a15e32f7ca56af42ee5c5a456d61fc2edb97 (patch)
treed758004d81ef92b3e7f57b1753110f35a8552eea /fs
parent0ec04afd6175d5e64f73e2828a2a1cb11bdb2ab9 (diff)
downloadlinux-rt-adb1a15e32f7ca56af42ee5c5a456d61fc2edb97.tar.gz
userns: Don't allow creation if the user is chrooted
[ Upstream commit 3151527ee007b73a0ebd296010f1c0454a919c7d ] Guarantee that the policy of which files may be access that is established by setting the root directory will not be violated by user namespaces by verifying that the root directory points to the root of the mount namespace at the time of user namespace creation. Changing the root is a privileged operation, and as a matter of policy it serves to limit unprivileged processes to files below the current root directory. For reasons of simplicity and comprehensibility the privilege to change the root directory is gated solely on the CAP_SYS_CHROOT capability in the user namespace. Therefore when creating a user namespace we must ensure that the policy of which files may be access can not be violated by changing the root directory. Anyone who runs a processes in a chroot and would like to use user namespace can setup the same view of filesystems with a mount namespace instead. With this result that this is not a practical limitation for using user namespaces. Cc: stable@vger.kernel.org Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Reported-by: Andy Lutomirski <luto@amacapital.net> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Diffstat (limited to 'fs')
-rw-r--r--fs/namespace.c25
1 files changed, 25 insertions, 0 deletions
diff --git a/fs/namespace.c b/fs/namespace.c
index 7bdf7907413f..c48b0d3ba812 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -2681,3 +2681,28 @@ bool our_mnt(struct vfsmount *mnt)
{
return check_mnt(real_mount(mnt));
}
+
+bool current_chrooted(void)
+{
+ /* Does the current process have a non-standard root */
+ struct path ns_root;
+ struct path fs_root;
+ bool chrooted;
+
+ /* Find the namespace root */
+ ns_root.mnt = &current->nsproxy->mnt_ns->root->mnt;
+ ns_root.dentry = ns_root.mnt->mnt_root;
+ path_get(&ns_root);
+ while (d_mountpoint(ns_root.dentry) && follow_down_one(&ns_root))
+ ;
+
+ get_fs_root(current->fs, &fs_root);
+
+ chrooted = !path_equal(&fs_root, &ns_root);
+
+ path_put(&fs_root);
+ path_put(&ns_root);
+
+ return chrooted;
+}
+