Message ID | 1364986223-8693-1-git-send-email-luis.henriques@canonical.com |
---|---|
State | New |
Headers | show |
Luis Henriques <luis.henriques@canonical.com> writes: > This is a note to let you know that I have just added a patch titled > > vfs: Add a mount flag to lock read only bind mounts > > to the linux-3.5.y-queue branch of the 3.5.y.z extended stable tree > which can be found at: > > http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.5.y-queue > > If you, or anyone else, feels it should not be added to this tree, please > reply to this email. > > For more information about the 3.5.y.z tree, see > https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable This is harmless but the commit that makes this necessary is the commit that allows unprivileged changes to the user namespace in 3.8 Aka: commit 0c55cfc4166d9a0f38de779bd4d75a90afbe7734 Author: Eric W. Biederman <ebiederm@xmission.com> Date: Thu Jul 26 21:42:03 2012 -0700 vfs: Allow unprivileged manipulation of the mount namespace. So I believe this is a useless backport. Eric
On Wed, Apr 03, 2013 at 04:03:27PM -0700, Eric W. Biederman wrote: > Luis Henriques <luis.henriques@canonical.com> writes: > > > This is a note to let you know that I have just added a patch titled > > > > vfs: Add a mount flag to lock read only bind mounts > > > > to the linux-3.5.y-queue branch of the 3.5.y.z extended stable tree > > which can be found at: > > > > http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.5.y-queue > > > > If you, or anyone else, feels it should not be added to this tree, please > > reply to this email. > > > > For more information about the 3.5.y.z tree, see > > https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable > > This is harmless but the commit that makes this necessary is the commit > that allows unprivileged changes to the user namespace in 3.8 Aka: > > > commit 0c55cfc4166d9a0f38de779bd4d75a90afbe7734 > Author: Eric W. Biederman <ebiederm@xmission.com> > Date: Thu Jul 26 21:42:03 2012 -0700 > > vfs: Allow unprivileged manipulation of the mount namespace. > > So I believe this is a useless backport. Hmm, right. This patch is indeed pointless. I'll drop it. Thanks a lot for your feedback. Cheers, -- Luis
diff --git a/fs/namespace.c b/fs/namespace.c index 1e4a5fe..c8cd18c 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -1641,6 +1641,9 @@ static int change_mount_flags(struct vfsmount *mnt, int ms_flags) if (readonly_request == __mnt_is_readonly(mnt)) return 0; + if (mnt->mnt_flags & MNT_LOCK_READONLY) + return -EPERM; + if (readonly_request) error = mnt_make_readonly(real_mount(mnt)); else diff --git a/include/linux/mount.h b/include/linux/mount.h index d7029f4..73005f9 100644 --- a/include/linux/mount.h +++ b/include/linux/mount.h @@ -47,6 +47,8 @@ struct mnt_namespace; #define MNT_INTERNAL 0x4000 +#define MNT_LOCK_READONLY 0x400000 + struct vfsmount { struct dentry *mnt_root; /* root of the mounted tree */ struct super_block *mnt_sb; /* pointer to superblock */