From patchwork Thu Oct  3 20:57:17 2013
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Chris J Arges <chris.j.arges@canonical.com>
X-Patchwork-Id: 280429
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from huckleberry.canonical.com (huckleberry.canonical.com
	[91.189.94.19]) by ozlabs.org (Postfix) with ESMTP id 4983B2C00CC
	for <incoming@patchwork.ozlabs.org>;
	Fri,  4 Oct 2013 06:58:12 +1000 (EST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.76)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1VRpyI-0002Ht-Ma; Thu, 03 Oct 2013 20:58:06 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
	by huckleberry.canonical.com with esmtp (Exim 4.76)
	(envelope-from <chris.j.arges@canonical.com>) id 1VRpy5-0002GN-EU
	for kernel-team@lists.ubuntu.com; Thu, 03 Oct 2013 20:57:53 +0000
Received: from cpe-66-68-155-223.austin.res.rr.com ([66.68.155.223]
	helo=localhost.localdomain)
	by youngberry.canonical.com with esmtpsa
	(TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <chris.j.arges@canonical.com>)
	id 1VRpy5-0005R3-3X
	for kernel-team@lists.ubuntu.com; Thu, 03 Oct 2013 20:57:53 +0000
From: Chris J Arges <chris.j.arges@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [PATCH 1/2] mount: consolidate permission checks
Date: Thu,  3 Oct 2013 15:57:17 -0500
Message-Id: <1380833838-28454-2-git-send-email-chris.j.arges@canonical.com>
X-Mailer: git-send-email 1.7.9.5
In-Reply-To: <1380833838-28454-1-git-send-email-chris.j.arges@canonical.com>
References: <1380833838-28454-1-git-send-email-chris.j.arges@canonical.com>
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
MIME-Version: 1.0
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: kernel-team-bounces@lists.ubuntu.com

From: Al Viro <viro@zeniv.linux.org.uk>

BugLink: http://bugs.launchpad.net/bugs/1226726

... and ask for global CAP_SYS_ADMIN only for superblock-level remounts

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
(cherry picked from commit 57eccb830f1cc93d4b506ba306d8dfa685e0c88f)

Signed-off-by: Chris J Arges <chris.j.arges@canonical.com>
---
 fs/namespace.c |   40 +++++++---------------------------------
 1 file changed, 7 insertions(+), 33 deletions(-)

diff --git a/fs/namespace.c b/fs/namespace.c
index 94d8bad..7aa7a03 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -1305,24 +1305,6 @@ SYSCALL_DEFINE1(oldumount, char __user *, name)
 
 #endif
 
-static int mount_is_safe(struct path *path)
-{
-	if (may_mount())
-		return 0;
-	return -EPERM;
-#ifdef notyet
-	if (S_ISLNK(path->dentry->d_inode->i_mode))
-		return -EPERM;
-	if (path->dentry->d_inode->i_mode & S_ISVTX) {
-		if (current_uid() != path->dentry->d_inode->i_uid)
-			return -EPERM;
-	}
-	if (inode_permission(path->dentry->d_inode, MAY_WRITE))
-		return -EPERM;
-	return 0;
-#endif
-}
-
 static bool mnt_ns_loop(struct path *path)
 {
 	/* Could bind mounting the mount namespace inode cause a
@@ -1664,9 +1646,6 @@ static int do_change_type(struct path *path, int flag)
 	int type;
 	int err = 0;
 
-	if (!may_mount())
-		return -EPERM;
-
 	if (path->dentry != path->mnt->mnt_root)
 		return -EINVAL;
 
@@ -1700,9 +1679,7 @@ static int do_loopback(struct path *path, const char *old_name,
 	LIST_HEAD(umount_list);
 	struct path old_path;
 	struct mount *mnt = NULL, *old;
-	int err = mount_is_safe(path);
-	if (err)
-		return err;
+	int err;
 	if (!old_name || !*old_name)
 		return -EINVAL;
 	err = kern_path(old_name, LOOKUP_FOLLOW|LOOKUP_AUTOMOUNT, &old_path);
@@ -1782,9 +1759,6 @@ static int do_remount(struct path *path, int flags, int mnt_flags,
 	struct super_block *sb = path->mnt->mnt_sb;
 	struct mount *mnt = real_mount(path->mnt);
 
-	if (!capable(CAP_SYS_ADMIN))
-		return -EPERM;
-
 	if (!check_mnt(mnt))
 		return -EINVAL;
 
@@ -1798,6 +1772,8 @@ static int do_remount(struct path *path, int flags, int mnt_flags,
 	down_write(&sb->s_umount);
 	if (flags & MS_BIND)
 		err = change_mount_flags(path->mnt, flags);
+	else if (!capable(CAP_SYS_ADMIN))
+		err = -EPERM;
 	else
 		err = do_remount_sb(sb, flags, data, 0);
 	if (!err) {
@@ -1830,9 +1806,7 @@ static int do_move_mount(struct path *path, const char *old_name)
 	struct path old_path, parent_path;
 	struct mount *p;
 	struct mount *old;
-	int err = 0;
-	if (!may_mount())
-		return -EPERM;
+	int err;
 	if (!old_name || !*old_name)
 		return -EINVAL;
 	err = kern_path(old_name, LOOKUP_FOLLOW, &old_path);
@@ -1974,9 +1948,6 @@ static int do_new_mount(struct path *path, const char *fstype, int flags,
 	if (!fstype)
 		return -EINVAL;
 
-	if (!may_mount())
-		return -EPERM;
-
 	type = get_fs_type(fstype);
 	if (!type)
 		return -ENODEV;
@@ -2290,6 +2261,9 @@ long do_mount(const char *dev_name, const char *dir_name,
 	if (retval)
 		goto dput_out;
 
+	if (!may_mount())
+		return -EPERM;
+
 	/* Default to relatime unless overriden */
 	if (!(flags & MS_NOATIME))
 		mnt_flags |= MNT_RELATIME;