From patchwork Fri Jul 22 14:44:05 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Seth Forshee X-Patchwork-Id: 651682 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) by ozlabs.org (Postfix) with ESMTP id 3rwthL0KjFz9stc; Sat, 23 Jul 2016 00:44:18 +1000 (AEST) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=canonical-com.20150623.gappssmtp.com header.i=@canonical-com.20150623.gappssmtp.com header.b=qKTejZYT; dkim-atps=neutral Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.76) (envelope-from ) id 1bQbgS-0001OF-Vs; Fri, 22 Jul 2016 14:44:12 +0000 Received: from mail-oi0-f50.google.com ([209.85.218.50]) by huckleberry.canonical.com with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1bQbgO-0001Ir-6m for kernel-team@lists.ubuntu.com; Fri, 22 Jul 2016 14:44:08 +0000 Received: by mail-oi0-f50.google.com with SMTP id w18so165626241oiw.3 for ; Fri, 22 Jul 2016 07:44:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical-com.20150623.gappssmtp.com; s=20150623; h=from:to:subject:date:message-id; bh=NcnFZvYbWkOope49jWjDRGQQ4numqv01TJGifUOnKRU=; b=qKTejZYTgEt0Okf9kMIa1K2R+m8oUjYp0TJ23SuyKiH5fSL9insIcK4KZBnGN47Ysx VRshb0KPZNHWTSNWt0YdEuFwiQN84yesG96zfKy4J5+EL/eWFRhgjwz9U5Uyl2yKNFhm ZA2GoI7zQ+9E0b1R3xzf4rwdw/0ptrG7cKO3QUj85cgBbMdBSjjwLKha8uqjCj4DfKgI 3ML6wPTwVjd11aTmjESXkzpqNP9Ym0Y0/DktDByEEIj2xe37Q4MDzd/M9yPo624Ckui3 0djvuBZeYGZdVR1+l6BQLWGnsmgOA7VoRI4cTYlZhclXYNve6b1KyQnlvosorJvYZ2qY lOlw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:subject:date:message-id; bh=NcnFZvYbWkOope49jWjDRGQQ4numqv01TJGifUOnKRU=; b=VvVfT03f5X3DuTe2a66ZeCJ9CGII/0AG5YdzOkrVgW4Q+qemx+jMZCYbtIv5/cIJjI bnetXTy1FLYIFZgdNu2/f0KkN4uO449dxwL1nO9eg0v9Nthneya5rWhAn5z27AU06sic LzUL5W5uL7wO0HhmCGEvFhdeXmTJT1QC9CMb2SqOjHhJ1q10k4Wyy6Xdum0QKk3OEgTx t0jovTR9oTNVXLPQmkkqOsBdR9a5nycLd0v85ap9GEFIDzm+Hd3dOSx9vpDE2ieEgcJ8 Wx/E+nU6JyXZlTWg6jQGmlyoBYQJ+vneALC7PAt/XPmlqtoG469jY1t0h67/UUJNaI0n agAA== X-Gm-Message-State: AEkoouuNnvoBYkEm6afp3itw/oSsod1VJW08fTFKLLkgkQ0nNsE9ghrWqhh7qqQk7uZm5PJL X-Received: by 10.157.42.48 with SMTP id t45mr2349473ota.6.1469198646850; Fri, 22 Jul 2016 07:44:06 -0700 (PDT) Received: from localhost ([2605:a601:aab:f920:20d5:ff79:6f:5aa5]) by smtp.gmail.com with ESMTPSA id m87sm5388043oik.16.2016.07.22.07.44.05 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 22 Jul 2016 07:44:06 -0700 (PDT) From: Seth Forshee To: kernel-team@lists.ubuntu.com Subject: [PATCH][xenial SRU] UBUNTU: SAUCE: (namespace) Bypass sget() capability check for nfs Date: Fri, 22 Jul 2016 09:44:05 -0500 Message-Id: <1469198645-16997-1-git-send-email-seth.forshee@canonical.com> X-Mailer: git-send-email 2.7.4 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.14 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: kernel-team-bounces@lists.ubuntu.com BugLink: http://bugs.launchpad.net/bugs/1603719 302cabb "UBUNTU: SAUCE: (namespace) Sync with upstream s_user_ns patches" added a capability check to sget() which causes a regression for automatic submounts, which may happen in the context of an unprivileged user. The capability check is not necessary in this case. The check can be bypassed by using sget_userns() instead. init_user_namespace should be used for the user ns since nfs does not support unprivileged mounting. This change makes the nfs mount behavior in xenial functionally identical to upstream. Signed-off-by: Seth Forshee Acked-by: Andy Whitcroft --- fs/nfs/super.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fs/nfs/super.c b/fs/nfs/super.c index f126828..8a57020 100644 --- a/fs/nfs/super.c +++ b/fs/nfs/super.c @@ -2559,7 +2559,8 @@ struct dentry *nfs_fs_mount_common(struct nfs_server *server, sb_mntdata.mntflags |= MS_SYNCHRONOUS; /* Get a superblock - note that we may end up sharing one that already exists */ - s = sget(nfs_mod->nfs_fs, compare_super, nfs_set_super, flags, &sb_mntdata); + s = sget_userns(nfs_mod->nfs_fs, compare_super, nfs_set_super, flags, + &init_user_ns, &sb_mntdata); if (IS_ERR(s)) { mntroot = ERR_CAST(s); goto out_err_nosb;