[PATCH][SRU][D/E] UBUNTU: SAUCE: fs: Move SB_I_NOSUID to the top of s_iflags
Seth Forshee
seth.forshee at canonical.com
Thu Nov 7 17:21:53 UTC 2019
BugLink: https://bugs.launchpad.net/bugs/1851677
SB_I_NOSUID was added by a sauce patch, and over time it has come
to occpy the same bit in s_iflags as SB_I_USERNS_VISIBLE without
being noticed. overlayfs will set SB_I_NOSUID when any lower
mount is nosuid. When this happens for a user namespace mount,
mount_too_revealing() will perform additional, unnecessary checks
which may block mounting when it should be allowed.
Move SB_I_NOSUID to prevent this conflict, and move it to the top
of s_iflags to make future conflicts less likely.
Reported-by: Jann Horn <jannh at google.com>
Signed-off-by: Seth Forshee <seth.forshee at canonical.com>
---
include/linux/fs.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/linux/fs.h b/include/linux/fs.h
index 25bdf254d5c9..ff2767d66c31 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -1380,12 +1380,12 @@ extern int send_sigurg(struct fown_struct *fown);
#define SB_I_NOEXEC 0x00000002 /* Ignore executables on this fs */
#define SB_I_NODEV 0x00000004 /* Ignore devices on this fs */
#define SB_I_MULTIROOT 0x00000008 /* Multiple roots to the dentry tree */
-#define SB_I_NOSUID 0x00000010 /* Ignore suid on this fs */
/* sb->s_iflags to limit user namespace mounts */
#define SB_I_USERNS_VISIBLE 0x00000010 /* fstype already mounted */
#define SB_I_IMA_UNVERIFIABLE_SIGNATURE 0x00000020
#define SB_I_UNTRUSTED_MOUNTER 0x00000040
+#define SB_I_NOSUID 0x80000000 /* Ignore suid on this fs */
/* Possible states of 'frozen' field */
enum {
--
2.20.1
More information about the kernel-team
mailing list