diff options
| -rw-r--r-- | fs/fs_context.c | 5 | ||||
| -rw-r--r-- | fs/internal.h | 2 | ||||
| -rw-r--r-- | fs/super.c | 4 |
3 files changed, 7 insertions, 4 deletions
diff --git a/fs/fs_context.c b/fs/fs_context.c index a47ccd5a4a78..746a5871959c 100644 --- a/fs/fs_context.c +++ b/fs/fs_context.c @@ -662,6 +662,11 @@ static int legacy_get_tree(struct fs_context *fc) struct super_block *sb; struct dentry *root; + if (!(fc->sb_flags & (SB_KERNMOUNT|SB_SUBMOUNT))) { + if (!mount_capable(fc->fs_type, current_user_ns())) + return -EPERM; + } + root = fc->fs_type->mount(fc->fs_type, fc->sb_flags, fc->source, ctx->legacy_data); if (IS_ERR(root)) diff --git a/fs/internal.h b/fs/internal.h index 1ac2b8f6c621..65db901420af 100644 --- a/fs/internal.h +++ b/fs/internal.h @@ -18,6 +18,7 @@ struct path; struct mount; struct shrink_control; struct fs_context; +struct user_namespace; /* * block_dev.c @@ -113,6 +114,7 @@ extern struct file *alloc_empty_file_noaccount(int, const struct cred *); extern int reconfigure_super(struct fs_context *); extern bool trylock_super(struct super_block *sb); extern struct super_block *user_get_super(dev_t); +extern bool mount_capable(struct file_system_type *, struct user_namespace *); /* * open.c diff --git a/fs/super.c b/fs/super.c index 6919f5c728f0..bdb03255c7ea 100644 --- a/fs/super.c +++ b/fs/super.c @@ -583,10 +583,6 @@ struct super_block *sget_userns(struct file_system_type *type, struct super_block *old; int err; - if (!(flags & (SB_KERNMOUNT|SB_SUBMOUNT))) { - if (!mount_capable(type, user_ns)) - return ERR_PTR(-EPERM); - } retry: spin_lock(&sb_lock); if (test) { |