nsfs: tighten permission checks for ns iteration ioctls (e6b899f0) · Commits · git / linux-net

fs/nsfs.c

+13 −0

Original line number	Diff line number	Diff line
		@@ -199,6 +199,17 @@ static bool nsfs_ioctl_valid(unsigned int cmd)
		return false;
		}

		static bool may_use_nsfs_ioctl(unsigned int cmd)
		{
		switch (_IOC_NR(cmd)) {
		case _IOC_NR(NS_MNT_GET_NEXT):
		fallthrough;
		case _IOC_NR(NS_MNT_GET_PREV):
		return may_see_all_namespaces();
		}
		return true;
		}

		static long ns_ioctl(struct file *filp, unsigned int ioctl,
		unsigned long arg)
		{
		@@ -214,6 +225,8 @@ static long ns_ioctl(struct file *filp, unsigned int ioctl,

		if (!nsfs_ioctl_valid(ioctl))
		return -ENOIOCTLCMD;
		if (!may_use_nsfs_ioctl(ioctl))
		return -EPERM;

		ns = get_proc_ns(file_inode(filp));
		switch (ioctl) {

+2 −0

Original line number	Diff line number	Diff line
		@@ -55,6 +55,8 @@ static __always_inline bool is_ns_init_id(const struct ns_common *ns)

		#define ns_common_free(__ns) __ns_common_free(to_ns_common((__ns)))

		bool may_see_all_namespaces(void);

		static __always_inline __must_check int __ns_ref_active_read(const struct ns_common *ns)
		{
		return atomic_read(&ns->__ns_ref_active);

+6 −0

Original line number	Diff line number	Diff line
		@@ -309,3 +309,9 @@ void __ns_ref_active_get(struct ns_common *ns)
		return;
		}
		}

		bool may_see_all_namespaces(void)
		{
		return (task_active_pid_ns(current) == &init_pid_ns) &&
		ns_capable_noaudit(init_pid_ns.user_ns, CAP_SYS_ADMIN);
		}