[PATCH] vfs: Fix incorrect user_ns assignment in proc and mqueue
From: David Howells
Date: Wed Oct 31 2018 - 14:45:08 EST
The user namespace set on a proc superblock should derive from the pid_ns
that the superblock is associated with and, similarly, an mqueue superblock
should derive from the ipc_ns that that is associated with.
Fix both of these to set the proposed user_ns appropriately in the
respective get_tree() functions.
Fixes: a593f22857a3 ("proc: Add fs_context support to procfs")
Fixes: ec772aa43dc7 ("ipc: Convert mqueue fs to fs_context")
Reported-by: Eric W. Biederman <ebiederm@xxxxxxxxxxxx>
Signed-off-by: David Howells <dhowells@xxxxxxxxxx>
cc: Alexey Dobriyan <adobriyan@xxxxxxxxx>
---
fs/proc/root.c | 2 ++
ipc/mqueue.c | 2 ++
2 files changed, 4 insertions(+)
diff --git a/fs/proc/root.c b/fs/proc/root.c
index b0627e622850..3033a900d421 100644
--- a/fs/proc/root.c
+++ b/fs/proc/root.c
@@ -162,6 +162,8 @@ static int proc_get_tree(struct fs_context *fc)
{
struct proc_fs_context *ctx = fc->fs_private;
+ put_user_ns(fc->user_ns);
+ fc->user_ns = get_user_ns(ctx->pid_ns->user_ns);
fc->s_fs_info = ctx->pid_ns;
return vfs_get_super(fc, vfs_get_keyed_super, proc_fill_super);
}
diff --git a/ipc/mqueue.c b/ipc/mqueue.c
index 869687d586a2..9e793c02f350 100644
--- a/ipc/mqueue.c
+++ b/ipc/mqueue.c
@@ -354,6 +354,8 @@ static int mqueue_get_tree(struct fs_context *fc)
{
struct mqueue_fs_context *ctx = fc->fs_private;
+ put_user_ns(fc->user_ns);
+ fc->user_ns = get_user_ns(ctx->ipc_ns->user_ns);
fc->s_fs_info = ctx->ipc_ns;
return vfs_get_super(fc, vfs_get_keyed_super, mqueue_fill_super);
}