[PATCH 0/4] listmount changes
Christian Brauner
brauner at kernel.org
Wed Nov 29 10:40:13 UTC 2023
On Wed, Nov 29, 2023 at 11:22:03AM +0100, Miklos Szeredi wrote:
> On Wed, 29 Nov 2023 at 10:53, Christian Brauner <brauner at kernel.org> wrote:
> >
> > On Tue, 28 Nov 2023 17:03:31 +0100, Miklos Szeredi wrote:
> > > This came out from me thinking about the best libc API. It contains a few
> > > changes that simplify and (I think) improve the interface.
> > >
> > > Tree:
> > >
> > > git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs.git#vfs.mount
> > >
> > > [...]
> >
> > Afaict, all changes as discussed. Thanks. I folded the fixes into the
> > main commit. Links to the patches that were folded are in the commit
> > message and explained in there as well. The final commit is now rather
> > small and easy to read.
>
> Looks good, thanks for folding the patches.
>
> > * Remove explicit LISTMOUNT_UNREACHABLE flag (cf. [1]). That
> > functionality can simply be made available by checking for required
> > privileges. If the caller is sufficiently privileged then list mounts
> > that can't be reached from the current root. If the caller isn't skip
> > mounts that can't be reached from the current root. This also makes
> > permission checking consistent with statmount() (cf. [3]).
>
> Skipping mounts based on privileges was what the initial version did.
> That inconsistency was the reason for introducing
> LISTMOUNT_UNREACHABLE. The final version doesn't skip mounts based on
> privileges, either all submounts are listed or the request is rejected
> with -EPERM.
Yeah, I phrased that badly. What I meant to convey is that mounts not
reachable from the current root are not reported as in skipped in the
loop. I've simplified this down to:
* Remove explicit LISTMOUNT_UNREACHABLE flag (cf. [1]) and fail if mount
is unreachable from current root. This also makes permission checking
consistent with statmount() (cf. [3]).
More information about the Linux-security-module-archive
mailing list