• Eric W. Biederman's avatar
    vfs: Fix a regression in mounting proc · 41301ae7
    Eric W. Biederman authored
    Gao feng <gaofeng@cn.fujitsu.com> reported that commit
    userns: Better restrictions on when proc and sysfs can be mounted
    caused a regression on mounting a new instance of proc in a mount
    namespace created with user namespace privileges, when binfmt_misc
    is mounted on /proc/sys/fs/binfmt_misc.
    This is an unintended regression caused by the absolutely bogus empty
    directory check in fs_fully_visible.  The check fs_fully_visible replaced
    didn't even bother to attempt to verify proc was fully visible and
    hiding proc files with any kind of mount is rare.  So for now fix
    the userspace regression by allowing directory with nlink == 1
    as /proc/sys/fs/binfmt_misc has.
    I will have a better patch but it is not stable material, or
    last minute kernel material.  So it will have to wait.
    Cc: stable@vger.kernel.org
    Acked-by: default avatarSerge Hallyn <serge.hallyn@canonical.com>
    Acked-by: default avatarGao feng <gaofeng@cn.fujitsu.com>
    Tested-by: default avatarGao feng <gaofeng@cn.fujitsu.com>
    Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
namespace.c 70.9 KB