Commit 48ba620a authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace

Pull namespace fixes from Eric Biederman:
 "This is a set of 3 regression fixes.

  This fixes /proc/mounts when using "ip netns add <netns>" to display
  the actual mount point.

  This fixes a regression in clone that broke lxc-attach.

  This fixes a regression in the permission checks for mounting /proc
  that made proc unmountable if binfmt_misc was in use.  Oops.

  My apologies for sending this pull request so late.  Al Viro gave
  interesting review comments about the d_path fix that I wanted to
  address in detail before I sent this pull request.  Unfortunately a
  bad round of colds kept from addressing that in detail until today.
  The executive summary of the review was:

  Al: Is patching d_path really sufficient?
      The prepend_path, d_path, d_absolute_path, and __d_path family of
      functions is a really mess.

  Me: Yes, patching d_path is really sufficient.  Yes, the code is mess.
      No it is not appropriate to rewrite all of d_path for a regression
      that has existed for entirely too long already, when a two line
      change will do"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace:
  vfs: Fix a regression in mounting proc
  fork:  Allow CLONE_PARENT after setns(CLONE_NEWPID)
  vfs: In d_path don't call d_dname on a mount point
parents 8f211b6c 41301ae7
...@@ -3061,8 +3061,13 @@ char *d_path(const struct path *path, char *buf, int buflen) ...@@ -3061,8 +3061,13 @@ char *d_path(const struct path *path, char *buf, int buflen)
* thus don't need to be hashed. They also don't need a name until a * thus don't need to be hashed. They also don't need a name until a
* user wants to identify the object in /proc/pid/fd/. The little hack * user wants to identify the object in /proc/pid/fd/. The little hack
* below allows us to generate a name for these objects on demand: * below allows us to generate a name for these objects on demand:
*
* Some pseudo inodes are mountable. When they are mounted
* path->dentry == path->mnt->mnt_root. In that case don't call d_dname
* and instead have d_path return the mounted path.
*/ */
if (path->dentry->d_op && path->dentry->d_op->d_dname) if (path->dentry->d_op && path->dentry->d_op->d_dname &&
(!IS_ROOT(path->dentry) || path->dentry != path->mnt->mnt_root))
return path->dentry->d_op->d_dname(path->dentry, buf, buflen); return path->dentry->d_op->d_dname(path->dentry, buf, buflen);
rcu_read_lock(); rcu_read_lock();
......
...@@ -2886,7 +2886,7 @@ bool fs_fully_visible(struct file_system_type *type) ...@@ -2886,7 +2886,7 @@ bool fs_fully_visible(struct file_system_type *type)
struct inode *inode = child->mnt_mountpoint->d_inode; struct inode *inode = child->mnt_mountpoint->d_inode;
if (!S_ISDIR(inode->i_mode)) if (!S_ISDIR(inode->i_mode))
goto next; goto next;
if (inode->i_nlink != 2) if (inode->i_nlink > 2)
goto next; goto next;
} }
visible = true; visible = true;
......
...@@ -1172,7 +1172,7 @@ static struct task_struct *copy_process(unsigned long clone_flags, ...@@ -1172,7 +1172,7 @@ static struct task_struct *copy_process(unsigned long clone_flags,
* do not allow it to share a thread group or signal handlers or * do not allow it to share a thread group or signal handlers or
* parent with the forking task. * parent with the forking task.
*/ */
if (clone_flags & (CLONE_SIGHAND | CLONE_PARENT)) { if (clone_flags & CLONE_SIGHAND) {
if ((clone_flags & (CLONE_NEWUSER | CLONE_NEWPID)) || if ((clone_flags & (CLONE_NEWUSER | CLONE_NEWPID)) ||
(task_active_pid_ns(current) != (task_active_pid_ns(current) !=
current->nsproxy->pid_ns_for_children)) current->nsproxy->pid_ns_for_children))
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment