Date: Wed, 9 Mar 2016 14:32:39 -0600
From: "Serge E. Hallyn" <serge@hallyn.com>
To: Seth Forshee <seth.forshee@canonical.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>,
        Alexander Viro <viro@zeniv.linux.org.uk>,
        "Serge E. Hallyn" <serge.hallyn@ubuntu.com>,
        linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH 1/2] fs: Allow bind mounts with locked children on
 permaenetly empty directories
Message-ID: <20160309203239.GB3734@mail.hallyn.com>
References: <1457536687-32794-1-git-send-email-seth.forshee@canonical.com>
 <1457536687-32794-2-git-send-email-seth.forshee@canonical.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1457536687-32794-2-git-send-email-seth.forshee@canonical.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1008
Lines: 30

Quoting Seth Forshee (seth.forshee@canonical.com):
> Forbidding a bind mount due to a locked child on a permanently
> empty directory provides no security benefit since the
> directory cannot contain any contents which have been overmounted
> for security reasons.
> 
> Cc: stable@vger.kernel.org # v4.1+
> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>

Acked-by: Serge Hallyn <serge.hallyn@canonical.com>

> ---
>  fs/namespace.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/fs/namespace.c b/fs/namespace.c
> index 4fb1691b4355..930f5557b1d1 100644
> --- a/fs/namespace.c
> +++ b/fs/namespace.c
> @@ -2065,6 +2065,8 @@ static bool has_locked_children(struct mount *mnt, struct dentry *dentry)
>  	list_for_each_entry(child, &mnt->mnt_mounts, mnt_child) {
>  		if (!is_subdir(child->mnt_mountpoint, dentry))
>  			continue;
> +		if (is_empty_dir_inode(child->mnt_mountpoint->d_inode))
> +			continue;
>  
>  		if (child->mnt.mnt_flags & MNT_LOCKED)
>  			return true;
> -- 
> 1.9.1