Received: by 2002:ac0:a591:0:0:0:0:0 with SMTP id m17-v6csp1905861imm; Sun, 8 Jul 2018 14:08:56 -0700 (PDT) X-Google-Smtp-Source: AAOMgpecUBc6VY8X25sAxy2QmBr+BbTsEkCjiyd/ei4LJIgUzMyDpR2AdhACakBoUQZL4DasDmHY X-Received: by 2002:a17:902:b717:: with SMTP id d23-v6mr18105092pls.105.1531084136113; Sun, 08 Jul 2018 14:08:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1531084136; cv=none; d=google.com; s=arc-20160816; b=ubl0sKlLnk4IpFP7GAHuZK07vl55MrU6GCcUOPC9TKfJ4e0hy+K5Vv+OQxylulUYkf yHlYaguIoTFPiyhyKJysYzq02NMWEc+swMU5DQWPD2n7VM7fOSv1HOsBUOkmkta5Rb0o anCkL68vjQg/mwMQREeBAEcjL2CkPAn/3NeX9W3pCbJJohtoV9xl62xC7rYnwtH9VnKj 5KfXN/GIobOfqiAOCv9qFR+zDwAAOLpAXoDqjKLHwTLNy2qKkJ1LrPtI3vipthjXLBJT vFfXjr+O0dUcDUHpQq1CMS6DmL65tZ1NQdCrTLJ1F8UXIwj5uXXcJ6i7j4SV/twtiEaV G3dg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=DQT+lxbnzZ/5JAfVa5mau1dvb6l8qMsV5xYDJNwj17U=; b=UHu39f8EEEfaI3xuryOW7GxuF6ttMEeeBN4UI4qpnuwnU0b1XGlulsJ6hyb5ze8cu7 +BtIBT/Jxxidmt06JFC3r7c70IBADVEWh3WQFG6BCmAfPfspC8yTfeCvabvlSlEQiXdA E+S2P1d+g/rc9M46hkFYs8fdygMA/QshalcgIFzB/nWn04Pfik9HQH/nsOfPCkgws4M1 yOCm1moNBLvzker1jpXukgpWz2Db4Wz+PreldVJ4p/urY/ECyOs5ucWirmcQC20Q/hP7 RDHz7gLP7lg3GvH04rcRlohxnelUnVTgUMp6f2ByeHsDbRhQhFDlb6YNhdczIFyViFc7 7CGg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=YAUrVSow; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g3-v6si12784187plp.506.2018.07.08.14.08.41; Sun, 08 Jul 2018 14:08:56 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=YAUrVSow; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933578AbeGHVHY (ORCPT + 99 others); Sun, 8 Jul 2018 17:07:24 -0400 Received: from mail-pg1-f181.google.com ([209.85.215.181]:35972 "EHLO mail-pg1-f181.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933368AbeGHVFn (ORCPT ); Sun, 8 Jul 2018 17:05:43 -0400 Received: by mail-pg1-f181.google.com with SMTP id m19-v6so845643pgv.3; Sun, 08 Jul 2018 14:05:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=DQT+lxbnzZ/5JAfVa5mau1dvb6l8qMsV5xYDJNwj17U=; b=YAUrVSowZSn3psE8Nqd1Nzss26L+xRYVcO773Py4LV5eKHBFM/cUzJyu7ujSxxoRoi YDJNXVyLey+HZBez9TAml2pLpdFV1AeC9NVM+3GeM8wypbdw8RyEu1QAdnCiIgvLxwnG eqpSzky41Y54PWhl074kiwxdiU10Z/WLHUVij3ZN0DEJCwE4mkoZaIQ3FiZ1rIQ2dAn1 X6JbCd0BacI2Qzi9byzFDGSn9h7msIR0VLoeJEnM7u/juAxKuUsX11Z0tvo4UTHTL44U mLlR48azxlHge/gzp8DgRZY7b6PveZY5OYb6NJxIE5edzhal4Yp5VSZ2GaFW4v/Mb589 4XEQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=DQT+lxbnzZ/5JAfVa5mau1dvb6l8qMsV5xYDJNwj17U=; b=O/JLhiSEzYkLu7l5WtYsSkr56rwLCUud3Hq3k6GbSauZx91QZ/slEBnhAzB9nHWTro R0QvcvblkK7zfE5OTddx/X+DaHL5OJ3UhIMVbxEk470DXQAwQBnw6icMQsYE+14hcHSL holfw3IXBLLgLdhDGk12s6rp87FNQ71lLKfen7dlb+vfNJKqO8sUX1+oDO6aZW/Nd1ZB JR2EOga30Ec8byDrWLH9CFYzY8S1JVLQnDPzn9ZByg3TXQsjpxYTGQTtvMwAp66zieG4 VyRPNZ2oBhqgvB6wFfS8WkAtGPwofJ9YR2s8oCIdXZqycK8i662SvCRlv4mXu5ZTHyMv UgAQ== X-Gm-Message-State: APt69E3BtnQCJqOb+vYFzi36xYH1z5SRT2w2/yWChY78vXZ6bykfWREg VNudguVAWVmVBNFojhA3zYw= X-Received: by 2002:a62:42d7:: with SMTP id h84-v6mr18648787pfd.146.1531083942842; Sun, 08 Jul 2018 14:05:42 -0700 (PDT) Received: from sol.localdomain (c-67-185-97-198.hsd1.wa.comcast.net. [67.185.97.198]) by smtp.gmail.com with ESMTPSA id x68-v6sm23355681pfb.138.2018.07.08.14.05.42 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 08 Jul 2018 14:05:42 -0700 (PDT) From: Eric Biggers To: David Howells , Alexander Viro , linux-fsdevel@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Eric Biggers Subject: [PATCH 12/18] fspick: add missing permission check Date: Sun, 8 Jul 2018 14:01:48 -0700 Message-Id: <20180708210154.10423-13-ebiggers3@gmail.com> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180708210154.10423-1-ebiggers3@gmail.com> References: <20180708210154.10423-1-ebiggers3@gmail.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Eric Biggers Fixes: 99f8421020ac ("vfs: Implement fspick() to select a superblock for reconfiguration") Signed-off-by: Eric Biggers --- fs/fsopen.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/fsopen.c b/fs/fsopen.c index 3e439299ddf79..b3a22848f8eec 100644 --- a/fs/fsopen.c +++ b/fs/fsopen.c @@ -282,6 +282,9 @@ SYSCALL_DEFINE3(fspick, int, dfd, const char __user *, path, unsigned int, flags unsigned int lookup_flags; int ret; + if (!ns_capable(current->nsproxy->mnt_ns->user_ns, CAP_SYS_ADMIN)) + return -EPERM; + if ((flags & ~(FSPICK_CLOEXEC | FSPICK_SYMLINK_NOFOLLOW | FSPICK_NO_AUTOMOUNT | -- 2.18.0