Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp1591887imm;
        Fri, 12 Oct 2018 23:12:19 -0700 (PDT)
X-Google-Smtp-Source: ACcGV62e4ByE06N6Tvq3SiKLjM5xDEUSmY9Nz0AXQQuHi2hmCts3UVVsDOpZVIqoNFB64NV+MEBy
X-Received: by 2002:a62:d40d:: with SMTP id a13-v6mr9362248pfh.23.1539411139669;
        Fri, 12 Oct 2018 23:12:19 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1539411139; cv=none;
        d=google.com; s=arc-20160816;
        b=v7QJ36Lx4yGSZe/4pB2yyxKDjOfCNBGfOX0JwKiAQvkJnzsllkuJ7Z/cOZ9W2SR9mm
         gBS5bpZH6QsFxadsZkHZriG535YW1Q4CitjH1nXswkmuUANm9cgUhFTzsC0CFdtifQcJ
         ZY73fiCJbnjj8HqMTEi6nDKfLIu7cQ0rooQlZy5sf8aN8dZODwB5mo20s7d5YPNYRbLO
         lI6ctnr9/LIHt9IezDzt5LV9jJr6d6uTCaZBxjnMs9yENvzBdJfUiq9hIwiQqvsBMDkf
         Fns+2aF0l3SqENZ9ojrZm4HQLXA4Oxt+26syK5qlz8/ov2yssOzznmxsoINwwHp3mANn
         jPuw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-transfer-encoding:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date;
        bh=+7ZUYSSh52ALRmFzpnNWXQXCAeIVsdlw9mXSsqgmAyU=;
        b=ZxcYVzvkLHt4f7IT+DmckaytgtRrunXTonbwjOdq3vn0bcwYS/38fQHVL2r6nLfbNy
         apoxwBoIhnIlbnbE6Ks9+OCBDLoJ3Q40gR89BVKlueOvBEcgLbzQhDxC7yP4PL5gK9zZ
         Y+LqYPCx1MGFpFWTfthQU/C7jGeu9VuAEo7QQ872ZRcDKArzd0lPl3JJCM7eaiw7AGiu
         2DVajm8f13xavvG7EySCo5nsdxSJfdkWHiD1+RsastA5k5ixKxAlsGep8ytyoCbF1FpB
         G1BMOOViIvBqBkGy6MNSEp29PQaZ7EqNB+9o22I3t8lraqT7jSk695Q/GY6QJTYKay6T
         +zgA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id o15-v6si3626012pgf.253.2018.10.12.23.12.04;
        Fri, 12 Oct 2018 23:12:19 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726636AbeJMNrg (ORCPT <rfc822;chaneybenjamini@gmail.com>
        + 99 others); Sat, 13 Oct 2018 09:47:36 -0400
Received: from zeniv.linux.org.uk ([195.92.253.2]:46780 "EHLO
        ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726417AbeJMNrg (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 13 Oct 2018 09:47:36 -0400
Received: from viro by ZenIV.linux.org.uk with local (Exim 4.90_1 #2 (Red Hat Linux))
        id 1gBD9J-0003oa-AN; Sat, 13 Oct 2018 06:11:41 +0000
Date:   Sat, 13 Oct 2018 07:11:41 +0100
From:   Al Viro <viro@ZenIV.linux.org.uk>
To:     Alan Jenkins <alan.christopher.jenkins@gmail.com>
Cc:     David Howells <dhowells@redhat.com>, linux-api@vger.kernel.org,
        torvalds@linux-foundation.org, ebiederm@xmission.com,
        linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
        mszeredi@redhat.com
Subject: Re: [PATCH 31/34] vfs: syscall: Add fspick() to select a superblock
 for reconfiguration [ver #12]
Message-ID: <20181013061141.GR32577@ZenIV.linux.org.uk>
References: <153754740781.17872.7869536526927736855.stgit@warthog.procyon.org.uk>
 <153754766004.17872.9829232103614083565.stgit@warthog.procyon.org.uk>
 <9b8bf436-65de-13b9-0002-0479d11c18ca@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <9b8bf436-65de-13b9-0002-0479d11c18ca@gmail.com>
User-Agent: Mutt/1.9.1 (2017-09-22)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, Oct 12, 2018 at 03:49:50PM +0100, Alan Jenkins wrote:
> > +SYSCALL_DEFINE3(fspick, int, dfd, const char __user *, path, unsigned int, flags)
> > +{
> > +	struct fs_context *fc;
> > +	struct path target;
> > +	unsigned int lookup_flags;
> > +	int ret;
> > +
> > +	if (!ns_capable(current->nsproxy->mnt_ns->user_ns, CAP_SYS_ADMIN))
> > +		return -EPERM;
> 
> 
> This seems to accept basically any mount.? Specifically: are you sure it's
> OK to return a handle to a SB_NO_USER superblock?

Umm...  As long as we don't try to do pathname resolution from its ->s_root,
shouldn't be a problem and I don't see anything that would do that.  I might've
missed something, but...