mnt: Refactor the logic for mounting sysfs and proc in a user namespace

[cascardo/linux.git] / fs / namespace.c

diff --git a/fs/namespace.c b/fs/namespace.c
index 1b9e111..8e7edaf 100644 (file)
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -2332,6 +2332,8 @@ unlock:
        return err;
 }
 
+static bool fs_fully_visible(struct file_system_type *fs_type);
+
 /*
  * create a new mount for userspace and request it to be added into the
  * namespace's tree
@@ -2363,6 +2365,10 @@ static int do_new_mount(struct path *path, const char *fstype, int flags,
                        flags |= MS_NODEV;
                        mnt_flags |= MNT_NODEV | MNT_LOCK_NODEV;
                }
+               if (type->fs_flags & FS_USERNS_VISIBLE) {
+                       if (!fs_fully_visible(type))
+                               return -EPERM;
+               }
        }
 
        mnt = vfs_kern_mount(type, flags, name, data);
@@ -3164,7 +3170,7 @@ bool current_chrooted(void)
        return chrooted;
 }
 
-bool fs_fully_visible(struct file_system_type *type)
+static bool fs_fully_visible(struct file_system_type *type)
 {
        struct mnt_namespace *ns = current->nsproxy->mnt_ns;
        struct mount *mnt;