OpenVZ Forum: Devel » [patch 00/10] (resend) mount ownership and unprivileged mount syscall

Home » Mailing lists » Devel » [patch 00/10] (resend) mount ownership and unprivileged mount syscall

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

[patch 02/10] allow unprivileged umount [message #18192 is a reply to message #18190]

Thu, 12 April 2007 16:45

Miklos Szeredi
Messages: 161
Registered: April 2007

Senior Member

From: Miklos Szeredi <mszeredi@suse.cz>

The owner doesn't need sysadmin capabilities to call umount().

Similar behavior as umount(8) on mounts having "user=UID" option in
/etc/mtab.  The difference is that umount also checks /etc/fstab,
presumably to exclude another mount on the same mountpoint.

Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
---

Index: linux/fs/namespace.c
===================================================================
--- linux.orig/fs/namespace.c	2007-04-11 20:07:51.000000000 +0200
+++ linux/fs/namespace.c	2007-04-11 20:08:05.000000000 +0200
@@ -659,6 +659,25 @@ static int do_umount(struct vfsmount *mn
 }
 
 /*
+ * umount is permitted for
+ *  - sysadmin
+ *  - mount owner, if not forced umount
+ */
+static bool permit_umount(struct vfsmount *mnt, int flags)
+{
+	if (capable(CAP_SYS_ADMIN))
+		return true;
+
+	if (!(mnt->mnt_flags & MNT_USER))
+		return false;
+
+	if (flags & MNT_FORCE)
+		return false;
+
+	return mnt->mnt_uid == current->uid;
+}
+
+/*
  * Now umount can handle mount points as well as block devices.
  * This is important for filesystems which use unnamed block devices.
  *
@@ -681,7 +700,7 @@ asmlinkage long sys_umount(char __user *
 		goto dput_and_out;
 
 	retval = -EPERM;
-	if (!capable(CAP_SYS_ADMIN))
+	if (!permit_umount(nd.mnt, flags))
 		goto dput_and_out;
 
 	retval = do_umount(nd.mnt, flags);

--
_______________________________________________
Containers mailing list
Containers@lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers

Report message to a moderator

[Message index]

		[patch 00/10] (resend) mount ownership and unprivileged mount syscall By: Miklos Szeredi on Thu, 12 April 2007 16:45
		[patch 01/10] add user mounts to the kernel By: Miklos Szeredi on Thu, 12 April 2007 16:45
		[patch 02/10] allow unprivileged umount By: Miklos Szeredi on Thu, 12 April 2007 16:45
		Re: [patch 02/10] allow unprivileged umount By: Greg KH on Mon, 16 April 2007 19:58
		[patch 03/10] account user mounts By: Miklos Szeredi on Thu, 12 April 2007 16:45
		[patch 04/10] add "permit user mounts" flag to namespaces By: Miklos Szeredi on Thu, 12 April 2007 16:45
		[patch 05/10] add "permit user mounts in new namespace" clone flag By: Miklos Szeredi on Thu, 12 April 2007 16:45
		Re: [patch 05/10] add "permit user mounts in new namespace" clone flag By: ebiederm on Fri, 13 April 2007 14:22
		Re: [patch 05/10] add "permit user mounts in new namespace" clone flag By: serue on Fri, 13 April 2007 13:47
		[patch 06/10] propagate error values from clone_mnt By: Miklos Szeredi on Thu, 12 April 2007 16:45
		[patch 07/10] allow unprivileged bind mounts By: Miklos Szeredi on Thu, 12 April 2007 16:45
		[patch 08/10] put declaration of put_filesystem() in fs.h By: Miklos Szeredi on Thu, 12 April 2007 16:45
		[patch 09/10] allow unprivileged mounts By: Miklos Szeredi on Thu, 12 April 2007 16:45
		[patch 10/10] allow unprivileged fuse mounts By: Miklos Szeredi on Thu, 12 April 2007 16:45

Previous Topic:	Re: [patch 0/8] unprivileged mount syscall
Next Topic:	Re: How to query mount propagation state?

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Thu Aug 15 12:50:17 GMT 2024

Total time taken to generate the page: 0.02818 seconds