From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-qk0-f195.google.com ([209.85.220.195]:36845 "EHLO mail-qk0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751001AbcFWLuK (ORCPT ); Thu, 23 Jun 2016 07:50:10 -0400 Received: by mail-qk0-f195.google.com with SMTP id l81so15439490qke.3 for ; Thu, 23 Jun 2016 04:50:10 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: <20160620172130.15712-5-ebiederm@xmission.com> References: <87fus77pns.fsf@x220.int.ebiederm.org> <20160620172130.15712-1-ebiederm@xmission.com> <20160620172130.15712-5-ebiederm@xmission.com> From: Djalal Harouni Date: Thu, 23 Jun 2016 13:50:08 +0200 Message-ID: Subject: Re: [PATCH review 05/13] proc: Convert proc_mount to use mount_ns. To: "Eric W. Biederman" Cc: Linux Containers , Linux FS Devel , Miklos Szeredi , James Bottomley , Seth Forshee , "Serge E. Hallyn" , Andy Lutomirski Content-Type: text/plain; charset=UTF-8 Sender: linux-fsdevel-owner@vger.kernel.org List-ID: On Mon, Jun 20, 2016 at 7:21 PM, Eric W. Biederman wrote: > Move the call of get_pid_ns, the call of proc_parse_options, and > the setting of s_iflags into proc_fill_super so that mount_ns > can be used. > > Convert proc_mount to call mount_ns and remove the now unnecessary > code. > > Acked-by: Seth Forshee > Signed-off-by: "Eric W. Biederman" Reviewed-by: Djalal Harouni > --- > fs/proc/inode.c | 9 +++++++-- > fs/proc/internal.h | 3 ++- > fs/proc/root.c | 52 ++++------------------------------------------------ > 3 files changed, 13 insertions(+), 51 deletions(-) > > diff --git a/fs/proc/inode.c b/fs/proc/inode.c > index 78fa452d65ed..f4817efb25a6 100644 > --- a/fs/proc/inode.c > +++ b/fs/proc/inode.c > @@ -457,12 +457,17 @@ struct inode *proc_get_inode(struct super_block *sb, struct proc_dir_entry *de) > return inode; > } > > -int proc_fill_super(struct super_block *s) > +int proc_fill_super(struct super_block *s, void *data, int silent) > { > + struct pid_namespace *ns = get_pid_ns(s->s_fs_info); > struct inode *root_inode; > int ret; > > - s->s_iflags |= SB_I_USERNS_VISIBLE; > + if (!proc_parse_options(data, ns)) > + return -EINVAL; > + > + /* User space would break if executables appear on proc */ > + s->s_iflags |= SB_I_USERNS_VISIBLE | SB_I_NOEXEC; > s->s_flags |= MS_NODIRATIME | MS_NOSUID | MS_NOEXEC; > s->s_blocksize = 1024; > s->s_blocksize_bits = 10; > diff --git a/fs/proc/internal.h b/fs/proc/internal.h > index aa2781095bd1..7931c558c192 100644 > --- a/fs/proc/internal.h > +++ b/fs/proc/internal.h > @@ -212,7 +212,7 @@ extern const struct inode_operations proc_pid_link_inode_operations; > > extern void proc_init_inodecache(void); > extern struct inode *proc_get_inode(struct super_block *, struct proc_dir_entry *); > -extern int proc_fill_super(struct super_block *); > +extern int proc_fill_super(struct super_block *, void *data, int flags); > extern void proc_entry_rundown(struct proc_dir_entry *); > > /* > @@ -268,6 +268,7 @@ static inline void proc_tty_init(void) {} > * root.c > */ > extern struct proc_dir_entry proc_root; > +extern int proc_parse_options(char *options, struct pid_namespace *pid); > > extern void proc_self_init(void); > extern int proc_remount(struct super_block *, int *, char *); > diff --git a/fs/proc/root.c b/fs/proc/root.c > index a1b2860fec62..8d3e484055a6 100644 > --- a/fs/proc/root.c > +++ b/fs/proc/root.c > @@ -23,21 +23,6 @@ > > #include "internal.h" > > -static int proc_test_super(struct super_block *sb, void *data) > -{ > - return sb->s_fs_info == data; > -} > - > -static int proc_set_super(struct super_block *sb, void *data) > -{ > - int err = set_anon_super(sb, NULL); > - if (!err) { > - struct pid_namespace *ns = (struct pid_namespace *)data; > - sb->s_fs_info = get_pid_ns(ns); > - } > - return err; > -} > - > enum { > Opt_gid, Opt_hidepid, Opt_err, > }; > @@ -48,7 +33,7 @@ static const match_table_t tokens = { > {Opt_err, NULL}, > }; > > -static int proc_parse_options(char *options, struct pid_namespace *pid) > +int proc_parse_options(char *options, struct pid_namespace *pid) > { > char *p; > substring_t args[MAX_OPT_ARGS]; > @@ -100,45 +85,16 @@ int proc_remount(struct super_block *sb, int *flags, char *data) > static struct dentry *proc_mount(struct file_system_type *fs_type, > int flags, const char *dev_name, void *data) > { > - int err; > - struct super_block *sb; > struct pid_namespace *ns; > - char *options; > > if (flags & MS_KERNMOUNT) { > - ns = (struct pid_namespace *)data; > - options = NULL; > + ns = data; > + data = NULL; > } else { > ns = task_active_pid_ns(current); > - options = data; > - > - /* Does the mounter have privilege over the pid namespace? */ > - if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN)) > - return ERR_PTR(-EPERM); > - } > - > - sb = sget(fs_type, proc_test_super, proc_set_super, flags, ns); > - if (IS_ERR(sb)) > - return ERR_CAST(sb); > - > - if (!proc_parse_options(options, ns)) { > - deactivate_locked_super(sb); > - return ERR_PTR(-EINVAL); > - } > - > - if (!sb->s_root) { > - err = proc_fill_super(sb); > - if (err) { > - deactivate_locked_super(sb); > - return ERR_PTR(err); > - } > - > - sb->s_flags |= MS_ACTIVE; > - /* User space would break if executables appear on proc */ > - sb->s_iflags |= SB_I_NOEXEC; > } > > - return dget(sb->s_root); > + return mount_ns(fs_type, flags, data, ns, ns->user_ns, proc_fill_super); > } > > static void proc_kill_sb(struct super_block *sb) > -- > 2.8.3 > -- tixxdz http://opendz.org