tmakin/ack-tegra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

umount: Allow superblock owners to force umount

Browse Source 
[ Upstream commit e1ff7aa34dec7e650159fd7ca8ec6af7cc428d9f ]

Loosen the permission check on forced umount to allow users holding
CAP_SYS_ADMIN privileges in namespaces that are privileged with respect
to the userns that originally mounted the filesystem.

Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Link: https://lore.kernel.org/r/12f212d4ef983714d065a6bb372fbb378753bf4c.1742315194.git.trond.myklebust@hammerspace.com
Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
Trond Myklebust
2025-03-18 12:29:21 -04:00
committed by Greg Kroah-Hartman
parent 52535688c2
commit 67e85cfa95
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
fs/namespace.c
+2 -1
View File
@@ -1986,6 +1986,7 @@ static void warn_mandlock(void)
static int can_umount(const struct path *path, int flags) static int can_umount(const struct path *path, int flags)
{ {
struct mount *mnt = real_mount(path->mnt); struct mount *mnt = real_mount(path->mnt);
struct super_block *sb = path->dentry->d_sb;
if (!may_mount()) if (!may_mount())
return -EPERM; return -EPERM;
@@ -1995,7 +1996,7 @@ static int can_umount(const struct path *path, int flags)
return -EINVAL; return -EINVAL;
if (mnt->mnt.mnt_flags & MNT_LOCKED) /* Check optimistically */ if (mnt->mnt.mnt_flags & MNT_LOCKED) /* Check optimistically */
return -EINVAL; return -EINVAL;
if (flags & MNT_FORCE && !capable(CAP_SYS_ADMIN)) if (flags & MNT_FORCE && !ns_capable(sb->s_user_ns, CAP_SYS_ADMIN))
return -EPERM; return -EPERM;
return 0; return 0;
} }