mount: bind-mount root into itself if processes are restored in userns

When we create a new mntns in a userns, all inhereted mounts are marked as locked. pivot_root() returns EINVAL if a new root is locked. Signed-off-by: Andrey Vagin <avagin@openvz.org> Signed-off-by: Pavel Emelyanov <xemul@parallels.com>

mount: bind-mount root into itself if processes are restored in userns
When we create a new mntns in a userns, all inhereted mounts are marked as locked. pivot_root() returns EINVAL if a new root is locked. Signed-off-by: Andrey Vagin <avagin@openvz.org> Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
4ed63afa · Andrey Vagin · Pavel Emelyanov · 41b972cc · 4ed63afa
Commit 4ed63afa authored Oct 31, 2014 by Andrey Vagin Committed by Pavel Emelyanov Nov 07, 2014
Show whitespace changes
Inline Side-by-side

Showing with 17 additions and 5 deletions

mount.c mount.c +17 -5

No files found.
--- a/mount.c
+++ b/mount.c
@@ -1993,17 +1993,17 @@ int prepare_mnt_ns(void)
 	if (!mis)
 		goto out;

-	if (chdir(opts.root ? : "/")) {
-		pr_perror("chdir(%s) failed", opts.root ? : "/");
-		return -1;
-	}
-
 	/*
 	 * The new mount namespace is filled with the mountpoint
 	 * clones from the original one. We have to umount them
 	 * prior to recreating new ones.
 	 */
 	if (!opts.root) {
+		if (chdir("/")) {
+			pr_perror("chdir(\"/\") failed");
+			return -1;
+		}
+
 		if (clean_mnt_ns(ns.mnt.mntinfo_tree))
 			return -1;
 	} else {
@@ -2030,6 +2030,18 @@ int prepare_mnt_ns(void)
 			pr_perror("Can't remount the parent of the new root with MS_SLAVE");
 			return -1;
 		}
+
+		/* Unprivileged users can't reveal what is under a mount */
+		if (root_ns_mask & CLONE_NEWUSER) {
+			if (mount(opts.root, opts.root, NULL, MS_BIND | MS_REC, NULL)) {
+				pr_perror("Can't remount bind-mount %s into itself\n", opts.root);
+				return -1;
+			}
+		}
+		if (chdir(opts.root)) {
+			pr_perror("chdir(%s) failed", opts.root ? : "/");
+			return -1;
+		}
 	}

 	free_mntinfo(old);