ecryptfs: do not mount on top of idmapped mounts

Prevent ecryptfs from being mounted on top of idmapped mounts. Stacking filesystems need to be prevented from being mounted on top of idmapped mounts until they have have been converted to handle this. Link: https://lore.kernel.org/r/[email protected] Cc: Christoph Hellwig <[email protected]> Cc: David Howells <[email protected]> Cc: Al Viro <[email protected]> Cc: [email protected] Reviewed-by: James Morris <[email protected]> Signed-off-by: Christian Brauner <[email protected]>
author: Christian Brauner <[email protected]> 2021-01-21 14:19:46 +0100
committer: Christian Brauner <[email protected]> 2021-01-24 14:27:20 +0100
commit: 0f16ff0f545d5ec90bbd548afd2983785b546780 (patch)
tree: ad7f432538fd9fed683c66b657e8a73ea7d98a77
parent: a2d2329e30e224ea68d575d2525b866df9805ea0 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c
index e63259fdef28..cdf40a54a35d 100644
--- a/fs/ecryptfs/main.c
+++ b/fs/ecryptfs/main.c
@@ -531,6 +531,12 @@ static struct dentry *ecryptfs_mount(struct file_system_type *fs_type, int flags
 		goto out_free;
 	}
 
+	if (mnt_user_ns(path.mnt) != &init_user_ns) {
+		rc = -EINVAL;
+		printk(KERN_ERR "Mounting on idmapped mounts currently disallowed\n");
+		goto out_free;
+	}
+
 	if (check_ruid && !uid_eq(d_inode(path.dentry)->i_uid, current_uid())) {
 		rc = -EPERM;
 		printk(KERN_ERR "Mount of device (uid: %d) not owned by "
author	Christian Brauner <[email protected]>	2021-01-21 14:19:46 +0100
committer	Christian Brauner <[email protected]>	2021-01-24 14:27:20 +0100
commit	0f16ff0f545d5ec90bbd548afd2983785b546780 (patch)
tree	ad7f432538fd9fed683c66b657e8a73ea7d98a77
parent	a2d2329e30e224ea68d575d2525b866df9805ea0 (diff)