]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/commitdiff
projects / mirror_ubuntu-zesty-kernel.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4a95988)
UBUNTU: SAUCE: block_dev: Check permissions towards block device inode when mounting
authorSeth Forshee <seth.forshee@canonical.com>
Wed, 7 Oct 2015 19:49:47 +0000 (14:49 -0500)
committerTim Gardner <tim.gardner@canonical.com>
Mon, 29 Feb 2016 16:03:59 +0000 (09:03 -0700)
Unprivileged users should not be able to mount block devices when
they lack sufficient privileges towards the block device inode.
Update blkdev_get_by_path() to validate that the user has the
required access to the inode at the specified path. The check
will be skipped for CAP_SYS_ADMIN, so privileged mounts will
continue working as before.

Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
fs/block_dev.c patch | blob | blame | history

diff --git a/fs/block_dev.c b/fs/block_dev.c
index 6291b05b700a566979e52361b43a1e9d7dc3ecc7..0bab5cac1554ce5b4777ec945dd6212128d244fd 100644 (file)
--- a/fs/block_dev.c
+++ b/fs/block_dev.c
@@ -1424,9 +1424,14 @@ struct block_device *blkdev_get_by_path(const char *path, fmode_t mode,
                                        void *holder)
 {
        struct block_device *bdev;
+       int perm = 0;
        int err;
 
-       bdev = lookup_bdev(path, 0);
+       if (mode & FMODE_READ)
+               perm |= MAY_READ;
+       if (mode & FMODE_WRITE)
+               perm |= MAY_WRITE;
+       bdev = lookup_bdev(path, perm);
        if (IS_ERR(bdev))
                return bdev;
 
ubuntu-zesty-kernel mirror