proc: Restrict mounting the proc filesystem
Don't allow mounting the proc filesystem unless the caller has CAP_SYS_ADMIN rights over the pid namespace. The principle here is if you create or have capabilities over it you can mount it, otherwise you get to live with what other people have mounted. Andy pointed out that this is needed to prevent users in a user namespace from remounting proc and specifying different hidepid and gid options on already existing proc mounts. Cc: stable@vger.kernel.org Reported-by: Andy Lutomirski <luto@amacapital.net> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
This commit is contained in:
Eric W. Biederman
parent
5ff9d8a65c
commit
aee1c13dd0
|
|
@ -110,7 +110,8 @@ static struct dentry *proc_mount(struct file_system_type *fs_type,
|
|||
ns = task_active_pid_ns(current);
|
||||
options = data;
|
||||
|
||||
if (!current_user_ns()->may_mount_proc)
|
||||
if (!current_user_ns()->may_mount_proc ||
|
||||
!ns_capable(ns->user_ns, CAP_SYS_ADMIN))
|
||||
return ERR_PTR(-EPERM);
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue