[RHEL7,COMMIT] mnt: relax the restrictions of MS_SET_GROUP

Submitted by Konstantin Khorenko on May 25, 2020, 10:55 a.m.

Details

Message ID 202005251055.04PAtovh002480@finist-ce7.sw.ru
State New
Series "mnt: relax the restrictions of MS_SET_GROUP"
Headers show

Commit Message

Konstantin Khorenko May 25, 2020, 10:55 a.m.
The commit is pushed to "branch-rh7-3.10.0-1127.8.2.vz7.161.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1127.8.2.vz7.161.1
------>
commit 8c164342a5efe38321c72492c50e290104f87c8b
Author: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Date:   Mon May 25 13:55:50 2020 +0300

    mnt: relax the restrictions of MS_SET_GROUP
    
    From the first glance it looked nice to check that the source path from
    which we wan't to copy sharing is root of it's mount to make interface
    more predictable. But it appeared there is a pain for external mount
    restore and for ct root mount restore to lookup actuall mount path in
    host mount namespace instead of just relying on a path to subdirectory
    on this mount which is already given to us by user.
    
    For instance when we do bind-mounts for these root and external mounts
    we use subdirectory as a source and it's ok.
    
    Also from the first glance it looked nice to only allow to set sharing
    for a mount in current mntns. But there is also a pain for criu because
    we can have many mounts with the same shared_id and master_id (from same
    sharing group) in different mount namespaces, and in the worst case we
    would need to do extra setns for each mount which is a pure waste of
    resources. So let's allow copying sharing options even if (current mntns
    != source mntns != destination mntns) all namespces are different
    (note: mounts from alien mntns can be accessed through /proc/pid/fd/id).
    
    https://jira.sw.ru/browse/PSBM-58617
    
    note: applies both to vz7 and vz8.
    
    Fixes: ("mnt: allow to add a mount into an existing group")
    
    Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
---
 fs/namespace.c | 7 -------
 1 file changed, 7 deletions(-)

Patch hide | download patch | download mbox

diff --git a/fs/namespace.c b/fs/namespace.c
index 46cda75f0b99a..ac830373a7d65 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -2705,15 +2705,9 @@  static int do_set_group(struct path *path, const char *sibling_name)
 		return err;
 
 	err = -EINVAL;
-	if (sibling_path.dentry != sibling_path.mnt->mnt_root)
-		goto out_put;
-
 	sibling = real_mount(sibling_path.mnt);
 	mnt = real_mount(path->mnt);
 
-	if (!check_mnt(mnt))
-		goto out_put;
-
 	namespace_lock();
 
 	err = -EPERM;
@@ -2742,7 +2736,6 @@  static int do_set_group(struct path *path, const char *sibling_name)
 	err = 0;
 out_unlock:
 	namespace_unlock();
-out_put:
 	path_put(&sibling_path);
 	return err;
 }