[2/3] fuse: Prohibit kio engine from containers

Submitted by Kirill Tkhai on Oct. 30, 2018, 8:55 a.m.

Details

Message ID 154088972638.13528.2512212607925653397.stgit@localhost.localdomain
State New
Series "Series without cover letter"
Headers show

Commit Message

Kirill Tkhai Oct. 30, 2018, 8:55 a.m.
Currently we have several BUG_ON() ported from userspace,
and they may fire in case of it's used malicious daemon
instead of original vstorage-mount. So, just prohibit
mounting with kio from inside container.

https://pmc.acronis.com/browse/VSTOR-16325

Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
---
 fs/fuse/inode.c |    2 ++
 1 file changed, 2 insertions(+)

Patch hide | download patch | download mbox

diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
index 0695b79c4c50..34e52262d37e 100644
--- a/fs/fuse/inode.c
+++ b/fs/fuse/inode.c
@@ -709,6 +709,8 @@  static int parse_fuse_opt(char *opt, struct fuse_mount_data *d, int is_bdev)
 			break;
 		case OPT_KIO_NAME: {
 			char *name;
+			if (!ve_is_super(get_exec_env()))
+				return 0;
 			name = match_strdup(&args[0]);
 			if (!name)
 				return 0;

Comments

Pavel Butsykin Oct. 30, 2018, 12:26 p.m.
On 30.10.2018 11:55, Kirill Tkhai wrote:
> Currently we have several BUG_ON() ported from userspace,
> and they may fire in case of it's used malicious daemon
> instead of original vstorage-mount. So, just prohibit
> mounting with kio from inside container.
> 
> https://pmc.acronis.com/browse/VSTOR-16325
> 
> Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>

Reviewed-by: Pavel Butsykin <pbutsykin@virtuozzo.com>

> ---
>   fs/fuse/inode.c |    2 ++
>   1 file changed, 2 insertions(+)
> 
> diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
> index 0695b79c4c50..34e52262d37e 100644
> --- a/fs/fuse/inode.c
> +++ b/fs/fuse/inode.c
> @@ -709,6 +709,8 @@ static int parse_fuse_opt(char *opt, struct fuse_mount_data *d, int is_bdev)
>   			break;
>   		case OPT_KIO_NAME: {
>   			char *name;
> +			if (!ve_is_super(get_exec_env()))
> +				return 0;
>   			name = match_strdup(&args[0]);
>   			if (!name)
>   				return 0;
>