github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-16 11:04:20 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
6becdb601b
linux/kernel
History
Seth Forshee 73f03c2b4b fuse: Restrict allow_other to the superblock's namespace or a descendant 
Unprivileged users are normally restricted from mounting with the
allow_other option by system policy, but this could be bypassed for a mount
done with user namespace root permissions. In such cases allow_other should
not allow users outside the userns to access the mount as doing so would
give the unprivileged user the ability to manipulate processes it would
otherwise be unable to manipulate. Restrict allow_other to apply to users
in the same userns used at mount or a descendant of that namespace. Also
export current_in_userns() for use by fuse when built as a module.

Reviewed-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Signed-off-by: Dongsu Park <dongsu@kinvolk.io>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
2018-03-20 17:11:44 +01:00
..
bpf bpf: allow xadd only on aligned memory 2018-02-23 14:33:39 -08:00
cgroup kernel/cpuset: current_cpuset_is_being_rebound can be boolean 2018-02-06 18:32:47 -08:00
configs KVM changes for 4.16 2018-02-10 13:16:35 -08:00
debug
events perf/core: Fix ctx_event_type in ctx_resched() 2018-03-09 08:03:02 +01:00
gcov
irq genirq/matrix: Handle CPU offlining proper 2018-02-22 22:05:43 +01:00
livepatch Merge branch 'for-4.16/remove-immediate' into for-linus 2018-01-31 16:36:38 +01:00
locking rtmutex: Make rt_mutex_futex_unlock() safe for irq-off callsites 2018-03-09 11:06:16 +01:00
power x86/power: Fix swsusp_arch_resume prototype 2018-02-02 23:33:50 +01:00
printk Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/pmladek/printk 2018-03-01 10:06:39 -08:00
rcu SCSI misc on 20180131 2018-01-31 11:23:28 -08:00
sched sched/cpufreq: Remove unused SUGOV_KTHREAD_PRIORITY macro 2018-02-13 13:04:03 +01:00
time timers: Forward timer base before migrating timers 2018-02-28 23:34:33 +01:00
trace bpf: fix bpf_prog_array_copy_to_user warning from perf event prog query 2018-02-14 08:59:37 -08:00
.gitignore
acct.c
async.c kernel/async.c: revert "async: simplify lowest_in_progress()" 2018-02-06 18:32:44 -08:00
audit_fsnotify.c
audit_tree.c
audit_watch.c
audit.c
audit.h
auditfilter.c
auditsc.c
backtracetest.c
bounds.c
capability.c
compat.c signals: Move put_compat_sigset to compat.h to silence hardened usercopy 2018-03-02 21:31:55 +00:00
configs.c
context_tracking.c
cpu_pm.c
cpu.c
crash_core.c
crash_dump.c
cred.c
delayacct.c
dma.c
elfcore.c
exec_domain.c
exit.c
extable.c extable: Make init_kernel_text() global 2018-02-21 16:54:06 +01:00
fail_function.c
fork.c include/linux/sched/mm.h: re-inline mmdrop() 2018-02-21 15:35:42 -08:00
freezer.c
futex_compat.c
futex.c pids: introduce find_get_task_by_vpid() helper 2018-02-06 18:32:46 -08:00
groups.c
hung_task.c
irq_work.c
jump_label.c jump_label: Fix sparc64 warning 2018-03-14 16:35:26 +01:00
kallsyms.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/pmladek/printk 2018-02-01 13:36:15 -08:00
kcmp.c
Kconfig.freezer
Kconfig.hz
Kconfig.locks
Kconfig.preempt
kcov.c kcov: detect double association with a single task 2018-02-06 18:32:46 -08:00
kexec_core.c
kexec_file.c
kexec_internal.h
kexec.c
kmod.c
kprobes.c kprobes: Propagate error from disarm_kprobe_ftrace() 2018-02-16 09:12:58 +01:00
ksysfs.c
kthread.c
latencytop.c
Makefile
memremap.c memremap: fix softlockup reports at teardown 2018-03-02 19:34:50 -08:00
module_signing.c
module-internal.h
module.c Modules updates for v4.16 2018-02-07 14:29:34 -08:00
notifier.c
nsproxy.c
padata.c
panic.c bug: use %pB in BUG and stack protector failure 2018-03-09 16:40:01 -08:00
params.c
pid_namespace.c
pid.c pids: introduce find_get_task_by_vpid() helper 2018-02-06 18:32:46 -08:00
profile.c
ptrace.c pids: introduce find_get_task_by_vpid() helper 2018-02-06 18:32:46 -08:00
range.c
reboot.c
relay.c kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE 2018-02-21 15:35:43 -08:00
resource.c Merge branch 'akpm' (patches from Andrew) 2018-02-06 22:15:42 -08:00
seccomp.c - Fix seccomp GET_METADATA to deal with field sizes correctly (Tycho Andersen) 2018-02-22 10:50:24 -08:00
signal.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/livepatching 2018-01-31 13:02:18 -08:00
smp.c
smpboot.c
smpboot.h
softirq.c
stacktrace.c
stop_machine.c
sys_ni.c
sys.c
sysctl_binary.c
sysctl.c pipe: reject F_SETPIPE_SZ with size over UINT_MAX 2018-02-06 18:32:47 -08:00
task_work.c
taskstats.c pids: introduce find_get_task_by_vpid() helper 2018-02-06 18:32:46 -08:00
test_kprobes.c
torture.c
tracepoint.c
tsacct.c
ucount.c
uid16.c
umh.c
up.c
user_namespace.c fuse: Restrict allow_other to the superblock's namespace or a descendant 2018-03-20 17:11:44 +01:00
user-return-notifier.c
user.c efivarfs: Limit the rate for non-root to read files 2018-02-22 10:21:02 -08:00
utsname_sysctl.c
utsname.c
watchdog_hld.c
watchdog.c
workqueue_internal.h
workqueue.c Fixes for 4.16. I contains fixes for deadlock on runtime suspend on few 2018-02-22 08:39:26 +10:00