projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 99dd97b) | patch
mnt: Add tests for unprivileged remount cases that have found to be faulty
authorEric W. Biederman <ebiederm@xmission.com>
Tue, 29 Jul 2014 22:50:44 +0000 (15:50 -0700)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 17 Sep 2014 16:04:00 +0000 (09:04 -0700)
commitbbeed681a5d5f845fad2c097920ca8493f2419f6
treedc4b8557b836521b7337ac61da807ccdf421be4atree | snapshot (tar.gz zip)
parent99dd97b843562853e01a134e8d5c13a87d156795commit | diff
mnt: Add tests for unprivileged remount cases that have found to be faulty

commit db181ce011e3c033328608299cd6fac06ea50130 upstream.

Kenton Varda <kenton@sandstorm.io> discovered that by remounting a
read-only bind mount read-only in a user namespace the
MNT_LOCK_READONLY bit would be cleared, allowing an unprivileged user
to the remount a read-only mount read-write.

Upon review of the code in remount it was discovered that the code allowed
nosuid, noexec, and nodev to be cleared.  It was also discovered that
the code was allowing the per mount atime flags to be changed.

The first naive patch to fix these issues contained the flaw that using
default atime settings when remounting a filesystem could be disallowed.

To avoid this problems in the future add tests to ensure unprivileged
remounts are succeeding and failing at the appropriate times.

Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
tools/testing/selftests/Makefile diff | blob | blame | history
tools/testing/selftests/mount/Makefile [new file with mode: 0644] blob
tools/testing/selftests/mount/unprivileged-remount-test.c [new file with mode: 0644] blob
kernel source for telekom puls (alcatel/mediatek)