Commit cd4a4017 authored by Eric W. Biederman's avatar Eric W. Biederman
Browse files

mnt: Fail collect_mounts when applied to unmounted mounts 



The only users of collect_mounts are in audit_tree.c

In audit_trim_trees and audit_add_tree_rule the path passed into
collect_mounts is generated from kern_path passed an audit_tree
pathname which is guaranteed to be an absolute path.   In those cases
collect_mounts is obviously intended to work on mounted paths and
if a race results in paths that are unmounted when collect_mounts
it is reasonable to fail early.

The paths passed into audit_tag_tree don't have the absolute path
check.  But are used to play with fsnotify and otherwise interact with
the audit_trees, so again operating only on mounted paths appears
reasonable.

Avoid having to worry about what happens when we try and audit
unmounted filesystems by restricting collect_mounts to mounts
that appear in the mount tree.

Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
parent 0c56fe31

fs/namespace.c

+5 −2
Original line number Diff line number Diff line
@@ -1669,6 +1669,9 @@ struct vfsmount *collect_mounts(struct path *path) 
{

	struct mount *tree;

	namespace_lock();

	if (!check_mnt(real_mount(path->mnt)))

		tree = ERR_PTR(-EINVAL);

	else

		tree = copy_tree(real_mount(path->mnt), path->dentry,

				 CL_COPY_ALL | CL_PRIVATE);

	namespace_unlock();

CRA Git | Maintained and supported by SUSTech CRA and CCSE