summaryrefslogtreecommitdiff
path: root/ipc/namespace.c
diff options
context:
space:
mode:
authorEric W. Biederman <ebiederm@xmission.com>2016-06-15 14:59:49 +0300
committerEric W. Biederman <ebiederm@xmission.com>2016-06-23 23:41:57 +0300
commita1935c1738af53249a02290ff7c10e8a6e650a16 (patch)
tree1906ee4f4cacd1d769b947e3d81460404ecceffd /ipc/namespace.c
parenta2982cc922c3068783eb9a1f77a5626a1ec36a1f (diff)
downloadlinux-a1935c1738af53249a02290ff7c10e8a6e650a16.tar.xz
mnt: Simplify mount_too_revealing
Verify all filesystems that we check in mount_too_revealing set SB_I_NOEXEC and SB_I_NODEV in sb->s_iflags. That is true for today and it should remain true in the future. Remove the now unnecessary checks from mnt_already_visibile that ensure MNT_LOCK_NOSUID, MNT_LOCK_NOEXEC, and MNT_LOCK_NODEV are preserved. Making the code shorter and easier to read. Relying on SB_I_NOEXEC and SB_I_NODEV instead of the user visible MNT_NOSUID, MNT_NOEXEC, and MNT_NODEV ensures the many current systems where proc and sysfs are mounted with "nosuid, nodev, noexec" and several slightly buggy container applications don't bother to set those flags continue to work. Acked-by: Seth Forshee <seth.forshee@canonical.com> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Diffstat (limited to 'ipc/namespace.c')
0 files changed, 0 insertions, 0 deletions