summaryrefslogtreecommitdiff
path: root/fs/super.c
diff options
context:
space:
mode:
authorAl Viro <viro@zeniv.linux.org.uk>2019-05-12 15:42:48 -0400
committerAl Viro <viro@zeniv.linux.org.uk>2019-05-25 17:59:56 -0400
commit0ce0cf12fc4c6a089717ff613d76457052cf4303 (patch)
treefd9ab4b39fc4c8236d06dede5f03c013d1186777 /fs/super.c
parentfeb8ae43a7b33148028829b1b1691b28c874c952 (diff)
consolidate the capability checks in sget_{fc,userns}()
... into a common helper - mount_capable(type, userns) Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'fs/super.c')
-rw-r--r--fs/super.c32
1 files changed, 14 insertions, 18 deletions
diff --git a/fs/super.c b/fs/super.c
index 9c371a04e1b6..3ba91d70c2a8 100644
--- a/fs/super.c
+++ b/fs/super.c
@@ -476,6 +476,14 @@ void generic_shutdown_super(struct super_block *sb)
EXPORT_SYMBOL(generic_shutdown_super);
+bool mount_capable(struct file_system_type *type, struct user_namespace *userns)
+{
+ if (!(type->fs_flags & FS_USERNS_MOUNT))
+ return capable(CAP_SYS_ADMIN);
+ else
+ return ns_capable(userns, CAP_SYS_ADMIN);
+}
+
/**
* sget_fc - Find or create a superblock
* @fc: Filesystem context.
@@ -505,16 +513,8 @@ struct super_block *sget_fc(struct fs_context *fc,
if (!(fc->sb_flags & SB_KERNMOUNT) &&
fc->purpose != FS_CONTEXT_FOR_SUBMOUNT) {
- /* Don't allow mounting unless the caller has CAP_SYS_ADMIN
- * over the namespace.
- */
- if (!(fc->fs_type->fs_flags & FS_USERNS_MOUNT)) {
- if (!capable(CAP_SYS_ADMIN))
- return ERR_PTR(-EPERM);
- } else {
- if (!ns_capable(fc->user_ns, CAP_SYS_ADMIN))
- return ERR_PTR(-EPERM);
- }
+ if (!mount_capable(fc->fs_type, user_ns))
+ return ERR_PTR(-EPERM);
}
retry:
@@ -583,14 +583,10 @@ struct super_block *sget_userns(struct file_system_type *type,
struct super_block *old;
int err;
- /* Ensure the requestor has permissions over the target filesystem */
- if (!(flags & (SB_KERNMOUNT|SB_SUBMOUNT)) && !ns_capable(user_ns, CAP_SYS_ADMIN))
- return ERR_PTR(-EPERM);
-
- if (!(flags & (SB_KERNMOUNT|SB_SUBMOUNT)) &&
- !(type->fs_flags & FS_USERNS_MOUNT) &&
- !capable(CAP_SYS_ADMIN))
- return ERR_PTR(-EPERM);
+ if (!(flags & (SB_KERNMOUNT|SB_SUBMOUNT))) {
+ if (!mount_capable(type, user_ns))
+ return ERR_PTR(-EPERM);
+ }
retry:
spin_lock(&sb_lock);
if (test) {