summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTrond Myklebust <trondmy@gmail.com>2019-04-24 17:46:49 -0400
committerAnna Schumaker <Anna.Schumaker@Netapp.com>2019-04-26 17:39:42 -0400
commit3b7eb5e35d0f55541452e91ca66798c16a81ad4a (patch)
tree880b54beacb2a7dd021cac02b17bce6897138f9d
parentc207db2f5da5e37e284d87d5196dcf967e84956c (diff)
downloadlinux-3b7eb5e35d0f55541452e91ca66798c16a81ad4a.tar.bz2
NFS: When mounting, don't share filesystems between different user namespaces
If two different containers that share the same network namespace attempt to mount the same filesystem, we should not allow them to share the same super block if they do not share the same user namespace, since the user mappings on the wire will need to differ. Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com> Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
-rw-r--r--fs/nfs/super.c17
1 files changed, 17 insertions, 0 deletions
diff --git a/fs/nfs/super.c b/fs/nfs/super.c
index 19783e8ba9fb..4f014c4c7bc1 100644
--- a/fs/nfs/super.c
+++ b/fs/nfs/super.c
@@ -2485,6 +2485,21 @@ static int nfs_compare_super_address(struct nfs_server *server1,
return 1;
}
+static int nfs_compare_userns(const struct nfs_server *old,
+ const struct nfs_server *new)
+{
+ const struct user_namespace *oldns = &init_user_ns;
+ const struct user_namespace *newns = &init_user_ns;
+
+ if (old->client && old->client->cl_cred)
+ oldns = old->client->cl_cred->user_ns;
+ if (new->client && new->client->cl_cred)
+ newns = new->client->cl_cred->user_ns;
+ if (oldns != newns)
+ return 0;
+ return 1;
+}
+
static int nfs_compare_super(struct super_block *sb, void *data)
{
struct nfs_sb_mountdata *sb_mntdata = data;
@@ -2498,6 +2513,8 @@ static int nfs_compare_super(struct super_block *sb, void *data)
return 0;
if (memcmp(&old->fsid, &server->fsid, sizeof(old->fsid)) != 0)
return 0;
+ if (!nfs_compare_userns(old, server))
+ return 0;
return nfs_compare_mount_options(sb, server, mntflags);
}