Group :: System/Kernel and hardware
RPM: kernel-image-un-def
Main Changelog Spec Patches Sources Download Gear Bugs and FR Repocop
Patch: idmounts.patch
Download
Download
Documentation/admin-guide/sysctl/kernel.rst | 16 ++++++++++++++++
fs/Kconfig | 7 +++++++
fs/namespace.c | 11 ++++++++++-
kernel/sysctl.c | 14 ++++++++++++++
4 files changed, 47 insertions(+), 1 deletion(-)
diff --git a/Documentation/admin-guide/sysctl/kernel.rst b/Documentation/admin-guide/sysctl/kernel.rst
index 0e486f41185e..6905117f8df5 100644
--- a/Documentation/admin-guide/sysctl/kernel.rst
+++ b/Documentation/admin-guide/sysctl/kernel.rst
@@ -267,6 +267,22 @@ domain names are in general different. For a detailed discussion
see the ``hostname(1)`` man page.
+idmap_mounts
+============
+
+Writing 0 to this entry will disable creating idmapped mounts,
+however, an admin can still change this setting later on, if needed, by
+writing 1 to this entry.
+
+If ``IDMAP_MOUNTS_DEFAULT_OFF`` is enabled in the kernel config, then this
+entry will default to 0 instead of 1.
+
+= =============================================================
+0 Idmapped mounts are enabled
+1 Idmapped mounts are disabled
+= =============================================================
+
+
firmware_config
===============
diff --git a/fs/Kconfig b/fs/Kconfig
index a6313a969bc5..b6a1fd6bf1fb 100644
--- a/fs/Kconfig
+++ b/fs/Kconfig
@@ -385,4 +385,11 @@ source "fs/unicode/Kconfig"
config IO_WQ
bool
+config IDMAP_MOUNTS_DEFAULT_OFF
+ bool "Disable idmappad mounts by default"
+ help
+ Disables idmapped by default by setting the corresponding
+ /proc/sys/kernel/idmap_mounts knob to 1. An admin can
+ still reenable it by setting it to 0 later on.
+
endmenu
diff --git a/fs/namespace.c b/fs/namespace.c
index b696543adab8..903784dec220 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -43,6 +43,9 @@ static unsigned int m_hash_shift __read_mostly;
static unsigned int mp_hash_mask __read_mostly;
static unsigned int mp_hash_shift __read_mostly;
+int sysctl_idmap_mounts __read_mostly =
+ IS_BUILTIN(CONFIG_IDMAP_MOUNTS_DEFAULT_OFF) ? 0 : 1;
+
static __initdata unsigned long mhash_entries;
static int __init set_mhash_entries(char *str)
{
@@ -3955,7 +3958,13 @@ static int can_idmap_mount(const struct mount_kattr *kattr, struct mount *mnt)
if (!is_anon_ns(mnt->mnt_ns))
return -EINVAL;
- return 0;
+ /* So far, there are serious concerns about the safety of idmaps. */
+ if( sysctl_idmap_mounts ) {
+ return 0;
+ } else {
+ pr_warn_once("VFS: idmapped mount is not enabled.\n");
+ return -EPERM;
+ }
}
static struct mount *mount_setattr_prepare(struct mount_kattr *kattr,
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index 083be6af29d7..b5a399ea1d7d 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -128,6 +128,11 @@ static int ten_thousand = 10000;
#ifdef CONFIG_PERF_EVENTS
static int six_hundred_forty_kb = 640 * 1024;
#endif
+#ifdef CONFIG_USER_NS
+extern int sysctl_userns_restrict;
+#endif
+extern int sysctl_idmap_mounts;
+
/* this is needed for the proc_doulongvec_minmax of vm_dirty_bytes */
static unsigned long dirty_bytes_min = 2 * PAGE_SIZE;
@@ -2307,6 +2312,15 @@ static struct ctl_table kern_table[] = {
.extra2 = &two,
},
#endif
+ {
+ .procname = "idmap_mounts",
+ .data = &sysctl_idmap_mounts,
+ .maxlen = sizeof(int),
+ .mode = 0644,
+ .proc_handler = proc_dointvec_minmax,
+ .extra1 = SYSCTL_ZERO,
+ .extra2 = SYSCTL_ONE,
+ },
{
.procname = "ngroups_max",
.data = &ngroups_max,