vfs: Only support slave subtrees across different user namespaces

Sharing mount subtress with mount namespaces created by unprivileged users allows unprivileged mounts created by unprivileged users to propagate to mount namespaces controlled by privileged users. Prevent nasty consequences by changing shared subtrees to slave subtress when an unprivileged users creates a new mount namespace. Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
author: Eric W. Biederman <ebiederm@xmission.com> 2012-07-31 20:13:04 (GMT)
committer: Eric W. Biederman <ebiederm@xmission.com> 2012-11-19 13:59:20 (GMT)
commit: 7a472ef4be8387bc05a42e16309b02c8ca943a40 (patch)
tree: d08fef7f89da670c24116805dbe1bcf60e094497 /fs/pnode.h
parent: 771b1371686e0a63e938ada28de020b9a0040f55 (diff)
download: linux-7a472ef4be8387bc05a42e16309b02c8ca943a40.tar.xz
1 files changed, 1 insertions, 0 deletions
diff --git a/fs/pnode.h b/fs/pnode.h
index 65c6097..19b853a3 100644
--- a/fs/pnode.h
+++ b/fs/pnode.h
@@ -22,6 +22,7 @@
 #define CL_COPY_ALL 		0x04
 #define CL_MAKE_SHARED 		0x08
 #define CL_PRIVATE 		0x10
+#define CL_SHARED_TO_SLAVE	0x20
 
 static inline void set_mnt_shared(struct mount *mnt)
 {
author	Eric W. Biederman <ebiederm@xmission.com>	2012-07-31 20:13:04 (GMT)
committer	Eric W. Biederman <ebiederm@xmission.com>	2012-11-19 13:59:20 (GMT)
commit	7a472ef4be8387bc05a42e16309b02c8ca943a40 (patch)
tree	d08fef7f89da670c24116805dbe1bcf60e094497 /fs/pnode.h
parent	771b1371686e0a63e938ada28de020b9a0040f55 (diff)
download	linux-7a472ef4be8387bc05a42e16309b02c8ca943a40.tar.xz