mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2025-01-22 21:31:15 -05:00
42 lines
1.3 KiB
Diff
42 lines
1.3 KiB
Diff
From e54ad7f1ee263ffa5a2de9c609d58dfa27b21cd9 Mon Sep 17 00:00:00 2001
|
|
From: Jann Horn <jannh@google.com>
|
|
Date: Wed, 1 Jun 2016 11:55:05 +0200
|
|
Subject: proc: prevent stacking filesystems on top
|
|
|
|
This prevents stacking filesystems (ecryptfs and overlayfs) from using
|
|
procfs as lower filesystem. There is too much magic going on inside
|
|
procfs, and there is no good reason to stack stuff on top of procfs.
|
|
|
|
(For example, procfs does access checks in VFS open handlers, and
|
|
ecryptfs by design calls open handlers from a kernel thread that doesn't
|
|
drop privileges or so.)
|
|
|
|
Signed-off-by: Jann Horn <jannh@google.com>
|
|
Cc: stable@vger.kernel.org
|
|
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
---
|
|
fs/proc/root.c | 7 +++++++
|
|
1 file changed, 7 insertions(+)
|
|
|
|
diff --git a/fs/proc/root.c b/fs/proc/root.c
|
|
index 361ab4e..ec649c9 100644
|
|
--- a/fs/proc/root.c
|
|
+++ b/fs/proc/root.c
|
|
@@ -121,6 +121,13 @@ static struct dentry *proc_mount(struct file_system_type *fs_type,
|
|
if (IS_ERR(sb))
|
|
return ERR_CAST(sb);
|
|
|
|
+ /*
|
|
+ * procfs isn't actually a stacking filesystem; however, there is
|
|
+ * too much magic going on inside it to permit stacking things on
|
|
+ * top of it
|
|
+ */
|
|
+ sb->s_stack_depth = FILESYSTEM_MAX_STACK_DEPTH;
|
|
+
|
|
if (!proc_parse_options(options, ns)) {
|
|
deactivate_locked_super(sb);
|
|
return ERR_PTR(-EINVAL);
|
|
--
|
|
cgit v1.1
|
|
|