mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge Allow make-* flags with remount operations

Browse source 
While the mount syscall documentation disallows this, the kernel silently
ignores make-* flags when doing a remount, and real applications were
passing this conflicting set of flags. Because changing the kernel to
reject this combination would break userspace, we should allow them
instead.

For an example: see https://bugs.launchpad.net/apparmor/+bug/2091424.

Signed-off-by: Ryan Lee <ryan.lee@canonical.com>

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1466
Approved-by: Georgia Garcia <georgia.garcia@canonical.com>
Approved-by: John Johansen <john@jjmx.net>
Merged-by: John Johansen <john@jjmx.net>
This commit is contained in:
John Johansen 2024-12-19 17:27:53 +00:00
commit 3ed5adb665
2 changed files with 16 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
parser/mount.h
View file

@ -108,7 +108,13 @@
#define MS_MOVE_FLAGS (MS_MOVE)
#define MS_CMDS (MS_MOVE | MS_REMOUNT | MS_BIND | MS_RBIND | MS_MAKE_CMDS)
#define MS_REMOUNT_FLAGS (MS_ALL_FLAGS & ~(MS_CMDS & ~MS_REMOUNT & ~MS_BIND & ~MS_RBIND))
/*
* This allows MS_MAKE_CMDS, by design: while remount and make-* shouldn't be
* used together, real-world applications do use them together, and the Linux
* kernel ignores the make-* flags when doing a remount instead of returning
* EINVAL. See https://bugs.launchpad.net/apparmor/+bug/2091424 for an example.
*/
#define MS_REMOUNT_FLAGS (MS_ALL_FLAGS & ~MS_MOVE_FLAGS)
#define MS_NEW_FLAGS (MS_ALL_FLAGS & ~MS_CMDS)
#define MNT_SRC_OPT 1

9
tests/regression/apparmor/mount.sh
View file

@ -573,6 +573,15 @@ else
runchecktest "MOUNT (confined cap bind mount with deny mount that doesn't overlap)" pass mount ${mount_point2} ${mount_point} -o bind
remove_mnt
# MR:https://gitlab.com/apparmor/apparmor/-/merge_requests/1466
# https://bugs.launchpad.net/apparmor/+bug/2091424
# Specify mount propgatation with remount, a conflict that we still allow
# The kernel ignored the conflict and us disallowing it broke userspace
genprofile cap:sys_admin "mount:ALL"
runchecktest "MOUNT (confined cap bind mount rprivate conflict)" pass mount ${mount_point2} ${mount_point} -o bind,rprivate,noexec
runchecktest "MOUNT (confined cap bind mount remount rprivate conflict)" pass mount ${mount_point2} ${mount_point} -o remount,bind,rprivate,noexec
remove_mnt
test_options
# test new mount interface