umount: Allow superblock owners to force umount

Loosen the permission check on forced umount to allow users holding
CAP_SYS_ADMIN privileges in namespaces that are privileged with respect
to the userns that originally mounted the filesystem.

Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Link: https://lore.kernel.org/r/12f212d4ef983714d065a6bb372fbb378753bf4c.1742315194.git.trond.myklebust@hammerspace.com
Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Christian Brauner <brauner@kernel.org>

diff --git a/fs/namespace.c b/fs/namespace.c
index 01fb1074c4c93dc3c35e3a4423c9b5d71b11e267..57c14af6092a22a7e065d0570824bb2dfbd9afeb 100644 (file)
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -2105,6 +2105,7 @@ static void warn_mandlock(void)
 static int can_umount(const struct path *path, int flags)
 {
        struct mount *mnt = real_mount(path->mnt);
+       struct super_block *sb = path->dentry->d_sb;
 
        if (!may_mount())
                return -EPERM;
@@ -2114,7 +2115,7 @@ static int can_umount(const struct path *path, int flags)
                return -EINVAL;
        if (mnt->mnt.mnt_flags & MNT_LOCKED) /* Check optimistically */
                return -EINVAL;
-       if (flags & MNT_FORCE && !capable(CAP_SYS_ADMIN))
+       if (flags & MNT_FORCE && !ns_capable(sb->s_user_ns, CAP_SYS_ADMIN))
                return -EPERM;
        return 0;
 }