fs: relax permissions for statmount()

It is sufficient to have capabilities in the owning user namespace of
the mount namespace to stat a mount regardless of whether it's reachable
or not.

Link: https://lore.kernel.org/r/bf5961d71ec479ba85806766b0d8d96043e67bba.1719243756.git.josef@toxicpanda.com
Signed-off-by: Christian Brauner <brauner@kernel.org>

diff --git a/fs/namespace.c b/fs/namespace.c
index 22274f74beb0ed37bdfb723d0229cc11bf95bc23..352e8c90b9f7a7aefe10055a371c41d0578f3476 100644 (file)
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -4930,6 +4930,7 @@ static int copy_statmount_to_user(struct kstatmount *s)
 static int do_statmount(struct kstatmount *s)
 {
        struct mount *m = real_mount(s->mnt);
+       struct mnt_namespace *ns = m->mnt_ns;
        int err;
 
        /*
@@ -4937,7 +4938,7 @@ static int do_statmount(struct kstatmount *s)
         * mounts to show users.
         */
        if (!is_path_reachable(m, m->mnt.mnt_root, &s->root) &&
-           !ns_capable_noaudit(&init_user_ns, CAP_SYS_ADMIN))
+           !ns_capable_noaudit(ns->user_ns, CAP_SYS_ADMIN))
                return -EPERM;
 
        err = security_sb_statfs(s->mnt->mnt_root);