namespace: restrict OPEN_TREE_NAMESPACE/FSMOUNT_NAMESPACE to directories

open_tree(..., OPEN_TREE_NAMESPACE) and
fsmount(..., FSMOUNT_NAMESPACE, ...) currently work on non-directories,
like regular files. That's bad for two reasons:

 - It ends up mounting a regular file over the inherited namespace root,
   which is a directory; mounting a non-directory over a directory is
   normally explicitly forbidden, see for example do_move_mount()

 - It causes setns() on the new namespace to set the cwd to a regular
   file, which the rest of VFS does not expect

Fix it by restricting create_new_namespace() (which is used by both of
these flags) to directories.

Leave the behavior for OPEN_TREE_CLONE as-is, that seems unproblematic.

Fixes: 9b8a0ba68246 ("mount: add OPEN_TREE_NAMESPACE")
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Christian Brauner <brauner@kernel.org>
Cc: Jan Kara <jack@suse.cz>
Cc: stable@kernel.org
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

diff --git a/fs/namespace.c b/fs/namespace.c
index f5905f4ec56068b1f8f1d4a062897a69f75d95c3..341ddd353b3a828473dbed9745d2b09280fa4daa 100644 (file)
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -3103,6 +3103,9 @@ static struct mnt_namespace *create_new_namespace(struct path *path,
        unsigned int copy_flags = 0;
        bool locked = false, recurse = flags & MOUNT_COPY_RECURSIVE;
 
+       if (unlikely(!d_can_lookup(path->dentry)))
+               return ERR_PTR(-ENOTDIR);
+
        if (user_ns != ns->user_ns)
                copy_flags |= CL_SLAVE;