From: Herbert Poetzl Support readonly mount --bind. fs/ext2/ioctl.c | 5 ++-- fs/ext3/ioctl.c | 5 ++-- fs/namei.c | 54 ++++++++++++++++++++++++++++++++++++++++++-------- fs/namespace.c | 12 ++++++++--- fs/open.c | 25 ++++++++++++----------- fs/reiserfs/ioctl.c | 5 ++-- include/linux/mount.h | 9 +++++--- 7 files changed, 83 insertions(+), 32 deletions(-) diff -puN fs/ext2/ioctl.c~readonly-bind-mounts fs/ext2/ioctl.c --- 25/fs/ext2/ioctl.c~readonly-bind-mounts 2003-10-02 01:43:39.000000000 -0700 +++ 25-akpm/fs/ext2/ioctl.c 2003-10-02 01:43:39.000000000 -0700 @@ -10,6 +10,7 @@ #include "ext2.h" #include #include +#include #include #include @@ -29,7 +30,7 @@ int ext2_ioctl (struct inode * inode, st case EXT2_IOC_SETFLAGS: { unsigned int oldflags; - if (IS_RDONLY(inode)) + if (IS_RDONLY(inode) || MNT_IS_RDONLY(filp->f_vfsmnt)) return -EROFS; if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER)) @@ -68,7 +69,7 @@ int ext2_ioctl (struct inode * inode, st case EXT2_IOC_SETVERSION: if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER)) return -EPERM; - if (IS_RDONLY(inode)) + if (IS_RDONLY(inode) || MNT_IS_RDONLY(filp->f_vfsmnt)) return -EROFS; if (get_user(inode->i_generation, (int *) arg)) return -EFAULT; diff -puN fs/ext3/ioctl.c~readonly-bind-mounts fs/ext3/ioctl.c --- 25/fs/ext3/ioctl.c~readonly-bind-mounts 2003-10-02 01:43:39.000000000 -0700 +++ 25-akpm/fs/ext3/ioctl.c 2003-10-02 01:43:39.000000000 -0700 @@ -12,6 +12,7 @@ #include #include #include +#include #include @@ -34,7 +35,7 @@ int ext3_ioctl (struct inode * inode, st unsigned int oldflags; unsigned int jflag; - if (IS_RDONLY(inode)) + if (IS_RDONLY(inode) || MNT_IS_RDONLY(filp->f_vfsmnt)) return -EROFS; if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER)) @@ -110,7 +111,7 @@ flags_err: if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER)) return -EPERM; - if (IS_RDONLY(inode)) + if (IS_RDONLY(inode) || MNT_IS_RDONLY(filp->f_vfsmnt)) return -EROFS; if (get_user(generation, (int *) arg)) return -EFAULT; diff -puN fs/namei.c~readonly-bind-mounts fs/namei.c --- 25/fs/namei.c~readonly-bind-mounts 2003-10-02 01:43:39.000000000 -0700 +++ 25-akpm/fs/namei.c 2003-10-02 01:43:39.000000000 -0700 @@ -208,10 +208,14 @@ int permission(struct inode * inode,int { int retval; int submask; + umode_t mode = inode->i_mode; /* Ordinary permission routines do not understand MAY_APPEND. */ submask = mask & ~MAY_APPEND; + if (nd && (mask & MAY_WRITE) && MNT_IS_RDONLY(nd->mnt) && + (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode))) + return -EROFS; if (inode->i_op && inode->i_op->permission) retval = inode->i_op->permission(inode, submask, nd); else @@ -1055,6 +1059,24 @@ static inline int may_create(struct inod return permission(dir,MAY_WRITE | MAY_EXEC, nd); } +static inline int mnt_may_create(struct vfsmount *mnt, struct inode *dir, struct dentry *child) { + if (child->d_inode) + return -EEXIST; + if (IS_DEADDIR(dir)) + return -ENOENT; + if (mnt->mnt_flags & MNT_RDONLY) + return -EROFS; + return 0; +} + +static inline int mnt_may_unlink(struct vfsmount *mnt, struct inode *dir, struct dentry *child) { + if (!child->d_inode) + return -ENOENT; + if (mnt->mnt_flags & MNT_RDONLY) + return -EROFS; + return 0; +} + /* * Special case: O_CREAT|O_EXCL implies O_NOFOLLOW for security * reasons. @@ -1176,7 +1198,8 @@ int may_open(struct nameidata *nd, int a return -EACCES; flag &= ~O_TRUNC; - } else if (IS_RDONLY(inode) && (flag & FMODE_WRITE)) + } else if ((IS_RDONLY(inode) || MNT_IS_RDONLY(nd->mnt)) && + (flag & FMODE_WRITE)) return -EROFS; /* * An append-only file must be opened in append mode for writing. @@ -1402,23 +1425,28 @@ do_link: struct dentry *lookup_create(struct nameidata *nd, int is_dir) { struct dentry *dentry; + int error; down(&nd->dentry->d_inode->i_sem); - dentry = ERR_PTR(-EEXIST); + error = -EEXIST; if (nd->last_type != LAST_NORM) - goto fail; + goto out; nd->flags &= ~LOOKUP_PARENT; dentry = lookup_hash(&nd->last, nd->dentry); if (IS_ERR(dentry)) + goto ret; + error = mnt_may_create(nd->mnt, nd->dentry->d_inode, dentry); + if (error) goto fail; + error = -ENOENT; if (!is_dir && nd->last.name[nd->last.len] && !dentry->d_inode) - goto enoent; + goto fail; +ret: return dentry; -enoent: - dput(dentry); - dentry = ERR_PTR(-ENOENT); fail: - return dentry; + dput(dentry); +out: + return ERR_PTR(error); } int vfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev) @@ -1647,7 +1675,11 @@ asmlinkage long sys_rmdir(const char __u dentry = lookup_hash(&nd.last, nd.dentry); error = PTR_ERR(dentry); if (!IS_ERR(dentry)) { + error = mnt_may_unlink(nd.mnt, nd.dentry->d_inode, dentry); + if (error) + goto exit2; error = vfs_rmdir(nd.dentry->d_inode, dentry); + exit2: dput(dentry); } up(&nd.dentry->d_inode->i_sem); @@ -1719,6 +1751,9 @@ asmlinkage long sys_unlink(const char __ /* Why not before? Because we want correct error value */ if (nd.last.name[nd.last.len]) goto slashes; + error = mnt_may_unlink(nd.mnt, nd.dentry->d_inode, dentry); + if (error) + goto exit2; inode = dentry->d_inode; if (inode) atomic_inc(&inode->i_count); @@ -2083,6 +2118,9 @@ static inline int do_rename(const char * error = -EINVAL; if (old_dentry == trap) goto exit4; + error = -EROFS; + if (MNT_IS_RDONLY(newnd.mnt)) + goto exit4; new_dentry = lookup_hash(&newnd.last, new_dir); error = PTR_ERR(new_dentry); if (IS_ERR(new_dentry)) diff -puN fs/namespace.c~readonly-bind-mounts fs/namespace.c --- 25/fs/namespace.c~readonly-bind-mounts 2003-10-02 01:43:39.000000000 -0700 +++ 25-akpm/fs/namespace.c 2003-10-02 01:43:39.000000000 -0700 @@ -225,7 +225,8 @@ static int show_vfsmnt(struct seq_file * seq_path(m, mnt, mnt->mnt_root, " \t\n\\"); seq_putc(m, ' '); mangle(m, mnt->mnt_sb->s_type->name); - seq_puts(m, mnt->mnt_sb->s_flags & MS_RDONLY ? " ro" : " rw"); + seq_puts(m, (MNT_IS_RDONLY(mnt) || + (mnt->mnt_sb->s_flags & MS_RDONLY)) ? " ro" : " rw"); for (fs_infop = fs_info; fs_infop->flag; fs_infop++) { if (mnt->mnt_sb->s_flags & fs_infop->flag) seq_puts(m, fs_infop->str); @@ -516,11 +517,13 @@ out_unlock: /* * do loopback mount. */ -static int do_loopback(struct nameidata *nd, char *old_name, int recurse) +static int do_loopback(struct nameidata *nd, char *old_name, unsigned long flags, int mnt_flags) { struct nameidata old_nd; struct vfsmount *mnt = NULL; + int recurse = flags & MS_REC; int err = mount_is_safe(nd); + if (err) return err; if (!old_name || !*old_name) @@ -547,6 +550,7 @@ static int do_loopback(struct nameidata spin_unlock(&vfsmount_lock); } else mntput(mnt); + mnt->mnt_flags = mnt_flags; } up_write(¤t->namespace->sem); @@ -750,6 +754,8 @@ long do_mount(char * dev_name, char * di return -EINVAL; /* Separate the per-mountpoint flags */ + if (flags & MS_RDONLY) + mnt_flags |= MNT_RDONLY; if (flags & MS_NOSUID) mnt_flags |= MNT_NOSUID; if (flags & MS_NODEV) @@ -771,7 +777,7 @@ long do_mount(char * dev_name, char * di retval = do_remount(&nd, flags & ~MS_REMOUNT, mnt_flags, data_page); else if (flags & MS_BIND) - retval = do_loopback(&nd, dev_name, flags & MS_REC); + retval = do_loopback(&nd, dev_name, flags, mnt_flags); else if (flags & MS_MOVE) retval = do_move_mount(&nd, dev_name); else diff -puN fs/open.c~readonly-bind-mounts fs/open.c --- 25/fs/open.c~readonly-bind-mounts 2003-10-02 01:43:39.000000000 -0700 +++ 25-akpm/fs/open.c 2003-10-02 01:43:39.000000000 -0700 @@ -224,7 +224,7 @@ static inline long do_sys_truncate(const goto dput_and_out; error = -EROFS; - if (IS_RDONLY(inode)) + if (IS_RDONLY(inode) || MNT_IS_RDONLY(nd.mnt)) goto dput_and_out; error = -EPERM; @@ -348,7 +348,7 @@ asmlinkage long sys_utime(char __user * inode = nd.dentry->d_inode; error = -EROFS; - if (IS_RDONLY(inode)) + if (IS_RDONLY(inode) || MNT_IS_RDONLY(nd.mnt)) goto dput_and_out; error = -EPERM; @@ -401,7 +401,7 @@ long do_utimes(char __user * filename, s inode = nd.dentry->d_inode; error = -EROFS; - if (IS_RDONLY(inode)) + if (IS_RDONLY(inode) || MNT_IS_RDONLY(nd.mnt)) goto dput_and_out; error = -EPERM; @@ -478,8 +478,9 @@ asmlinkage long sys_access(const char __ if (!res) { res = permission(nd.dentry->d_inode, mode, &nd); /* SuS v2 requires we report a read only fs too */ - if(!res && (mode & S_IWOTH) && IS_RDONLY(nd.dentry->d_inode) - && !special_file(nd.dentry->d_inode->i_mode)) + if (!res && (mode & S_IWOTH) + && !special_file(nd.dentry->d_inode->i_mode) + && (IS_RDONLY(nd.dentry->d_inode) || MNT_IS_RDONLY(nd.mnt))) res = -EROFS; path_release(&nd); } @@ -584,7 +585,7 @@ asmlinkage long sys_fchmod(unsigned int inode = dentry->d_inode; err = -EROFS; - if (IS_RDONLY(inode)) + if (IS_RDONLY(inode) || MNT_IS_RDONLY(file->f_vfsmnt)) goto out_putf; err = -EPERM; if (IS_IMMUTABLE(inode) || IS_APPEND(inode)) @@ -616,7 +617,7 @@ asmlinkage long sys_chmod(const char __u inode = nd.dentry->d_inode; error = -EROFS; - if (IS_RDONLY(inode)) + if (IS_RDONLY(inode) || MNT_IS_RDONLY(nd.mnt)) goto dput_and_out; error = -EPERM; @@ -637,7 +638,7 @@ out: return error; } -static int chown_common(struct dentry * dentry, uid_t user, gid_t group) +static int chown_common(struct vfsmount *mnt, struct dentry * dentry, uid_t user, gid_t group) { struct inode * inode; int error; @@ -649,7 +650,7 @@ static int chown_common(struct dentry * goto out; } error = -EROFS; - if (IS_RDONLY(inode)) + if (IS_RDONLY(inode) || MNT_IS_RDONLY(mnt)) goto out; error = -EPERM; if (IS_IMMUTABLE(inode) || IS_APPEND(inode)) @@ -679,7 +680,7 @@ asmlinkage long sys_chown(const char __u error = user_path_walk(filename, &nd); if (!error) { - error = chown_common(nd.dentry, user, group); + error = chown_common(nd.mnt, nd.dentry, user, group); path_release(&nd); } return error; @@ -692,7 +693,7 @@ asmlinkage long sys_lchown(const char __ error = user_path_walk_link(filename, &nd); if (!error) { - error = chown_common(nd.dentry, user, group); + error = chown_common(nd.mnt, nd.dentry, user, group); path_release(&nd); } return error; @@ -706,7 +707,7 @@ asmlinkage long sys_fchown(unsigned int file = fget(fd); if (file) { - error = chown_common(file->f_dentry, user, group); + error = chown_common(file->f_vfsmnt, file->f_dentry, user, group); fput(file); } return error; diff -puN fs/reiserfs/ioctl.c~readonly-bind-mounts fs/reiserfs/ioctl.c --- 25/fs/reiserfs/ioctl.c~readonly-bind-mounts 2003-10-02 01:43:39.000000000 -0700 +++ 25-akpm/fs/reiserfs/ioctl.c 2003-10-02 01:43:39.000000000 -0700 @@ -5,6 +5,7 @@ #include #include #include +#include #include #include #include @@ -38,7 +39,7 @@ int reiserfs_ioctl (struct inode * inode i_attrs_to_sd_attrs( inode, ( __u16 * ) &flags ); return put_user(flags, (int *) arg); case REISERFS_IOC_SETFLAGS: { - if (IS_RDONLY(inode)) + if (IS_RDONLY(inode) || MNT_IS_RDONLY(filp->f_vfsmnt)) return -EROFS; if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER)) @@ -70,7 +71,7 @@ int reiserfs_ioctl (struct inode * inode case REISERFS_IOC_SETVERSION: if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER)) return -EPERM; - if (IS_RDONLY(inode)) + if (IS_RDONLY(inode) || MNT_IS_RDONLY(filp->f_vfsmnt)) return -EROFS; if (get_user(inode->i_generation, (int *) arg)) return -EFAULT; diff -puN include/linux/mount.h~readonly-bind-mounts include/linux/mount.h --- 25/include/linux/mount.h~readonly-bind-mounts 2003-10-02 01:43:39.000000000 -0700 +++ 25-akpm/include/linux/mount.h 2003-10-02 01:43:39.000000000 -0700 @@ -14,9 +14,10 @@ #include -#define MNT_NOSUID 1 -#define MNT_NODEV 2 -#define MNT_NOEXEC 4 +#define MNT_RDONLY 1 +#define MNT_NOSUID 2 +#define MNT_NODEV 4 +#define MNT_NOEXEC 8 struct vfsmount { @@ -33,6 +34,8 @@ struct vfsmount struct list_head mnt_list; }; +#define MNT_IS_RDONLY(m) ((m)->mnt_flags & MNT_RDONLY) + static inline struct vfsmount *mntget(struct vfsmount *mnt) { if (mnt) _