dquot: For now explicitly don't support filesystems outside of init_user_ns
authorEric W. Biederman <ebiederm@xmission.com>
Tue, 5 Jul 2016 15:41:57 +0000 (10:41 -0500)
committerEric W. Biederman <ebiederm@xmission.com>
Tue, 5 Jul 2016 20:12:39 +0000 (15:12 -0500)
Mostly supporting filesystems outside of init_user_ns is
s/&init_usre_ns/dquot->dq_sb->s_user_ns/.  An actual need for
supporting quotas on filesystems outside of s_user_ns is quite a ways
away and to be done responsibily needs an audit on what can happen
with hostile quota files.  Until that audit is complete don't attempt
to support quota files on filesystems outside of s_user_ns.

Cc: Jan Kara <jack@suse.cz>
Acked-by: Seth Forshee <seth.forshee@canonical.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
fs/quota/dquot.c

index 74706b6aa74747279fe7d87defd7bae2fadca030..87197d13cc765169195dd873d643f539da8b510f 100644 (file)
@@ -2271,6 +2271,11 @@ static int vfs_load_quota_inode(struct inode *inode, int type, int format_id,
                error = -EINVAL;
                goto out_fmt;
        }
+       /* Filesystems outside of init_user_ns not yet supported */
+       if (sb->s_user_ns != &init_user_ns) {
+               error = -EINVAL;
+               goto out_fmt;
+       }
        /* Usage always has to be set... */
        if (!(flags & DQUOT_USAGE_ENABLED)) {
                error = -EINVAL;