dquot: For now explicitly don't support filesystems outside of init_u…

…ser_ns Mostly supporting filesystems outside of init_user_ns is s/&init_usre_ns/dquot->dq_sb->s_user_ns/. An actual need for supporting quotas on filesystems outside of s_user_ns is quite a ways away and to be done responsibily needs an audit on what can happen with hostile quota files. Until that audit is complete don't attempt to support quota files on filesystems outside of s_user_ns. Cc: Jan Kara <[email protected]> Acked-by: Seth Forshee <[email protected]> Signed-off-by: "Eric W. Biederman" <[email protected]>
cail · Jul 5, 2016 · 5c00482 · 5c00482
1 parent cfd4c70
commit 5c00482
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/fs/quota/dquot.c b/fs/quota/dquot.c
@@ -2271,6 +2271,11 @@ static int vfs_load_quota_inode(struct inode *inode, int type, int format_id,
 		error = -EINVAL;
 		goto out_fmt;
 	}
+	/* Filesystems outside of init_user_ns not yet supported */
+	if (sb->s_user_ns != &init_user_ns) {
+		error = -EINVAL;
+		goto out_fmt;
+	}
 	/* Usage always has to be set... */
 	if (!(flags & DQUOT_USAGE_ENABLED)) {
 		error = -EINVAL;