mnt: Fix fs_fully_visible to verify the root directory is visible

This fixes a dumb bug in fs_fully_visible that allows proc or sys to be mounted if there is a bind mount of part of /proc/ or /sys/ visible. Cc: [email protected] Reported-by: Eric Windisch <[email protected]> Signed-off-by: "Eric W. Biederman" <[email protected]>
cbmeeks · May 9, 2015 · 7e96c1b · 7e96c1b
1 parent b787f68
commit 7e96c1b
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/fs/namespace.c b/fs/namespace.c
@@ -3179,6 +3179,12 @@ bool fs_fully_visible(struct file_system_type *type)
 		if (mnt->mnt.mnt_sb->s_type != type)
 			continue;
 
+		/* This mount is not fully visible if it's root directory
+		 * is not the root directory of the filesystem.
+		 */
+		if (mnt->mnt.mnt_root != mnt->mnt.mnt_sb->s_root)
+			continue;
+
 		/* This mount is not fully visible if there are any child mounts
 		 * that cover anything except for empty directories.
 		 */