nsfs: tighten permission checks for handle opening

brauner · brauner · commit d2324a9317f0 · 2026-02-27T22:00:11.000+01:00
Even privileged services should not necessarily be able to see other privileged service's namespaces so they can't leak information to each other. Use may_see_all_namespaces() helper that centralizes this policy until the nstree adapts. Link: https://patch.msgid.link/20260226-work-visibility-fixes-v1-2-d2c2853313bd@kernel.org Fixes: 5222470 ("nsfs: support file handles") Reviewed-by: Jeff Layton <jlayton@kernel.org> Cc: stable@kernel.org # v6.18+ Signed-off-by: Christian Brauner <brauner@kernel.org>
diff --git a/fs/nsfs.c b/fs/nsfs.c
@@ -627,7 +627,7 @@ static struct dentry *nsfs_fh_to_dentry(struct super_block *sb, struct fid *fh,
 		return ERR_PTR(-EOPNOTSUPP);
 	}
 
-	if (owning_ns && !ns_capable(owning_ns, CAP_SYS_ADMIN)) {
+	if (owning_ns && !may_see_all_namespaces()) {
 		ns->ops->put(ns);
 		return ERR_PTR(-EPERM);
 	}

Original file line number	Diff line number	Diff line change
`@@ -627,7 +627,7 @@ static struct dentry nsfs_fh_to_dentry(struct super_block sb, struct fid *fh,`
`627`	`627`	`return ERR_PTR(-EOPNOTSUPP);`
`628`	`628`	`}`
`629`	`629`
`630`		`- if (owning_ns && !ns_capable(owning_ns, CAP_SYS_ADMIN)) {`
	`630`	`+ if (owning_ns && !may_see_all_namespaces()) {`
`631`	`631`	`ns->ops->put(ns);`
`632`	`632`	`return ERR_PTR(-EPERM);`
`633`	`633`	`}`