proc: Fix the namespace inode permission checks.

Change the proc namespace files into symlinks so that we won't cache the dentries for the namespace files which can bypass the ptrace_may_access checks. To support the symlinks create an additional namespace inode with it's own set of operations distinct from the proc pid inode and dentry methods as those no longer make sense. Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
author: Eric W. Biederman <ebiederm@xmission.com> 2011-06-18 17:48:18 -0700
committer: Eric W. Biederman <ebiederm@xmission.com> 2012-11-20 04:19:48 -0800
commit: bf056bfa80596a5d14b26b17276a56a0dcb080e5 (patch)
tree: 116db3255e1b75a92b30b72afe416aa941109e9f /fs/proc/inode.c
parent: 33d6dce607573b5fd7a43168e0d91221b3ca532b (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/fs/proc/inode.c b/fs/proc/inode.c
index 3b22bbdee9e..439ae688650 100644
--- a/fs/proc/inode.c
+++ b/fs/proc/inode.c
@@ -31,6 +31,7 @@ static void proc_evict_inode(struct inode *inode)
 	struct proc_dir_entry *de;
 	struct ctl_table_header *head;
 	const struct proc_ns_operations *ns_ops;
+	void *ns;
 
 	truncate_inode_pages(&inode->i_data, 0);
 	clear_inode(inode);
@@ -49,8 +50,9 @@ static void proc_evict_inode(struct inode *inode)
 	}
 	/* Release any associated namespace */
 	ns_ops = PROC_I(inode)->ns_ops;
-	if (ns_ops && ns_ops->put)
-		ns_ops->put(PROC_I(inode)->ns);
+	ns = PROC_I(inode)->ns;
+	if (ns_ops && ns)
+		ns_ops->put(ns);
 }
 
 static struct kmem_cache * proc_inode_cachep;
author	Eric W. Biederman <ebiederm@xmission.com>	2011-06-18 17:48:18 -0700
committer	Eric W. Biederman <ebiederm@xmission.com>	2012-11-20 04:19:48 -0800
commit	bf056bfa80596a5d14b26b17276a56a0dcb080e5 (patch)
tree	116db3255e1b75a92b30b72afe416aa941109e9f /fs/proc/inode.c
parent	33d6dce607573b5fd7a43168e0d91221b3ca532b (diff)