From 294d6fa05e6d62804c3bcc33d422e8ceb2fedb82 Mon Sep 17 00:00:00 2001 From: tiann Date: Fri, 12 May 2023 12:32:35 +0800 Subject: [PATCH] kernel: don't umount for process in global namespace --- kernel/core_hook.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/kernel/core_hook.c b/kernel/core_hook.c index 8abcfe76..f7abef0e 100644 --- a/kernel/core_hook.c +++ b/kernel/core_hook.c @@ -5,6 +5,7 @@ #include "linux/kernel.h" #include "linux/kprobes.h" #include "linux/lsm_hooks.h" +#include "linux/nsproxy.h" #include "linux/path.h" #include "linux/printk.h" #include "linux/uaccess.h" @@ -364,6 +365,11 @@ static bool should_umount(struct path *path) return false; } + if (current->nsproxy->mnt_ns == init_nsproxy.mnt_ns) { + pr_info("ignore global mnt namespace process: %d\n", current_uid().val); + return false; + } + if (path->mnt && path->mnt->mnt_sb && path->mnt->mnt_sb->s_type) { const char *fstype = path->mnt->mnt_sb->s_type->name; return strcmp(fstype, "overlay") == 0;