kernel: don't umount for process in global namespace

2023-05-12 12:32:35 +08:00
parent 009a479c17
commit 294d6fa05e
1 changed files with 6 additions and 0 deletions
--- a/kernel/core_hook.c
+++ b/kernel/core_hook.c
@@ -5,6 +5,7 @@
 #include "linux/kernel.h"
 #include "linux/kprobes.h"
 #include "linux/lsm_hooks.h"
+#include "linux/nsproxy.h"
 #include "linux/path.h"
 #include "linux/printk.h"
 #include "linux/uaccess.h"
@@ -364,6 +365,11 @@ static bool should_umount(struct path *path)
 		return false;
 	}

+	if (current->nsproxy->mnt_ns == init_nsproxy.mnt_ns) {
+		pr_info("ignore global mnt namespace process: %d\n", current_uid().val);
+		return false;
+	}
+
 	if (path->mnt && path->mnt->mnt_sb && path->mnt->mnt_sb->s_type) {
 		const char *fstype = path->mnt->mnt_sb->s_type->name;
 		return strcmp(fstype, "overlay") == 0;