mnt: Fix fs_fully_visible to verify the root directory is visible

This fixes a dumb bug in fs_fully_visible that allows proc or sys to
be mounted if there is a bind mount of part of /proc/ or /sys/ visible.

Cc: [email protected]
Reported-by: Eric Windisch <[email protected]>
Signed-off-by: "Eric W. Biederman" <[email protected]>

diff --git a/fs/namespace.c b/fs/namespace.c
index 1f4f9dac6e5af8017e41ab497b92e0515e5ed71c..1b9e11167baedc310b8f5b6585ac019abd78b915 100644 (file)
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -3179,6 +3179,12 @@ bool fs_fully_visible(struct file_system_type *type)
                if (mnt->mnt.mnt_sb->s_type != type)
                        continue;
 
+               /* This mount is not fully visible if it's root directory
+                * is not the root directory of the filesystem.
+                */
+               if (mnt->mnt.mnt_root != mnt->mnt.mnt_sb->s_root)
+                       continue;
+
                /* This mount is not fully visible if there are any child mounts
                 * that cover anything except for empty directories.
                 */