blob: e4abd549b2b11068e15e33968074001c1dac35a1 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
mount: Disallow mounting over a jail root
--- sys/kern/vfs_mount.c.orig
+++ sys/kern/vfs_mount.c
@@ -830,6 +830,11 @@
ASSERT_VOP_ELOCKED(vp, __func__);
KASSERT((fsflags & MNT_UPDATE) == 0, ("MNT_UPDATE shouldn't be here"));
+ if (vp == td->td_ucred->cr_prison->pr_root) {
+ vput(vp);
+ return (EPERM);
+ }
+
/*
* If the user is not root, ensure that they own the directory
* onto which we are attempting to mount.
|
