nsfs: tighten permission checks for handle opening

commit d2324a9317f00013facb0ba00b00440e19d2af5e upstream. Even privileged services should not necessarily be able to see other privileged service's namespaces so they can't leak information to each other. Use may_see_all_namespaces() helper that centralizes this policy until the nstree adapts. Link: https://patch.msgid.link/20260226-work-visibility-fixes-v1-2-d2c2853313bd@kernel.org Fixes: 5222470b2fbb ("nsfs: support file handles") Reviewed-by: Jeff Layton <jlayton@kernel.org> Cc: stable@kernel.org # v6.18+ Signed-off-by: Christian Brauner <brauner@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Christian Brauner <brauner@kernel.org> 2026-02-26 14:50:10 +0100
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2026-03-19 16:15:16 +0100
commit: 1797ee11451f1b2be69863a9f5bd43b948813fdf (patch)
tree: 822311c6a88082d35dbcbb70733b3b24100e5497
parent: 6d1ae4c9f5b7c408cea64049e0e1fa4f3cc28e26 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/nsfs.c b/fs/nsfs.c
index f1e195710804..392d2d7f85f7 100644
--- a/fs/nsfs.c
+++ b/fs/nsfs.c
@@ -614,7 +614,7 @@ static struct dentry *nsfs_fh_to_dentry(struct super_block *sb, struct fid *fh,
 		return ERR_PTR(-EOPNOTSUPP);
 	}
 
-	if (owning_ns && !ns_capable(owning_ns, CAP_SYS_ADMIN)) {
+	if (owning_ns && !may_see_all_namespaces()) {
 		ns->ops->put(ns);
 		return ERR_PTR(-EPERM);
 	}
author	Christian Brauner <brauner@kernel.org>	2026-02-26 14:50:10 +0100
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2026-03-19 16:15:16 +0100
commit	1797ee11451f1b2be69863a9f5bd43b948813fdf (patch)
tree	822311c6a88082d35dbcbb70733b3b24100e5497
parent	6d1ae4c9f5b7c408cea64049e0e1fa4f3cc28e26 (diff)