| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20210121131959.646623-22-christian.brauner@ubuntu.com>
Date: Thu, 21 Jan 2021 14:19:40 +0100
From: Christian Brauner <christian.brauner@...ntu.com>
To: Alexander Viro <viro@...iv.linux.org.uk>,
Christoph Hellwig <hch@....de>, linux-fsdevel@...r.kernel.org
Cc: John Johansen <john.johansen@...onical.com>,
James Morris <jmorris@...ei.org>,
Mimi Zohar <zohar@...ux.ibm.com>,
Dmitry Kasatkin <dmitry.kasatkin@...il.com>,
Stephen Smalley <stephen.smalley.work@...il.com>,
Casey Schaufler <casey@...aufler-ca.com>,
Arnd Bergmann <arnd@...db.de>,
Andreas Dilger <adilger.kernel@...ger.ca>,
OGAWA Hirofumi <hirofumi@...l.parknet.co.jp>,
Geoffrey Thomas <geofft@...reload.com>,
Mrunal Patel <mpatel@...hat.com>,
Josh Triplett <josh@...htriplett.org>,
Andy Lutomirski <luto@...nel.org>,
Theodore Tso <tytso@....edu>, Alban Crequy <alban@...volk.io>,
Tycho Andersen <tycho@...ho.ws>,
David Howells <dhowells@...hat.com>,
James Bottomley <James.Bottomley@...senpartnership.com>,
Seth Forshee <seth.forshee@...onical.com>,
Stéphane Graber <stgraber@...ntu.com>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Aleksa Sarai <cyphar@...har.com>,
Lennart Poettering <lennart@...ttering.net>,
"Eric W. Biederman" <ebiederm@...ssion.com>, smbarber@...omium.org,
Phil Estes <estesp@...il.com>, Serge Hallyn <serge@...lyn.com>,
Kees Cook <keescook@...omium.org>,
Todd Kjos <tkjos@...gle.com>, Paul Moore <paul@...l-moore.com>,
Jonathan Corbet <corbet@....net>,
containers@...ts.linux-foundation.org,
linux-security-module@...r.kernel.org, linux-api@...r.kernel.org,
linux-ext4@...r.kernel.org, linux-xfs@...r.kernel.org,
linux-integrity@...r.kernel.org, selinux@...r.kernel.org,
Christian Brauner <christian.brauner@...ntu.com>
Subject: [PATCH v6 21/40] ioctl: handle idmapped mounts
Enable generic ioctls to handle idmapped mounts by passing down the
mount's user namespace. If the initial user namespace is passed nothing
changes so non-idmapped mounts will see identical behavior as before.
Link: https://lore.kernel.org/r/20210112220124.837960-30-christian.brauner@ubuntu.com
Cc: Christoph Hellwig <hch@....de>
Cc: David Howells <dhowells@...hat.com>
Cc: Al Viro <viro@...iv.linux.org.uk>
Cc: linux-fsdevel@...r.kernel.org
Reviewed-by: Christoph Hellwig <hch@....de>
Signed-off-by: Christian Brauner <christian.brauner@...ntu.com>
---
/* v2 */
patch introduced
/* v3 */
unchanged
/* v4 */
- Serge Hallyn <serge@...lyn.com>:
- Use "mnt_userns" to refer to a vfsmount's userns everywhere to make
terminology consistent.
/* v5 */
unchanged
base-commit: 7c53f6b671f4aba70ff15e1b05148b10d58c2837
- Christoph Hellwig <hch@....de>:
- Use new file_mnt_user_ns() helper.
/* v6 */
base-commit: 19c329f6808995b142b3966301f217c831e7cf31
- Christoph Hellwig <hch@....de>:
- Make use of file_permission() helper.
---
fs/remap_range.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/fs/remap_range.c b/fs/remap_range.c
index 29a4a4dbfe12..e4a5fdd7ad7b 100644
--- a/fs/remap_range.c
+++ b/fs/remap_range.c
@@ -432,13 +432,16 @@ EXPORT_SYMBOL(vfs_clone_file_range);
/* Check whether we are allowed to dedupe the destination file */
static bool allow_file_dedupe(struct file *file)
{
+ struct user_namespace *mnt_userns = file_mnt_user_ns(file);
+ struct inode *inode = file_inode(file);
+
if (capable(CAP_SYS_ADMIN))
return true;
if (file->f_mode & FMODE_WRITE)
return true;
- if (uid_eq(current_fsuid(), file_inode(file)->i_uid))
+ if (uid_eq(current_fsuid(), i_uid_into_mnt(mnt_userns, inode)))
return true;
- if (!inode_permission(&init_user_ns, file_inode(file), MAY_WRITE))
+ if (!inode_permission(mnt_userns, inode, MAY_WRITE))
return true;
return false;
}
--
2.30.0
Powered by blists - more mailing lists