lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1462372014-3786-8-git-send-email-tixxdz@gmail.com>
Date:	Wed,  4 May 2016 16:26:53 +0200
From:	Djalal Harouni <tixxdz@...il.com>
To:	Alexander Viro <viro@...iv.linux.org.uk>, Chris Mason <clm@...com>,
	<tytso@....edu>, Serge Hallyn <serge.hallyn@...onical.com>,
	Josh Triplett <josh@...htriplett.org>,
	"Eric W. Biederman" <ebiederm@...ssion.com>,
	Andy Lutomirski <luto@...nel.org>,
	Seth Forshee <seth.forshee@...onical.com>,
	linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
	linux-security-module@...r.kernel.org,
	Dongsu Park <dongsu@...ocode.com>,
	David Herrmann <dh.herrmann@...glemail.com>,
	Miklos Szeredi <mszeredi@...hat.com>,
	Alban Crequy <alban.crequy@...il.com>
Cc:	Djalal Harouni <tixxdz@...il.com>,
	Djalal Harouni <tixxdz@...ndz.org>
Subject: [RFC v2 PATCH 7/8] ext4: add support for vfs_shift_uids and vfs_shift_gids mount options

Make ext4 able to parse vfs_shift_uids and vfs_shift_gids options and
set the appropriate flags into the super_block structure.

vfs_shift_uids and vfs_shift_gids allow mounts that show up in a mount
namespace that supports VFS UID/GID shifts on inodes to perform translation
from in kernel virtual view into on-disk view and vice versa. This
allows user namespaces users to be able to access, read and write inodes
on these mounts.

Signed-off-by: Dongsu Park <dongsu@...ocode.com>
Signed-off-by: Djalal Harouni <tixxdz@...ndz.org>
---
 fs/ext4/super.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index 304c712..c9a20c0 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -1194,6 +1194,7 @@ enum {
 	Opt_dioread_nolock, Opt_dioread_lock,
 	Opt_discard, Opt_nodiscard, Opt_init_itable, Opt_noinit_itable,
 	Opt_max_dir_size_kb, Opt_nojournal_checksum,
+	Opt_vfs_shift_uids, Opt_vfs_shift_gids,
 };
 
 static const match_table_t tokens = {
@@ -1279,6 +1280,8 @@ static const match_table_t tokens = {
 	{Opt_removed, "reservation"},	/* mount option from ext2/3 */
 	{Opt_removed, "noreservation"}, /* mount option from ext2/3 */
 	{Opt_removed, "journal=%u"},	/* mount option from ext2/3 */
+	{Opt_vfs_shift_uids, "vfs_shift_uids"},
+	{Opt_vfs_shift_gids, "vfs_shift_gids"},
 	{Opt_err, NULL},
 };
 
@@ -1521,8 +1524,15 @@ static int handle_mount_opt(struct super_block *sb, char *opt, int token,
 	case Opt_nolazytime:
 		sb->s_flags &= ~MS_LAZYTIME;
 		return 1;
+	case Opt_vfs_shift_uids:
+		sb->s_iflags |= SB_I_VFS_SHIFT_UIDS;
+		return 1;
+	case Opt_vfs_shift_gids:
+		sb->s_iflags |= SB_I_VFS_SHIFT_GIDS;
+		return 1;
 	}
 
+
 	for (m = ext4_mount_opts; m->token != Opt_err; m++)
 		if (token == m->token)
 			break;
@@ -1920,6 +1930,10 @@ static int _ext4_show_options(struct seq_file *seq, struct super_block *sb,
 		SEQ_OPTS_PRINT("max_dir_size_kb=%u", sbi->s_max_dir_size_kb);
 	if (test_opt(sb, DATA_ERR_ABORT))
 		SEQ_OPTS_PUTS("data_err=abort");
+	if (sb->s_iflags & SB_I_VFS_SHIFT_UIDS)
+		SEQ_OPTS_PUTS("vfs_shift_uids");
+	if (sb->s_iflags & SB_I_VFS_SHIFT_GIDS)
+		SEQ_OPTS_PUTS("vfs_shift_gids");
 
 	ext4_show_quota_options(seq, sb);
 	return 0;
-- 
2.5.5

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ