lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20220822121125.715295-1-brauner@kernel.org>
Date:   Mon, 22 Aug 2022 14:11:25 +0200
From:   Christian Brauner <brauner@...nel.org>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
        Seth Forshee <sforshee@...nel.org>
Subject: [GIT PULL] fs idmapped fixes for v6.0-rc3

Hey Linus,

/* Summary */
This contains a few fixes:

- Since Seth joined as co-maintainer for idmapped mounts we decided to use a
  shared git tree. Konstantin suggested we use vfs/idmapping.git on kernel.org
  under the vfs/ namespace. So this updates the tree in the maintainers file.

- Ensure that POSIX ACLs checking, getting, and setting works correctly
  for filesystems mountable with a filesystem idmapping that want to support
  idmapped mounts. Since no filesystems mountable with an fs_idmapping do yet
  support idmapped mounts there is no problem. But this could change in the
  future, so add a check to refuse to create idmapped mounts when the mounter
  is not privileged over the mount's idmapping.

- Check that caller is privileged over the idmapping that will be attached to a
  mount. Currently no FS_USERNS_MOUNT filesystems support idmapped mounts, thus
  this is not a problem as only CAP_SYS_ADMIN in init_user_ns is allowed to set
  up idmapped mounts. But this could change in the future, so add a check to
  refuse to create idmapped mounts when the mounter is not privileged over the
  mount's idmapping.

- Fix POSIX ACLs for ntfs3. While looking at our current POSIX ACL handling in
  the context of some overlayfs work I went through a range of other
  filesystems checking how they handle them currently and encountered a few
  bugs in ntfs3. I've sent this some time ago and the fixes haven't been picked
  up even though the pull request for other ntfs3 fixes got sent after. This
  should really be fixed as right now POSIX ACLs are broken in certain
  circumstances for ntfs3.

/* Testing */
All patches are based on v6.0-rc1 and have been sitting in linux-next. No build
failures or warnings were observed and fstests, selftests, and LTP have seen no
regressions.

/* Conflicts */
At the time of creating this PR no merge conflicts were reported from
linux-next and no merge conflicts showed up doing a test-merge with current
mainline.

The following changes since commit 568035b01cfb107af8d2e4bd2fb9aea22cf5b868:

  Linux 6.0-rc1 (2022-08-14 15:50:18 -0700)

are available in the Git repository at:

  ssh://git@...olite.kernel.org/pub/scm/linux/kernel/git/vfs/idmapping.git tags/fs.idmapped.fixes.v6.0-rc3

for you to fetch changes up to 0c3bc7899e6dfb52df1c46118a5a670ae619645f:

  ntfs: fix acl handling (2022-08-22 12:52:23 +0200)

Please consider pulling these changes from the signed fs.idmapped.fixes.v6.0-rc3 tag.

Thanks!
Christian

----------------------------------------------------------------
fs.idmapped.fixes.v6.0-rc3

----------------------------------------------------------------
Christian Brauner (3):
      acl: handle idmapped mounts for idmapped filesystems
      MAINTAINERS: update idmapping tree
      ntfs: fix acl handling

Seth Forshee (1):
      fs: require CAP_SYS_ADMIN in target namespace for idmapped mounts

 MAINTAINERS          |  2 +-
 fs/namespace.c       |  7 +++++++
 fs/ntfs3/xattr.c     | 16 +++++++---------
 fs/overlayfs/inode.c | 11 +++++++----
 fs/posix_acl.c       | 15 +++++++++------
 5 files changed, 31 insertions(+), 20 deletions(-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ