| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 22 Aug 2022 14:11:25 +0200
From: Christian Brauner <brauner@...nel.org>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
Seth Forshee <sforshee@...nel.org>
Subject: [GIT PULL] fs idmapped fixes for v6.0-rc3
Hey Linus,
/* Summary */
This contains a few fixes:
- Since Seth joined as co-maintainer for idmapped mounts we decided to use a
shared git tree. Konstantin suggested we use vfs/idmapping.git on kernel.org
under the vfs/ namespace. So this updates the tree in the maintainers file.
- Ensure that POSIX ACLs checking, getting, and setting works correctly
for filesystems mountable with a filesystem idmapping that want to support
idmapped mounts. Since no filesystems mountable with an fs_idmapping do yet
support idmapped mounts there is no problem. But this could change in the
future, so add a check to refuse to create idmapped mounts when the mounter
is not privileged over the mount's idmapping.
- Check that caller is privileged over the idmapping that will be attached to a
mount. Currently no FS_USERNS_MOUNT filesystems support idmapped mounts, thus
this is not a problem as only CAP_SYS_ADMIN in init_user_ns is allowed to set
up idmapped mounts. But this could change in the future, so add a check to
refuse to create idmapped mounts when the mounter is not privileged over the
mount's idmapping.
- Fix POSIX ACLs for ntfs3. While looking at our current POSIX ACL handling in
the context of some overlayfs work I went through a range of other
filesystems checking how they handle them currently and encountered a few
bugs in ntfs3. I've sent this some time ago and the fixes haven't been picked
up even though the pull request for other ntfs3 fixes got sent after. This
should really be fixed as right now POSIX ACLs are broken in certain
circumstances for ntfs3.
/* Testing */
All patches are based on v6.0-rc1 and have been sitting in linux-next. No build
failures or warnings were observed and fstests, selftests, and LTP have seen no
regressions.
/* Conflicts */
At the time of creating this PR no merge conflicts were reported from
linux-next and no merge conflicts showed up doing a test-merge with current
mainline.
The following changes since commit 568035b01cfb107af8d2e4bd2fb9aea22cf5b868:
Linux 6.0-rc1 (2022-08-14 15:50:18 -0700)
are available in the Git repository at:
ssh://git@...olite.kernel.org/pub/scm/linux/kernel/git/vfs/idmapping.git tags/fs.idmapped.fixes.v6.0-rc3
for you to fetch changes up to 0c3bc7899e6dfb52df1c46118a5a670ae619645f:
ntfs: fix acl handling (2022-08-22 12:52:23 +0200)
Please consider pulling these changes from the signed fs.idmapped.fixes.v6.0-rc3 tag.
Thanks!
Christian
----------------------------------------------------------------
fs.idmapped.fixes.v6.0-rc3
----------------------------------------------------------------
Christian Brauner (3):
acl: handle idmapped mounts for idmapped filesystems
MAINTAINERS: update idmapping tree
ntfs: fix acl handling
Seth Forshee (1):
fs: require CAP_SYS_ADMIN in target namespace for idmapped mounts
MAINTAINERS | 2 +-
fs/namespace.c | 7 +++++++
fs/ntfs3/xattr.c | 16 +++++++---------
fs/overlayfs/inode.c | 11 +++++++----
fs/posix_acl.c | 15 +++++++++------
5 files changed, 31 insertions(+), 20 deletions(-)
Powered by blists - more mailing lists