| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aRx/1MvvBqu5MhKv@mail.hallyn.com>
Date: Tue, 18 Nov 2025 08:16:52 -0600
From: "Serge E. Hallyn" <serge@...lyn.com>
To: "Serge E. Hallyn" <serge@...lyn.com>
Cc: lkml <linux-kernel@...r.kernel.org>,
linux-security-module@...r.kernel.org,
Paul Moore <paul@...l-moore.com>,
Ryan Foster <foster.ryan.r@...il.com>,
Christian Brauner <brauner@...nel.org>
Subject: Re: [PATCH] Clarify the rootid_owns_currentns
On Fri, Nov 14, 2025 at 03:33:19PM -0600, Serge E. Hallyn wrote:
> Split most of the rootid_owns_currentns() functionality
> into a more generic rootid_owns_ns() function which
> will be easier to write tests for.
>
> Rename the functions and variables to make clear that
> the ids being tested could be any uid.
>
> Signed-off-by: Serge Hallyn <serge@...lyn.com>
> CC: Ryan Foster <foster.ryan.r@...il.com>
> CC: Christian Brauner <brauner@...nel.org>
Paul, Christian, let me know if you have any objections, else I will
queue this up in caps-next.
Ryan, based on this you would be able to do more useful unit ktests:
you could create some simple user namespaces with mappings which do
or do not have uid 0 in ns mapped to the kuid you are querying.
> ---
> security/commoncap.c | 35 +++++++++++++++++++++++------------
> 1 file changed, 23 insertions(+), 12 deletions(-)
>
> diff --git a/security/commoncap.c b/security/commoncap.c
> index 6bd4adeb4795..8a81fdc12cbe 100644
> --- a/security/commoncap.c
> +++ b/security/commoncap.c
> @@ -358,17 +358,18 @@ int cap_inode_killpriv(struct mnt_idmap *idmap, struct dentry *dentry)
> return error;
> }
>
> -static bool rootid_owns_currentns(vfsuid_t rootvfsuid)
> +/**
> + * kuid_root_in_ns - check whether the given kuid is root in the given ns
> + *
> + * @kuid - the kuid to be tested
> + * @ns - the user namespace to test against
> + *
> + * Returns true if @kuid represents the root user in @ns, false otherwise.
> + */
> +static bool kuid_root_in_ns(kuid_t kuid, struct user_namespace *ns)
> {
> - struct user_namespace *ns;
> - kuid_t kroot;
> -
> - if (!vfsuid_valid(rootvfsuid))
> - return false;
> -
> - kroot = vfsuid_into_kuid(rootvfsuid);
> - for (ns = current_user_ns();; ns = ns->parent) {
> - if (from_kuid(ns, kroot) == 0)
> + for (;; ns = ns->parent) {
> + if (from_kuid(ns, kuid) == 0)
> return true;
> if (ns == &init_user_ns)
> break;
> @@ -377,6 +378,16 @@ static bool rootid_owns_currentns(vfsuid_t rootvfsuid)
> return false;
> }
>
> +static bool vfsuid_root_in_currentns(vfsuid_t vfsuid)
> +{
> + kuid_t kuid;
> +
> + if (!vfsuid_valid(vfsuid))
> + return false;
> + kuid = vfsuid_into_kuid(vfsuid);
> + return kuid_root_in_ns(kuid, current_user_ns());
> +}
> +
> static __u32 sansflags(__u32 m)
> {
> return m & ~VFS_CAP_FLAGS_EFFECTIVE;
> @@ -481,7 +492,7 @@ int cap_inode_getsecurity(struct mnt_idmap *idmap,
> goto out_free;
> }
>
> - if (!rootid_owns_currentns(vfsroot)) {
> + if (!vfsuid_root_in_currentns(vfsroot)) {
> size = -EOVERFLOW;
> goto out_free;
> }
> @@ -722,7 +733,7 @@ int get_vfs_caps_from_disk(struct mnt_idmap *idmap,
> /* Limit the caps to the mounter of the filesystem
> * or the more limited uid specified in the xattr.
> */
> - if (!rootid_owns_currentns(rootvfsuid))
> + if (!vfsuid_root_in_currentns(rootvfsuid))
> return -ENODATA;
>
> cpu_caps->permitted.val = le32_to_cpu(caps->data[0].permitted);
> --
> 2.34.1
>
Powered by blists - more mailing lists