[PATCH 18/24] sys:__sys_setuid(): handle fsid mappings

[PATCH 00/24] user_namespace: introduce fsid mappings · Christian Brauner <hidden> · 2020-02-11
[PATCH 19/24] sys:__sys_setgid(): handle fsid mappings · Christian Brauner <hidden> · 2020-02-11
[PATCH 15/24] commoncap:cap_bprm_set_creds(): handle fsid mappings · Christian Brauner <hidden> · 2020-02-11
[PATCH 17/24] sys: __sys_setfsgid(): handle fsid mappings · Christian Brauner <hidden> · 2020-02-11
[PATCH 16/24] sys: __sys_setfsuid(): handle fsid mappings · Christian Brauner <hidden> · 2020-02-11
[PATCH 18/24] sys:__sys_setuid(): handle fsid mappings · Christian Brauner <hidden> · 2020-02-11
[PATCH 14/24] commoncap: cap_task_fix_setuid(): handle fsid mappings · Christian Brauner <hidden> · 2020-02-11
[PATCH 13/24] attr: notify_change(): handle fsid mappings · Christian Brauner <hidden> · 2020-02-11
[PATCH 11/24] open: chown_common(): handle fsid mappings · Christian Brauner <hidden> · 2020-02-11
[PATCH 12/24] posix_acl: handle fsid mappings · Christian Brauner <hidden> · 2020-02-11
[PATCH 01/24] user_namespace: introduce fsid mappings infrastructure · Christian Brauner <hidden> · 2020-02-11
Re: [PATCH 01/24] user_namespace: introduce fsid mappings infrastructure · Randy Dunlap <hidden> · 2020-02-11
[PATCH 20/24] sys:__sys_setreuid(): handle fsid mappings · Christian Brauner <hidden> · 2020-02-11
[PATCH 07/24] namei: may_{o_}create(): handle fsid mappings · Christian Brauner <hidden> · 2020-02-11
[PATCH 08/24] inode: inode_owner_or_capable(): handle fsid mappings · Christian Brauner <hidden> · 2020-02-11
[PATCH 10/24] stat: handle fsid mappings · Christian Brauner <hidden> · 2020-02-11
[PATCH 02/24] proc: add /proc/<pid>/fsuid_map · Christian Brauner <hidden> · 2020-02-11
[PATCH 03/24] proc: add /proc/<pid>/fsgid_map · Christian Brauner <hidden> · 2020-02-11
[PATCH 24/24] devpts: handle fsid mappings · Christian Brauner <hidden> · 2020-02-11
[PATCH 09/24] capability: privileged_wrt_inode_uidgid(): handle fsid mappings · Christian Brauner <hidden> · 2020-02-11
[PATCH 22/24] sys:__sys_setresuid(): handle fsid mappings · Christian Brauner <hidden> · 2020-02-11
[PATCH 06/24] fs: add is_userns_visible() helper · Christian Brauner <hidden> · 2020-02-11
[PATCH 04/24] fsuidgid: add fsid mapping helpers · Christian Brauner <hidden> · 2020-02-11
[PATCH 05/24] proc: task_state(): use from_kfs{g,u}id_munged · Christian Brauner <hidden> · 2020-02-11
[PATCH 23/24] sys:__sys_setresgid(): handle fsid mappings · Christian Brauner <hidden> · 2020-02-11
[PATCH 21/24] sys:__sys_setregid(): handle fsid mappings · Christian Brauner <hidden> · 2020-02-11
Re: [PATCH 00/24] user_namespace: introduce fsid mappings · Jann Horn <jannh@google.com> · 2020-02-11
Re: [PATCH 00/24] user_namespace: introduce fsid mappings · Christian Brauner <hidden> · 2020-02-12
Re: [PATCH 00/24] user_namespace: introduce fsid mappings · Jann Horn <jannh@google.com> · 2020-02-12

STALE2304d

Revisions (3)

2020-02-11 v1 current
2020-02-14 v2 [diff vs current]
2020-02-18 v3 [diff vs current]

From: Christian Brauner <hidden>
Date: 2020-02-11 17:00:11
Also in: linux-fsdevel, linux-security-module, lkml
Subsystem: the rest · Maintainer: Linus Torvalds

Switch setuid() to lookup fsids in the fsid mappings. If no fsid mappings are
setup the behavior is unchanged, i.e. fsids are looked up in the id mappings.

Signed-off-by: Christian Brauner <redacted>
---
 kernel/sys.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/kernel/sys.c b/kernel/sys.c
index b89334ad0908..afaec8d46bc5 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c

@@ -574,11 +574,16 @@ long __sys_setuid(uid_t uid)
 	struct cred *new;
 	int retval;
 	kuid_t kuid;
+	kuid_t kfsuid;
 
 	kuid = make_kuid(ns, uid);
 	if (!uid_valid(kuid))
 		return -EINVAL;
 
+	kfsuid = make_kfsuid(ns, uid);
+	if (!uid_valid(kfsuid))
+		return -EINVAL;
+
 	new = prepare_creds();
 	if (!new)
 		return -ENOMEM;

@@ -596,7 +601,8 @@ long __sys_setuid(uid_t uid)
 		goto error;
 	}
 
-	new->fsuid = new->euid = kuid;
+	new->euid = kuid;
+	new->fsuid = kfsuid;
 
 	retval = security_task_fix_setuid(new, old, LSM_SETID_ID);
 	if (retval < 0)

-- 
2.25.0

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help