Re: [RFC][CFT] selftest for permission checks in mount propagation changes

(off-list ancestor, not in this archive)
Re: do_change_type(): refuse to operate on unmounted/not ours mounts · Andrei Vagin <hidden> · 2025-07-26
Re: do_change_type(): refuse to operate on unmounted/not ours mounts · Al Viro <viro@zeniv.linux.org.uk> · 2025-07-26
Re: do_change_type(): refuse to operate on unmounted/not ours mounts · Andrei Vagin <hidden> · 2025-07-26
Re: do_change_type(): refuse to operate on unmounted/not ours mounts · Pavel Tikhomirov <hidden> · 2025-07-31
Re: do_change_type(): refuse to operate on unmounted/not ours mounts · Christian Brauner <brauner@kernel.org> · 2025-07-31
Re: do_change_type(): refuse to operate on unmounted/not ours mounts · Pavel Tikhomirov <hidden> · 2025-07-31
Re: do_change_type(): refuse to operate on unmounted/not ours mounts · Al Viro <viro@zeniv.linux.org.uk> · 2025-08-13
Re: do_change_type(): refuse to operate on unmounted/not ours mounts · Tycho Andersen <tycho@tycho.pizza> · 2025-08-13
Re: do_change_type(): refuse to operate on unmounted/not ours mounts · Al Viro <viro@zeniv.linux.org.uk> · 2025-08-13
Re: do_change_type(): refuse to operate on unmounted/not ours mounts · Pavel Tikhomirov <hidden> · 2025-08-14
Re: do_change_type(): refuse to operate on unmounted/not ours mounts · Al Viro <viro@zeniv.linux.org.uk> · 2025-08-14
[PATCH][RFC][CFT] use uniform permission checks for all mount propagation changes · Al Viro <viro@zeniv.linux.org.uk> · 2025-08-14
[RFC][CFT] selftest for permission checks in mount propagation changes · Al Viro <viro@zeniv.linux.org.uk> · 2025-08-14
Re: [RFC][CFT] selftest for permission checks in mount propagation changes · Al Viro <viro@zeniv.linux.org.uk> · 2025-08-14
Re: do_change_type(): refuse to operate on unmounted/not ours mounts · Pavel Tikhomirov <hidden> · 2025-08-14

From: Al Viro <viro@zeniv.linux.org.uk>
Date: 2025-08-14 06:37:47
Also in: linux-fsdevel, lkml, stable

void do_unshare(void)
{
	FILE *f;
	uid_t uid = geteuid();
	gid_t gid = getegid();
	unshare(CLONE_NEWNS|CLONE_NEWUSER);
	f = fopen("/proc/self/uid_map", "w");
	fprintf(f, "0 %d 1", uid);
	fclose(f);
	f = fopen("/proc/self/setgroups", "w");
	fprintf(f, "deny");
	fclose(f);
	f = fopen("/proc/self/gid_map", "w");
	fprintf(f, "0 %d 1", gid);
	fclose(f);
	mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL);
}

This obviously needs error checking - in this form it won't do
anything good without userns enabled (coredump on the first
fprintf() in there, since there won't be /proc/self/uid_map);
should probably just report CLONE_NEWUSER failure, warn about
skipped tests, fall back to unshare(CLONE_NEWNS) and skip
everything in in_child()...

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help