[PATCH v4 12/21] fs: Refuse uid/gid changes which don't map into s_user_ns

[PATCH v4 00/21] Support fuse mounts in user namespaces · Seth Forshee <hidden> · 2016-04-26
[PATCH v4 03/21] fs: Allow sysfs and cgroupfs to share super blocks between user namespaces · Seth Forshee <hidden> · 2016-04-26
[PATCH v4 06/21] fs: Treat foreign mounts as nosuid · Seth Forshee <hidden> · 2016-04-26
[PATCH v4 08/21] userns: Replace in_userns with current_in_userns · Seth Forshee <hidden> · 2016-04-26
[PATCH v4 09/21] Smack: Handle labels consistently in untrusted mounts · Seth Forshee <hidden> · 2016-04-26
[PATCH v4 16/21] fs: Allow superblock owner to access do_remount_sb() · Seth Forshee <hidden> · 2016-04-26
[PATCH v4 21/21] fuse: Allow user namespace mounts · Seth Forshee <hidden> · 2016-04-26
[PATCH v4 01/21] fs: fix a posible leak of allocated superblock · Seth Forshee <hidden> · 2016-04-26
[PATCH v4 02/21] fs: Remove check of s_user_ns for existing mounts in fs_fully_visible() · Seth Forshee <hidden> · 2016-04-26
[PATCH v4 04/21] block_dev: Support checking inode permissions in lookup_bdev() · Seth Forshee <hidden> · 2016-04-26
[PATCH v4 05/21] block_dev: Check permissions towards block device inode when mounting · Seth Forshee <hidden> · 2016-04-26
[PATCH v4 07/21] selinux: Add support for unprivileged mounts from user namespaces · Seth Forshee <hidden> · 2016-04-26
[PATCH v4 10/21] fs: Check for invalid i_uid in may_follow_link() · Seth Forshee <hidden> · 2016-04-26
Re: [PATCH v4 10/21] fs: Check for invalid i_uid in may_follow_link() · Djalal Harouni <hidden> · 2016-05-24
[PATCH v4 11/21] cred: Reject inodes with invalid ids in set_create_file_as() · Seth Forshee <hidden> · 2016-04-26
[PATCH v4 12/21] fs: Refuse uid/gid changes which don't map into s_user_ns · Seth Forshee <hidden> · 2016-04-26
[PATCH v4 13/21] fs: Update posix_acl support to handle user namespace mounts · Seth Forshee <hidden> · 2016-04-26
[PATCH v4 14/21] fs: Allow superblock owner to change ownership of inodes with unmappable ids · Seth Forshee <hidden> · 2016-04-26
[PATCH v4 17/21] capabilities: Allow privileged user in s_user_ns to set security.* xattrs · Seth Forshee <hidden> · 2016-04-26
Re: [PATCH v4 17/21] capabilities: Allow privileged user in s_user_ns to set security.* xattrs · James Morris <jmorris@namei.org> · 2016-04-27
[PATCH v4 15/21] fs: Don't remove suid for CAP_FSETID in s_user_ns · Seth Forshee <hidden> · 2016-04-26
[PATCH v4 19/21] fuse: Support fuse filesystems outside of init_user_ns · Seth Forshee <hidden> · 2016-04-26
[PATCH v4 20/21] fuse: Restrict allow_other to the superblock's namespace or a descendant · Seth Forshee <hidden> · 2016-04-26
[PATCH v4 18/21] fuse: Add support for pid namespaces · Seth Forshee <hidden> · 2016-04-26
Re: [PATCH v4 18/21] fuse: Add support for pid namespaces · Sheng Yang <hidden> · 2016-07-20
Re: [PATCH v4 18/21] fuse: Add support for pid namespaces · Seth Forshee <hidden> · 2016-07-20
Re: [PATCH v4 18/21] fuse: Add support for pid namespaces · Sheng Yang <hidden> · 2016-07-20
Re: [PATCH v4 18/21] fuse: Add support for pid namespaces · Miklos Szeredi <hidden> · 2016-07-21

STALE3621d REVIEWED: 1 (0M)

Revisions (5)

2015-12-02 v1 [diff vs current]
2015-12-07 v2 [diff vs current]
2016-01-04 v2 [diff vs current]
2016-04-22 v3 [diff vs current]
2016-04-26 v4 current

From: Seth Forshee <hidden>
Date: 2016-04-26 19:37:06
Also in: cgroups, dm-devel, linux-bcache, linux-fsdevel, lkml, selinux
Subsystem: filesystems (vfs and infrastructure), the rest · Maintainers: Alexander Viro, Christian Brauner, Linus Torvalds

Add checks to inode_change_ok to verify that uid and gid changes
will map into the superblock's user namespace. If they do not
fail with -EOVERFLOW. This cannot be overriden with ATTR_FORCE.

Signed-off-by: Seth Forshee <redacted>
Acked-by: Serge Hallyn <redacted>
---
 fs/attr.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/fs/attr.c b/fs/attr.c
index 25b24d0f6c88..3cfaaac4a18e 100644
--- a/fs/attr.c
+++ b/fs/attr.c

@@ -42,6 +42,17 @@ int inode_change_ok(const struct inode *inode, struct iattr *attr)
 			return error;
 	}
 
+	/*
+	 * Verify that uid/gid changes are valid in the target namespace
+	 * of the superblock. This cannot be overriden using ATTR_FORCE.
+	 */
+	if (ia_valid & ATTR_UID &&
+	    from_kuid(inode->i_sb->s_user_ns, attr->ia_uid) == (uid_t)-1)
+		return -EOVERFLOW;
+	if (ia_valid & ATTR_GID &&
+	    from_kgid(inode->i_sb->s_user_ns, attr->ia_gid) == (gid_t)-1)
+		return -EOVERFLOW;
+
 	/* If force is set do it anyway. */
 	if (ia_valid & ATTR_FORCE)
 		return 0;

-- 
2.7.4


------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
-- 
fuse-devel mailing list
To unsubscribe or subscribe, visit https://lists.sourceforge.net/lists/listinfo/fuse-devel

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help