[PATCH 19/24] sys:__sys_setgid(): handle fsid mappings

[PATCH 00/24] user_namespace: introduce fsid mappings · Christian Brauner <hidden> · 2020-02-11
[PATCH 19/24] sys:__sys_setgid(): handle fsid mappings · Christian Brauner <hidden> · 2020-02-11
[PATCH 15/24] commoncap:cap_bprm_set_creds(): handle fsid mappings · Christian Brauner <hidden> · 2020-02-11
[PATCH 17/24] sys: __sys_setfsgid(): handle fsid mappings · Christian Brauner <hidden> · 2020-02-11
[PATCH 16/24] sys: __sys_setfsuid(): handle fsid mappings · Christian Brauner <hidden> · 2020-02-11
[PATCH 18/24] sys:__sys_setuid(): handle fsid mappings · Christian Brauner <hidden> · 2020-02-11
[PATCH 14/24] commoncap: cap_task_fix_setuid(): handle fsid mappings · Christian Brauner <hidden> · 2020-02-11
[PATCH 13/24] attr: notify_change(): handle fsid mappings · Christian Brauner <hidden> · 2020-02-11
[PATCH 11/24] open: chown_common(): handle fsid mappings · Christian Brauner <hidden> · 2020-02-11
[PATCH 12/24] posix_acl: handle fsid mappings · Christian Brauner <hidden> · 2020-02-11
[PATCH 01/24] user_namespace: introduce fsid mappings infrastructure · Christian Brauner <hidden> · 2020-02-11
Re: [PATCH 01/24] user_namespace: introduce fsid mappings infrastructure · Randy Dunlap <hidden> · 2020-02-11
[PATCH 20/24] sys:__sys_setreuid(): handle fsid mappings · Christian Brauner <hidden> · 2020-02-11
[PATCH 07/24] namei: may_{o_}create(): handle fsid mappings · Christian Brauner <hidden> · 2020-02-11
[PATCH 08/24] inode: inode_owner_or_capable(): handle fsid mappings · Christian Brauner <hidden> · 2020-02-11
[PATCH 10/24] stat: handle fsid mappings · Christian Brauner <hidden> · 2020-02-11
[PATCH 02/24] proc: add /proc/<pid>/fsuid_map · Christian Brauner <hidden> · 2020-02-11
[PATCH 03/24] proc: add /proc/<pid>/fsgid_map · Christian Brauner <hidden> · 2020-02-11
[PATCH 24/24] devpts: handle fsid mappings · Christian Brauner <hidden> · 2020-02-11
[PATCH 09/24] capability: privileged_wrt_inode_uidgid(): handle fsid mappings · Christian Brauner <hidden> · 2020-02-11
[PATCH 22/24] sys:__sys_setresuid(): handle fsid mappings · Christian Brauner <hidden> · 2020-02-11
[PATCH 06/24] fs: add is_userns_visible() helper · Christian Brauner <hidden> · 2020-02-11
[PATCH 04/24] fsuidgid: add fsid mapping helpers · Christian Brauner <hidden> · 2020-02-11
[PATCH 05/24] proc: task_state(): use from_kfs{g,u}id_munged · Christian Brauner <hidden> · 2020-02-11
[PATCH 23/24] sys:__sys_setresgid(): handle fsid mappings · Christian Brauner <hidden> · 2020-02-11
[PATCH 21/24] sys:__sys_setregid(): handle fsid mappings · Christian Brauner <hidden> · 2020-02-11
Re: [PATCH 00/24] user_namespace: introduce fsid mappings · Jann Horn <jannh@google.com> · 2020-02-11
Re: [PATCH 00/24] user_namespace: introduce fsid mappings · Christian Brauner <hidden> · 2020-02-12
Re: [PATCH 00/24] user_namespace: introduce fsid mappings · Jann Horn <jannh@google.com> · 2020-02-12

STALE2306d

Revisions (3)

2020-02-11 v1 current
2020-02-14 v2 [diff vs current]
2020-02-18 v3 [diff vs current]

From: Christian Brauner <hidden>
Date: 2020-02-11 16:59:48
Also in: linux-api, linux-fsdevel, lkml
Subsystem: the rest · Maintainer: Linus Torvalds

Switch setgid() to lookup fsids in the fsid mappings. If no fsid mappings are
setup the behavior is unchanged, i.e. fsids are looked up in the id mappings.

Signed-off-by: Christian Brauner <redacted>
---
 kernel/sys.c | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/kernel/sys.c b/kernel/sys.c
index afaec8d46bc5..11f41e0a4974 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c

@@ -416,24 +416,31 @@ long __sys_setgid(gid_t gid)
 	const struct cred *old;
 	struct cred *new;
 	int retval;
-	kgid_t kgid;
+	kgid_t kgid, kfsgid;
 
 	kgid = make_kgid(ns, gid);
 	if (!gid_valid(kgid))
 		return -EINVAL;
 
+	kfsgid = make_kfsgid(ns, gid);
+	if (!gid_valid(kfsgid))
+		return -EINVAL;
+
 	new = prepare_creds();
 	if (!new)
 		return -ENOMEM;
 	old = current_cred();
 
 	retval = -EPERM;
-	if (ns_capable(old->user_ns, CAP_SETGID))
-		new->gid = new->egid = new->sgid = new->fsgid = kgid;
-	else if (gid_eq(kgid, old->gid) || gid_eq(kgid, old->sgid))
-		new->egid = new->fsgid = kgid;
-	else
+	if (ns_capable(old->user_ns, CAP_SETGID)) {
+		new->gid = new->egid = new->sgid = kgid;
+		new->fsgid = kfsgid;
+	} else if (gid_eq(kgid, old->gid) || gid_eq(kgid, old->sgid)) {
+		new->egid = kgid;
+		new->fsgid = kfsgid;
+	} else {
 		goto error;
+	}
 
 	return commit_creds(new);

-- 
2.25.0

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help