[PATCH 08/24] inode: inode_owner_or_capable(): handle fsid mappings

[PATCH 00/24] user_namespace: introduce fsid mappings · Christian Brauner <hidden> · 2020-02-11
[PATCH 19/24] sys:__sys_setgid(): handle fsid mappings · Christian Brauner <hidden> · 2020-02-11
[PATCH 15/24] commoncap:cap_bprm_set_creds(): handle fsid mappings · Christian Brauner <hidden> · 2020-02-11
[PATCH 17/24] sys: __sys_setfsgid(): handle fsid mappings · Christian Brauner <hidden> · 2020-02-11
[PATCH 16/24] sys: __sys_setfsuid(): handle fsid mappings · Christian Brauner <hidden> · 2020-02-11
[PATCH 18/24] sys:__sys_setuid(): handle fsid mappings · Christian Brauner <hidden> · 2020-02-11
[PATCH 14/24] commoncap: cap_task_fix_setuid(): handle fsid mappings · Christian Brauner <hidden> · 2020-02-11
[PATCH 13/24] attr: notify_change(): handle fsid mappings · Christian Brauner <hidden> · 2020-02-11
[PATCH 11/24] open: chown_common(): handle fsid mappings · Christian Brauner <hidden> · 2020-02-11
[PATCH 12/24] posix_acl: handle fsid mappings · Christian Brauner <hidden> · 2020-02-11
[PATCH 01/24] user_namespace: introduce fsid mappings infrastructure · Christian Brauner <hidden> · 2020-02-11
Re: [PATCH 01/24] user_namespace: introduce fsid mappings infrastructure · Randy Dunlap <hidden> · 2020-02-11
[PATCH 20/24] sys:__sys_setreuid(): handle fsid mappings · Christian Brauner <hidden> · 2020-02-11
[PATCH 07/24] namei: may_{o_}create(): handle fsid mappings · Christian Brauner <hidden> · 2020-02-11
[PATCH 08/24] inode: inode_owner_or_capable(): handle fsid mappings · Christian Brauner <hidden> · 2020-02-11
[PATCH 10/24] stat: handle fsid mappings · Christian Brauner <hidden> · 2020-02-11
[PATCH 02/24] proc: add /proc/<pid>/fsuid_map · Christian Brauner <hidden> · 2020-02-11
[PATCH 03/24] proc: add /proc/<pid>/fsgid_map · Christian Brauner <hidden> · 2020-02-11
[PATCH 24/24] devpts: handle fsid mappings · Christian Brauner <hidden> · 2020-02-11
[PATCH 09/24] capability: privileged_wrt_inode_uidgid(): handle fsid mappings · Christian Brauner <hidden> · 2020-02-11
[PATCH 22/24] sys:__sys_setresuid(): handle fsid mappings · Christian Brauner <hidden> · 2020-02-11
[PATCH 06/24] fs: add is_userns_visible() helper · Christian Brauner <hidden> · 2020-02-11
[PATCH 04/24] fsuidgid: add fsid mapping helpers · Christian Brauner <hidden> · 2020-02-11
[PATCH 05/24] proc: task_state(): use from_kfs{g,u}id_munged · Christian Brauner <hidden> · 2020-02-11
[PATCH 23/24] sys:__sys_setresgid(): handle fsid mappings · Christian Brauner <hidden> · 2020-02-11
[PATCH 21/24] sys:__sys_setregid(): handle fsid mappings · Christian Brauner <hidden> · 2020-02-11
Re: [PATCH 00/24] user_namespace: introduce fsid mappings · Jann Horn <jannh@google.com> · 2020-02-11
Re: [PATCH 00/24] user_namespace: introduce fsid mappings · Christian Brauner <hidden> · 2020-02-12
Re: [PATCH 00/24] user_namespace: introduce fsid mappings · Jann Horn <jannh@google.com> · 2020-02-12

STALE2306d

Revisions (3)

2020-02-11 v1 current
2020-02-14 v2 [diff vs current]
2020-02-18 v3 [diff vs current]

From: Christian Brauner <hidden>
Date: 2020-02-11 17:00:42
Also in: linux-api, linux-fsdevel, lkml
Subsystem: filesystems (vfs and infrastructure), the rest · Maintainers: Alexander Viro, Christian Brauner, Linus Torvalds

Switch inode_owner_or_capable() to lookup fsids in the fsid mappings. If no
fsid mappings are setup the behavior is unchanged, i.e. fsids are looked up in
the id mappings.

Filesystems that share a superblock in all user namespaces they are mounted in
will retain their old semantics even with the introduction of fsidmappings.

Signed-off-by: Christian Brauner <redacted>
---
 fs/inode.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/fs/inode.c b/fs/inode.c
index 96d62d97694e..c1ed43c5054c 100644
--- a/fs/inode.c
+++ b/fs/inode.c

@@ -20,6 +20,7 @@
 #include <linux/ratelimit.h>
 #include <linux/list_lru.h>
 #include <linux/iversion.h>
+#include <linux/fsuidgid.h>
 #include <trace/events/writeback.h>
 #include "internal.h"

@@ -2083,8 +2084,12 @@ bool inode_owner_or_capable(const struct inode *inode)
 		return true;
 
 	ns = current_user_ns();
-	if (kuid_has_mapping(ns, inode->i_uid) && ns_capable(ns, CAP_FOWNER))
+	if (is_userns_visible(inode->i_sb->s_iflags)) {
+		if (kuid_has_mapping(ns, inode->i_uid) && ns_capable(ns, CAP_FOWNER))
+			return true;
+	} else if (kfsuid_has_mapping(ns, inode->i_uid) && ns_capable(ns, CAP_FOWNER)) {
 		return true;
+	}
 	return false;
 }
 EXPORT_SYMBOL(inode_owner_or_capable);

-- 
2.25.0

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help