[PATCH v3 26/38] ioctl: handle idmapped mounts

[PATCH v3 00/38] idmapped mounts · Christian Brauner <hidden> · 2020-11-28
[PATCH v3 32/38] fat: handle idmapped mounts · Christian Brauner <hidden> · 2020-11-28
Re: [PATCH v3 32/38] fat: handle idmapped mounts · Mauricio Vásquez Bernal <hidden> · 2020-11-30
Re: [PATCH v3 32/38] fat: handle idmapped mounts · Christian Brauner <hidden> · 2020-12-01
[PATCH v3 25/38] init: handle idmapped mounts · Christian Brauner <hidden> · 2020-11-28
[PATCH v3 37/38] tests: extend mount_setattr tests · Christian Brauner <hidden> · 2020-11-28
[PATCH v3 30/38] apparmor: handle idmapped mounts · Christian Brauner <hidden> · 2020-11-28
[PATCH v3 35/38] overlayfs: do not mount on top of idmapped mounts · Christian Brauner <hidden> · 2020-11-28
[PATCH v3 23/38] fcntl: handle idmapped mounts · Christian Brauner <hidden> · 2020-11-28
[PATCH v3 21/38] af_unix: handle idmapped mounts · Christian Brauner <hidden> · 2020-11-28
[PATCH v3 34/38] ecryptfs: do not mount on top of idmapped mounts · Christian Brauner <hidden> · 2020-11-28
[PATCH v3 36/38] fs: introduce MOUNT_ATTR_IDMAP · Christian Brauner <hidden> · 2020-11-28
[PATCH v3 31/38] ima: handle idmapped mounts · Christian Brauner <hidden> · 2020-11-28
[PATCH v3 22/38] utimes: handle idmapped mounts · Christian Brauner <hidden> · 2020-11-28
[PATCH v3 26/38] ioctl: handle idmapped mounts · Christian Brauner <hidden> · 2020-11-28
[PATCH v3 28/38] exec: handle idmapped mounts · Christian Brauner <hidden> · 2020-11-28
[PATCH v3 20/38] open: handle idmapped mounts · Christian Brauner <hidden> · 2020-11-28
[PATCH v3 33/38] ext4: support idmapped mounts · Christian Brauner <hidden> · 2020-11-28
Re: [PATCH v3 33/38] ext4: support idmapped mounts · Mauricio Vásquez Bernal <hidden> · 2020-11-30
Re: [PATCH v3 33/38] ext4: support idmapped mounts · Christian Brauner <hidden> · 2020-12-01
Re: [PATCH v3 33/38] ext4: support idmapped mounts · Christoph Hellwig <hch@lst.de> · 2020-12-01
Re: [PATCH v3 33/38] ext4: support idmapped mounts · Christian Brauner <hidden> · 2020-12-01
Re: [PATCH v3 33/38] ext4: support idmapped mounts · Christoph Hellwig <hch@lst.de> · 2020-12-01
Re: [PATCH v3 33/38] ext4: support idmapped mounts · Christian Brauner <hidden> · 2020-12-01
[PATCH v3 27/38] would_dump: handle idmapped mounts · Christian Brauner <hidden> · 2020-11-28
[PATCH v3 24/38] notify: handle idmapped mounts · Christian Brauner <hidden> · 2020-11-28
[PATCH v3 11/38] attr: handle idmapped mounts · Christian Brauner <hidden> · 2020-11-28
[PATCH v3 14/38] commoncap: handle idmapped mounts · Christian Brauner <hidden> · 2020-11-28
[PATCH v3 13/38] xattr: handle idmapped mounts · Christian Brauner <hidden> · 2020-11-28
[PATCH v3 15/38] stat: handle idmapped mounts · Christian Brauner <hidden> · 2020-11-28
[PATCH v3 12/38] acl: handle idmapped mounts · Christian Brauner <hidden> · 2020-11-28
[PATCH v3 17/38] namei: introduce struct renamedata · Christian Brauner <hidden> · 2020-11-28
Re: [PATCH v3 17/38] namei: introduce struct renamedata · Christoph Hellwig <hch@lst.de> · 2020-12-01
Re: [PATCH v3 17/38] namei: introduce struct renamedata · Christian Brauner <hidden> · 2020-12-02
[PATCH v3 02/38] mount: make {lock,unlock}_mount_hash() static · Christian Brauner <hidden> · 2020-11-28
Re: [PATCH v3 02/38] mount: make {lock,unlock}_mount_hash() static · Christoph Hellwig <hch@lst.de> · 2020-12-01
Re: [PATCH v3 02/38] mount: make {lock,unlock}_mount_hash() static · Christian Brauner <hidden> · 2020-12-02
[PATCH v3 03/38] namespace: only take read lock in do_reconfigure_mnt() · Christian Brauner <hidden> · 2020-11-28
Re: [PATCH v3 03/38] namespace: only take read lock in do_reconfigure_mnt() · Christoph Hellwig <hch@lst.de> · 2020-12-01
Re: [PATCH v3 03/38] namespace: only take read lock in do_reconfigure_mnt() · Christian Brauner <hidden> · 2020-12-02
[PATCH v3 19/38] open: handle idmapped mounts in do_truncate() · Christian Brauner <hidden> · 2020-11-28
[PATCH v3 16/38] namei: handle idmapped mounts in may_*() helpers · Christian Brauner <hidden> · 2020-11-28
[PATCH v3 01/38] namespace: take lock_mount_hash() directly when changing flags · Christian Brauner <hidden> · 2020-11-28
Re: [PATCH v3 01/38] namespace: take lock_mount_hash() directly when changing flags · Christoph Hellwig <hch@lst.de> · 2020-12-01
Re: [PATCH v3 01/38] namespace: take lock_mount_hash() directly when changing flags · Christian Brauner <hidden> · 2020-12-02
[PATCH v3 08/38] capability: handle idmapped mounts · Christian Brauner <hidden> · 2020-11-28
Re: [PATCH v3 08/38] capability: handle idmapped mounts · "Serge E. Hallyn" <serge@hallyn.com> · 2020-11-28
[PATCH v3 09/38] namei: add idmapped mount aware permission helpers · Christian Brauner <hidden> · 2020-11-28
Re: [PATCH v3 09/38] namei: add idmapped mount aware permission helpers · "Serge E. Hallyn" <serge@hallyn.com> · 2020-11-28
Re: [PATCH v3 09/38] namei: add idmapped mount aware permission helpers · Christian Brauner <hidden> · 2020-12-01
Re: [PATCH v3 09/38] namei: add idmapped mount aware permission helpers · Christoph Hellwig <hch@lst.de> · 2020-12-01
Re: [PATCH v3 09/38] namei: add idmapped mount aware permission helpers · Christian Brauner <hidden> · 2020-12-01
[PATCH v3 18/38] namei: prepare for idmapped mounts · Christian Brauner <hidden> · 2020-11-28
[PATCH v3 10/38] inode: add idmapped mount aware init and permission helpers · Christian Brauner <hidden> · 2020-11-28
Re: [PATCH v3 10/38] inode: add idmapped mount aware init and permission helpers · Christoph Hellwig <hch@lst.de> · 2020-12-01
Re: [PATCH v3 10/38] inode: add idmapped mount aware init and permission helpers · Christian Brauner <hidden> · 2020-12-02
[PATCH v3 06/38] fs: add id translation helpers · Christian Brauner <hidden> · 2020-11-28
Re: [PATCH v3 06/38] fs: add id translation helpers · Christoph Hellwig <hch@lst.de> · 2020-12-01
Re: [PATCH v3 06/38] fs: add id translation helpers · Christian Brauner <hidden> · 2020-12-02
[PATCH v3 04/38] fs: add mount_setattr() · Christian Brauner <hidden> · 2020-11-28
Re: [PATCH v3 04/38] fs: add mount_setattr() · Christoph Hellwig <hch@lst.de> · 2020-12-01
Re: [PATCH v3 04/38] fs: add mount_setattr() · Christian Brauner <hidden> · 2020-12-02
Re: [PATCH v3 04/38] fs: add mount_setattr() · Christoph Hellwig <hch@lst.de> · 2020-12-02
Re: [PATCH v3 04/38] fs: add mount_setattr() · Christoph Hellwig <hch@lst.de> · 2020-12-02
Re: [PATCH v3 04/38] fs: add mount_setattr() · Christian Brauner <hidden> · 2020-12-02
Re: [PATCH v3 04/38] fs: add mount_setattr() · Christoph Hellwig <hch@lst.de> · 2020-12-02
[PATCH v3 07/38] mount: attach mappings to mounts · Christian Brauner <hidden> · 2020-11-28
Re: [PATCH v3 07/38] mount: attach mappings to mounts · Christoph Hellwig <hch@lst.de> · 2020-12-01
Re: [PATCH v3 07/38] mount: attach mappings to mounts · Tycho Andersen <tycho@tycho.pizza> · 2020-12-01
Re: [PATCH v3 07/38] mount: attach mappings to mounts · Christian Brauner <hidden> · 2020-12-02
[PATCH v3 05/38] tests: add mount_setattr() selftests · Christian Brauner <hidden> · 2020-11-28
Re: [PATCH v3 00/38] idmapped mounts · "Serge E. Hallyn" <serge@hallyn.com> · 2020-11-28
Re: [PATCH v3 00/38] idmapped mounts · Christian Brauner <hidden> · 2020-12-01

STALE2004d

Revisions (4)

2020-11-28 v3 current
2020-12-04 v4 [diff vs current]
2021-01-12 v5 [diff vs current]
2021-01-21 v6 [diff vs current]

From: Christian Brauner <hidden>
Date: 2020-11-28 22:13:00
Also in: fstests, linux-api, linux-ext4, linux-fsdevel, linux-integrity, selinux
Subsystem: filesystems (vfs and infrastructure), fsverity: read-only file-based authenticity protection, the rest · Maintainers: Alexander Viro, Christian Brauner, Eric Biggers, Theodore Y. Ts'o, Linus Torvalds

Enable generic ioctls to handle idmapped mounts by passing down the mount's user
namespace. If the initial user namespace is passed nothing changes so
non-idmapped mounts will see identical behavior as before.

Cc: Christoph Hellwig <hch@lst.de>
Cc: David Howells <dhowells@redhat.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: linux-fsdevel@vger.kernel.org
Signed-off-by: Christian Brauner <redacted>
---
/* v2 */
patch introduced

/* v3 */
unchanged
---
 fs/remap_range.c   | 7 +++++--
 fs/verity/enable.c | 2 +-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/fs/remap_range.c b/fs/remap_range.c
index 9e5b27641756..fe7f07228462 100644
--- a/fs/remap_range.c
+++ b/fs/remap_range.c

@@ -432,13 +432,16 @@ EXPORT_SYMBOL(vfs_clone_file_range);
 /* Check whether we are allowed to dedupe the destination file */
 static bool allow_file_dedupe(struct file *file)
 {
+	struct user_namespace *user_ns = mnt_user_ns(file->f_path.mnt);
+	struct inode *inode = file_inode(file);
+
 	if (capable(CAP_SYS_ADMIN))
 		return true;
 	if (file->f_mode & FMODE_WRITE)
 		return true;
-	if (uid_eq(current_fsuid(), file_inode(file)->i_uid))
+	if (uid_eq(current_fsuid(), i_uid_into_mnt(user_ns, inode)))
 		return true;
-	if (!inode_permission(&init_user_ns, file_inode(file), MAY_WRITE))
+	if (!inode_permission(user_ns, inode, MAY_WRITE))
 		return true;
 	return false;
 }

diff --git a/fs/verity/enable.c b/fs/verity/enable.c
index 7449ef0050f4..8b9ea0f0850f 100644
--- a/fs/verity/enable.c
+++ b/fs/verity/enable.c

@@ -369,7 +369,7 @@ int fsverity_ioctl_enable(struct file *filp, const void __user *uarg)
 	 * has verity enabled, and to stabilize the data being hashed.
 	 */
 
-	err = inode_permission(&init_user_ns, inode, MAY_WRITE);
+	err = inode_permission(mnt_user_ns(filp->f_path.mnt), inode, MAY_WRITE);
 	if (err)
 		return err;

-- 
2.29.2

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help