leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity
e65ce2a50c
linux/fs
History
Christian Brauner e65ce2a50c
acl: handle idmapped mounts 
The posix acl permission checking helpers determine whether a caller is
privileged over an inode according to the acls associated with the
inode. Add helpers that make it possible to handle acls on idmapped
mounts.

The vfs and the filesystems targeted by this first iteration make use of
posix_acl_fix_xattr_from_user() and posix_acl_fix_xattr_to_user() to
translate basic posix access and default permissions such as the
ACL_USER and ACL_GROUP type according to the initial user namespace (or
the superblock's user namespace) to and from the caller's current user
namespace. Adapt these two helpers to handle idmapped mounts whereby we
either map from or into the mount's user namespace depending on in which
direction we're translating.
Similarly, cap_convert_nscap() is used by the vfs to translate user
namespace and non-user namespace aware filesystem capabilities from the
superblock's user namespace to the caller's user namespace. Enable it to
handle idmapped mounts by accounting for the mount's user namespace.

In addition the fileystems targeted in the first iteration of this patch
series make use of the posix_acl_chmod() and, posix_acl_update_mode()
helpers. Both helpers perform permission checks on the target inode. Let
them handle idmapped mounts. These two helpers are called when posix
acls are set by the respective filesystems to handle this case we extend
the ->set() method to take an additional user namespace argument to pass
the mount's user namespace down.

Link: https://lore.kernel.org/r/20210121131959.646623-9-christian.brauner@ubuntu.com
Cc: Christoph Hellwig <hch@lst.de>
Cc: David Howells <dhowells@redhat.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: linux-fsdevel@vger.kernel.org
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2021-01-24 14:27:17 +01:00
..
9p acl: handle idmapped mounts 2021-01-24 14:27:17 +01:00
adfs attr: handle idmapped mounts 2021-01-24 14:27:16 +01:00
affs attr: handle idmapped mounts 2021-01-24 14:27:16 +01:00
afs acl: handle idmapped mounts 2021-01-24 14:27:17 +01:00
autofs file: Replace ksys_close with close_fd 2020-12-10 12:42:59 -06:00
befs
bfs inode: make init and permission helpers idmapped mount aware 2021-01-24 14:27:16 +01:00
btrfs acl: handle idmapped mounts 2021-01-24 14:27:17 +01:00
cachefiles attr: handle idmapped mounts 2021-01-24 14:27:16 +01:00
ceph acl: handle idmapped mounts 2021-01-24 14:27:17 +01:00
cifs acl: handle idmapped mounts 2021-01-24 14:27:17 +01:00
coda
configfs namei: make permission helpers idmapped mount aware 2021-01-24 14:27:16 +01:00
cramfs
crypto inode: make init and permission helpers idmapped mount aware 2021-01-24 14:27:16 +01:00
debugfs debugfs: remove return value of debugfs_create_devm_seqfile() 2020-10-30 08:37:39 +01:00
devpts
dlm fs: dlm: check on existing node address 2020-11-10 12:14:20 -06:00
ecryptfs acl: handle idmapped mounts 2021-01-24 14:27:17 +01:00
efivarfs inode: make init and permission helpers idmapped mount aware 2021-01-24 14:27:16 +01:00
efs
erofs erofs: avoid using generic_block_bmap 2020-12-10 11:07:40 +08:00
exfat attr: handle idmapped mounts 2021-01-24 14:27:16 +01:00
exportfs exportfs: Add a function to return the raw output from fh_to_dentry() 2020-12-09 09:39:38 -05:00
ext2 acl: handle idmapped mounts 2021-01-24 14:27:17 +01:00
ext4 acl: handle idmapped mounts 2021-01-24 14:27:17 +01:00
f2fs acl: handle idmapped mounts 2021-01-24 14:27:17 +01:00
fat attr: handle idmapped mounts 2021-01-24 14:27:16 +01:00
freevxfs
fscache
fuse acl: handle idmapped mounts 2021-01-24 14:27:17 +01:00
gfs2 acl: handle idmapped mounts 2021-01-24 14:27:17 +01:00
hfs acl: handle idmapped mounts 2021-01-24 14:27:17 +01:00
hfsplus acl: handle idmapped mounts 2021-01-24 14:27:17 +01:00
hostfs attr: handle idmapped mounts 2021-01-24 14:27:16 +01:00
hpfs attr: handle idmapped mounts 2021-01-24 14:27:16 +01:00
hugetlbfs attr: handle idmapped mounts 2021-01-24 14:27:16 +01:00
iomap mm: memcontrol: Use helpers to read page's memcg data 2020-12-02 18:28:05 -08:00
isofs fs: Replace zero-length array with flexible-array member 2020-10-29 17:22:59 -05:00
jbd2 jbd2: add a helper to find out number of fast commit blocks 2020-12-17 13:30:45 -05:00
jffs2 acl: handle idmapped mounts 2021-01-24 14:27:17 +01:00
jfs acl: handle idmapped mounts 2021-01-24 14:27:17 +01:00
kernfs acl: handle idmapped mounts 2021-01-24 14:27:17 +01:00
lockd fs/lockd: convert comma to semicolon 2020-12-16 07:57:37 -05:00
minix attr: handle idmapped mounts 2021-01-24 14:27:16 +01:00
nfs acl: handle idmapped mounts 2021-01-24 14:27:17 +01:00
nfs_common nfs_common: need lock during iterate through the list 2020-12-09 09:38:34 -05:00
nfsd acl: handle idmapped mounts 2021-01-24 14:27:17 +01:00
nilfs2 attr: handle idmapped mounts 2021-01-24 14:27:16 +01:00
nls
notify fs: add file and path permissions helpers 2021-01-24 14:27:16 +01:00
ntfs attr: handle idmapped mounts 2021-01-24 14:27:16 +01:00
ocfs2 acl: handle idmapped mounts 2021-01-24 14:27:17 +01:00
omfs attr: handle idmapped mounts 2021-01-24 14:27:16 +01:00
openpromfs
orangefs acl: handle idmapped mounts 2021-01-24 14:27:17 +01:00
overlayfs acl: handle idmapped mounts 2021-01-24 14:27:17 +01:00
proc attr: handle idmapped mounts 2021-01-24 14:27:16 +01:00
pstore Tracing updates for 5.11 2020-12-17 13:22:17 -08:00
qnx4
qnx6
quota \n 2020-12-17 11:00:37 -08:00
ramfs attr: handle idmapped mounts 2021-01-24 14:27:16 +01:00
reiserfs acl: handle idmapped mounts 2021-01-24 14:27:17 +01:00
romfs Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2020-10-24 12:26:05 -07:00
squashfs Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2020-10-24 12:26:05 -07:00
sysfs
sysv attr: handle idmapped mounts 2021-01-24 14:27:16 +01:00
tracefs
ubifs acl: handle idmapped mounts 2021-01-24 14:27:17 +01:00
udf attr: handle idmapped mounts 2021-01-24 14:27:16 +01:00
ufs attr: handle idmapped mounts 2021-01-24 14:27:16 +01:00
unicode
vboxsf Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2020-10-15 15:11:56 -07:00
verity fs: add file and path permissions helpers 2021-01-24 14:27:16 +01:00
xfs acl: handle idmapped mounts 2021-01-24 14:27:17 +01:00
zonefs attr: handle idmapped mounts 2021-01-24 14:27:16 +01:00
aio.c Merge branch 'akpm' (patches from Andrew) 2020-12-15 12:53:37 -08:00
anon_inodes.c
attr.c attr: handle idmapped mounts 2021-01-24 14:27:16 +01:00
bad_inode.c
binfmt_aout.c
binfmt_elf_fdpic.c binfmt_elf, binfmt_elf_fdpic: use a VMA list snapshot 2020-10-16 11:11:21 -07:00
binfmt_elf.c Merge branch 'exec-for-v5.11' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 2020-12-15 19:29:43 -08:00
binfmt_em86.c
binfmt_flat.c
binfmt_misc.c
binfmt_script.c
block_dev.c block: pre-initialize struct block_device in bdev_alloc_inode 2021-01-07 20:57:53 -07:00
buffer.c for-5.11/block-2020-12-14 2020-12-16 12:57:51 -08:00
char_dev.c
compat_binfmt_elf.c elf: Expose ELF header on arch_setup_additional_pages() 2020-10-26 13:46:47 +01:00
coredump.c Merge branch 'exec-for-v5.11' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 2020-12-15 19:29:43 -08:00
d_path.c fs: fix NULL dereference due to data race in prepend_path() 2020-10-14 14:54:45 -07:00
dax.c mm: simplify follow_pte{,pmd} 2020-12-15 22:46:19 -08:00
dcache.c fs: Kill DCACHE_DONTCACHE dentry even if DCACHE_REFERENCED is set 2020-12-10 17:33:17 -05:00
dcookies.c
direct-io.c \n 2020-10-15 15:03:10 -07:00
drop_caches.c
eventfd.c eventfd: Export eventfd_ctx_do_read() 2020-11-15 09:49:10 -05:00
eventpoll.c epoll: add syscall epoll_pwait2 2020-12-19 11:18:38 -08:00
exec.c namei: make permission helpers idmapped mount aware 2021-01-24 14:27:16 +01:00
fcntl.c inode: make init and permission helpers idmapped mount aware 2021-01-24 14:27:16 +01:00
fhandle.c
file_table.c epoll: take epitem list out of struct file 2020-10-25 20:02:08 -04:00
file.c kernel/io_uring: cancel io_uring before task works 2020-12-30 19:36:54 -07:00
filesystems.c
fs_context.c
fs_parser.c fs_parse: mark fs_param_bad_value() as static 2020-10-13 18:38:27 -07:00
fs_pin.c
fs_struct.c
fs_types.c
fs-writeback.c writeback: don't warn on an unregistered BDI in __mark_inode_dirty 2020-12-16 11:56:02 +01:00
fsopen.c
init.c fs: add file and path permissions helpers 2021-01-24 14:27:16 +01:00
inode.c attr: handle idmapped mounts 2021-01-24 14:27:16 +01:00
internal.h for-5.11/block-2020-12-14 2020-12-16 12:57:51 -08:00
io_uring.c io_uring: ensure finish_wait() is always called in __io_uring_task_cancel() 2021-01-15 16:04:23 -07:00
io-wq.c io-wq: kill now unused io_wq_cancel_all() 2020-12-20 10:47:42 -07:00
io-wq.h io-wq: kill now unused io_wq_cancel_all() 2020-12-20 10:47:42 -07:00
ioctl.c
Kconfig
Kconfig.binfmt
kernel_read_file.c
libfs.c attr: handle idmapped mounts 2021-01-24 14:27:16 +01:00
locks.c Merge branch 'exec-for-v5.11' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 2020-12-15 19:29:43 -08:00
Makefile Refactored code for 5.10: 2020-10-23 11:33:41 -07:00
mbcache.c
mount.h
mpage.c
namei.c inode: make init and permission helpers idmapped mount aware 2021-01-24 14:27:16 +01:00
namespace.c mount: attach mappings to mounts 2021-01-24 14:27:15 +01:00
no-block.c
nsfs.c
open.c attr: handle idmapped mounts 2021-01-24 14:27:16 +01:00
pipe.c block: remove i_bdev 2020-12-01 14:53:39 -07:00
pnode.c
pnode.h fs/namespace.c: WARN if mnt_count has become negative 2020-12-10 17:33:17 -05:00
posix_acl.c acl: handle idmapped mounts 2021-01-24 14:27:17 +01:00
proc_namespace.c proc mountinfo: make splice available again 2020-12-27 12:00:36 -08:00
read_write.c Refactored code for 5.10: 2020-10-23 11:33:41 -07:00
readdir.c
remap_range.c namei: make permission helpers idmapped mount aware 2021-01-24 14:27:16 +01:00
select.c poll: fix performance regression due to out-of-line __put_user() 2021-01-08 11:06:29 -08:00
seq_file.c fix return values of seq_read_iter() 2020-11-15 22:12:53 -05:00
signalfd.c
splice.c io_uring-5.10-2020-10-24 2020-10-24 12:40:18 -07:00
stack.c
stat.c
statfs.c block: remove i_bdev 2020-12-01 14:53:39 -07:00
super.c block: remove i_bdev 2020-12-01 14:53:39 -07:00
sync.c
timerfd.c
userfaultfd.c userfaultfd: add user-mode only option to unprivileged_userfaultfd sysctl knob 2020-12-15 12:13:46 -08:00
utimes.c attr: handle idmapped mounts 2021-01-24 14:27:16 +01:00
xattr.c acl: handle idmapped mounts 2021-01-24 14:27:17 +01:00