From: "Serge E. Hallyn" <serge-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org>
To: "Eric W. Biederman" <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
Cc: linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Linux Containers
<containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org>,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: Re: [PATCH review 4/6] userns: Allow the userns root to mount of devpts
Date: Sat, 26 Jan 2013 21:22:02 +0000 [thread overview]
Message-ID: <20130126212202.GF11274@mail.hallyn.com> (raw)
In-Reply-To: <87obgchecv.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
Quoting Eric W. Biederman (ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org):
>
> - The context in which devpts is mounted has no effect on the creation
> of ptys as the /dev/ptmx interface has been used by unprivileged
> users for many years.
>
> - Only support unprivileged mounts in combination with the newinstance
> option to ensure that mounting of /dev/pts in a user namespace will
> not allow the options of an existing mount of devpts to be modified.
>
> - Create /dev/pts/ptmx as the root user in the user namespace that
> mounts devpts so that it's permissions to be changed.
>
> Signed-off-by: "Eric W. Biederman" <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
Acked-by: Serge Hallyn <serge.hallyn-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org>
> ---
> fs/devpts/inode.c | 18 ++++++++++++++++++
> 1 files changed, 18 insertions(+), 0 deletions(-)
>
> diff --git a/fs/devpts/inode.c b/fs/devpts/inode.c
> index 472e6be..073d30b 100644
> --- a/fs/devpts/inode.c
> +++ b/fs/devpts/inode.c
> @@ -243,6 +243,13 @@ static int mknod_ptmx(struct super_block *sb)
> struct dentry *root = sb->s_root;
> struct pts_fs_info *fsi = DEVPTS_SB(sb);
> struct pts_mount_opts *opts = &fsi->mount_opts;
> + kuid_t root_uid;
> + kgid_t root_gid;
> +
> + root_uid = make_kuid(current_user_ns(), 0);
> + root_gid = make_kgid(current_user_ns(), 0);
> + if (!uid_valid(root_uid) || !gid_valid(root_gid))
> + return -EINVAL;
>
> mutex_lock(&root->d_inode->i_mutex);
>
> @@ -273,6 +280,8 @@ static int mknod_ptmx(struct super_block *sb)
>
> mode = S_IFCHR|opts->ptmxmode;
> init_special_inode(inode, mode, MKDEV(TTYAUX_MAJOR, 2));
> + inode->i_uid = root_uid;
> + inode->i_gid = root_gid;
>
> d_add(dentry, inode);
>
> @@ -438,6 +447,12 @@ static struct dentry *devpts_mount(struct file_system_type *fs_type,
> if (error)
> return ERR_PTR(error);
>
> + /* Require newinstance for all user namespace mounts to ensure
> + * the mount options are not changed.
> + */
> + if ((current_user_ns() != &init_user_ns) && !opts.newinstance)
> + return ERR_PTR(-EINVAL);
> +
> if (opts.newinstance)
> s = sget(fs_type, NULL, set_anon_super, flags, NULL);
> else
> @@ -491,6 +506,9 @@ static struct file_system_type devpts_fs_type = {
> .name = "devpts",
> .mount = devpts_mount,
> .kill_sb = devpts_kill_sb,
> +#ifdef CONFIG_DEVPTS_MULTIPLE_INSTANCES
> + .fs_flags = FS_USERNS_MOUNT | FS_USERNS_DEV_MOUNT,
> +#endif
> };
>
> /*
> --
> 1.7.5.4
WARNING: multiple messages have this Message-ID (diff)
From: "Serge E. Hallyn" <serge@hallyn.com>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Linux Containers <containers@lists.linux-foundation.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH review 4/6] userns: Allow the userns root to mount of devpts
Date: Sat, 26 Jan 2013 21:22:02 +0000 [thread overview]
Message-ID: <20130126212202.GF11274@mail.hallyn.com> (raw)
In-Reply-To: <87obgchecv.fsf@xmission.com>
Quoting Eric W. Biederman (ebiederm@xmission.com):
>
> - The context in which devpts is mounted has no effect on the creation
> of ptys as the /dev/ptmx interface has been used by unprivileged
> users for many years.
>
> - Only support unprivileged mounts in combination with the newinstance
> option to ensure that mounting of /dev/pts in a user namespace will
> not allow the options of an existing mount of devpts to be modified.
>
> - Create /dev/pts/ptmx as the root user in the user namespace that
> mounts devpts so that it's permissions to be changed.
>
> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
> ---
> fs/devpts/inode.c | 18 ++++++++++++++++++
> 1 files changed, 18 insertions(+), 0 deletions(-)
>
> diff --git a/fs/devpts/inode.c b/fs/devpts/inode.c
> index 472e6be..073d30b 100644
> --- a/fs/devpts/inode.c
> +++ b/fs/devpts/inode.c
> @@ -243,6 +243,13 @@ static int mknod_ptmx(struct super_block *sb)
> struct dentry *root = sb->s_root;
> struct pts_fs_info *fsi = DEVPTS_SB(sb);
> struct pts_mount_opts *opts = &fsi->mount_opts;
> + kuid_t root_uid;
> + kgid_t root_gid;
> +
> + root_uid = make_kuid(current_user_ns(), 0);
> + root_gid = make_kgid(current_user_ns(), 0);
> + if (!uid_valid(root_uid) || !gid_valid(root_gid))
> + return -EINVAL;
>
> mutex_lock(&root->d_inode->i_mutex);
>
> @@ -273,6 +280,8 @@ static int mknod_ptmx(struct super_block *sb)
>
> mode = S_IFCHR|opts->ptmxmode;
> init_special_inode(inode, mode, MKDEV(TTYAUX_MAJOR, 2));
> + inode->i_uid = root_uid;
> + inode->i_gid = root_gid;
>
> d_add(dentry, inode);
>
> @@ -438,6 +447,12 @@ static struct dentry *devpts_mount(struct file_system_type *fs_type,
> if (error)
> return ERR_PTR(error);
>
> + /* Require newinstance for all user namespace mounts to ensure
> + * the mount options are not changed.
> + */
> + if ((current_user_ns() != &init_user_ns) && !opts.newinstance)
> + return ERR_PTR(-EINVAL);
> +
> if (opts.newinstance)
> s = sget(fs_type, NULL, set_anon_super, flags, NULL);
> else
> @@ -491,6 +506,9 @@ static struct file_system_type devpts_fs_type = {
> .name = "devpts",
> .mount = devpts_mount,
> .kill_sb = devpts_kill_sb,
> +#ifdef CONFIG_DEVPTS_MULTIPLE_INSTANCES
> + .fs_flags = FS_USERNS_MOUNT | FS_USERNS_DEV_MOUNT,
> +#endif
> };
>
> /*
> --
> 1.7.5.4
next prev parent reply other threads:[~2013-01-26 21:22 UTC|newest]
Thread overview: 62+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-01-26 2:15 [PATCH review 0/6] miscelaneous user namespace patches Eric W. Biederman
2013-01-26 2:15 ` Eric W. Biederman
[not found] ` <87ehh8it9s.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2013-01-26 2:19 ` [PATCH review 1/6] userns: Avoid recursion in put_user_ns Eric W. Biederman
2013-01-26 2:19 ` Eric W. Biederman
[not found] ` <877gn0it3t.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2013-01-26 20:58 ` Serge E. Hallyn
2013-01-28 14:51 ` Vasily Kulikov
2013-01-28 14:51 ` Vasily Kulikov
2013-01-28 16:34 ` Eric W. Biederman
2013-01-28 16:34 ` Eric W. Biederman
2013-01-26 20:58 ` Serge E. Hallyn
2013-01-26 2:21 ` [PATCH review 2/6] userns: Allow any uid or gid mappings that don't overlap Eric W. Biederman
2013-01-26 2:21 ` Eric W. Biederman
2013-01-28 14:28 ` Aristeu Rozanski
2013-01-28 14:41 ` Lord Glauber Costa of Sealand
[not found] ` <51068E23.5040000-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2013-01-28 15:12 ` Aristeu Rozanski
2013-01-28 15:12 ` Aristeu Rozanski
[not found] ` <20130128142816.GU17632-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-01-28 14:41 ` Lord Glauber Costa of Sealand
[not found] ` <87zjzwhegj.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2013-01-26 21:08 ` Serge E. Hallyn
2013-01-26 21:08 ` Serge E. Hallyn
2013-01-28 14:28 ` Aristeu Rozanski
2013-01-26 2:22 ` [PATCH review 3/6] userns: Recommend use of memory control groups Eric W. Biederman
2013-01-26 2:22 ` Eric W. Biederman
[not found] ` <87txq4hedl.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2013-01-26 21:13 ` Serge E. Hallyn
2013-01-26 21:13 ` Serge E. Hallyn
[not found] ` <20130126211312.GD11274-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2013-01-27 6:19 ` Eric W. Biederman
2013-01-27 6:19 ` Eric W. Biederman
2013-01-28 7:37 ` Lord Glauber Costa of Sealand
2013-01-28 7:37 ` Lord Glauber Costa of Sealand
[not found] ` <51062AB5.9060203-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2013-01-28 7:50 ` Lord Glauber Costa of Sealand
2013-01-28 7:50 ` Lord Glauber Costa of Sealand
2013-01-28 8:14 ` Eric W. Biederman
[not found] ` <87k3qxu3kp.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2013-01-28 8:22 ` Lord Glauber Costa of Sealand
2013-01-28 8:22 ` Lord Glauber Costa of Sealand
[not found] ` <51063558.1010402-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2013-01-28 16:19 ` Eric W. Biederman
2013-01-28 16:19 ` Eric W. Biederman
[not found] ` <87k3qxs2ko.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2013-01-28 16:37 ` Lord Glauber Costa of Sealand
2013-01-28 16:37 ` Lord Glauber Costa of Sealand
2013-01-28 17:18 ` Eric W. Biederman
[not found] ` <5106A941.6060403-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2013-01-28 17:18 ` Eric W. Biederman
[not found] ` <51062DA8.1060804-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2013-01-28 8:14 ` Eric W. Biederman
2013-01-28 8:05 ` Eric W. Biederman
2013-01-28 8:05 ` Eric W. Biederman
2013-01-26 2:23 ` [PATCH review 4/6] userns: Allow the userns root to mount of devpts Eric W. Biederman
2013-01-26 2:23 ` Eric W. Biederman
[not found] ` <87obgchecv.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2013-01-26 21:22 ` Serge E. Hallyn [this message]
2013-01-26 21:22 ` Serge E. Hallyn
2013-01-26 2:26 ` [PATCH review 5/6] userns: Allow the userns root to mount ramfs Eric W. Biederman
2013-01-26 2:26 ` Eric W. Biederman
2013-01-27 18:23 ` Serge E. Hallyn
[not found] ` <87ip6khe7w.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2013-01-26 21:29 ` Serge E. Hallyn
2013-01-26 21:29 ` Serge E. Hallyn
[not found] ` <20130126212918.GG11274-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2013-01-27 6:09 ` Eric W. Biederman
2013-01-27 6:09 ` Eric W. Biederman
[not found] ` <87bocb5f8a.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2013-01-27 18:23 ` Serge E. Hallyn
2013-01-27 18:23 ` Serge E. Hallyn
2013-01-27 18:23 ` Serge E. Hallyn
2013-01-26 2:26 ` [PATCH review 6/6] userns: Allow the userns root to mount tmpfs Eric W. Biederman
2013-01-26 2:26 ` Eric W. Biederman
[not found] ` <87d2wshe6v.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2013-01-27 18:23 ` Serge E. Hallyn
2013-01-27 18:23 ` Serge E. Hallyn
2013-01-28 1:28 ` Gao feng
2013-01-28 1:28 ` Gao feng
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130126212202.GF11274@mail.hallyn.com \
--to=serge-a9i7lubdfnhqt0dzr+alfa@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.