From: Dwight Engen <dwight.engen@oracle.com>
To: Dave Chinner <david@fromorbit.com>, Gao feng <gaofeng@cn.fujitsu.com>
Cc: Ben Myers <bpm@sgi.com>, xfs@oss.sgi.com
Subject: Re: [PATCH v7 7/7] enable building user namespace with xfs
Date: Wed, 31 Jul 2013 14:19:31 -0400 [thread overview]
Message-ID: <20130731141931.2e1c77d4@oracle.com> (raw)
In-Reply-To: <20130731002119.GR13468@dastard>
On Wed, 31 Jul 2013 10:21:19 +1000
Dave Chinner <david@fromorbit.com> wrote:
[...]
> The only thing I think we still need to address is whether
> xfs_ioc_setattr() should allow users within a namespace to change
> the project ID of a file they otherwise own. That function is
> currently changed to use a inode_owner_or_capable() check and so if
> the uids match inside the namespace the modification is allowed.
Right, so before this change the caller has to own the file or be
CAP_FOWNER in init_user_ns. Changing to using inode_owner_or_capable()
means the caller has to own the file (and the inode's uid must be valid
in current_user_ns) or be CAP_FOWNER in current_user_ns. I don't
see how this lets the user the user do something inside the userns that
they can't do outside.
Basically I think we want to treat projids as a non namespace aware
identifier, but it sounds like maybe we don't want them manipulated
from userns context at all.
> However, right now for project IDs I think we have decided to limit
> manipulations to the init user namespace and not expose project IDs
> inside user namespaces at all. Hence I think that xfs_ioc_setattr()
> needs a further check for this...
If we don't want to allow setting the projid from a userns, the check
I would propose inside the if (mask & FSX_EXTSIZE) block is:
if (current_user_ns() != &init_user_ns)
Is the appropriate error return for this EINVAL? (thats what a similar
check in kernel/taskstats.c returns)
> Cheers,
>
> Dave.
_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs
next prev parent reply other threads:[~2013-07-31 18:19 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-07-30 3:07 [PATCH v7 7/7] enable building user namespace with xfs Dwight Engen
2013-07-30 23:40 ` Ben Myers
2013-07-31 0:21 ` Dave Chinner
2013-07-31 13:25 ` Ben Myers
2013-07-31 17:09 ` Dwight Engen
2013-07-31 23:28 ` Dave Chinner
2013-08-01 15:06 ` Ben Myers
2013-08-01 16:17 ` Dwight Engen
2013-08-06 15:11 ` Serge E. Hallyn
2013-08-07 14:59 ` Serge E. Hallyn
2013-08-07 15:01 ` Serge E. Hallyn
2013-08-11 23:57 ` ***** SUSPECTED SPAM ***** " Dave Chinner
2013-07-31 18:19 ` Dwight Engen [this message]
2013-07-31 23:43 ` Dave Chinner
2013-08-01 0:54 ` Gao feng
2013-07-31 7:20 ` Gao feng
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130731141931.2e1c77d4@oracle.com \
--to=dwight.engen@oracle.com \
--cc=bpm@sgi.com \
--cc=david@fromorbit.com \
--cc=gaofeng@cn.fujitsu.com \
--cc=xfs@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.