* [PATCH tty-next 0/6] Minor devpts cleanups, fixes and enhancments
@ 2016-09-14 18:52 ` Eric W. Biederman
0 siblings, 0 replies; 18+ messages in thread
From: Eric W. Biederman @ 2016-09-14 18:52 UTC (permalink / raw)
To: Greg Kroah-Hartman, Jiri Slaby
Cc: linux-fsdevel-u79uwXL29TY76Z2rM5mHXA, Linux Containers,
linux-kernel-u79uwXL29TY76Z2rM5mHXA, H. Peter Anvin
Greg please apply the following patches to tty-next. If tty-next is not
the proper tree please let me know and I will take these patches through
my user namespace tree.
The follow patches perform a few small cleanups and one enhancement to
devpts, with a net decrease in code size.
The big achievement from a code maintenance point of view is being able
to use mount_nodev in devpts_mount.
The only really significant bug fix is handling the very unlikely case
when kzalloc fails in new_pts_fs_info called from devpts_fill_super and
s_fs_info is NULL when devpts_kill_sb is called from deactivate_locked
super.
The final patch is an enhancment to use the fsuid and fsgid of the mounter
of devpts as the owner of /dev/pts/ptmx. This is a feature that has
been asked for by users of user namespaces a couple of times, so that
they are not required to have uid 0 mapped into a user namespace to use
devpts.
Eric
fs/devpts/inode.c | 71 ++++++++++++++++++++-----------------------------------
1 file changed, 26 insertions(+), 45 deletions(-)
Eric W. Biederman (6):
devpts: Move parse_mount_options into fill_super
devpts: Move the creation of /dev/pts/ptmx into fill_super
devpts: Simplify devpts_mount by using mount_nodev
devpts: Make devpts_kill_sb safe if fsi is NULL
devpts: Remove sync_filesystems
devpts: Change the owner of /dev/pts/ptmx to the mounter of /dev/pts
^ permalink raw reply [flat|nested] 18+ messages in thread* [PATCH tty-next 0/6] Minor devpts cleanups, fixes and enhancments @ 2016-09-14 18:52 ` Eric W. Biederman 0 siblings, 0 replies; 18+ messages in thread From: Eric W. Biederman @ 2016-09-14 18:52 UTC (permalink / raw) To: Greg Kroah-Hartman, Jiri Slaby Cc: H. Peter Anvin, linux-kernel, linux-fsdevel, Linux Containers Greg please apply the following patches to tty-next. If tty-next is not the proper tree please let me know and I will take these patches through my user namespace tree. The follow patches perform a few small cleanups and one enhancement to devpts, with a net decrease in code size. The big achievement from a code maintenance point of view is being able to use mount_nodev in devpts_mount. The only really significant bug fix is handling the very unlikely case when kzalloc fails in new_pts_fs_info called from devpts_fill_super and s_fs_info is NULL when devpts_kill_sb is called from deactivate_locked super. The final patch is an enhancment to use the fsuid and fsgid of the mounter of devpts as the owner of /dev/pts/ptmx. This is a feature that has been asked for by users of user namespaces a couple of times, so that they are not required to have uid 0 mapped into a user namespace to use devpts. Eric fs/devpts/inode.c | 71 ++++++++++++++++++++----------------------------------- 1 file changed, 26 insertions(+), 45 deletions(-) Eric W. Biederman (6): devpts: Move parse_mount_options into fill_super devpts: Move the creation of /dev/pts/ptmx into fill_super devpts: Simplify devpts_mount by using mount_nodev devpts: Make devpts_kill_sb safe if fsi is NULL devpts: Remove sync_filesystems devpts: Change the owner of /dev/pts/ptmx to the mounter of /dev/pts ^ permalink raw reply [flat|nested] 18+ messages in thread
[parent not found: <87sht25n73.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>]
* [PATCH tty-next 1/6] devpts: Move parse_mount_options into fill_super 2016-09-14 18:52 ` Eric W. Biederman @ 2016-09-14 18:53 ` Eric W. Biederman -1 siblings, 0 replies; 18+ messages in thread From: Eric W. Biederman @ 2016-09-14 18:53 UTC (permalink / raw) To: Greg Kroah-Hartman, Jiri Slaby Cc: linux-fsdevel-u79uwXL29TY76Z2rM5mHXA, Linux Containers, Eric W. Biederman, linux-kernel-u79uwXL29TY76Z2rM5mHXA, H. Peter Anvin Signed-off-by: "Eric W. Biederman" <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org> --- fs/devpts/inode.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/fs/devpts/inode.c b/fs/devpts/inode.c index 79a5941c2474..c59d39f2d512 100644 --- a/fs/devpts/inode.c +++ b/fs/devpts/inode.c @@ -395,6 +395,7 @@ static int devpts_fill_super(struct super_block *s, void *data, int silent) { struct inode *inode; + int error; s->s_iflags &= ~SB_I_NODEV; s->s_blocksize = 1024; @@ -403,10 +404,16 @@ devpts_fill_super(struct super_block *s, void *data, int silent) s->s_op = &devpts_sops; s->s_time_gran = 1; + error = -ENOMEM; s->s_fs_info = new_pts_fs_info(s); if (!s->s_fs_info) goto fail; + error = parse_mount_options(data, PARSE_MOUNT, &DEVPTS_SB(s)->mount_opts); + if (error) + goto fail; + + error = -ENOMEM; inode = new_inode(s); if (!inode) goto fail; @@ -424,7 +431,7 @@ devpts_fill_super(struct super_block *s, void *data, int silent) pr_err("get root dentry failed\n"); fail: - return -ENOMEM; + return error; } /* @@ -437,13 +444,8 @@ static struct dentry *devpts_mount(struct file_system_type *fs_type, int flags, const char *dev_name, void *data) { int error; - struct pts_mount_opts opts; struct super_block *s; - error = parse_mount_options(data, PARSE_MOUNT, &opts); - if (error) - return ERR_PTR(error); - s = sget(fs_type, NULL, set_anon_super, flags, NULL); if (IS_ERR(s)) return ERR_CAST(s); @@ -455,8 +457,6 @@ static struct dentry *devpts_mount(struct file_system_type *fs_type, s->s_flags |= MS_ACTIVE; } - memcpy(&(DEVPTS_SB(s))->mount_opts, &opts, sizeof(opts)); - error = mknod_ptmx(s); if (error) goto out_undo_sget; -- 2.8.3 ^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PATCH tty-next 1/6] devpts: Move parse_mount_options into fill_super @ 2016-09-14 18:53 ` Eric W. Biederman 0 siblings, 0 replies; 18+ messages in thread From: Eric W. Biederman @ 2016-09-14 18:53 UTC (permalink / raw) To: Greg Kroah-Hartman, Jiri Slaby Cc: H. Peter Anvin, linux-kernel, linux-fsdevel, Linux Containers, Eric W. Biederman Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> --- fs/devpts/inode.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/fs/devpts/inode.c b/fs/devpts/inode.c index 79a5941c2474..c59d39f2d512 100644 --- a/fs/devpts/inode.c +++ b/fs/devpts/inode.c @@ -395,6 +395,7 @@ static int devpts_fill_super(struct super_block *s, void *data, int silent) { struct inode *inode; + int error; s->s_iflags &= ~SB_I_NODEV; s->s_blocksize = 1024; @@ -403,10 +404,16 @@ devpts_fill_super(struct super_block *s, void *data, int silent) s->s_op = &devpts_sops; s->s_time_gran = 1; + error = -ENOMEM; s->s_fs_info = new_pts_fs_info(s); if (!s->s_fs_info) goto fail; + error = parse_mount_options(data, PARSE_MOUNT, &DEVPTS_SB(s)->mount_opts); + if (error) + goto fail; + + error = -ENOMEM; inode = new_inode(s); if (!inode) goto fail; @@ -424,7 +431,7 @@ devpts_fill_super(struct super_block *s, void *data, int silent) pr_err("get root dentry failed\n"); fail: - return -ENOMEM; + return error; } /* @@ -437,13 +444,8 @@ static struct dentry *devpts_mount(struct file_system_type *fs_type, int flags, const char *dev_name, void *data) { int error; - struct pts_mount_opts opts; struct super_block *s; - error = parse_mount_options(data, PARSE_MOUNT, &opts); - if (error) - return ERR_PTR(error); - s = sget(fs_type, NULL, set_anon_super, flags, NULL); if (IS_ERR(s)) return ERR_CAST(s); @@ -455,8 +457,6 @@ static struct dentry *devpts_mount(struct file_system_type *fs_type, s->s_flags |= MS_ACTIVE; } - memcpy(&(DEVPTS_SB(s))->mount_opts, &opts, sizeof(opts)); - error = mknod_ptmx(s); if (error) goto out_undo_sget; -- 2.8.3 ^ permalink raw reply related [flat|nested] 18+ messages in thread
[parent not found: <20160914185338.15126-1-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>]
* [PATCH tty-next 2/6] devpts: Move the creation of /dev/pts/ptmx into fill_super 2016-09-14 18:53 ` Eric W. Biederman @ 2016-09-14 18:53 ` Eric W. Biederman -1 siblings, 0 replies; 18+ messages in thread From: Eric W. Biederman @ 2016-09-14 18:53 UTC (permalink / raw) To: Greg Kroah-Hartman, Jiri Slaby Cc: linux-fsdevel-u79uwXL29TY76Z2rM5mHXA, Linux Containers, Eric W. Biederman, linux-kernel-u79uwXL29TY76Z2rM5mHXA, H. Peter Anvin The code makes more sense here and things are just clearer. Signed-off-by: "Eric W. Biederman" <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org> --- fs/devpts/inode.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/fs/devpts/inode.c b/fs/devpts/inode.c index c59d39f2d512..43773543a783 100644 --- a/fs/devpts/inode.c +++ b/fs/devpts/inode.c @@ -425,11 +425,19 @@ devpts_fill_super(struct super_block *s, void *data, int silent) set_nlink(inode, 2); s->s_root = d_make_root(inode); - if (s->s_root) - return 0; + if (!s->s_root) { + pr_err("get root dentry failed\n"); + goto fail; + } - pr_err("get root dentry failed\n"); + error = mknod_ptmx(s); + if (error) + goto fail_dput; + return 0; +fail_dput: + dput(s->s_root); + s->s_root = NULL; fail: return error; } @@ -456,11 +464,6 @@ static struct dentry *devpts_mount(struct file_system_type *fs_type, goto out_undo_sget; s->s_flags |= MS_ACTIVE; } - - error = mknod_ptmx(s); - if (error) - goto out_undo_sget; - return dget(s->s_root); out_undo_sget: -- 2.8.3 ^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PATCH tty-next 2/6] devpts: Move the creation of /dev/pts/ptmx into fill_super @ 2016-09-14 18:53 ` Eric W. Biederman 0 siblings, 0 replies; 18+ messages in thread From: Eric W. Biederman @ 2016-09-14 18:53 UTC (permalink / raw) To: Greg Kroah-Hartman, Jiri Slaby Cc: H. Peter Anvin, linux-kernel, linux-fsdevel, Linux Containers, Eric W. Biederman The code makes more sense here and things are just clearer. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> --- fs/devpts/inode.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/fs/devpts/inode.c b/fs/devpts/inode.c index c59d39f2d512..43773543a783 100644 --- a/fs/devpts/inode.c +++ b/fs/devpts/inode.c @@ -425,11 +425,19 @@ devpts_fill_super(struct super_block *s, void *data, int silent) set_nlink(inode, 2); s->s_root = d_make_root(inode); - if (s->s_root) - return 0; + if (!s->s_root) { + pr_err("get root dentry failed\n"); + goto fail; + } - pr_err("get root dentry failed\n"); + error = mknod_ptmx(s); + if (error) + goto fail_dput; + return 0; +fail_dput: + dput(s->s_root); + s->s_root = NULL; fail: return error; } @@ -456,11 +464,6 @@ static struct dentry *devpts_mount(struct file_system_type *fs_type, goto out_undo_sget; s->s_flags |= MS_ACTIVE; } - - error = mknod_ptmx(s); - if (error) - goto out_undo_sget; - return dget(s->s_root); out_undo_sget: -- 2.8.3 ^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PATCH tty-next 3/6] devpts: Simplify devpts_mount by using mount_nodev 2016-09-14 18:53 ` Eric W. Biederman @ 2016-09-14 18:53 ` Eric W. Biederman -1 siblings, 0 replies; 18+ messages in thread From: Eric W. Biederman @ 2016-09-14 18:53 UTC (permalink / raw) To: Greg Kroah-Hartman, Jiri Slaby Cc: linux-fsdevel-u79uwXL29TY76Z2rM5mHXA, Linux Containers, Eric W. Biederman, linux-kernel-u79uwXL29TY76Z2rM5mHXA, H. Peter Anvin Now that all of the work of setting up a superblock has been moved to devpts_fill_super simplify devpts_mount by calling mount_nodev instead of rolling mount_nodev by hand. Signed-off-by: "Eric W. Biederman" <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org> --- fs/devpts/inode.c | 19 +------------------ 1 file changed, 1 insertion(+), 18 deletions(-) diff --git a/fs/devpts/inode.c b/fs/devpts/inode.c index 43773543a783..a48b40b0bd1e 100644 --- a/fs/devpts/inode.c +++ b/fs/devpts/inode.c @@ -451,24 +451,7 @@ fail: static struct dentry *devpts_mount(struct file_system_type *fs_type, int flags, const char *dev_name, void *data) { - int error; - struct super_block *s; - - s = sget(fs_type, NULL, set_anon_super, flags, NULL); - if (IS_ERR(s)) - return ERR_CAST(s); - - if (!s->s_root) { - error = devpts_fill_super(s, data, flags & MS_SILENT ? 1 : 0); - if (error) - goto out_undo_sget; - s->s_flags |= MS_ACTIVE; - } - return dget(s->s_root); - -out_undo_sget: - deactivate_locked_super(s); - return ERR_PTR(error); + return mount_nodev(fs_type, flags, data, devpts_fill_super); } static void devpts_kill_sb(struct super_block *sb) -- 2.8.3 ^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PATCH tty-next 3/6] devpts: Simplify devpts_mount by using mount_nodev @ 2016-09-14 18:53 ` Eric W. Biederman 0 siblings, 0 replies; 18+ messages in thread From: Eric W. Biederman @ 2016-09-14 18:53 UTC (permalink / raw) To: Greg Kroah-Hartman, Jiri Slaby Cc: H. Peter Anvin, linux-kernel, linux-fsdevel, Linux Containers, Eric W. Biederman Now that all of the work of setting up a superblock has been moved to devpts_fill_super simplify devpts_mount by calling mount_nodev instead of rolling mount_nodev by hand. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> --- fs/devpts/inode.c | 19 +------------------ 1 file changed, 1 insertion(+), 18 deletions(-) diff --git a/fs/devpts/inode.c b/fs/devpts/inode.c index 43773543a783..a48b40b0bd1e 100644 --- a/fs/devpts/inode.c +++ b/fs/devpts/inode.c @@ -451,24 +451,7 @@ fail: static struct dentry *devpts_mount(struct file_system_type *fs_type, int flags, const char *dev_name, void *data) { - int error; - struct super_block *s; - - s = sget(fs_type, NULL, set_anon_super, flags, NULL); - if (IS_ERR(s)) - return ERR_CAST(s); - - if (!s->s_root) { - error = devpts_fill_super(s, data, flags & MS_SILENT ? 1 : 0); - if (error) - goto out_undo_sget; - s->s_flags |= MS_ACTIVE; - } - return dget(s->s_root); - -out_undo_sget: - deactivate_locked_super(s); - return ERR_PTR(error); + return mount_nodev(fs_type, flags, data, devpts_fill_super); } static void devpts_kill_sb(struct super_block *sb) -- 2.8.3 ^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PATCH tty-next 4/6] devpts: Make devpts_kill_sb safe if fsi is NULL 2016-09-14 18:53 ` Eric W. Biederman @ 2016-09-14 18:53 ` Eric W. Biederman -1 siblings, 0 replies; 18+ messages in thread From: Eric W. Biederman @ 2016-09-14 18:53 UTC (permalink / raw) To: Greg Kroah-Hartman, Jiri Slaby Cc: linux-fsdevel-u79uwXL29TY76Z2rM5mHXA, Linux Containers, Eric W. Biederman, linux-kernel-u79uwXL29TY76Z2rM5mHXA, H. Peter Anvin Signed-off-by: "Eric W. Biederman" <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org> --- fs/devpts/inode.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fs/devpts/inode.c b/fs/devpts/inode.c index a48b40b0bd1e..e058ec677207 100644 --- a/fs/devpts/inode.c +++ b/fs/devpts/inode.c @@ -458,7 +458,8 @@ static void devpts_kill_sb(struct super_block *sb) { struct pts_fs_info *fsi = DEVPTS_SB(sb); - ida_destroy(&fsi->allocated_ptys); + if (fsi) + ida_destroy(&fsi->allocated_ptys); kfree(fsi); kill_litter_super(sb); } -- 2.8.3 ^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PATCH tty-next 4/6] devpts: Make devpts_kill_sb safe if fsi is NULL @ 2016-09-14 18:53 ` Eric W. Biederman 0 siblings, 0 replies; 18+ messages in thread From: Eric W. Biederman @ 2016-09-14 18:53 UTC (permalink / raw) To: Greg Kroah-Hartman, Jiri Slaby Cc: H. Peter Anvin, linux-kernel, linux-fsdevel, Linux Containers, Eric W. Biederman Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> --- fs/devpts/inode.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fs/devpts/inode.c b/fs/devpts/inode.c index a48b40b0bd1e..e058ec677207 100644 --- a/fs/devpts/inode.c +++ b/fs/devpts/inode.c @@ -458,7 +458,8 @@ static void devpts_kill_sb(struct super_block *sb) { struct pts_fs_info *fsi = DEVPTS_SB(sb); - ida_destroy(&fsi->allocated_ptys); + if (fsi) + ida_destroy(&fsi->allocated_ptys); kfree(fsi); kill_litter_super(sb); } -- 2.8.3 ^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PATCH tty-next 5/6] devpts: Remove sync_filesystems 2016-09-14 18:53 ` Eric W. Biederman @ 2016-09-14 18:53 ` Eric W. Biederman -1 siblings, 0 replies; 18+ messages in thread From: Eric W. Biederman @ 2016-09-14 18:53 UTC (permalink / raw) To: Greg Kroah-Hartman, Jiri Slaby Cc: linux-fsdevel-u79uwXL29TY76Z2rM5mHXA, Linux Containers, Eric W. Biederman, linux-kernel-u79uwXL29TY76Z2rM5mHXA, H. Peter Anvin devpts does not and never will have anything to sync so don't bother calling sync_filesystems on remount. Signed-off-by: "Eric W. Biederman" <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org> --- fs/devpts/inode.c | 1 - 1 file changed, 1 deletion(-) diff --git a/fs/devpts/inode.c b/fs/devpts/inode.c index e058ec677207..17593d3fcdbe 100644 --- a/fs/devpts/inode.c +++ b/fs/devpts/inode.c @@ -336,7 +336,6 @@ static int devpts_remount(struct super_block *sb, int *flags, char *data) struct pts_fs_info *fsi = DEVPTS_SB(sb); struct pts_mount_opts *opts = &fsi->mount_opts; - sync_filesystem(sb); err = parse_mount_options(data, PARSE_REMOUNT, opts); /* -- 2.8.3 ^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PATCH tty-next 5/6] devpts: Remove sync_filesystems @ 2016-09-14 18:53 ` Eric W. Biederman 0 siblings, 0 replies; 18+ messages in thread From: Eric W. Biederman @ 2016-09-14 18:53 UTC (permalink / raw) To: Greg Kroah-Hartman, Jiri Slaby Cc: H. Peter Anvin, linux-kernel, linux-fsdevel, Linux Containers, Eric W. Biederman devpts does not and never will have anything to sync so don't bother calling sync_filesystems on remount. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> --- fs/devpts/inode.c | 1 - 1 file changed, 1 deletion(-) diff --git a/fs/devpts/inode.c b/fs/devpts/inode.c index e058ec677207..17593d3fcdbe 100644 --- a/fs/devpts/inode.c +++ b/fs/devpts/inode.c @@ -336,7 +336,6 @@ static int devpts_remount(struct super_block *sb, int *flags, char *data) struct pts_fs_info *fsi = DEVPTS_SB(sb); struct pts_mount_opts *opts = &fsi->mount_opts; - sync_filesystem(sb); err = parse_mount_options(data, PARSE_REMOUNT, opts); /* -- 2.8.3 ^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PATCH tty-next 6/6] devpts: Change the owner of /dev/pts/ptmx to the mounter of /dev/pts [not found] ` <20160914185338.15126-1-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org> ` (3 preceding siblings ...) 2016-09-14 18:53 ` Eric W. Biederman @ 2016-09-14 18:53 ` Eric W. Biederman 4 siblings, 0 replies; 18+ messages in thread From: Eric W. Biederman @ 2016-09-14 18:53 UTC (permalink / raw) To: Greg Kroah-Hartman, Jiri Slaby Cc: linux-fsdevel-u79uwXL29TY76Z2rM5mHXA, Linux Containers, Eric W. Biederman, linux-kernel-u79uwXL29TY76Z2rM5mHXA, H. Peter Anvin In 99.99% of the cases only root in a user namespace can mount /dev/pts and in those cases the owner of /dev/pts/ptmx will remain root.root In the oddball case where someone else has CAP_SYS_ADMIN this code modifies the /dev/pts mount code to use current_fsuid and current_fsgid as the values to use when creating the /dev/ptmx inode. As is done when any other file is created. This is a code simplification, and it allows running without a root user entirely. Signed-off-by: "Eric W. Biederman" <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org> --- fs/devpts/inode.c | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/fs/devpts/inode.c b/fs/devpts/inode.c index 17593d3fcdbe..442d1a7e671b 100644 --- a/fs/devpts/inode.c +++ b/fs/devpts/inode.c @@ -272,13 +272,8 @@ static int mknod_ptmx(struct super_block *sb) struct dentry *root = sb->s_root; struct pts_fs_info *fsi = DEVPTS_SB(sb); struct pts_mount_opts *opts = &fsi->mount_opts; - kuid_t root_uid; - kgid_t root_gid; - - root_uid = make_kuid(current_user_ns(), 0); - root_gid = make_kgid(current_user_ns(), 0); - if (!uid_valid(root_uid) || !gid_valid(root_gid)) - return -EINVAL; + kuid_t ptmx_uid = current_fsuid(); + kgid_t ptmx_gid = current_fsgid(); inode_lock(d_inode(root)); @@ -309,8 +304,8 @@ static int mknod_ptmx(struct super_block *sb) mode = S_IFCHR|opts->ptmxmode; init_special_inode(inode, mode, MKDEV(TTYAUX_MAJOR, 2)); - inode->i_uid = root_uid; - inode->i_gid = root_gid; + inode->i_uid = ptmx_uid; + inode->i_gid = ptmx_gid; d_add(dentry, inode); -- 2.8.3 ^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PATCH tty-next 6/6] devpts: Change the owner of /dev/pts/ptmx to the mounter of /dev/pts 2016-09-14 18:53 ` Eric W. Biederman (?) (?) @ 2016-09-14 18:53 ` Eric W. Biederman -1 siblings, 0 replies; 18+ messages in thread From: Eric W. Biederman @ 2016-09-14 18:53 UTC (permalink / raw) To: Greg Kroah-Hartman, Jiri Slaby Cc: H. Peter Anvin, linux-kernel, linux-fsdevel, Linux Containers, Eric W. Biederman In 99.99% of the cases only root in a user namespace can mount /dev/pts and in those cases the owner of /dev/pts/ptmx will remain root.root In the oddball case where someone else has CAP_SYS_ADMIN this code modifies the /dev/pts mount code to use current_fsuid and current_fsgid as the values to use when creating the /dev/ptmx inode. As is done when any other file is created. This is a code simplification, and it allows running without a root user entirely. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> --- fs/devpts/inode.c | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/fs/devpts/inode.c b/fs/devpts/inode.c index 17593d3fcdbe..442d1a7e671b 100644 --- a/fs/devpts/inode.c +++ b/fs/devpts/inode.c @@ -272,13 +272,8 @@ static int mknod_ptmx(struct super_block *sb) struct dentry *root = sb->s_root; struct pts_fs_info *fsi = DEVPTS_SB(sb); struct pts_mount_opts *opts = &fsi->mount_opts; - kuid_t root_uid; - kgid_t root_gid; - - root_uid = make_kuid(current_user_ns(), 0); - root_gid = make_kgid(current_user_ns(), 0); - if (!uid_valid(root_uid) || !gid_valid(root_gid)) - return -EINVAL; + kuid_t ptmx_uid = current_fsuid(); + kgid_t ptmx_gid = current_fsgid(); inode_lock(d_inode(root)); @@ -309,8 +304,8 @@ static int mknod_ptmx(struct super_block *sb) mode = S_IFCHR|opts->ptmxmode; init_special_inode(inode, mode, MKDEV(TTYAUX_MAJOR, 2)); - inode->i_uid = root_uid; - inode->i_gid = root_gid; + inode->i_uid = ptmx_uid; + inode->i_gid = ptmx_gid; d_add(dentry, inode); -- 2.8.3 ^ permalink raw reply related [flat|nested] 18+ messages in thread
* Re: [PATCH tty-next 0/6] Minor devpts cleanups, fixes and enhancments 2016-09-14 18:52 ` Eric W. Biederman @ 2016-09-22 18:33 ` Eric W. Biederman -1 siblings, 0 replies; 18+ messages in thread From: Eric W. Biederman @ 2016-09-22 18:33 UTC (permalink / raw) To: Greg Kroah-Hartman Cc: linux-fsdevel-u79uwXL29TY76Z2rM5mHXA, Linux Containers, H. Peter Anvin, linux-kernel-u79uwXL29TY76Z2rM5mHXA, Jiri Slaby ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org (Eric W. Biederman) writes: > Greg please apply the following patches to tty-next. If tty-next is not > the proper tree please let me know and I will take these patches through > my user namespace tree. I have not heard anything so I am taking these patches through my tree. Eric ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PATCH tty-next 0/6] Minor devpts cleanups, fixes and enhancments @ 2016-09-22 18:33 ` Eric W. Biederman 0 siblings, 0 replies; 18+ messages in thread From: Eric W. Biederman @ 2016-09-22 18:33 UTC (permalink / raw) To: Greg Kroah-Hartman Cc: Jiri Slaby, H. Peter Anvin, linux-kernel, linux-fsdevel, Linux Containers ebiederm@xmission.com (Eric W. Biederman) writes: > Greg please apply the following patches to tty-next. If tty-next is not > the proper tree please let me know and I will take these patches through > my user namespace tree. I have not heard anything so I am taking these patches through my tree. Eric ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PATCH tty-next 0/6] Minor devpts cleanups, fixes and enhancments 2016-09-22 18:33 ` Eric W. Biederman (?) @ 2016-09-23 9:30 ` Greg Kroah-Hartman -1 siblings, 0 replies; 18+ messages in thread From: Greg Kroah-Hartman @ 2016-09-23 9:30 UTC (permalink / raw) To: Eric W. Biederman Cc: Jiri Slaby, H. Peter Anvin, linux-kernel, linux-fsdevel, Linux Containers On Thu, Sep 22, 2016 at 01:33:59PM -0500, Eric W. Biederman wrote: > > ebiederm@xmission.com (Eric W. Biederman) writes: > > > Greg please apply the following patches to tty-next. If tty-next is not > > the proper tree please let me know and I will take these patches through > > my user namespace tree. > > I have not heard anything so I am taking these patches through my tree. Ugh, sorry about that, they missed my filters. I'll be glad to queue them up today, my fault. greg k-h ^ permalink raw reply [flat|nested] 18+ messages in thread
[parent not found: <8737krdbs8.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>]
* Re: [PATCH tty-next 0/6] Minor devpts cleanups, fixes and enhancments [not found] ` <8737krdbs8.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org> @ 2016-09-23 9:30 ` Greg Kroah-Hartman 0 siblings, 0 replies; 18+ messages in thread From: Greg Kroah-Hartman @ 2016-09-23 9:30 UTC (permalink / raw) To: Eric W. Biederman Cc: linux-fsdevel-u79uwXL29TY76Z2rM5mHXA, Linux Containers, H. Peter Anvin, linux-kernel-u79uwXL29TY76Z2rM5mHXA, Jiri Slaby On Thu, Sep 22, 2016 at 01:33:59PM -0500, Eric W. Biederman wrote: > > ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org (Eric W. Biederman) writes: > > > Greg please apply the following patches to tty-next. If tty-next is not > > the proper tree please let me know and I will take these patches through > > my user namespace tree. > > I have not heard anything so I am taking these patches through my tree. Ugh, sorry about that, they missed my filters. I'll be glad to queue them up today, my fault. greg k-h ^ permalink raw reply [flat|nested] 18+ messages in thread
end of thread, other threads:[~2016-09-23 9:30 UTC | newest]
Thread overview: 18+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-09-14 18:52 [PATCH tty-next 0/6] Minor devpts cleanups, fixes and enhancments Eric W. Biederman
2016-09-14 18:52 ` Eric W. Biederman
[not found] ` <87sht25n73.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2016-09-14 18:53 ` [PATCH tty-next 1/6] devpts: Move parse_mount_options into fill_super Eric W. Biederman
2016-09-14 18:53 ` Eric W. Biederman
[not found] ` <20160914185338.15126-1-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2016-09-14 18:53 ` [PATCH tty-next 2/6] devpts: Move the creation of /dev/pts/ptmx " Eric W. Biederman
2016-09-14 18:53 ` Eric W. Biederman
2016-09-14 18:53 ` [PATCH tty-next 3/6] devpts: Simplify devpts_mount by using mount_nodev Eric W. Biederman
2016-09-14 18:53 ` Eric W. Biederman
2016-09-14 18:53 ` [PATCH tty-next 4/6] devpts: Make devpts_kill_sb safe if fsi is NULL Eric W. Biederman
2016-09-14 18:53 ` Eric W. Biederman
2016-09-14 18:53 ` [PATCH tty-next 5/6] devpts: Remove sync_filesystems Eric W. Biederman
2016-09-14 18:53 ` Eric W. Biederman
2016-09-14 18:53 ` [PATCH tty-next 6/6] devpts: Change the owner of /dev/pts/ptmx to the mounter of /dev/pts Eric W. Biederman
2016-09-14 18:53 ` Eric W. Biederman
2016-09-22 18:33 ` [PATCH tty-next 0/6] Minor devpts cleanups, fixes and enhancments Eric W. Biederman
2016-09-22 18:33 ` Eric W. Biederman
2016-09-23 9:30 ` Greg Kroah-Hartman
[not found] ` <8737krdbs8.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2016-09-23 9:30 ` Greg Kroah-Hartman
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.