From: Dmitry Monakhov <dmonakhov-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
To: "Eric W. Biederman" <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
Cc: linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org,
jack-AlSwsSmVLrQ@public.gmane.org,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: Re: ***SPAM*** Re: [PATCH] userns: Convert quota to user kuid/kgid where appropriate
Date: Wed, 01 Aug 2012 19:36:46 +0400 [thread overview]
Message-ID: <87d33azks1.fsf@dmbot.sw.ru> (raw)
In-Reply-To: <87d33abw7u.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
On Wed, 01 Aug 2012 06:03:33 -0700, ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org (Eric W. Biederman) wrote:
> Dmitry Monakhov <dmonakhov-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org> writes:
>
> > Map uid/gid to global kuid/kgid before pass it down to quota
> > infrastructure.
>
> Have you looked at my development branch of my userns tree?
>
> I already have a patch queued to do something like this.
Oh. Yes you right. I've missed it.
BTW when do you plan to submit new set?
>
> Eric
>
> > Signed-off-by: Dmitry Monakhov <dmonakhov-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
> > ---
> > fs/quota/quota.c | 45 ++++++++++++++++++++++++++++++++++++---------
> > 1 files changed, 36 insertions(+), 9 deletions(-)
> >
> > diff --git a/fs/quota/quota.c b/fs/quota/quota.c
> > index 6f15578..a59efd4 100644
> > --- a/fs/quota/quota.c
> > +++ b/fs/quota/quota.c
> > @@ -19,8 +19,13 @@
> > #include <linux/writeback.h>
> >
> > static int check_quotactl_permission(struct super_block *sb, int type, int cmd,
> > - qid_t id)
> > + qid_t id, qid_t* global_id)
> > {
> > + kuid_t kuid;
> > + kgid_t kgid;
> > + struct user_namespace *ns = current_user_ns();
> > + int is_get_query = 0;
> > +
> > switch (cmd) {
> > /* these commands do not require any special privilegues */
> > case Q_GETFMT:
> > @@ -29,11 +34,32 @@ static int check_quotactl_permission(struct super_block *sb, int type, int cmd,
> > case Q_XGETQSTAT:
> > case Q_XQUOTASYNC:
> > break;
> > - /* allow to query information for dquots we "own" */
> > case Q_GETQUOTA:
> > case Q_XGETQUOTA:
> > - if ((type == USRQUOTA && current_euid() == id) ||
> > - (type == GRPQUOTA && in_egroup_p(id)))
> > + is_get_query = 1;
> > + case Q_SETQUOTA:
> > + case Q_XSETQLIM:
> > + /* Map to global user namespace */
> > + switch (type) {
> > + case USRQUOTA:
> > + kuid = make_kuid(ns, id);
> > + if (!uid_valid(kuid))
> > + return -EINVAL;
> > + *global_id = from_kuid_munged(&init_user_ns, kuid);
> > + break;
> > + case GRPQUOTA:
> > + kgid = make_kgid(ns, id);
> > + if (!gid_valid(kgid))
> > + return -EINVAL;
> > + *global_id = from_kgid_munged(&init_user_ns, kgid);
> > + break;
> > + default:
> > + return -EINVAL;
> > + }
> > + /* allow to query information for dquots we "own" */
> > + if (is_get_query &&
> > + ((type == USRQUOTA && uid_eq(current_euid(), kuid)) ||
> > + (type == GRPQUOTA && in_egroup_p(kgid))))
> > break;
> > /*FALLTHROUGH*/
> > default:
> > @@ -240,13 +266,14 @@ static int do_quotactl(struct super_block *sb, int type, int cmd, qid_t id,
> > void __user *addr, struct path *path)
> > {
> > int ret;
> > + qid_t qid = -1;
> >
> > if (type >= (XQM_COMMAND(cmd) ? XQM_MAXQUOTAS : MAXQUOTAS))
> > return -EINVAL;
> > if (!sb->s_qcop)
> > return -ENOSYS;
> >
> > - ret = check_quotactl_permission(sb, type, cmd, id);
> > + ret = check_quotactl_permission(sb, type, cmd, id, &qid);
> > if (ret < 0)
> > return ret;
> >
> > @@ -264,9 +291,9 @@ static int do_quotactl(struct super_block *sb, int type, int cmd, qid_t id,
> > case Q_SETINFO:
> > return quota_setinfo(sb, type, addr);
> > case Q_GETQUOTA:
> > - return quota_getquota(sb, type, id, addr);
> > + return quota_getquota(sb, type, qid, addr);
> > case Q_SETQUOTA:
> > - return quota_setquota(sb, type, id, addr);
> > + return quota_setquota(sb, type, qid, addr);
> > case Q_SYNC:
> > if (!sb->s_qcop->quota_sync)
> > return -ENOSYS;
> > @@ -278,9 +305,9 @@ static int do_quotactl(struct super_block *sb, int type, int cmd, qid_t id,
> > case Q_XGETQSTAT:
> > return quota_getxstate(sb, addr);
> > case Q_XSETQLIM:
> > - return quota_setxquota(sb, type, id, addr);
> > + return quota_setxquota(sb, type, qid, addr);
> > case Q_XGETQUOTA:
> > - return quota_getxquota(sb, type, id, addr);
> > + return quota_getxquota(sb, type, qid, addr);
> > case Q_XQUOTASYNC:
> > if (sb->s_flags & MS_RDONLY)
> > return -EROFS;
WARNING: multiple messages have this Message-ID (diff)
From: Dmitry Monakhov <dmonakhov@openvz.org>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: linux-kernel@vger.kernel.org, jack@suse.cz,
containers@lists.linux-foundation.org,
linux-fsdevel@vger.kernel.org, serge@hallyn.com
Subject: Re: ***SPAM*** Re: [PATCH] userns: Convert quota to user kuid/kgid where appropriate
Date: Wed, 01 Aug 2012 19:36:46 +0400 [thread overview]
Message-ID: <87d33azks1.fsf@dmbot.sw.ru> (raw)
In-Reply-To: <87d33abw7u.fsf@xmission.com>
On Wed, 01 Aug 2012 06:03:33 -0700, ebiederm@xmission.com (Eric W. Biederman) wrote:
> Dmitry Monakhov <dmonakhov@openvz.org> writes:
>
> > Map uid/gid to global kuid/kgid before pass it down to quota
> > infrastructure.
>
> Have you looked at my development branch of my userns tree?
>
> I already have a patch queued to do something like this.
Oh. Yes you right. I've missed it.
BTW when do you plan to submit new set?
>
> Eric
>
> > Signed-off-by: Dmitry Monakhov <dmonakhov@openvz.org>
> > ---
> > fs/quota/quota.c | 45 ++++++++++++++++++++++++++++++++++++---------
> > 1 files changed, 36 insertions(+), 9 deletions(-)
> >
> > diff --git a/fs/quota/quota.c b/fs/quota/quota.c
> > index 6f15578..a59efd4 100644
> > --- a/fs/quota/quota.c
> > +++ b/fs/quota/quota.c
> > @@ -19,8 +19,13 @@
> > #include <linux/writeback.h>
> >
> > static int check_quotactl_permission(struct super_block *sb, int type, int cmd,
> > - qid_t id)
> > + qid_t id, qid_t* global_id)
> > {
> > + kuid_t kuid;
> > + kgid_t kgid;
> > + struct user_namespace *ns = current_user_ns();
> > + int is_get_query = 0;
> > +
> > switch (cmd) {
> > /* these commands do not require any special privilegues */
> > case Q_GETFMT:
> > @@ -29,11 +34,32 @@ static int check_quotactl_permission(struct super_block *sb, int type, int cmd,
> > case Q_XGETQSTAT:
> > case Q_XQUOTASYNC:
> > break;
> > - /* allow to query information for dquots we "own" */
> > case Q_GETQUOTA:
> > case Q_XGETQUOTA:
> > - if ((type == USRQUOTA && current_euid() == id) ||
> > - (type == GRPQUOTA && in_egroup_p(id)))
> > + is_get_query = 1;
> > + case Q_SETQUOTA:
> > + case Q_XSETQLIM:
> > + /* Map to global user namespace */
> > + switch (type) {
> > + case USRQUOTA:
> > + kuid = make_kuid(ns, id);
> > + if (!uid_valid(kuid))
> > + return -EINVAL;
> > + *global_id = from_kuid_munged(&init_user_ns, kuid);
> > + break;
> > + case GRPQUOTA:
> > + kgid = make_kgid(ns, id);
> > + if (!gid_valid(kgid))
> > + return -EINVAL;
> > + *global_id = from_kgid_munged(&init_user_ns, kgid);
> > + break;
> > + default:
> > + return -EINVAL;
> > + }
> > + /* allow to query information for dquots we "own" */
> > + if (is_get_query &&
> > + ((type == USRQUOTA && uid_eq(current_euid(), kuid)) ||
> > + (type == GRPQUOTA && in_egroup_p(kgid))))
> > break;
> > /*FALLTHROUGH*/
> > default:
> > @@ -240,13 +266,14 @@ static int do_quotactl(struct super_block *sb, int type, int cmd, qid_t id,
> > void __user *addr, struct path *path)
> > {
> > int ret;
> > + qid_t qid = -1;
> >
> > if (type >= (XQM_COMMAND(cmd) ? XQM_MAXQUOTAS : MAXQUOTAS))
> > return -EINVAL;
> > if (!sb->s_qcop)
> > return -ENOSYS;
> >
> > - ret = check_quotactl_permission(sb, type, cmd, id);
> > + ret = check_quotactl_permission(sb, type, cmd, id, &qid);
> > if (ret < 0)
> > return ret;
> >
> > @@ -264,9 +291,9 @@ static int do_quotactl(struct super_block *sb, int type, int cmd, qid_t id,
> > case Q_SETINFO:
> > return quota_setinfo(sb, type, addr);
> > case Q_GETQUOTA:
> > - return quota_getquota(sb, type, id, addr);
> > + return quota_getquota(sb, type, qid, addr);
> > case Q_SETQUOTA:
> > - return quota_setquota(sb, type, id, addr);
> > + return quota_setquota(sb, type, qid, addr);
> > case Q_SYNC:
> > if (!sb->s_qcop->quota_sync)
> > return -ENOSYS;
> > @@ -278,9 +305,9 @@ static int do_quotactl(struct super_block *sb, int type, int cmd, qid_t id,
> > case Q_XGETQSTAT:
> > return quota_getxstate(sb, addr);
> > case Q_XSETQLIM:
> > - return quota_setxquota(sb, type, id, addr);
> > + return quota_setxquota(sb, type, qid, addr);
> > case Q_XGETQUOTA:
> > - return quota_getxquota(sb, type, id, addr);
> > + return quota_getxquota(sb, type, qid, addr);
> > case Q_XQUOTASYNC:
> > if (sb->s_flags & MS_RDONLY)
> > return -EROFS;
next prev parent reply other threads:[~2012-08-01 15:36 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-08-01 10:38 [PATCH] userns: Convert quota to user kuid/kgid where appropriate Dmitry Monakhov
2012-08-01 10:38 ` Dmitry Monakhov
[not found] ` <1343817532-12021-1-git-send-email-dmonakhov-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2012-08-01 13:03 ` Eric W. Biederman
[not found] ` <87d33abw7u.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-08-01 15:36 ` Dmitry Monakhov [this message]
2012-08-01 15:36 ` ***SPAM*** " Dmitry Monakhov
[not found] ` <87d33azks1.fsf-d2mB1LbBle8ox3rIn2DAYQ@public.gmane.org>
2012-08-01 17:45 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87d33azks1.fsf@dmbot.sw.ru \
--to=dmonakhov-gefaqzzx7r8dnm+yrofe0a@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=jack-AlSwsSmVLrQ@public.gmane.org \
--cc=linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.