From: ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org (Eric W. Biederman)
To: Andrei Vagin <avagin-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
Cc: Alexander Viro
<viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org>,
linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
criu-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org,
Linux Containers
<containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org>
Subject: Re: [PATCH] fs: add an ioctl to get an owning userns for a superblock
Date: Tue, 09 May 2017 19:34:00 -0500 [thread overview]
Message-ID: <87k25psg7b.fsf@xmission.com> (raw)
In-Reply-To: <20170509231938.6467-1-avagin-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org> (Andrei Vagin's message of "Tue, 9 May 2017 16:19:38 -0700")
Andrei Vagin <avagin-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org> writes:
> The introduced ioctl returns a file descriptor that refers to a owning
> user namespace for a superblock which is associated with a target file
> descriptor.
>
> EPERM is returned if the current process doesn't have CAP_SYS_ADMIN in
> the returned user namespace.
>
> This information is required to dump and restore mount namespaces. We
> need to know to which user namespace a superblock is belonged to.
>
> We already have the SIOCGSKNS ioctl for sockets to get a network
> namespace, so it looks reasonable to use the same interface for
> superblocks too.
>
> This functionality can be useful for users in order to understand
> a running system.
This will probably work. And the capability check eases any concerns
I might have that this would be a trivial information leak.
That said can we hold off just a little bit. If open_fs work actually
turns into a real interface that would seem to be the perfect place
to stick this functionality.
Eric
>
> Cc: Alexander Viro <viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org>
> Cc: Eric W. Biederman <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
> Signed-off-by: Andrei Vagin <avagin-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
> ---
> fs/ioctl.c | 23 +++++++++++++++++++++++
> include/uapi/linux/fs.h | 2 ++
> 2 files changed, 25 insertions(+)
>
> diff --git a/fs/ioctl.c b/fs/ioctl.c
> index 569db68..22bbf37 100644
> --- a/fs/ioctl.c
> +++ b/fs/ioctl.c
> @@ -16,6 +16,8 @@
> #include <linux/buffer_head.h>
> #include <linux/falloc.h>
> #include <linux/sched/signal.h>
> +#include <linux/proc_fs.h>
> +#include <linux/user_namespace.h>
>
> #include "internal.h"
>
> @@ -614,6 +616,25 @@ static int ioctl_file_dedupe_range(struct file *file, void __user *arg)
> return ret;
> }
>
> +static struct ns_common *get_sb_userns(struct ns_common *ns_common)
> +{
> + struct user_namespace *ns;
> +
> + ns = container_of(ns_common, struct user_namespace, ns);
> +
> + return &get_user_ns(ns)->ns;
> +}
> +
> +static int ioctl_fs_sb_userns(struct file *filp)
> +{
> + struct super_block *sb = file_inode(filp)->i_sb;
> +
> + if (!ns_capable(sb->s_user_ns, CAP_SYS_ADMIN))
> + return -EPERM;
> +
> + return open_related_ns(&sb->s_user_ns->ns, get_sb_userns);
> +}
> +
> /*
> * When you add any new common ioctls to the switches above and below
> * please update compat_sys_ioctl() too.
> @@ -677,6 +698,8 @@ int do_vfs_ioctl(struct file *filp, unsigned int fd, unsigned int cmd,
>
> case FIDEDUPERANGE:
> return ioctl_file_dedupe_range(filp, argp);
> + case FS_IOC_SB_USERNS:
> + return ioctl_fs_sb_userns(filp);
>
> default:
> if (S_ISREG(inode->i_mode))
> diff --git a/include/uapi/linux/fs.h b/include/uapi/linux/fs.h
> index 33423aa..26ef2d5 100644
> --- a/include/uapi/linux/fs.h
> +++ b/include/uapi/linux/fs.h
> @@ -246,6 +246,8 @@ struct fsxattr {
> #define FICLONE _IOW(0x94, 9, int)
> #define FICLONERANGE _IOW(0x94, 13, struct file_clone_range)
> #define FIDEDUPERANGE _IOWR(0x94, 54, struct file_dedupe_range)
> +/* Get a file descriptor to an owning userns for a superblock */
> +#define FS_IOC_SB_USERNS _IOR('X', 55, int)
>
> #define FS_IOC_GETFLAGS _IOR('f', 1, long)
> #define FS_IOC_SETFLAGS _IOW('f', 2, long)
WARNING: multiple messages have this Message-ID (diff)
From: ebiederm@xmission.com (Eric W. Biederman)
To: Andrei Vagin <avagin@openvz.org>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-api@vger.kernel.org, criu@openvz.org,
Linux Containers <containers@lists.linux-foundation.org>
Subject: Re: [PATCH] fs: add an ioctl to get an owning userns for a superblock
Date: Tue, 09 May 2017 19:34:00 -0500 [thread overview]
Message-ID: <87k25psg7b.fsf@xmission.com> (raw)
In-Reply-To: <20170509231938.6467-1-avagin@openvz.org> (Andrei Vagin's message of "Tue, 9 May 2017 16:19:38 -0700")
Andrei Vagin <avagin@openvz.org> writes:
> The introduced ioctl returns a file descriptor that refers to a owning
> user namespace for a superblock which is associated with a target file
> descriptor.
>
> EPERM is returned if the current process doesn't have CAP_SYS_ADMIN in
> the returned user namespace.
>
> This information is required to dump and restore mount namespaces. We
> need to know to which user namespace a superblock is belonged to.
>
> We already have the SIOCGSKNS ioctl for sockets to get a network
> namespace, so it looks reasonable to use the same interface for
> superblocks too.
>
> This functionality can be useful for users in order to understand
> a running system.
This will probably work. And the capability check eases any concerns
I might have that this would be a trivial information leak.
That said can we hold off just a little bit. If open_fs work actually
turns into a real interface that would seem to be the perfect place
to stick this functionality.
Eric
>
> Cc: Alexander Viro <viro@zeniv.linux.org.uk>
> Cc: Eric W. Biederman <ebiederm@xmission.com>
> Signed-off-by: Andrei Vagin <avagin@openvz.org>
> ---
> fs/ioctl.c | 23 +++++++++++++++++++++++
> include/uapi/linux/fs.h | 2 ++
> 2 files changed, 25 insertions(+)
>
> diff --git a/fs/ioctl.c b/fs/ioctl.c
> index 569db68..22bbf37 100644
> --- a/fs/ioctl.c
> +++ b/fs/ioctl.c
> @@ -16,6 +16,8 @@
> #include <linux/buffer_head.h>
> #include <linux/falloc.h>
> #include <linux/sched/signal.h>
> +#include <linux/proc_fs.h>
> +#include <linux/user_namespace.h>
>
> #include "internal.h"
>
> @@ -614,6 +616,25 @@ static int ioctl_file_dedupe_range(struct file *file, void __user *arg)
> return ret;
> }
>
> +static struct ns_common *get_sb_userns(struct ns_common *ns_common)
> +{
> + struct user_namespace *ns;
> +
> + ns = container_of(ns_common, struct user_namespace, ns);
> +
> + return &get_user_ns(ns)->ns;
> +}
> +
> +static int ioctl_fs_sb_userns(struct file *filp)
> +{
> + struct super_block *sb = file_inode(filp)->i_sb;
> +
> + if (!ns_capable(sb->s_user_ns, CAP_SYS_ADMIN))
> + return -EPERM;
> +
> + return open_related_ns(&sb->s_user_ns->ns, get_sb_userns);
> +}
> +
> /*
> * When you add any new common ioctls to the switches above and below
> * please update compat_sys_ioctl() too.
> @@ -677,6 +698,8 @@ int do_vfs_ioctl(struct file *filp, unsigned int fd, unsigned int cmd,
>
> case FIDEDUPERANGE:
> return ioctl_file_dedupe_range(filp, argp);
> + case FS_IOC_SB_USERNS:
> + return ioctl_fs_sb_userns(filp);
>
> default:
> if (S_ISREG(inode->i_mode))
> diff --git a/include/uapi/linux/fs.h b/include/uapi/linux/fs.h
> index 33423aa..26ef2d5 100644
> --- a/include/uapi/linux/fs.h
> +++ b/include/uapi/linux/fs.h
> @@ -246,6 +246,8 @@ struct fsxattr {
> #define FICLONE _IOW(0x94, 9, int)
> #define FICLONERANGE _IOW(0x94, 13, struct file_clone_range)
> #define FIDEDUPERANGE _IOWR(0x94, 54, struct file_dedupe_range)
> +/* Get a file descriptor to an owning userns for a superblock */
> +#define FS_IOC_SB_USERNS _IOR('X', 55, int)
>
> #define FS_IOC_GETFLAGS _IOR('f', 1, long)
> #define FS_IOC_SETFLAGS _IOW('f', 2, long)
next prev parent reply other threads:[~2017-05-10 0:34 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-09 23:19 [PATCH] fs: add an ioctl to get an owning userns for a superblock Andrei Vagin
2017-05-09 23:19 ` Andrei Vagin
[not found] ` <20170509231938.6467-1-avagin-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2017-05-10 0:34 ` Eric W. Biederman
2017-05-10 0:34 ` Eric W. Biederman [this message]
2017-05-10 0:34 ` Eric W. Biederman
[not found] ` <87k25psg7b.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2017-05-11 0:15 ` Andrei Vagin
2017-05-11 0:15 ` Andrei Vagin
[not found] ` <20170511001526.GA7992-1ViLX0X+lBJGNQ1M2rI3KwRV3xvJKrda@public.gmane.org>
2017-05-11 1:24 ` Eric W. Biederman
2017-05-11 1:24 ` Eric W. Biederman
-- strict thread matches above, loose matches on Subject: below --
2017-05-09 23:19 Andrei Vagin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87k25psg7b.fsf@xmission.com \
--to=ebiederm-as9lmozglivwk0htik3j/w@public.gmane.org \
--cc=avagin-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=criu-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org \
--cc=linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.