From: "Serge E. Hallyn" <serge-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org>
To: Dongsu Park <dongsu-lYLaGTFnO9sWenYVfaLwtA@public.gmane.org>
Cc: Miklos Szeredi <mszeredi-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
Kees Cook <keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org>,
containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Seth Forshee
<seth.forshee-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org>,
"Luis R. Rodriguez"
<mcgrof-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>,
Alban Crequy <alban-lYLaGTFnO9sWenYVfaLwtA@public.gmane.org>,
"Eric W . Biederman"
<ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>,
Sargun Dhillon <sargun-GaZTRHToo+CzQB+pC5nmwQ@public.gmane.org>,
linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Alexander Viro
<viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org>
Subject: Re: [PATCH 03/11] fs: Allow superblock owner to change ownership of inodes
Date: Fri, 22 Dec 2017 21:17:39 -0600 [thread overview]
Message-ID: <20171223031739.GC6837@mail.hallyn.com> (raw)
In-Reply-To: <ac3d34002d7690f6ca5928b57b7fc4d707104b04.1512041070.git.dongsu-lYLaGTFnO9sWenYVfaLwtA@public.gmane.org>
On Fri, Dec 22, 2017 at 03:32:27PM +0100, Dongsu Park wrote:
> From: Eric W. Biederman <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
>
> Allow users with CAP_SYS_CHOWN over the superblock of a filesystem to
Note it is CAP_CHOWN
> chown files. Ordinarily the capable_wrt_inode_uidgid check is
> sufficient to allow access to files but when the underlying filesystem
> has uids or gids that don't map to the current user namespace it is
> not enough, so the chown permission checks need to be extended to
> allow this case.
>
> Calling chown on filesystem nodes whose uid or gid don't map is
> necessary if those nodes are going to be modified as writing back
> inodes which contain uids or gids that don't map is likely to cause
> filesystem corruption of the uid or gid fields.
>
> Once chown has been called the existing capable_wrt_inode_uidgid
> checks are sufficient, to allow the owner of a superblock to do anything
> the global root user can do with an appropriate set of capabilities.
>
> For the proc filesystem this relaxation of permissions is not safe, as
> some files are owned by users (particularly GLOBAL_ROOT_UID) outside
> of the control of the mounter of the proc and that would be unsafe to
> grant chown access to. So update setattr on proc to disallow changing
> files whose uids or gids are outside of proc's s_user_ns.
>
> The original version of this patch was written by: Seth Forshee. I
> have rewritten and rethought this patch enough so it's really not the
> same thing (certainly it needs a different description), but he
> deserves credit for getting out there and getting the conversation
> started, and finding the potential gotcha's and putting up with my
> semi-paranoid feedback.
>
> Patch v4 is available: https://patchwork.kernel.org/patch/8944611/
>
> Cc: linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
> Cc: linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
> Cc: Alexander Viro <viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org>
> Cc: "Luis R. Rodriguez" <mcgrof-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
> Cc: Kees Cook <keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org>
> Inspired-by: Seth Forshee <seth.forshee-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org>
> Signed-off-by: Eric W. Biederman <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
> [saf: Resolve conflicts caused by s/inode_change_ok/setattr_prepare/]
> Signed-off-by: Dongsu Park <dongsu-lYLaGTFnO9sWenYVfaLwtA@public.gmane.org>
Reviewed-by: Serge Hallyn <serge-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org>
> ---
> fs/attr.c | 34 ++++++++++++++++++++++++++--------
> fs/proc/base.c | 7 +++++++
> fs/proc/generic.c | 7 +++++++
> fs/proc/proc_sysctl.c | 7 +++++++
> 4 files changed, 47 insertions(+), 8 deletions(-)
>
> diff --git a/fs/attr.c b/fs/attr.c
> index 12ffdb6f..bf8e94f3 100644
> --- a/fs/attr.c
> +++ b/fs/attr.c
> @@ -18,6 +18,30 @@
> #include <linux/evm.h>
> #include <linux/ima.h>
>
> +static bool chown_ok(const struct inode *inode, kuid_t uid)
> +{
> + if (uid_eq(current_fsuid(), inode->i_uid) &&
> + uid_eq(uid, inode->i_uid))
> + return true;
> + if (capable_wrt_inode_uidgid(inode, CAP_CHOWN))
> + return true;
> + if (ns_capable(inode->i_sb->s_user_ns, CAP_CHOWN))
> + return true;
> + return false;
> +}
> +
> +static bool chgrp_ok(const struct inode *inode, kgid_t gid)
> +{
> + if (uid_eq(current_fsuid(), inode->i_uid) &&
> + (in_group_p(gid) || gid_eq(gid, inode->i_gid)))
> + return true;
> + if (capable_wrt_inode_uidgid(inode, CAP_CHOWN))
> + return true;
> + if (ns_capable(inode->i_sb->s_user_ns, CAP_CHOWN))
> + return true;
> + return false;
> +}
> +
> /**
> * setattr_prepare - check if attribute changes to a dentry are allowed
> * @dentry: dentry to check
> @@ -52,17 +76,11 @@ int setattr_prepare(struct dentry *dentry, struct iattr *attr)
> goto kill_priv;
>
> /* Make sure a caller can chown. */
> - if ((ia_valid & ATTR_UID) &&
> - (!uid_eq(current_fsuid(), inode->i_uid) ||
> - !uid_eq(attr->ia_uid, inode->i_uid)) &&
> - !capable_wrt_inode_uidgid(inode, CAP_CHOWN))
> + if ((ia_valid & ATTR_UID) && !chown_ok(inode, attr->ia_uid))
> return -EPERM;
>
> /* Make sure caller can chgrp. */
> - if ((ia_valid & ATTR_GID) &&
> - (!uid_eq(current_fsuid(), inode->i_uid) ||
> - (!in_group_p(attr->ia_gid) && !gid_eq(attr->ia_gid, inode->i_gid))) &&
> - !capable_wrt_inode_uidgid(inode, CAP_CHOWN))
> + if ((ia_valid & ATTR_GID) && !chgrp_ok(inode, attr->ia_gid))
> return -EPERM;
>
> /* Make sure a caller can chmod. */
> diff --git a/fs/proc/base.c b/fs/proc/base.c
> index 31934cb9..9d50ec92 100644
> --- a/fs/proc/base.c
> +++ b/fs/proc/base.c
> @@ -665,10 +665,17 @@ int proc_setattr(struct dentry *dentry, struct iattr *attr)
> {
> int error;
> struct inode *inode = d_inode(dentry);
> + struct user_namespace *s_user_ns;
>
> if (attr->ia_valid & ATTR_MODE)
> return -EPERM;
>
> + /* Don't let anyone mess with weird proc files */
> + s_user_ns = inode->i_sb->s_user_ns;
> + if (!kuid_has_mapping(s_user_ns, inode->i_uid) ||
> + !kgid_has_mapping(s_user_ns, inode->i_gid))
> + return -EPERM;
> +
> error = setattr_prepare(dentry, attr);
> if (error)
> return error;
> diff --git a/fs/proc/generic.c b/fs/proc/generic.c
> index 793a6757..527d46c8 100644
> --- a/fs/proc/generic.c
> +++ b/fs/proc/generic.c
> @@ -106,8 +106,15 @@ static int proc_notify_change(struct dentry *dentry, struct iattr *iattr)
> {
> struct inode *inode = d_inode(dentry);
> struct proc_dir_entry *de = PDE(inode);
> + struct user_namespace *s_user_ns;
> int error;
>
> + /* Don't let anyone mess with weird proc files */
> + s_user_ns = inode->i_sb->s_user_ns;
> + if (!kuid_has_mapping(s_user_ns, inode->i_uid) ||
> + !kgid_has_mapping(s_user_ns, inode->i_gid))
> + return -EPERM;
> +
> error = setattr_prepare(dentry, iattr);
> if (error)
> return error;
> diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c
> index c5cbbdff..0f9562d1 100644
> --- a/fs/proc/proc_sysctl.c
> +++ b/fs/proc/proc_sysctl.c
> @@ -802,11 +802,18 @@ static int proc_sys_permission(struct inode *inode, int mask)
> static int proc_sys_setattr(struct dentry *dentry, struct iattr *attr)
> {
> struct inode *inode = d_inode(dentry);
> + struct user_namespace *s_user_ns;
> int error;
>
> if (attr->ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID))
> return -EPERM;
>
> + /* Don't let anyone mess with weird proc files */
> + s_user_ns = inode->i_sb->s_user_ns;
> + if (!kuid_has_mapping(s_user_ns, inode->i_uid) ||
> + !kgid_has_mapping(s_user_ns, inode->i_gid))
> + return -EPERM;
> +
> error = setattr_prepare(dentry, attr);
> if (error)
> return error;
> --
> 2.13.6
next prev parent reply other threads:[~2017-12-23 3:17 UTC|newest]
Thread overview: 103+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <cover.1512741134.git.dongsu@kinvolk.io>
[not found] ` <cover.1512741134.git.dongsu-lYLaGTFnO9sWenYVfaLwtA@public.gmane.org>
2017-12-22 14:32 ` [PATCH 01/11] block_dev: Support checking inode permissions in lookup_bdev() Dongsu Park
2017-12-22 14:32 ` [PATCH 02/11] mtd: Check permissions towards mtd block device inode when mounting Dongsu Park
[not found] ` <945d325a2239efcd55273abb2bac41cfc7264fea.1512041070.git.dongsu-lYLaGTFnO9sWenYVfaLwtA@public.gmane.org>
2017-12-22 21:06 ` Richard Weinberger
2017-12-23 3:05 ` Serge E. Hallyn
[not found] ` <CAFLxGvwzRBGJf0-jCAwGts1HwV_nT072+yhHLP079sxQezoTFQ@mail.gmail.com>
[not found] ` <CAFLxGvwzRBGJf0-jCAwGts1HwV_nT072+yhHLP079sxQezoTFQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-12-23 12:18 ` Dongsu Park
[not found] ` <CANxcAMtVqgLmQaTtfJocGGgsn5dSX2CDwzh6bwv6OnjUUwsTrg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-12-23 12:56 ` Richard Weinberger
2017-12-22 14:32 ` [PATCH 03/11] fs: Allow superblock owner to change ownership of inodes Dongsu Park
2017-12-22 14:32 ` [PATCH 04/11] fs: Don't remove suid for CAP_FSETID for userns root Dongsu Park
2017-12-22 14:32 ` [PATCH 05/11] fs: Allow superblock owner to access do_remount_sb() Dongsu Park
2017-12-22 14:32 ` [PATCH 06/11] capabilities: Allow privileged user in s_user_ns to set security.* xattrs Dongsu Park
[not found] ` <5adc5e31c25beb987798ecc219df79671547a9ac.1512041070.git.dongsu-lYLaGTFnO9sWenYVfaLwtA@public.gmane.org>
2017-12-23 3:33 ` Serge E. Hallyn
2017-12-22 14:32 ` [PATCH 07/11] fs: Allow CAP_SYS_ADMIN in s_user_ns to freeze and thaw filesystems Dongsu Park
[not found] ` <61a37f0b159dd56825696d8d3beb8eaffdf1f72f.1512041070.git.dongsu-lYLaGTFnO9sWenYVfaLwtA@public.gmane.org>
2017-12-23 3:39 ` Serge E. Hallyn
2018-02-14 12:28 ` Miklos Szeredi
[not found] ` <CAOssrKeSTY1pAhpmegFWdGh7irNbT4veG5JaYFj8Q1JjMynadw@mail.gmail.com>
[not found] ` <CAOssrKeSTY1pAhpmegFWdGh7irNbT4veG5JaYFj8Q1JjMynadw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-02-19 22:56 ` Eric W. Biederman
2017-12-22 14:32 ` [PATCH 08/11] fuse: Support fuse filesystems outside of init_user_ns Dongsu Park
2017-12-22 14:32 ` [PATCH 09/11] fuse: Restrict allow_other to the superblock's namespace or a descendant Dongsu Park
2017-12-22 14:32 ` [PATCH 10/11] fuse: Allow user namespace mounts Dongsu Park
2017-12-22 14:32 ` [PATCH 11/11] evm: Don't update hmacs in user ns mounts Dongsu Park
2017-12-25 7:05 ` [PATCH v5 00/11] FUSE mounts from non-init user namespaces Eric W. Biederman
2018-02-13 11:32 ` Miklos Szeredi
[not found] ` <CAOssrKey+oxahrXHO5d6Lu1ZD=r1t-b0i4iZM_Ke9ToqTckjkQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-02-16 21:53 ` Eric W. Biederman
2018-02-21 20:24 ` [PATCH v6 0/6] fuse: " Eric W. Biederman
[not found] ` <878tbmf5vl.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2018-02-21 20:29 ` [PATCH v6 1/5] fuse: Remove the buggy retranslation of pids in fuse_dev_do_read Eric W. Biederman
[not found] ` <CAOssrKch20vj8phkjfjMe=07-8uQiuXfOuCTDjrMzPbkg6DoxA@mail.gmail.com>
[not found] ` <CAOssrKch20vj8phkjfjMe=07-8uQiuXfOuCTDjrMzPbkg6DoxA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-02-22 19:04 ` Eric W. Biederman
2018-02-21 20:29 ` [PATCH v6 2/5] fuse: Fail all requests with invalid uids or gids Eric W. Biederman
[not found] ` <CAOssrKeYuVj6ZWUrXp7R_d+wdoArnJ=mhRp22qE9JBW3x-7tfw@mail.gmail.com>
[not found] ` <CAOssrKeYuVj6ZWUrXp7R_d+wdoArnJ=mhRp22qE9JBW3x-7tfw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-02-22 18:15 ` Eric W. Biederman
2018-02-21 20:29 ` [PATCH v6 3/5] fuse: Support fuse filesystems outside of init_user_ns Eric W. Biederman
2018-02-21 20:29 ` [PATCH v6 4/5] fuse: Ensure posix acls are translated " Eric W. Biederman
[not found] ` <CAOssrKeNLBeMkMrrCeRBO9Z80zFxCCEygKL3DErnQ9xBoLkH0g@mail.gmail.com>
[not found] ` <CAOssrKeNLBeMkMrrCeRBO9Z80zFxCCEygKL3DErnQ9xBoLkH0g-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-02-22 19:18 ` Eric W. Biederman
[not found] ` <87inao6dfa.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2018-02-22 22:50 ` Eric W. Biederman
[not found] ` <87mv004p0t.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2018-02-26 7:47 ` Miklos Szeredi
[not found] ` <CAOssrKd+c0Mx+=S-+zr1QS8a37Pm=VGki=FVR+LXQZBsk3byqA@mail.gmail.com>
[not found] ` <CAOssrKd+c0Mx+=S-+zr1QS8a37Pm=VGki=FVR+LXQZBsk3byqA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-02-26 16:35 ` Eric W. Biederman
[not found] ` <87zi3v1zga.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2018-02-26 21:51 ` Eric W. Biederman
2018-02-21 20:29 ` [PATCH v6 5/5] fuse: Restrict allow_other to the superblock's namespace or a descendant Eric W. Biederman
2018-02-26 23:52 ` [PATCH v7 0/7] fuse: mounts from non-init user namespaces Eric W. Biederman
[not found] ` <87po4rz4ui.fsf_-_@xmission.com>
[not found] ` <87po4rz4ui.fsf_-_-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2018-02-26 23:52 ` [PATCH v7 1/7] fuse: Remove the buggy retranslation of pids in fuse_dev_do_read Eric W. Biederman
2018-02-26 23:52 ` [PATCH v7 2/7] fuse: Fail all requests with invalid uids or gids Eric W. Biederman
2018-02-26 23:52 ` [PATCH v7 3/7] fs/posix_acl: Document that get_acl respects ACL_DONT_CACHE Eric W. Biederman
2018-02-26 23:52 ` [PATCH v7 4/7] fuse: Cache a NULL acl when FUSE_GETXATTR returns -ENOSYS Eric W. Biederman
2018-02-26 23:53 ` [PATCH v7 5/7] fuse: Simplfiy the posix acl handling logic Eric W. Biederman
[not found] ` <20180226235302.12708-5-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2018-02-27 9:00 ` Miklos Szeredi
[not found] ` <CAOssrKeWvYpgj4_cgsRBL_kTOHyRS-9_mfO9JHP-JahgqFnfHQ@mail.gmail.com>
[not found] ` <CAOssrKeWvYpgj4_cgsRBL_kTOHyRS-9_mfO9JHP-JahgqFnfHQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-03-02 21:49 ` Eric W. Biederman
2018-02-26 23:53 ` [PATCH v7 6/7] fuse: Support fuse filesystems outside of init_user_ns Eric W. Biederman
2018-02-26 23:53 ` [PATCH v7 7/7] fuse: Restrict allow_other to the superblock's namespace or a descendant Eric W. Biederman
2018-03-02 21:58 ` [PATCH v8 0/6] fuse: mounts from non-init user namespaces Eric W. Biederman
[not found] ` <20180226235302.12708-3-ebiederm@xmission.com>
[not found] ` <20180226235302.12708-3-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2018-02-27 1:13 ` [PATCH v7 3/7] fs/posix_acl: Document that get_acl respects ACL_DONT_CACHE Linus Torvalds
[not found] ` <CA+55aFySgJyR6JLcS9HLC9wEpWU1isdyTkchHxZHbJWsh7HFpg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-02-27 2:53 ` Eric W. Biederman
[not found] ` <87r2p7rvn5.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2018-02-27 3:14 ` Eric W. Biederman
[not found] ` <87tvu3qg2b.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2018-02-27 3:41 ` Linus Torvalds
[not found] ` <CA+55aFwPo7Pbq+3Oup-oo8MUFHeEpFXp7qr6z2PrzKp7S0ON+A@mail.gmail.com>
[not found] ` <CA+55aFwPo7Pbq+3Oup-oo8MUFHeEpFXp7qr6z2PrzKp7S0ON+A-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-03-02 19:53 ` [RFC][PATCH] fs/posix_acl: Update the comments and support lightweight cache skipping Eric W. Biederman
2018-02-27 3:36 ` [PATCH v7 3/7] fs/posix_acl: Document that get_acl respects ACL_DONT_CACHE Linus Torvalds
[not found] ` <87r2p287i8.fsf_-_@xmission.com>
[not found] ` <87r2p287i8.fsf_-_-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2018-03-02 21:59 ` [PATCH v8 1/6] fs/posix_acl: Update the comments and support lightweight cache skipping Eric W. Biederman
[not found] ` <20180302215919.27207-1-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2018-03-05 9:53 ` Miklos Szeredi
[not found] ` <CAOssrKf0cuxx1YLiwFJHSnzMOOoejjWWibs98Mb5KSXVSSXfOg@mail.gmail.com>
[not found] ` <CAOssrKf0cuxx1YLiwFJHSnzMOOoejjWWibs98Mb5KSXVSSXfOg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-03-05 13:53 ` Eric W. Biederman
2018-03-02 21:59 ` [PATCH v8 2/6] fuse: Simplfiy the posix acl handling logic Eric W. Biederman
2018-03-02 21:59 ` [PATCH v8 3/6] fuse: Remove the buggy retranslation of pids in fuse_dev_do_read Eric W. Biederman
2018-03-02 21:59 ` [PATCH v8 4/6] fuse: Fail all requests with invalid uids or gids Eric W. Biederman
2018-03-02 21:59 ` [PATCH v8 5/6] fuse: Support fuse filesystems outside of init_user_ns Eric W. Biederman
2018-03-02 21:59 ` [PATCH v8 6/6] fuse: Restrict allow_other to the superblock's namespace or a descendant Eric W. Biederman
2018-03-08 21:23 ` [PATCH v9 0/4] fuse: mounts from non-init user namespaces Eric W. Biederman
[not found] ` <87ina6ntx0.fsf_-_-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2018-03-08 21:24 ` [PATCH v9 1/4] fuse: Remove the buggy retranslation of pids in fuse_dev_do_read Eric W. Biederman
2018-03-08 21:24 ` [PATCH v9 2/4] fuse: Fail all requests with invalid uids or gids Eric W. Biederman
2018-03-08 21:24 ` [PATCH v9 3/4] fuse: Support fuse filesystems outside of init_user_ns Eric W. Biederman
2018-03-08 21:24 ` [PATCH v9 4/4] fuse: Restrict allow_other to the superblock's namespace or a descendant Eric W. Biederman
2018-03-20 16:25 ` [PATCH v9 0/4] fuse: mounts from non-init user namespaces Miklos Szeredi
[not found] ` <CAOssrKebhX-nm06RAwep8HUUV4QpsAa=ZOgxdRyP=WF9p-=4Tw@mail.gmail.com>
[not found] ` <CAOssrKebhX-nm06RAwep8HUUV4QpsAa=ZOgxdRyP=WF9p-=4Tw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-03-20 18:27 ` Eric W. Biederman
[not found] ` <87tvta38lu.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2018-03-21 8:38 ` Miklos Szeredi
[not found] ` <ef5e609602df6d7e2b4aa07b92600f04b6851902.1512041070.git.dongsu@kinvolk.io>
[not found] ` <ef5e609602df6d7e2b4aa07b92600f04b6851902.1512041070.git.dongsu-lYLaGTFnO9sWenYVfaLwtA@public.gmane.org>
2017-12-22 18:59 ` [PATCH 01/11] block_dev: Support checking inode permissions in lookup_bdev() Coly Li
2017-12-23 3:03 ` Serge E. Hallyn
[not found] ` <17fbec10-68b1-2d2b-d417-2cdfee22b0fa@coly.li>
[not found] ` <17fbec10-68b1-2d2b-d417-2cdfee22b0fa-53JG2FQvpdo@public.gmane.org>
2017-12-23 12:00 ` Dongsu Park
[not found] ` <ddf1fb9b5001e633e0022dee7fecb0ef431e851f.1512041070.git.dongsu@kinvolk.io>
[not found] ` <ddf1fb9b5001e633e0022dee7fecb0ef431e851f.1512041070.git.dongsu-lYLaGTFnO9sWenYVfaLwtA@public.gmane.org>
2017-12-23 3:26 ` [PATCH 04/11] fs: Don't remove suid for CAP_FSETID for userns root Serge E. Hallyn
[not found] ` <20171223032606.GD6837@mail.hallyn.com>
[not found] ` <20171223032606.GD6837-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2017-12-23 12:38 ` Dongsu Park
[not found] ` <CANxcAMtpE05xpOPt3Ua+4DkiTzkW5hOo4BBpiNZh_5+RTCfThA@mail.gmail.com>
[not found] ` <CANxcAMtpE05xpOPt3Ua+4DkiTzkW5hOo4BBpiNZh_5+RTCfThA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-02-13 13:37 ` Miklos Szeredi
[not found] ` <8dd484dceb9e96e5b67f21b8a0cf333753985e89.1512041070.git.dongsu@kinvolk.io>
[not found] ` <8dd484dceb9e96e5b67f21b8a0cf333753985e89.1512041070.git.dongsu-lYLaGTFnO9sWenYVfaLwtA@public.gmane.org>
2017-12-23 3:30 ` [PATCH 05/11] fs: Allow superblock owner to access do_remount_sb() Serge E. Hallyn
[not found] ` <c85c293e19a478353aba8e6e3ee39e5914f798d5.1512041070.git.dongsu@kinvolk.io>
[not found] ` <c85c293e19a478353aba8e6e3ee39e5914f798d5.1512041070.git.dongsu-lYLaGTFnO9sWenYVfaLwtA@public.gmane.org>
2017-12-23 3:46 ` [PATCH 08/11] fuse: Support fuse filesystems outside of init_user_ns Serge E. Hallyn
2018-01-17 10:59 ` Alban Crequy
2018-02-12 15:57 ` Miklos Szeredi
[not found] ` <CAOssrKd6vkMDwRT=QQofKCufzQczzQ7dXoVbVfVax-0HqD986w-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-02-12 16:35 ` Eric W. Biederman
[not found] ` <87lgfy5fpd.fsf@xmission.com>
[not found] ` <87lgfy5fpd.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2018-02-13 10:20 ` Miklos Szeredi
[not found] ` <CAOssrKcKz8p9YQJLf2W_NCBo+12auxir5jFwXGbANdWdgavpsw@mail.gmail.com>
[not found] ` <CAOssrKcKz8p9YQJLf2W_NCBo+12auxir5jFwXGbANdWdgavpsw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-02-16 21:52 ` Eric W. Biederman
2018-02-20 2:12 ` Eric W. Biederman
[not found] ` <CADZs7q5NA7Kox62vnCOkL=TGgzTxX+oNYz6=oNXKWkQkQwSMrA@mail.gmail.com>
[not found] ` <CADZs7q5NA7Kox62vnCOkL=TGgzTxX+oNYz6=oNXKWkQkQwSMrA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-01-17 14:29 ` Seth Forshee
[not found] ` <20180117142935.GA3723@ubuntu-xps13>
2018-01-17 18:56 ` Alban Crequy
[not found] ` <CADZs7q6ZHGHbrdL96Bmy148Zc6TxruiJrEeDjaDYEX8U-5QV1A@mail.gmail.com>
[not found] ` <CADZs7q6ZHGHbrdL96Bmy148Zc6TxruiJrEeDjaDYEX8U-5QV1A-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-01-17 19:31 ` Seth Forshee
[not found] ` <20180117193124.GC3723@ubuntu-xps13>
2018-01-18 10:29 ` Alban Crequy
[not found] ` <a26103156b3f6ba73b1e46c6f577f1bee74872d9.1512041070.git.dongsu@kinvolk.io>
[not found] ` <a26103156b3f6ba73b1e46c6f577f1bee74872d9.1512041070.git.dongsu-lYLaGTFnO9sWenYVfaLwtA@public.gmane.org>
2017-12-23 3:51 ` [PATCH 10/11] fuse: Allow user namespace mounts Serge E. Hallyn
2018-02-14 13:44 ` Miklos Szeredi
[not found] ` <CAOssrKcHOp9OaCWRALsxe5MTk+tv7Gi5rPsHz2VLguzK-P+LMw@mail.gmail.com>
[not found] ` <CAOssrKcHOp9OaCWRALsxe5MTk+tv7Gi5rPsHz2VLguzK-P+LMw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-02-15 8:46 ` Miklos Szeredi
[not found] ` <1f2233a1a028f1eb1e9bea7d06efa6d34e69e752.1512041070.git.dongsu@kinvolk.io>
[not found] ` <1f2233a1a028f1eb1e9bea7d06efa6d34e69e752.1512041070.git.dongsu-lYLaGTFnO9sWenYVfaLwtA@public.gmane.org>
2017-12-23 4:03 ` [PATCH 11/11] evm: Don't update hmacs in user ns mounts Serge E. Hallyn
[not found] ` <20171223040348.GK6837-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2017-12-24 5:12 ` Mimi Zohar
[not found] ` <1514092328.5221.116.camel@linux.vnet.ibm.com>
[not found] ` <1514092328.5221.116.camel-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2017-12-24 5:56 ` Mimi Zohar
[not found] ` <ac3d34002d7690f6ca5928b57b7fc4d707104b04.1512041070.git.dongsu@kinvolk.io>
[not found] ` <ac3d34002d7690f6ca5928b57b7fc4d707104b04.1512041070.git.dongsu-lYLaGTFnO9sWenYVfaLwtA@public.gmane.org>
2017-12-23 3:17 ` Serge E. Hallyn [this message]
2018-01-05 19:24 ` [PATCH 03/11] fs: Allow superblock owner to change ownership of inodes Luis R. Rodriguez
2018-02-13 13:18 ` Miklos Szeredi
[not found] ` <20180105192407.GF22430@wotan.suse.de>
[not found] ` <20180105192407.GF22430-B4tOwbsTzaBolqkO4TVVkw@public.gmane.org>
2018-01-09 15:10 ` Dongsu Park
[not found] ` <CANxcAMvDQFH0g5PPnVZ3p2Tei04N+8fNf0pk02DrfTkBHjjrPQ@mail.gmail.com>
[not found] ` <CANxcAMvDQFH0g5PPnVZ3p2Tei04N+8fNf0pk02DrfTkBHjjrPQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-01-09 17:23 ` Luis R. Rodriguez
[not found] ` <CAOssrKcZeAHsRz7P_dxh==QAKnp7HeSTh4vWY2tgbWa1ZD918g@mail.gmail.com>
[not found] ` <CAOssrKcZeAHsRz7P_dxh==QAKnp7HeSTh4vWY2tgbWa1ZD918g-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-02-16 22:00 ` Eric W. Biederman
[not found] ` <877etbcmnd.fsf@xmission.com>
[not found] ` <877etbcmnd.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2018-01-09 15:05 ` [PATCH v5 00/11] FUSE mounts from non-init user namespaces Dongsu Park
[not found] ` <CANxcAMvwwiPXBTKmTM9sEo8Y1T--V7fNaFqzHfyEvwvaYQV60A@mail.gmail.com>
[not found] ` <CANxcAMvwwiPXBTKmTM9sEo8Y1T--V7fNaFqzHfyEvwvaYQV60A-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-01-18 14:58 ` Alban Crequy
[not found] ` <CADZs7q438szfwd-kaaRDnpDFrmno3zy7Zq+6EsnotW8bS0vrTA@mail.gmail.com>
[not found] ` <CADZs7q438szfwd-kaaRDnpDFrmno3zy7Zq+6EsnotW8bS0vrTA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-02-19 23:09 ` Eric W. Biederman
[not found] ` <d055925e5d5c0099e9e9c871004fb45fab67e4bc.1512041070.git.dongsu@kinvolk.io>
[not found] ` <d055925e5d5c0099e9e9c871004fb45fab67e4bc.1512041070.git.dongsu-lYLaGTFnO9sWenYVfaLwtA@public.gmane.org>
2017-12-23 3:50 ` [PATCH 09/11] fuse: Restrict allow_other to the superblock's namespace or a descendant Serge E. Hallyn
2018-02-19 23:16 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171223031739.GC6837@mail.hallyn.com \
--to=serge-a9i7lubdfnhqt0dzr+alfa@public.gmane.org \
--cc=alban-lYLaGTFnO9sWenYVfaLwtA@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=dongsu-lYLaGTFnO9sWenYVfaLwtA@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org \
--cc=linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=mcgrof-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
--cc=mszeredi-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=sargun-GaZTRHToo+CzQB+pC5nmwQ@public.gmane.org \
--cc=seth.forshee-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org \
--cc=viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox