From: ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org (Eric W. Biederman)
To: "Serge E. Hallyn" <serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
Cc: Linux Containers <containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org>
Subject: Re: [PATCH 04/10] user namespaces: enforce user namespaces for file permission
Date: Fri, 22 Aug 2008 19:16:46 -0700 [thread overview]
Message-ID: <m1myj4cw6p.fsf@frodo.ebiederm.org> (raw)
In-Reply-To: <20080823005715.GB21064-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org> (Serge E. Hallyn's message of "Fri, 22 Aug 2008 19:57:15 -0500")
"Serge E. Hallyn" <serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org> writes:
> That might make sense. I guess the problem is I started trying to
> handle generic permission. But I don't need to... the fs can
> provide its own permission, else we do the simple userns check.
Sounds right.
We really need that simple starting place where we can turn it all
on and you aren't allowed to do anything, then we can enable one
feature at a time from there.
Plus I can think of some uses for a user who isn't allowed to do
anything on a machine. ;)
> The user ns comes from the current task. The fs must decide whether
> current->user->uid in current->user->user_ns has capabilities over
> the target file. Only the fs can erify that the user is really
> uid=0 or has CAP_DAC_OVERRIDE, for instance, with respect to the file.
In the general case only the filesystem can make the call about what
powers we have over a specific file and the filesystem will make that
call when we pass it our kerberos ticket to the filesystem server, and
ask the filesystem to perform a specific operation.
In the common case the filesystem is just a reflection of our in memory
set of namespaces. Getting the capability rules straight are going
to be a little interesting. Essentially however for filesystems
I believe the rule is if I have CAP_DAC_OVERRIDE in the user namespace
of a user. And that user creates a namespace. Then I should have
CAP_DAC_OVERRIDE capability over that namespace as well. Allowing
me to back up files in the unprivileged users namespace.
The common case is the only case that needs to be implemented
in generic kernel code.
Eric
next prev parent reply other threads:[~2008-08-23 2:16 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-08-22 19:45 [0/10] User namespaces: introduction Serge E. Hallyn
[not found] ` <20080822194513.GA10262-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-08-22 19:45 ` [PATCH 01/10] user namespaces: introduce user_struct->user_namespace relationship Serge E. Hallyn
2008-08-22 19:45 ` [PATCH 02/10] user namespaces: move user_ns from nsproxy into user struct Serge E. Hallyn
2008-08-22 19:45 ` [PATCH 03/10] user namespaces: reset task's credentials on CLONE_NEWUSER Serge E. Hallyn
2008-08-22 19:46 ` [PATCH 04/10] user namespaces: enforce user namespaces for file permission Serge E. Hallyn
[not found] ` <20080822194609.GD10360-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-08-22 20:13 ` Eric W. Biederman
[not found] ` <m1ej4glsen.fsf-B27657KtZYmhTnVgQlOflh2eb7JE58TQ@public.gmane.org>
2008-08-23 0:57 ` Serge E. Hallyn
[not found] ` <20080823005715.GB21064-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-08-23 2:16 ` Eric W. Biederman [this message]
2008-08-22 21:13 ` Eric W. Biederman
[not found] ` <m1bpzkhhy0.fsf-B27657KtZYmhTnVgQlOflh2eb7JE58TQ@public.gmane.org>
2008-08-23 0:53 ` [PATCH 04/10] user namespaces: enforce usernamespaces " Serge E. Hallyn
[not found] ` <20080823005304.GA21064-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-08-23 1:56 ` Eric W. Biederman
[not found] ` <m1r68gebop.fsf-B27657KtZYmhTnVgQlOflh2eb7JE58TQ@public.gmane.org>
2008-08-23 2:22 ` Serge E. Hallyn
[not found] ` <20080823022210.GA29618-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-08-23 3:41 ` Eric W. Biederman
2008-08-22 19:46 ` [PATCH 05/10] user namespaces: Allow registering new usernamespaces using mount Serge E. Hallyn
2008-08-22 19:46 ` [PATCH 06/10] user namespaces: hook fs/attr.c Serge E. Hallyn
2008-08-22 19:46 ` [PATCH 07/10] user namespaces: bad bad bad but test code Serge E. Hallyn
2008-08-22 19:47 ` [PATCH 08/10] userns: store child userns uids as xattrs in ext3 using lib/fsuserns Serge E. Hallyn
2008-08-22 19:47 ` [PATCH 09/10] userns: have ext3 use fsuserns to read userns xattrs, and add groups to userns Serge E. Hallyn
2008-08-22 19:47 ` [PATCH 10/10] userns: add support for readdir Serge E. Hallyn
2008-08-22 20:41 ` [0/10] User namespaces: introduction Eric W. Biederman
[not found] ` <m1d4k0ixzp.fsf-B27657KtZYmhTnVgQlOflh2eb7JE58TQ@public.gmane.org>
2008-08-23 1:17 ` Serge E. Hallyn
[not found] ` <20080823011731.GA22737-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-08-23 3:19 ` Eric W. Biederman
[not found] ` <m1sksw770k.fsf-B27657KtZYmhTnVgQlOflh2eb7JE58TQ@public.gmane.org>
2008-08-25 19:51 ` Serge E. Hallyn
[not found] ` <20080825195124.GA9361-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-08-29 9:40 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m1myj4cw6p.fsf@frodo.ebiederm.org \
--to=ebiederm-as9lmozglivwk0htik3j/w@public.gmane.org \
--cc=containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org \
--cc=serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox