From: "xuyang2018.jy@fujitsu.com" <xuyang2018.jy@fujitsu.com>
To: Christian Brauner <brauner@kernel.org>
Cc: "david@fromorbit.com" <david@fromorbit.com>,
"djwong@kernel.org" <djwong@kernel.org>,
"linux-fsdevel@vger.kernel.org" <linux-fsdevel@vger.kernel.org>,
"fstests@vger.kernel.org" <fstests@vger.kernel.org>
Subject: Re: [PATCH v3 3/5] idmapped-mounts: Add open with O_TMPFILE operation in setgid test
Date: Wed, 13 Apr 2022 08:48:11 +0000 [thread overview]
Message-ID: <62569C96.3080207@fujitsu.com> (raw)
In-Reply-To: <20220413080733.6sz3tssi4wo3jc67@wittgenstein>
on 2022/4/13 16:07, Christian Brauner wrote:
> On Tue, Apr 12, 2022 at 07:33:44PM +0800, Yang Xu wrote:
>> Since we can create temp file by using O_TMPFILE flag and filesystem driver also
>> has this api, we should also check this operation whether strip S_ISGID.
>>
>> Reviewed-by: Christian Brauner (Microsoft)<brauner@kernel.org>
>> Signed-off-by: Yang Xu<xuyang2018.jy@fujitsu.com>
>> ---
>> src/idmapped-mounts/idmapped-mounts.c | 148 ++++++++++++++++++++++++++
>> 1 file changed, 148 insertions(+)
>>
>> diff --git a/src/idmapped-mounts/idmapped-mounts.c b/src/idmapped-mounts/idmapped-mounts.c
>> index 617f56e0..02f91558 100644
>> --- a/src/idmapped-mounts/idmapped-mounts.c
>> +++ b/src/idmapped-mounts/idmapped-mounts.c
>> @@ -51,6 +51,7 @@
>> #define FILE1_RENAME "file1_rename"
>> #define FILE2 "file2"
>> #define FILE2_RENAME "file2_rename"
>> +#define FILE3 "file3"
>> #define DIR1 "dir1"
>> #define DIR2 "dir2"
>> #define DIR3 "dir3"
>> @@ -337,6 +338,24 @@ out:
>> return fret;
>> }
>>
>> +static bool openat_tmpfile_supported(int dirfd)
>> +{
>> + int fd = -1;
>> +
>> + fd = openat(dirfd, ".", O_TMPFILE | O_RDWR, S_IXGRP | S_ISGID);
>> + if (fd == -1) {
>> + if (errno == ENOTSUP)
>> + return false;
>> + else
>> + return log_errno(false, "failure: create");
>> + }
>> +
>> + if (close(fd))
>> + log_stderr("failure: close");
>> +
>> + return true;
>> +}
>> +
>> /* __expected_uid_gid - check whether file is owned by the provided uid and gid */
>> static bool __expected_uid_gid(int dfd, const char *path, int flags,
>> uid_t expected_uid, gid_t expected_gid, bool log)
>> @@ -7841,7 +7860,10 @@ static int setgid_create(void)
>> {
>> int fret = -1;
>> int file1_fd = -EBADF;
>> + int tmpfile_fd = -EBADF;
>> pid_t pid;
>> + bool supported = false;
>> + char path[PATH_MAX];
>>
>> if (!caps_supported())
>> return 0;
>> @@ -7866,6 +7888,8 @@ static int setgid_create(void)
>> goto out;
>> }
>>
>> + supported = openat_tmpfile_supported(t_dir1_fd);
>> +
>> pid = fork();
>> if (pid< 0) {
>> log_stderr("failure: fork");
>> @@ -7929,6 +7953,25 @@ static int setgid_create(void)
>> if (unlinkat(t_dir1_fd, CHRDEV1, 0))
>> die("failure: delete");
>>
>> + /* create tmpfile via filesystem tmpfile api */
>> + if (supported) {
>> + tmpfile_fd = openat(t_dir1_fd, ".", O_TMPFILE | O_RDWR, S_IXGRP | S_ISGID);
>> + if (tmpfile_fd< 0)
>> + die("failure: create");
>> + /* link the temporary file into the filesystem, making it permanent */
>> + snprintf(path, PATH_MAX, "/proc/self/fd/%d", tmpfile_fd);
>> + if (linkat(AT_FDCWD, path, t_dir1_fd, FILE3, AT_SYMLINK_FOLLOW))
>> + die("failure: linkat");
>
> Fwiw, I don't think you need that snprintf() dance as you should be able
> to use AT_EMPTY_PATH:
>
> if (linkat(fd, "", t_dir1_fd, FILE3, AT_EMPTY_PATH))
>
> for this.
Oh, Yes, it works well. Thanks.
ps:I also use this way but failed before(I used wrong argument NULL
instead of "" when see open(2) man-pages ) .
Best Regards
Yang Xu
next prev parent reply other threads:[~2022-04-13 8:48 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-12 11:33 [PATCH v3 1/5] idmapped-mounts: Reset errno to zero after detect fs_allow_idmap Yang Xu
2022-04-12 11:33 ` [PATCH v3 2/5] idmapped-mounts: Add mknodat operation in setgid test Yang Xu
2022-04-13 7:59 ` Christian Brauner
2022-04-13 8:31 ` xuyang2018.jy
2022-04-13 9:05 ` Christian Brauner
2022-04-12 11:33 ` [PATCH v3 3/5] idmapped-mounts: Add open with O_TMPFILE " Yang Xu
2022-04-13 8:07 ` Christian Brauner
2022-04-13 8:48 ` xuyang2018.jy [this message]
2022-04-12 11:33 ` [PATCH v3 4/5] idmapped-mounts: Add new setgid_create_umask test Yang Xu
2022-04-13 8:59 ` Christian Brauner
2022-04-13 9:45 ` xuyang2018.jy
2022-04-13 9:59 ` Christian Brauner
2022-04-13 10:09 ` xuyang2018.jy
2022-04-12 11:33 ` [PATCH v3 5/5] idmapped-mounts: Add new setgid_create_acl test Yang Xu
2022-04-13 7:50 ` [PATCH v3 1/5] idmapped-mounts: Reset errno to zero after detect fs_allow_idmap Christian Brauner
2022-05-07 1:33 ` xuyang2018.jy
2022-05-07 8:52 ` Zorro Lang
2022-05-07 9:12 ` xuyang2018.jy
2022-05-07 11:40 ` Christian Brauner
2022-05-07 12:26 ` Zorro Lang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=62569C96.3080207@fujitsu.com \
--to=xuyang2018.jy@fujitsu.com \
--cc=brauner@kernel.org \
--cc=david@fromorbit.com \
--cc=djwong@kernel.org \
--cc=fstests@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).