Linux Documentation
 help / color / mirror / Atom feed
From: Mark Salyzyn <salyzyn@android.com>
To: Vivek Goyal <vgoyal@redhat.com>
Cc: linux-kernel@vger.kernel.org, Miklos Szeredi <miklos@szeredi.hu>,
	Jonathan Corbet <corbet@lwn.net>,
	linux-unionfs@vger.kernel.org, linux-doc@vger.kernel.org,
	Daniel Walsh <dwalsh@redhat.com>,
	Stephen Smalley <sds@tycho.nsa.gov>
Subject: Re: overlayfs: caller_credentials option bypass creator_cred
Date: Wed, 20 Jun 2018 08:28:30 -0700	[thread overview]
Message-ID: <d8e6c8ce-6305-67d8-6213-5460e5d0d88c@android.com> (raw)
In-Reply-To: <20180619143617.GC22657@redhat.com>

On 06/19/2018 07:36 AM, Vivek Goyal wrote:
> On Mon, Jun 18, 2018 at 02:59:50PM -0700, Mark Salyzyn wrote:
> So in this system all callers are priviliged and have the capability to
> mknod and set trusted xattrs.
This is true of the callers that make adjustments (in Android's Case 
this is an su context provided to the adb tool for sync and push). More 
importantly the large variety of callers have the passive/read MAC 
credentials for their domain set of files; where the mounter/creator 
does not.
>   (Amir mentioned the reason why we switch
> creds). If not, then file unlink (Should do mknod), lower non-empty directory
> rename (should set trusted REDIRECT) and bunch of other operations should fail.

Hmmm, neither was part of my test plan b/c these operations are more 
esoteric for development ... need to add them and address them.

Thanks all (You, Eric, Amir and private) for your comments, will 
regroup, test and address concerns!

-- Mark
--
To unsubscribe from this list: send the line "unsubscribe linux-doc" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

  reply	other threads:[~2018-06-20 15:28 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-06-18 15:42 overlayfs: caller_credentials option bypass creator_cred Mark Salyzyn
2018-06-18 18:54 ` Vivek Goyal
2018-06-18 19:18   ` Mark Salyzyn
2018-06-18 19:43     ` Vivek Goyal
2018-06-18 21:59       ` Mark Salyzyn
2018-06-19 14:36         ` Vivek Goyal
2018-06-20 15:28           ` Mark Salyzyn [this message]
2018-06-18 18:57 ` kbuild test robot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=d8e6c8ce-6305-67d8-6213-5460e5d0d88c@android.com \
    --to=salyzyn@android.com \
    --cc=corbet@lwn.net \
    --cc=dwalsh@redhat.com \
    --cc=linux-doc@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-unionfs@vger.kernel.org \
    --cc=miklos@szeredi.hu \
    --cc=sds@tycho.nsa.gov \
    --cc=vgoyal@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox