From: Theodore Ts'o <tytso@mit.edu>
To: "Serge E. Hallyn" <serge@hallyn.com>
Cc: Seth Forshee <seth.forshee@canonical.com>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Alexander Viro <viro@zeniv.linux.org.uk>,
Serge Hallyn <serge.hallyn@canonical.com>,
Richard Weinberger <richard.weinberger@gmail.com>,
Austin S Hemmelgarn <ahferroin7@gmail.com>,
Miklos Szeredi <miklos@szeredi.hu>,
linux-bcache@vger.kernel.org, dm-devel@redhat.com,
linux-raid@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-mtd@lists.infradead.org, linux-fsdevel@vger.kernel.org,
fuse-devel@lists.sourceforge.net,
linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov
Subject: Re: [PATCH 14/19] fs: Permit FIBMAP for users with CAP_SYS_RAWIO in s_user_ns
Date: Fri, 4 Dec 2015 15:05:28 -0500 [thread overview]
Message-ID: <20151204200528.GC18359@thunk.org> (raw)
In-Reply-To: <20151204191143.GE3624@mail.hallyn.com>
The fact that we need CAP_SYS_RAIO for FIBMAP is pretty silly, given
that FIEMAP does not require privileges --- and in fact the preferred
interface. Why not just simply drop the requirement for privileges
for FIBMAP?
(Seth, Serge, this isn't a real objection to your patch; but the fact
that FIBMAP requires root has always been a bit silly, and this would
be a great opportunity to simplify things a bit.)
- Ted
On Fri, Dec 04, 2015 at 01:11:43PM -0600, Serge E. Hallyn wrote:
> Quoting Seth Forshee (seth.forshee@canonical.com):
> > Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
>
> Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
>
> > ---
> > fs/ioctl.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/fs/ioctl.c b/fs/ioctl.c
> > index 5d01d2638ca5..45c371bed7ee 100644
> > --- a/fs/ioctl.c
> > +++ b/fs/ioctl.c
> > @@ -55,7 +55,7 @@ static int ioctl_fibmap(struct file *filp, int __user *p)
> > /* do we support this mess? */
> > if (!mapping->a_ops->bmap)
> > return -EINVAL;
> > - if (!capable(CAP_SYS_RAWIO))
> > + if (!ns_capable(filp->f_inode->i_sb->s_user_ns, CAP_SYS_RAWIO))
> > return -EPERM;
> > res = get_user(block, p);
> > if (res)
> > --
> > 1.9.1
> >
> > --
> > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> > the body of a message to majordomo@vger.kernel.org
> > More majordomo info at http://vger.kernel.org/majordomo-info.html
> > Please read the FAQ at http://www.tux.org/lkml/
> --
> To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2015-12-04 20:05 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-02 15:40 [PATCH 00/19] Support fuse mounts in user namespaces Seth Forshee
2015-12-02 15:40 ` [PATCH 01/19] block_dev: Support checking inode permissions in lookup_bdev() Seth Forshee
2015-12-04 16:26 ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 02/19] block_dev: Check permissions towards block device inode when mounting Seth Forshee
2015-12-04 16:28 ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 03/19] fs: Treat foreign mounts as nosuid Seth Forshee
2015-12-04 16:55 ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 04/19] selinux: Add support for unprivileged mounts from user namespaces Seth Forshee
2015-12-02 15:40 ` [PATCH 05/19] userns: Replace in_userns with current_in_userns Seth Forshee
2015-12-04 17:01 ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 06/19] Smack: Handle labels consistently in untrusted mounts Seth Forshee
2015-12-02 15:40 ` [PATCH 07/19] fs: Check for invalid i_uid in may_follow_link() Seth Forshee
2015-12-04 16:42 ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 08/19] cred: Reject inodes with invalid ids in set_create_file_as() Seth Forshee
2015-12-04 16:49 ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 09/19] fs: Refuse uid/gid changes which don't map into s_user_ns Seth Forshee
2015-12-04 17:27 ` Serge E. Hallyn
2015-12-04 17:46 ` Seth Forshee
2015-12-04 19:42 ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 10/19] fs: Update posix_acl support to handle user namespace mounts Seth Forshee
2015-12-04 18:50 ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 11/19] fs: Ensure the mounter of a filesystem is privileged towards its inodes Seth Forshee
2015-12-04 19:00 ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 12/19] fs: Don't remove suid for CAP_FSETID in s_user_ns Seth Forshee
2015-12-04 19:02 ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 13/19] fs: Allow superblock owner to access do_remount_sb() Seth Forshee
2015-12-04 19:02 ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 14/19] fs: Permit FIBMAP for users with CAP_SYS_RAWIO in s_user_ns Seth Forshee
2015-12-04 19:11 ` Serge E. Hallyn
2015-12-04 20:05 ` Theodore Ts'o [this message]
2015-12-04 20:07 ` Serge E. Hallyn
2015-12-04 20:45 ` Seth Forshee
2015-12-04 23:11 ` Theodore Ts'o
2015-12-04 23:43 ` Serge E. Hallyn
2015-12-05 6:15 ` Seth Forshee
2015-12-05 0:00 ` Andreas Dilger
2015-12-02 15:40 ` [PATCH 15/19] capabilities: Allow privileged user in s_user_ns to set file caps Seth Forshee
2015-12-04 19:42 ` Serge E. Hallyn
2015-12-04 20:36 ` Seth Forshee
2015-12-04 22:05 ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 16/19] fuse: Add support for pid namespaces Seth Forshee
2015-12-02 15:40 ` [PATCH 17/19] fuse: Support fuse filesystems outside of init_user_ns Seth Forshee
2015-12-04 15:38 ` Seth Forshee
2015-12-04 20:03 ` Serge E. Hallyn
2015-12-04 20:41 ` Seth Forshee
2015-12-04 21:57 ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 18/19] fuse: Restrict allow_other to the superblock's namespace or a descendant Seth Forshee
2015-12-04 20:05 ` Serge E. Hallyn
2015-12-04 20:43 ` Seth Forshee
2015-12-04 21:57 ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 19/19] fuse: Allow user namespace mounts Seth Forshee
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151204200528.GC18359@thunk.org \
--to=tytso@mit.edu \
--cc=ahferroin7@gmail.com \
--cc=dm-devel@redhat.com \
--cc=ebiederm@xmission.com \
--cc=fuse-devel@lists.sourceforge.net \
--cc=linux-bcache@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mtd@lists.infradead.org \
--cc=linux-raid@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=richard.weinberger@gmail.com \
--cc=selinux@tycho.nsa.gov \
--cc=serge.hallyn@canonical.com \
--cc=serge@hallyn.com \
--cc=seth.forshee@canonical.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).