From: Sargun Dhillon <sargun@sargun.me>
To: Trond Myklebust <trondmy@hammerspace.com>
Cc: "linux-nfs@vger.kernel.org" <linux-nfs@vger.kernel.org>,
"smayhew@redhat.com" <smayhew@redhat.com>,
"dhowells@redhat.com" <dhowells@redhat.com>,
"linux-fsdevel@vger.kernel.org" <linux-fsdevel@vger.kernel.org>,
"chuck.lever@oracle.com" <chuck.lever@oracle.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"schumaker.anna@gmail.com" <schumaker.anna@gmail.com>,
"alban.crequy@gmail.com" <alban.crequy@gmail.com>,
"anna.schumaker@netapp.com" <anna.schumaker@netapp.com>,
"mauricio@kinvolk.io" <mauricio@kinvolk.io>,
"bfields@fieldses.org" <bfields@fieldses.org>
Subject: Re: [PATCH v4 0/2] NFS: Fix interaction between fs_context and user namespaces
Date: Thu, 12 Nov 2020 00:30:57 +0000 [thread overview]
Message-ID: <20201112003056.GA351@ircssh-2.c.rugged-nimbus-611.internal> (raw)
In-Reply-To: <17d0e6c2e30d5b28cc1cb0313822e5ca39a2245c.camel@hammerspace.com>
On Wed, Nov 11, 2020 at 08:03:18PM +0000, Trond Myklebust wrote:
> On Wed, 2020-11-11 at 18:57 +0000, Sargun Dhillon wrote:
> > On Wed, Nov 11, 2020 at 02:38:11PM +0000, Trond Myklebust wrote:
> > > On Wed, 2020-11-11 at 11:12 +0000, Sargun Dhillon wrote:
> > >
> > > The current code for setting server->cred was developed
> > > independently
> > > of fsopen() (and predates it actually). I'm fine with the change to
> > > have server->cred be the cred of the user that called fsopen().
> > > That's
> > > in line with what we used to do for sys_mount().
> > >
> > Just curious, without FS_USERNS, how were you mounting NFSv4 in an
> > unprivileged user ns?
>
> The code was originally developed on a 5.1 kernel. So all my testing
> has been with ordinary sys_mount() calls in a container that had
> CAP_SYS_ADMIN privileges.
>
> > > However all the other stuff to throw errors when the user namespace
> > > is
> > > not init_user_ns introduces massive regressions.
> > >
> >
> > I can remove that and respin the patch. How do you feel about that?
> > I would
> > still like to keep the log lines though because it is a uapi change.
> > I am
> > worried that someone might exercise this path with GSS and allow for
> > upcalls
> > into the main namespaces by accident -- or be confused of why they're
> > seeing
> > upcalls "in a different namespace".
> >
> > Are you okay with picking up ("NFS: NFSv2/NFSv3: Use cred from
> > fs_context during
> > mount") without any changes?
>
> Why do we need the dprintk()s? It seems to me that either they should
> be reporting something that the user needs to know (in which case they
> should be real printk()s) or they are telling us something that we
> should already know. To me they seem to fit more in the latter
> category.
>
> >
> > I can respin ("NFSv4: Refactor NFS to use user namespaces") without:
> > /*
> > * nfs4idmap is not fully isolated by user namespaces. It is
> > currently
> > * only network namespace aware. If upcalls never happen, we do not
> > * need to worry as nfs_client instances aren't shared between
> > * user namespaces.
> > */
> > if (idmap_userns(server->nfs_client->cl_idmap) != &init_user_ns &&
> > !(server->caps & NFS_CAP_UIDGID_NOMAP)) {
> > error = -EINVAL;
> > errorf(fc, "Mount credentials are from non init user
> > namespace and ID mapping is enabled. This is not allowed.");
> > goto error;
> > }
> >
> > (and making it so we can call idmap_userns)
> >
>
> Yes. That would be acceptable. Again, though, I'd like to see the
> dprintk()s gone.
>
I can drop the dprintks, but given this is a uapi change, does it make sense to
pr_info_once? Especially, because this can have security impact?
next prev parent reply other threads:[~2020-11-12 1:50 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-02 17:47 [PATCH v4 0/2] NFS: Fix interaction between fs_context and user namespaces Sargun Dhillon
2020-11-02 17:47 ` [PATCH v4 1/2] NFS: NFSv2/NFSv3: Use cred from fs_context during mount Sargun Dhillon
2020-11-02 17:47 ` [PATCH v4 2/2] NFSv4: Refactor NFS to use user namespaces Sargun Dhillon
2020-11-10 16:43 ` [PATCH v4 0/2] NFS: Fix interaction between fs_context and " Alban Crequy
2020-11-10 20:12 ` Trond Myklebust
2020-11-11 11:12 ` Sargun Dhillon
2020-11-11 14:38 ` Trond Myklebust
2020-11-11 18:57 ` Sargun Dhillon
2020-11-11 20:03 ` Trond Myklebust
2020-11-12 0:30 ` Sargun Dhillon [this message]
2020-11-12 0:42 ` Sargun Dhillon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201112003056.GA351@ircssh-2.c.rugged-nimbus-611.internal \
--to=sargun@sargun.me \
--cc=alban.crequy@gmail.com \
--cc=anna.schumaker@netapp.com \
--cc=bfields@fieldses.org \
--cc=chuck.lever@oracle.com \
--cc=dhowells@redhat.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=mauricio@kinvolk.io \
--cc=schumaker.anna@gmail.com \
--cc=smayhew@redhat.com \
--cc=trondmy@hammerspace.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).