* 4.2: Can't mount sysfs in a mount ns & user ns @ 2015-08-13 7:53 Lubomir Rintel 2015-08-13 15:20 ` Eric W. Biederman 0 siblings, 1 reply; 7+ messages in thread From: Lubomir Rintel @ 2015-08-13 7:53 UTC (permalink / raw) To: linux-fsdevel; +Cc: Eric W. Biederman Hi, 4.0.6-300.fc22.x86_64: [lkundrak@fedora22-1 ~]$ unshare -r --mount --net [root@fedora22-1 ~]# mount --make-slave /sys [root@fedora22-1 ~]# mount -t sysfs sysfs /sys [root@fedora22-1 ~]# 4.2.0-0.rc6.git0.1.fc24.x86_64: [lkundrak@fedora23-1 ~]$ unshare -r --mount --net [root@fedora23-1 ~]# mount --make-slave /sys [root@fedora23-1 ~]# mount -t sysfs sysfs /sys mount: permission denied [root@fedora23-1 ~]# we use this in NetworkManager test suite, to ensure the devices we see via GUdev are the same as we see via rtnetlink. I'm wondering if this is a bug or an intended change? Thanks, Lubo ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: 4.2: Can't mount sysfs in a mount ns & user ns 2015-08-13 7:53 4.2: Can't mount sysfs in a mount ns & user ns Lubomir Rintel @ 2015-08-13 15:20 ` Eric W. Biederman 2015-08-13 16:07 ` Lubomir Rintel 0 siblings, 1 reply; 7+ messages in thread From: Eric W. Biederman @ 2015-08-13 15:20 UTC (permalink / raw) To: Lubomir Rintel; +Cc: linux-fsdevel Lubomir Rintel <lkundrak@v3.sk> writes: > Hi, > > 4.0.6-300.fc22.x86_64: > [lkundrak@fedora22-1 ~]$ unshare -r --mount --net > [root@fedora22-1 ~]# mount --make-slave /sys > [root@fedora22-1 ~]# mount -t sysfs sysfs /sys > [root@fedora22-1 ~]# > > 4.2.0-0.rc6.git0.1.fc24.x86_64: > [lkundrak@fedora23-1 ~]$ unshare -r --mount --net > [root@fedora23-1 ~]# mount --make-slave /sys > [root@fedora23-1 ~]# mount -t sysfs sysfs /sys > mount: permission denied > [root@fedora23-1 ~]# > > we use this in NetworkManager test suite, to ensure the devices we see > via GUdev are the same as we see via rtnetlink. > > I'm wondering if this is a bug or an intended change? There was an intentional tightening up of the permissions required to mount sysfs to prevent people in jails from gaining access to things they would not ordinarily have access to. The change was not expected to affect anyones legitimate use case. What are the mount flags of the previous mount of sysfs? What is mounted on top of sysfs? Or in short can I see /proc/self/mounts for the failing scenario? Without a little more detail I can't see if there is a possible security violation in your code or if this is something I can fix. Eric ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: 4.2: Can't mount sysfs in a mount ns & user ns 2015-08-13 15:20 ` Eric W. Biederman @ 2015-08-13 16:07 ` Lubomir Rintel 2015-08-13 16:17 ` Eric W. Biederman 0 siblings, 1 reply; 7+ messages in thread From: Lubomir Rintel @ 2015-08-13 16:07 UTC (permalink / raw) To: Eric W. Biederman; +Cc: linux-fsdevel Hello, On Thu, 2015-08-13 at 10:20 -0500, Eric W. Biederman wrote: > Lubomir Rintel <lkundrak@v3.sk> writes: > > > Hi, > > > > 4.0.6-300.fc22.x86_64: > > [lkundrak@fedora22-1 ~]$ unshare -r --mount --net > > [root@fedora22-1 ~]# mount --make-slave /sys > > [root@fedora22-1 ~]# mount -t sysfs sysfs /sys > > [root@fedora22-1 ~]# > > > > 4.2.0-0.rc6.git0.1.fc24.x86_64: > > [lkundrak@fedora23-1 ~]$ unshare -r --mount --net > > [root@fedora23-1 ~]# mount --make-slave /sys > > [root@fedora23-1 ~]# mount -t sysfs sysfs /sys > > mount: permission denied > > [root@fedora23-1 ~]# > > > > we use this in NetworkManager test suite, to ensure the devices we > > see > > via GUdev are the same as we see via rtnetlink. > > > > I'm wondering if this is a bug or an intended change? > > There was an intentional tightening up of the permissions required to > mount sysfs to prevent people in jails from gaining access to things > they would not ordinarily have access to. The change was not > expected > to affect anyones legitimate use case. > > What are the mount flags of the previous mount of sysfs? > What is mounted on top of sysfs? > > Or in short can I see /proc/self/mounts for the failing scenario? Looks like this: sysfs /sys sysfs rw,seclabel,nosuid,nodev,noexec,relatime 0 0 proc /proc proc rw,relatime 0 0 devtmpfs /dev devtmpfs rw,seclabel,nosuid,size=882904k,nr_inodes=220726,mode=755 0 0 securityfs /sys/kernel/security securityfs rw,nosuid,nodev,noexec,relatime 0 0 tmpfs /dev/shm tmpfs rw,seclabel,nosuid,nodev 0 0 devpts /dev/pts devpts rw,seclabel,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0 tmpfs /run tmpfs rw,seclabel,nosuid,nodev,mode=755 0 0 tmpfs /sys/fs/cgroup tmpfs ro,seclabel,nosuid,nodev,noexec,mode=755 0 0 cgroup /sys/fs/cgroup/systemd cgroup rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd 0 0 pstore /sys/fs/pstore pstore rw,seclabel,nosuid,nodev,noexec,relatime 0 0 kdbusfs /sys/fs/kdbus kdbusfs rw,nosuid,nodev,noexec,relatime 0 0 cgroup /sys/fs/cgroup/hugetlb cgroup rw,nosuid,nodev,noexec,relatime,hugetlb 0 0 cgroup /sys/fs/cgroup/net_cls,net_prio cgroup rw,nosuid,nodev,noexec,relatime,net_cls,net_prio 0 0 cgroup /sys/fs/cgroup/devices cgroup rw,nosuid,nodev,noexec,relatime,devices 0 0 cgroup /sys/fs/cgroup/cpu,cpuacct cgroup rw,nosuid,nodev,noexec,relatime,cpu,cpuacct 0 0 cgroup /sys/fs/cgroup/perf_event cgroup rw,nosuid,nodev,noexec,relatime,perf_event 0 0 cgroup /sys/fs/cgroup/cpuset cgroup rw,nosuid,nodev,noexec,relatime,cpuset 0 0 cgroup /sys/fs/cgroup/memory cgroup rw,nosuid,nodev,noexec,relatime,memory 0 0 cgroup /sys/fs/cgroup/freezer cgroup rw,nosuid,nodev,noexec,relatime,freezer 0 0 cgroup /sys/fs/cgroup/blkio cgroup rw,nosuid,nodev,noexec,relatime,blkio 0 0 configfs /sys/kernel/config configfs rw,relatime 0 0 /dev/vda3 / btrfs rw,seclabel,relatime,space_cache,subvolid=5,subvol=/ 0 0 selinuxfs /sys/fs/selinux selinuxfs rw,relatime 0 0 systemd-1 /proc/sys/fs/binfmt_misc autofs rw,relatime,fd=36,pgrp=1,timeout=0,minproto=5,maxproto=5,direct 0 0 tmpfs /tmp tmpfs rw,seclabel 0 0 mqueue /dev/mqueue mqueue rw,seclabel,relatime 0 0 debugfs /sys/kernel/debug debugfs rw,seclabel,relatime 0 0 hugetlbfs /dev/hugepages hugetlbfs rw,seclabel,relatime 0 0 /dev/vda1 /boot ext4 rw,seclabel,relatime,data=ordered 0 0 tmpfs /run/user/42 tmpfs rw,seclabel,nosuid,nodev,relatime,size=178648k,mode=700,uid=42,gid=42 0 0 gvfsd-fuse /run/user/42/gvfs fuse.gvfsd-fuse rw,nosuid,nodev,relatime,user_id=42,group_id=42 0 0 fusectl /sys/fs/fuse/connections fusectl rw,relatime 0 0 tmpfs /run/user/8086 tmpfs rw,seclabel,nosuid,nodev,relatime,size=178648k,mode=700,uid=8086,gid=8086 0 0 gvfsd-fuse /run/user/8086/gvfs fuse.gvfsd-fuse rw,nosuid,nodev,relatime,user_id=8086,group_id=8086 0 0 > Without a little more detail I can't see if there is a possible > security > violation in your code or if this is something I can fix. > > Eric Thanks for the response Lubo ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: 4.2: Can't mount sysfs in a mount ns & user ns 2015-08-13 16:07 ` Lubomir Rintel @ 2015-08-13 16:17 ` Eric W. Biederman 2015-08-14 13:21 ` [PATCH] kdbus: create /sys/fs/kdbus with sysfs_create_mount_point() Lubomir Rintel 0 siblings, 1 reply; 7+ messages in thread From: Eric W. Biederman @ 2015-08-13 16:17 UTC (permalink / raw) To: Lubomir Rintel; +Cc: linux-fsdevel Lubomir Rintel <lkundrak@v3.sk> writes: > Hello, > > On Thu, 2015-08-13 at 10:20 -0500, Eric W. Biederman wrote: >> Lubomir Rintel <lkundrak@v3.sk> writes: >> >> > Hi, >> > >> > 4.0.6-300.fc22.x86_64: >> > [lkundrak@fedora22-1 ~]$ unshare -r --mount --net >> > [root@fedora22-1 ~]# mount --make-slave /sys >> > [root@fedora22-1 ~]# mount -t sysfs sysfs /sys >> > [root@fedora22-1 ~]# >> > >> > 4.2.0-0.rc6.git0.1.fc24.x86_64: >> > [lkundrak@fedora23-1 ~]$ unshare -r --mount --net >> > [root@fedora23-1 ~]# mount --make-slave /sys >> > [root@fedora23-1 ~]# mount -t sysfs sysfs /sys >> > mount: permission denied >> > [root@fedora23-1 ~]# >> > >> > we use this in NetworkManager test suite, to ensure the devices we >> > see >> > via GUdev are the same as we see via rtnetlink. >> > >> > I'm wondering if this is a bug or an intended change? >> >> There was an intentional tightening up of the permissions required to >> mount sysfs to prevent people in jails from gaining access to things >> they would not ordinarily have access to. The change was not >> expected >> to affect anyones legitimate use case. >> >> What are the mount flags of the previous mount of sysfs? >> What is mounted on top of sysfs? >> >> Or in short can I see /proc/self/mounts for the failing scenario? > > Looks like this: > > sysfs /sys sysfs rw,seclabel,nosuid,nodev,noexec,relatime 0 0 > proc /proc proc rw,relatime 0 0 > devtmpfs /dev devtmpfs rw,seclabel,nosuid,size=882904k,nr_inodes=220726,mode=755 0 0 > securityfs /sys/kernel/security securityfs rw,nosuid,nodev,noexec,relatime 0 0 > tmpfs /dev/shm tmpfs rw,seclabel,nosuid,nodev 0 0 > devpts /dev/pts devpts rw,seclabel,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0 > tmpfs /run tmpfs rw,seclabel,nosuid,nodev,mode=755 0 0 > tmpfs /sys/fs/cgroup tmpfs ro,seclabel,nosuid,nodev,noexec,mode=755 0 0 > cgroup /sys/fs/cgroup/systemd cgroup rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd 0 0 > pstore /sys/fs/pstore pstore rw,seclabel,nosuid,nodev,noexec,relatime 0 0 > kdbusfs /sys/fs/kdbus kdbusfs rw,nosuid,nodev,noexec,relatime 0 0 ^^^^^^^^^^^^^ This directory is probably not created with sysfs_create_mount_point So I suspect this is your culprit. > cgroup /sys/fs/cgroup/hugetlb cgroup rw,nosuid,nodev,noexec,relatime,hugetlb 0 0 > cgroup /sys/fs/cgroup/net_cls,net_prio cgroup rw,nosuid,nodev,noexec,relatime,net_cls,net_prio 0 0 > cgroup /sys/fs/cgroup/devices cgroup rw,nosuid,nodev,noexec,relatime,devices 0 0 > cgroup /sys/fs/cgroup/cpu,cpuacct cgroup rw,nosuid,nodev,noexec,relatime,cpu,cpuacct 0 0 > cgroup /sys/fs/cgroup/perf_event cgroup rw,nosuid,nodev,noexec,relatime,perf_event 0 0 > cgroup /sys/fs/cgroup/cpuset cgroup rw,nosuid,nodev,noexec,relatime,cpuset 0 0 > cgroup /sys/fs/cgroup/memory cgroup rw,nosuid,nodev,noexec,relatime,memory 0 0 > cgroup /sys/fs/cgroup/freezer cgroup rw,nosuid,nodev,noexec,relatime,freezer 0 0 > cgroup /sys/fs/cgroup/blkio cgroup rw,nosuid,nodev,noexec,relatime,blkio 0 0 > configfs /sys/kernel/config configfs rw,relatime 0 0 > /dev/vda3 / btrfs rw,seclabel,relatime,space_cache,subvolid=5,subvol=/ 0 0 > selinuxfs /sys/fs/selinux selinuxfs rw,relatime 0 0 > systemd-1 /proc/sys/fs/binfmt_misc autofs rw,relatime,fd=36,pgrp=1,timeout=0,minproto=5,maxproto=5,direct 0 0 > tmpfs /tmp tmpfs rw,seclabel 0 0 > mqueue /dev/mqueue mqueue rw,seclabel,relatime 0 0 > debugfs /sys/kernel/debug debugfs rw,seclabel,relatime 0 0 > hugetlbfs /dev/hugepages hugetlbfs rw,seclabel,relatime 0 0 > /dev/vda1 /boot ext4 rw,seclabel,relatime,data=ordered 0 0 > tmpfs /run/user/42 tmpfs rw,seclabel,nosuid,nodev,relatime,size=178648k,mode=700,uid=42,gid=42 0 0 > gvfsd-fuse /run/user/42/gvfs fuse.gvfsd-fuse rw,nosuid,nodev,relatime,user_id=42,group_id=42 0 0 > fusectl /sys/fs/fuse/connections fusectl rw,relatime 0 0 > tmpfs /run/user/8086 tmpfs rw,seclabel,nosuid,nodev,relatime,size=178648k,mode=700,uid=8086,gid=8086 0 0 > gvfsd-fuse /run/user/8086/gvfs fuse.gvfsd-fuse rw,nosuid,nodev,relatime,user_id=8086,group_id=8086 0 0 > >> Without a little more detail I can't see if there is a possible >> security >> violation in your code or if this is something I can fix. >> >> Eric > > Thanks for the response It looks like this is a kdbus thing. I don't see anything else that should be causing problems. Please try again with kdbus disabled and see what happens, and when it works please let the kdbus guys know that the need to use sysfs_create_mount_point. Eric ^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH] kdbus: create /sys/fs/kdbus with sysfs_create_mount_point() 2015-08-13 16:17 ` Eric W. Biederman @ 2015-08-14 13:21 ` Lubomir Rintel 2015-08-17 17:23 ` David Herrmann 0 siblings, 1 reply; 7+ messages in thread From: Lubomir Rintel @ 2015-08-14 13:21 UTC (permalink / raw) To: Greg Kroah-Hartman Cc: Daniel Mack, David Herrmann, Djalal Harouni, linux-kernel, Eric W. Biederman, linux-fsdevel, Lubomir Rintel Since 0cbee99269 user-namespace pull, if a kdbusfs is mounted on a location that's not created with sysfs_create_mount_point the user namespaces are not allowed to mount their sysfs instances. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk> --- Applies on top of char-misc/kdbus a36324913. ipc/kdbus/main.c | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/ipc/kdbus/main.c b/ipc/kdbus/main.c index 1ad4dc8..c2117ea 100644 --- a/ipc/kdbus/main.c +++ b/ipc/kdbus/main.c @@ -75,16 +75,13 @@ * '» struct kdbus_ep *ep (owned) */ -/* kdbus mount-point /sys/fs/kdbus */ -static struct kobject *kdbus_dir; - static int __init kdbus_init(void) { int ret; - kdbus_dir = kobject_create_and_add(KBUILD_MODNAME, fs_kobj); - if (!kdbus_dir) - return -ENOMEM; + ret = sysfs_create_mount_point(fs_kobj, KBUILD_MODNAME); + if (ret) + return ret; ret = kdbus_fs_init(); if (ret < 0) { @@ -96,14 +93,14 @@ static int __init kdbus_init(void) return 0; exit_dir: - kobject_put(kdbus_dir); + sysfs_remove_mount_point(fs_kobj, KBUILD_MODNAME); return ret; } static void __exit kdbus_exit(void) { kdbus_fs_exit(); - kobject_put(kdbus_dir); + sysfs_remove_mount_point(fs_kobj, KBUILD_MODNAME); ida_destroy(&kdbus_node_ida); } -- 2.4.3 ^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH] kdbus: create /sys/fs/kdbus with sysfs_create_mount_point() 2015-08-14 13:21 ` [PATCH] kdbus: create /sys/fs/kdbus with sysfs_create_mount_point() Lubomir Rintel @ 2015-08-17 17:23 ` David Herrmann 2015-08-17 20:52 ` Josh Boyer 0 siblings, 1 reply; 7+ messages in thread From: David Herrmann @ 2015-08-17 17:23 UTC (permalink / raw) To: Lubomir Rintel Cc: Greg Kroah-Hartman, Daniel Mack, David Herrmann, Djalal Harouni, linux-kernel, Eric W. Biederman, linux-fsdevel Hi On Fri, Aug 14, 2015 at 3:21 PM, Lubomir Rintel <lkundrak@v3.sk> wrote: > Since 0cbee99269 user-namespace pull, if a kdbusfs is mounted on a > location that's not created with sysfs_create_mount_point the user > namespaces are not allowed to mount their sysfs instances. > > Signed-off-by: Lubomir Rintel <lkundrak@v3.sk> > --- > Applies on top of char-misc/kdbus a36324913. This does not apply on top of char-misc/kdbus. The tree lacks the necessary commits. But yeah, it's required for 4.2. I'll keep it starred until Greg back-merges 4.2. Anyway, this is still: Reviewed-by: David Herrmann <dh.herrmann@gmail.com> Thanks! David > ipc/kdbus/main.c | 13 +++++-------- > 1 file changed, 5 insertions(+), 8 deletions(-) > > diff --git a/ipc/kdbus/main.c b/ipc/kdbus/main.c > index 1ad4dc8..c2117ea 100644 > --- a/ipc/kdbus/main.c > +++ b/ipc/kdbus/main.c > @@ -75,16 +75,13 @@ > * '» struct kdbus_ep *ep (owned) > */ > > -/* kdbus mount-point /sys/fs/kdbus */ > -static struct kobject *kdbus_dir; > - > static int __init kdbus_init(void) > { > int ret; > > - kdbus_dir = kobject_create_and_add(KBUILD_MODNAME, fs_kobj); > - if (!kdbus_dir) > - return -ENOMEM; > + ret = sysfs_create_mount_point(fs_kobj, KBUILD_MODNAME); > + if (ret) > + return ret; > > ret = kdbus_fs_init(); > if (ret < 0) { > @@ -96,14 +93,14 @@ static int __init kdbus_init(void) > return 0; > > exit_dir: > - kobject_put(kdbus_dir); > + sysfs_remove_mount_point(fs_kobj, KBUILD_MODNAME); > return ret; > } > > static void __exit kdbus_exit(void) > { > kdbus_fs_exit(); > - kobject_put(kdbus_dir); > + sysfs_remove_mount_point(fs_kobj, KBUILD_MODNAME); > ida_destroy(&kdbus_node_ida); > } > > -- > 2.4.3 > ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] kdbus: create /sys/fs/kdbus with sysfs_create_mount_point() 2015-08-17 17:23 ` David Herrmann @ 2015-08-17 20:52 ` Josh Boyer 0 siblings, 0 replies; 7+ messages in thread From: Josh Boyer @ 2015-08-17 20:52 UTC (permalink / raw) To: David Herrmann Cc: Lubomir Rintel, Greg Kroah-Hartman, Daniel Mack, David Herrmann, Djalal Harouni, linux-kernel, Eric W. Biederman, linux-fsdevel On Mon, Aug 17, 2015 at 1:23 PM, David Herrmann <dh.herrmann@gmail.com> wrote: > Hi > > On Fri, Aug 14, 2015 at 3:21 PM, Lubomir Rintel <lkundrak@v3.sk> wrote: >> Since 0cbee99269 user-namespace pull, if a kdbusfs is mounted on a >> location that's not created with sysfs_create_mount_point the user >> namespaces are not allowed to mount their sysfs instances. >> >> Signed-off-by: Lubomir Rintel <lkundrak@v3.sk> >> --- >> Applies on top of char-misc/kdbus a36324913. > > This does not apply on top of char-misc/kdbus. The tree lacks the > necessary commits. But yeah, it's required for 4.2. I'll keep it > starred until Greg back-merges 4.2. > > Anyway, this is still: Reviewed-by: David Herrmann <dh.herrmann@gmail.com> Grumble. Keeping track of this is getting to be somewhat of a pain. Why isn't the kdbus-next branch already at 4.2? So if one was carrying the contents of char-misc/kdbus as stand-alone patches on top of 4.2-rc7, should your Reviewed-by count as "yes, apply this patch in that instance?" josh ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2015-08-17 20:52 UTC | newest] Thread overview: 7+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2015-08-13 7:53 4.2: Can't mount sysfs in a mount ns & user ns Lubomir Rintel 2015-08-13 15:20 ` Eric W. Biederman 2015-08-13 16:07 ` Lubomir Rintel 2015-08-13 16:17 ` Eric W. Biederman 2015-08-14 13:21 ` [PATCH] kdbus: create /sys/fs/kdbus with sysfs_create_mount_point() Lubomir Rintel 2015-08-17 17:23 ` David Herrmann 2015-08-17 20:52 ` Josh Boyer
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox