[PATCH] cachefiles: Allow the cache to be non-root

linux-fsdevel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] cachefiles: Allow the cache to be non-root
@ 2023-05-19 17:21 David Howells
  2023-05-19 17:26 ` Jeff Layton
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: David Howells @ 2023-05-19 17:21 UTC (permalink / raw)
  To: linux-cachefs
  Cc: dhowells, Jeff Layton, linux-erofs, linux-fsdevel, linux-kernel

    
Set mode 0600 on files in the cache so that cachefilesd can run as an
unprivileged user rather than leaving the files all with 0.  Directories
are already set to 0700.

Userspace then needs to set the uid and gid before issuing the "bind"
command and the cache must've been chown'd to those IDs.

Signed-off-by: David Howells <dhowells@redhat.com>
cc: David Howells <dhowells@redhat.com>
cc: Jeff Layton <jlayton@kernel.org>
cc: linux-cachefs@redhat.com
cc: linux-erofs@lists.ozlabs.org
cc: linux-fsdevel@vger.kernel.org
---
 fs/cachefiles/namei.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/fs/cachefiles/namei.c b/fs/cachefiles/namei.c
index 82219a8f6084..66482c193e86 100644
--- a/fs/cachefiles/namei.c
+++ b/fs/cachefiles/namei.c
@@ -451,7 +451,8 @@ struct file *cachefiles_create_tmpfile(struct cachefiles_object *object)
 
 	ret = cachefiles_inject_write_error();
 	if (ret == 0) {
-		file = vfs_tmpfile_open(&nop_mnt_idmap, &parentpath, S_IFREG,
+		file = vfs_tmpfile_open(&nop_mnt_idmap, &parentpath,
+					S_IFREG | 0600,
 					O_RDWR | O_LARGEFILE | O_DIRECT,
 					cache->cache_cred);
 		ret = PTR_ERR_OR_ZERO(file);


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH] cachefiles: Allow the cache to be non-root
  2023-05-19 17:21 [PATCH] cachefiles: Allow the cache to be non-root David Howells
@ 2023-05-19 17:26 ` Jeff Layton
  2023-05-20  2:07 ` [Linux-cachefs] " Gao Xiang
  2023-06-05  8:56 ` Christian Brauner
  2 siblings, 0 replies; 4+ messages in thread
From: Jeff Layton @ 2023-05-19 17:26 UTC (permalink / raw)
  To: David Howells, linux-cachefs; +Cc: linux-erofs, linux-fsdevel, linux-kernel

On Fri, 2023-05-19 at 18:21 +0100, David Howells wrote:
>     
> Set mode 0600 on files in the cache so that cachefilesd can run as an
> unprivileged user rather than leaving the files all with 0.  Directories
> are already set to 0700.
> 
> Userspace then needs to set the uid and gid before issuing the "bind"
> command and the cache must've been chown'd to those IDs.
> 
> Signed-off-by: David Howells <dhowells@redhat.com>
> cc: David Howells <dhowells@redhat.com>
> cc: Jeff Layton <jlayton@kernel.org>
> cc: linux-cachefs@redhat.com
> cc: linux-erofs@lists.ozlabs.org
> cc: linux-fsdevel@vger.kernel.org
> ---
>  fs/cachefiles/namei.c |    3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/fs/cachefiles/namei.c b/fs/cachefiles/namei.c
> index 82219a8f6084..66482c193e86 100644
> --- a/fs/cachefiles/namei.c
> +++ b/fs/cachefiles/namei.c
> @@ -451,7 +451,8 @@ struct file *cachefiles_create_tmpfile(struct cachefiles_object *object)
>  
>  	ret = cachefiles_inject_write_error();
>  	if (ret == 0) {
> -		file = vfs_tmpfile_open(&nop_mnt_idmap, &parentpath, S_IFREG,
> +		file = vfs_tmpfile_open(&nop_mnt_idmap, &parentpath,
> +					S_IFREG | 0600,
>  					O_RDWR | O_LARGEFILE | O_DIRECT,
>  					cache->cache_cred);
>  		ret = PTR_ERR_OR_ZERO(file);
> 

Seems safe enough, and if it helps allow this to run unprivileged then:

Reviewed-by: Jeff Layton <jlayton@kernel.org>

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [Linux-cachefs] [PATCH] cachefiles: Allow the cache to be non-root
  2023-05-19 17:21 [PATCH] cachefiles: Allow the cache to be non-root David Howells
  2023-05-19 17:26 ` Jeff Layton
@ 2023-05-20  2:07 ` Gao Xiang
  2023-06-05  8:56 ` Christian Brauner
  2 siblings, 0 replies; 4+ messages in thread
From: Gao Xiang @ 2023-05-20  2:07 UTC (permalink / raw)
  To: David Howells, linux-cachefs
  Cc: linux-erofs, linux-fsdevel, Jeff Layton, linux-kernel



On 2023/5/20 10:21, David Howells wrote:
>      
> Set mode 0600 on files in the cache so that cachefilesd can run as an
> unprivileged user rather than leaving the files all with 0.  Directories
> are already set to 0700.
> 
> Userspace then needs to set the uid and gid before issuing the "bind"
> command and the cache must've been chown'd to those IDs.
> 
> Signed-off-by: David Howells <dhowells@redhat.com>
> cc: David Howells <dhowells@redhat.com>
> cc: Jeff Layton <jlayton@kernel.org>
> cc: linux-cachefs@redhat.com
> cc: linux-erofs@lists.ozlabs.org
> cc: linux-fsdevel@vger.kernel.org

It seems useful on our side as well and safe:

Reviewed-by: Gao Xiang <hsiangkao@linux.alibaba.com>

Thanks,
Gao Xiang

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] cachefiles: Allow the cache to be non-root
  2023-05-19 17:21 [PATCH] cachefiles: Allow the cache to be non-root David Howells
  2023-05-19 17:26 ` Jeff Layton
  2023-05-20  2:07 ` [Linux-cachefs] " Gao Xiang
@ 2023-06-05  8:56 ` Christian Brauner
  2 siblings, 0 replies; 4+ messages in thread
From: Christian Brauner @ 2023-06-05  8:56 UTC (permalink / raw)
  To: David Howells
  Cc: Christian Brauner, Jeff Layton, linux-erofs, linux-fsdevel,
	linux-kernel, linux-cachefs

On Fri, 19 May 2023 18:21:20 +0100, David Howells wrote:
> 
> Set mode 0600 on files in the cache so that cachefilesd can run as an
> unprivileged user rather than leaving the files all with 0.  Directories
> are already set to 0700.
> 
> Userspace then needs to set the uid and gid before issuing the "bind"
> command and the cache must've been chown'd to those IDs.
> 
> [...]

Applied to the vfs.misc branch of the vfs/vfs.git tree.
Patches in the vfs.misc branch should appear in linux-next soon.

Please report any outstanding bugs that were missed during review in a
new review to the original patch series allowing us to drop it.

It's encouraged to provide Acked-bys and Reviewed-bys even though the
patch has now been applied. If possible patch trailers will be updated.

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs.git
branch: vfs.misc

[1/1] cachefiles: Allow the cache to be non-root
      https://git.kernel.org/vfs/vfs/c/a64498ff493f

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2023-06-05  8:56 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-05-19 17:21 [PATCH] cachefiles: Allow the cache to be non-root David Howells
2023-05-19 17:26 ` Jeff Layton
2023-05-20  2:07 ` [Linux-cachefs] " Gao Xiang
2023-06-05  8:56 ` Christian Brauner

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).