From: Dave Chinner <david@fromorbit.com>
To: Kamal Mostafa <kamal@canonical.com>
Cc: linux-kernel@vger.kernel.org, stable@vger.kernel.org,
kernel-team@lists.ubuntu.com,
Dwight Engen <dwight.engen@oracle.com>, Ben Myers <bpm@sgi.com>
Subject: Re: [PATCH 3.8 076/116] xfs: ioctl check for capabilities in the current user namespace
Date: Wed, 23 Jul 2014 09:12:57 +1000 [thread overview]
Message-ID: <20140722231257.GT4453@dastard> (raw)
In-Reply-To: <1406067727-19683-77-git-send-email-kamal@canonical.com>
On Tue, Jul 22, 2014 at 03:21:27PM -0700, Kamal Mostafa wrote:
> 3.8.13.27 -stable review patch. If anyone has any objections, please let me know.
>
> ------------------
>
> From: Dwight Engen <dwight.engen@oracle.com>
>
> commit fd5e2aa8653665ae1cc60f7aca1069abdbcad3f6 upstream.
>
> Use inode_capable() to check if SUID|SGID bits should be cleared to match
> similar check in inode_change_ok().
>
> The check for CAP_LINUX_IMMUTABLE was not modified since all other file
> systems also check against init_user_ns rather than current_user_ns.
>
> Only allow changing of projid from init_user_ns.
>
> Reviewed-by: Dave Chinner <dchinner@redhat.com>
> Reviewed-by: Gao feng <gaofeng@cn.fujitsu.com>
> Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
> Signed-off-by: Ben Myers <bpm@sgi.com>
> [ kamal: 3.8-stable prereq for
> 23adbe1 fs,userns: Change inode_capable to capable_wrt_inode_uidgid ]
> Signed-off-by: Kamal Mostafa <kamal@canonical.com>
> ---
> fs/xfs/xfs_ioctl.c | 11 +++++++++--
> kernel/capability.c | 1 +
> 2 files changed, 10 insertions(+), 2 deletions(-)
Why are you backporting this to 3.8? namespace support didn't come
along until much later, so grabbing one patch out of themiddle of a
patch series to allow userns support in XFS is likely to cause
problems because there's no supporting code in XFS it.
Please don't randomly cherry pick userns support patches that change
permission checks back into kernels that don't have userns support.
Cheers,
Dave.
--
Dave Chinner
david@fromorbit.com
next prev parent reply other threads:[~2014-07-22 23:13 UTC|newest]
Thread overview: 131+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-07-22 22:20 [3.8.y.z extended stable] Linux 3.8.13.27 stable review Kamal Mostafa
2014-07-22 22:20 ` [PATCH 3.8 001/116] igb: fix stats for i210 rx_fifo_errors Kamal Mostafa
2014-07-22 22:20 ` [PATCH 3.8 002/116] netfilter: nf_nat: fix oops on netns removal Kamal Mostafa
2014-07-22 22:20 ` [PATCH 3.8 003/116] ACPI / video: Add Dell Inspiron 5737 to the blacklist Kamal Mostafa
2014-07-22 22:20 ` [PATCH 3.8 004/116] NFS: Don't declare inode uptodate unless all attributes were checked Kamal Mostafa
2014-07-22 22:20 ` [PATCH 3.8 005/116] usb: dwc3: gadget: clear stall when disabling endpoint Kamal Mostafa
2014-07-22 22:20 ` [PATCH 3.8 006/116] mtip32xx: Increase timeout for STANDBY IMMEDIATE command Kamal Mostafa
2014-07-22 22:20 ` [PATCH 3.8 007/116] mtip32xx: Remove dfs_parent after pci unregister Kamal Mostafa
2014-07-22 22:20 ` [PATCH 3.8 008/116] mtip32xx: Fix ERO and NoSnoop values in PCIe upstream on AMD systems Kamal Mostafa
2014-07-22 22:20 ` [PATCH 3.8 009/116] bluetooth: hci_ldisc: fix deadlock condition Kamal Mostafa
2014-07-22 22:20 ` [PATCH 3.8 010/116] powerpc/pseries: Fix overwritten PE state Kamal Mostafa
2014-07-22 22:20 ` [PATCH 3.8 011/116] PCI: Add new ID for Intel GPU "spurious interrupt" quirk Kamal Mostafa
2014-07-22 22:20 ` [PATCH 3.8 012/116] x86-32, espfix: Remove filter for espfix32 due to race Kamal Mostafa
2014-07-22 22:20 ` [PATCH 3.8 013/116] genirq: Sanitize spurious interrupt detection of threaded irqs Kamal Mostafa
2014-07-22 22:20 ` [PATCH 3.8 014/116] x86, x32: Use compat shims for io_{setup,submit} Kamal Mostafa
2014-07-22 22:20 ` [PATCH 3.8 015/116] iwlwifi: pcie: try to get ownership several times Kamal Mostafa
2014-07-22 22:20 ` [PATCH 3.8 016/116] UBIFS: fix an mmap and fsync race condition Kamal Mostafa
2014-07-22 22:20 ` [PATCH 3.8 017/116] ACPI: Fix conflict between customized DSDT and DSDT local copy Kamal Mostafa
2014-07-22 22:20 ` [PATCH 3.8 018/116] [SCSI] hpsa: add HP Smart Array Gen9 PCI ID's Kamal Mostafa
2014-07-22 22:20 ` [PATCH 3.8 019/116] hpsa: add new Smart Array PCI IDs (May 2014) Kamal Mostafa
2014-07-22 22:20 ` [PATCH 3.8 020/116] PM / OPP: fix incorrect OPP count handling in of_init_opp_table Kamal Mostafa
2014-07-22 22:20 ` [PATCH 3.8 021/116] HID: core: fix validation of report id 0 Kamal Mostafa
2014-07-22 22:20 ` [PATCH 3.8 022/116] IB/srp: Fix a sporadic crash triggered by cable pulling Kamal Mostafa
2014-07-22 22:20 ` [PATCH 3.8 023/116] reiserfs: call truncate_setsize under tailpack mutex Kamal Mostafa
2014-07-22 22:20 ` [PATCH 3.8 024/116] ARM: stacktrace: avoid listing stacktrace functions in stacktrace Kamal Mostafa
2014-07-22 22:20 ` [PATCH 3.8 025/116] SUNRPC: Fix a module reference leak in svc_handle_xprt Kamal Mostafa
2014-07-22 22:20 ` [PATCH 3.8 026/116] [media] uvcvideo: Fix clock param realtime setting Kamal Mostafa
2014-07-22 22:20 ` [PATCH 3.8 027/116] [media] ivtv: Fix Oops when no firmware is loaded Kamal Mostafa
2014-07-22 22:20 ` [PATCH 3.8 028/116] iio:adc:max1363 incorrect resolutions for max11604, max11605, max11610 and max11611 Kamal Mostafa
2014-07-22 22:20 ` [PATCH 3.8 029/116] MIPS: DTS: Fix missing device_type="memory" property in memory nodes Kamal Mostafa
2014-07-22 22:20 ` [PATCH 3.8 030/116] mac80211: fix IBSS join by initializing last_scan_completed Kamal Mostafa
2014-07-22 22:20 ` [PATCH 3.8 031/116] ahci: add PCI ID for Marvell 88SE91A0 SATA Controller Kamal Mostafa
2014-07-22 22:20 ` [PATCH 3.8 032/116] ext4: fix zeroing of page during writeback Kamal Mostafa
2014-07-22 22:20 ` [PATCH 3.8 033/116] ext4: fix wrong assert in ext4_mb_normalize_request() Kamal Mostafa
2014-07-22 22:20 ` [PATCH 3.8 034/116] IB/qib: Fix port in pkey change event Kamal Mostafa
2014-07-22 22:20 ` [PATCH 3.8 035/116] IB/ipath: Translate legacy diagpkt into newer extended diagpkt Kamal Mostafa
2014-07-22 22:20 ` [PATCH 3.8 036/116] uio: we cannot mmap unaligned page contents Kamal Mostafa
2014-07-22 22:20 ` [PATCH 3.8 037/116] uio: fix vma io range check in mmap Kamal Mostafa
2014-07-22 22:20 ` [PATCH 3.8 038/116] usb: usbtest: fix unlink write error with pattern 1 Kamal Mostafa
2014-07-22 22:20 ` [PATCH 3.8 039/116] s390/lowcore: reserve 96 bytes for IRB in lowcore Kamal Mostafa
2014-07-22 22:20 ` [PATCH 3.8 040/116] mac80211: don't check netdev state for debugfs read/write Kamal Mostafa
2014-07-22 22:20 ` [PATCH 3.8 041/116] usb: qcserial: add Netgear AirCard 341U Kamal Mostafa
2014-07-22 22:20 ` [PATCH 3.8 042/116] usb: qcserial: add additional Sierra Wireless QMI devices Kamal Mostafa
2014-07-22 22:20 ` [PATCH 3.8 043/116] IB/umad: Fix error handling Kamal Mostafa
2014-07-22 22:20 ` [PATCH 3.8 044/116] RDMA/cxgb4: Add missing padding at end of struct c4iw_create_cq_resp Kamal Mostafa
2014-07-22 22:20 ` [PATCH 3.8 045/116] nfsd: getattr for FATTR4_WORD0_FILES_AVAIL needs the statfs buffer Kamal Mostafa
2014-07-22 22:20 ` [PATCH 3.8 046/116] UBIFS: Remove incorrect assertion in shrink_tnc() Kamal Mostafa
2014-07-22 22:20 ` [PATCH 3.8 047/116] Bluetooth: Fix L2CAP deadlock Kamal Mostafa
2014-07-22 22:20 ` [PATCH 3.8 048/116] drm/radeon: fix typo in radeon_connector_is_dp12_capable() Kamal Mostafa
2014-07-22 22:21 ` [PATCH 3.8 049/116] drm/radeon/dp: fix lane/clock setup for dp 1.2 capable devices Kamal Mostafa
2014-07-22 22:21 ` [PATCH 3.8 050/116] drm/radeon/atom: fix dithering on certain panels Kamal Mostafa
2014-07-22 22:21 ` [PATCH 3.8 051/116] drm/radeon: only apply hdmi bpc pll flags when encoder mode is hdmi Kamal Mostafa
2014-07-22 22:21 ` [PATCH 3.8 052/116] ahci: Add Device ID for HighPoint RocketRaid 642L Kamal Mostafa
2014-07-22 22:21 ` [PATCH 3.8 053/116] mm: fix sleeping function warning from __put_anon_vma Kamal Mostafa
2014-07-22 22:21 ` [PATCH 3.8 054/116] mm: vmscan: do not throttle based on pfmemalloc reserves if node has no ZONE_NORMAL Kamal Mostafa
2014-07-22 22:21 ` [PATCH 3.8 055/116] memcg: do not hang on OOM when killed by userspace OOM access to memory reserves Kamal Mostafa
2014-07-22 22:21 ` [PATCH 3.8 056/116] mm: page_alloc: use word-based accesses for get/set pageblock bitmaps Kamal Mostafa
2014-07-22 22:21 ` [PATCH 3.8 057/116] mm/memory-failure.c-failure: send right signal code to correct thread Kamal Mostafa
2014-07-22 22:21 ` [PATCH 3.8 058/116] mm/memory-failure.c: don't let collect_procs() skip over processes for MF_ACTION_REQUIRED Kamal Mostafa
2014-07-22 22:21 ` [PATCH 3.8 059/116] powerpc/serial: Use saner flags when creating legacy ports Kamal Mostafa
2014-07-22 22:21 ` [PATCH 3.8 060/116] powerpc: 64bit sendfile is capped at 2GB Kamal Mostafa
2014-07-22 22:21 ` [PATCH 3.8 061/116] ALSA: hda/realtek - Add support of ALC891 codec Kamal Mostafa
2014-07-22 22:21 ` [PATCH 3.8 062/116] iscsi-target: Reject mutual authentication with reflected CHAP_C Kamal Mostafa
2014-07-22 22:21 ` [PATCH 3.8 063/116] IB/umad: Fix use-after-free on close Kamal Mostafa
2014-07-22 22:21 ` [PATCH 3.8 064/116] mm: vmscan: clear kswapd's special reclaim powers before exiting Kamal Mostafa
2014-07-22 22:21 ` [PATCH 3.8 065/116] rtc: rtc-at91rm9200: fix infinite wait for ACKUPD irq Kamal Mostafa
2014-07-22 22:21 ` [PATCH 3.8 066/116] ptrace: fix fork event messages across pid namespaces Kamal Mostafa
2014-07-22 22:21 ` [PATCH 3.8 067/116] idr: fix overflow bug during maximum ID calculation at maximum height Kamal Mostafa
2014-07-22 22:21 ` [PATCH 3.8 068/116] Input: elantech - deal with clickpads reporting right button events Kamal Mostafa
2014-07-22 22:21 ` [PATCH 3.8 069/116] Input: elantech - don't set bit 1 of reg_10 when the no_hw_res quirk is set Kamal Mostafa
2014-07-22 22:21 ` [PATCH 3.8 070/116] nfsd4: fix FREE_STATEID lockowner leak Kamal Mostafa
2014-07-22 22:21 ` [PATCH 3.8 071/116] Btrfs: fix double free in find_lock_delalloc_range Kamal Mostafa
2014-07-22 22:21 ` [PATCH 3.8 072/116] NFS: populate ->net in mount data when remounting Kamal Mostafa
2014-07-22 22:21 ` [PATCH 3.8 073/116] auditsc: audit_krule mask accesses need bounds checking Kamal Mostafa
2014-07-22 22:21 ` [PATCH 3.8 074/116] watchdog: ath79_wdt: avoid spurious restarts on AR934x Kamal Mostafa
2014-07-22 22:21 ` [PATCH 3.8 075/116] watchdog: sp805: Set watchdog_device->timeout from ->set_timeout() Kamal Mostafa
2014-07-22 22:21 ` [PATCH 3.8 076/116] xfs: ioctl check for capabilities in the current user namespace Kamal Mostafa
2014-07-22 23:12 ` Dave Chinner [this message]
2014-07-23 21:05 ` Kamal Mostafa
2014-07-24 1:51 ` Eric W. Biederman
2014-07-24 19:27 ` Kamal Mostafa
2014-07-22 22:21 ` [PATCH 3.8 077/116] fs,userns: Change inode_capable to capable_wrt_inode_uidgid Kamal Mostafa
2014-07-22 22:21 ` [PATCH 3.8 078/116] powerpc: Don't setup CPUs with bad status Kamal Mostafa
2014-07-22 22:21 ` [PATCH 3.8 079/116] dm thin: update discard_granularity to reflect the thin-pool blocksize Kamal Mostafa
2014-07-22 22:21 ` [PATCH 3.8 080/116] ALSA: compress: Cancel the optimization of compiler and fix the size of struct for all platform Kamal Mostafa
2014-07-22 22:21 ` [PATCH 3.8 081/116] evm: prohibit userspace writing 'security.evm' HMAC value Kamal Mostafa
2014-07-22 22:21 ` [PATCH 3.8 082/116] ima: introduce ima_kernel_read() Kamal Mostafa
2014-07-22 22:21 ` [PATCH 3.8 083/116] staging: iio: tsl2x7x_core: fix proximity treshold Kamal Mostafa
2014-07-22 22:21 ` [PATCH 3.8 084/116] iio: adc: at91: signedness bug in at91_adc_get_trigger_value_by_name() Kamal Mostafa
2014-07-22 22:21 ` [PATCH 3.8 085/116] Revert "uio: fix vma io range check in mmap" Kamal Mostafa
2014-07-22 22:21 ` [PATCH 3.8 086/116] USB: EHCI: avoid BIOS handover on the HASEE E200 Kamal Mostafa
2014-07-22 22:21 ` [PATCH 3.8 087/116] arm64: Bug fix in stack alignment exception Kamal Mostafa
2014-07-22 22:21 ` [PATCH 3.8 088/116] arm64: ptrace: change fs when passing kernel pointer to regset code Kamal Mostafa
2014-07-22 22:21 ` [PATCH 3.8 089/116] arm64: uid16: fix __kernel_old_{gid,uid}_t definitions Kamal Mostafa
2014-07-22 22:21 ` [PATCH 3.8 090/116] arm64/dma: Removing ARCH_HAS_DMA_GET_REQUIRED_MASK macro Kamal Mostafa
2014-07-22 22:21 ` [PATCH 3.8 091/116] ALSA: control: Protect user controls against concurrent access Kamal Mostafa
2014-07-22 22:21 ` [PATCH 3.8 092/116] ALSA: control: Fix replacing user controls Kamal Mostafa
2014-07-22 22:21 ` [PATCH 3.8 093/116] ALSA: control: Don't access controls outside of protected regions Kamal Mostafa
2014-07-22 22:21 ` [PATCH 3.8 094/116] ALSA: control: Handle numid overflow Kamal Mostafa
2014-07-22 22:21 ` [PATCH 3.8 095/116] ALSA: control: Make sure that id->index does not overflow Kamal Mostafa
2014-07-22 22:21 ` [PATCH 3.8 096/116] Bluetooth: Fix redundant encryption request for reauthentication Kamal Mostafa
2014-07-22 22:21 ` [PATCH 3.8 097/116] Bluetooth: Fix check for connection encryption Kamal Mostafa
2014-07-22 22:21 ` [PATCH 3.8 098/116] Bluetooth: Fix SSP acceptor just-works confirmation without MITM Kamal Mostafa
2014-07-22 22:21 ` [PATCH 3.8 099/116] Bluetooth: Fix setting correct authentication information for SMP STK Kamal Mostafa
2014-07-22 22:21 ` [PATCH 3.8 100/116] Bluetooth: Fix indicating discovery state when canceling inquiry Kamal Mostafa
2014-07-22 22:21 ` [PATCH 3.8 101/116] Bluetooth: Fix locking of hdev when calling into SMP code Kamal Mostafa
2014-07-22 22:21 ` [PATCH 3.8 102/116] Bluetooth: Allow change security level on ATT_CID in slave role Kamal Mostafa
2014-07-22 22:21 ` [PATCH 3.8 103/116] rt2x00: disable TKIP on USB Kamal Mostafa
2014-07-22 22:21 ` [PATCH 3.8 104/116] b43: fix frequency reported on G-PHY with /new/ firmware Kamal Mostafa
2014-07-22 22:21 ` [PATCH 3.8 105/116] rt2x00: fix rfkill regression on rt2500pci Kamal Mostafa
2014-07-22 22:21 ` [PATCH 3.8 106/116] x86_32, entry: Do syscall exit work on badsys (CVE-2014-4508) Kamal Mostafa
2014-07-22 22:27 ` Andy Lutomirski
2014-07-22 23:59 ` Greg KH
2014-07-23 21:10 ` Kamal Mostafa
2014-07-22 22:21 ` [PATCH 3.8 107/116] hugetlb: fix copy_hugetlb_page_range() to handle migration/hwpoisoned entry Kamal Mostafa
2014-07-22 23:08 ` Hugh Dickins
2014-07-23 21:02 ` Kamal Mostafa
2014-07-24 0:07 ` Hugh Dickins
2014-07-24 8:54 ` Luis Henriques
2014-07-24 17:12 ` Kamal Mostafa
2014-08-04 0:07 ` Ben Hutchings
2014-08-19 15:45 ` Jiri Slaby
2014-07-22 22:21 ` [PATCH 3.8 108/116] mm: fix crashes from mbind() merging vmas Kamal Mostafa
2014-07-22 22:22 ` [PATCH 3.8 109/116] [CIFS] fix mount failure with broken pathnames when smb3 mount with mapchars option Kamal Mostafa
2014-07-22 22:22 ` [PATCH 3.8 110/116] powerpc: Don't skip ePAPR spin-table CPUs Kamal Mostafa
2014-07-22 22:22 ` [PATCH 3.8 111/116] ALSA: usb-audio: Fix races at disconnection and PCM closing Kamal Mostafa
2014-07-22 22:22 ` [PATCH 3.8 112/116] recordmcount/MIPS: Fix possible incorrect mcount_loc table entries in modules Kamal Mostafa
2014-07-22 22:22 ` [PATCH 3.8 113/116] MIPS: MSC: Prevent out-of-bounds writes to MIPS SC ioremap'd region Kamal Mostafa
2014-07-22 22:22 ` [PATCH 3.8 114/116] target: Fix left-over se_lun->lun_sep pointer OOPs Kamal Mostafa
2014-07-22 22:22 ` [PATCH 3.8 115/116] iscsi-target: Fix incorrect np->np_thread NULL assignment Kamal Mostafa
2014-07-22 22:22 ` [PATCH 3.8 116/116] iscsi-target: fix iscsit_del_np deadlock on unload Kamal Mostafa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140722231257.GT4453@dastard \
--to=david@fromorbit.com \
--cc=bpm@sgi.com \
--cc=dwight.engen@oracle.com \
--cc=kamal@canonical.com \
--cc=kernel-team@lists.ubuntu.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox