From: Vivek Goyal <vgoyal@redhat.com>
To: Stefan Berger <StefanBergerstefanb@linux.vnet.ibm.com>
Cc: ebiederm@xmission.com, containers@lists.linux-foundation.org,
lkp@01.org, linux-kernel@vger.kernel.org,
zohar@linux.vnet.ibm.com, tycho@docker.com, serge@hallyn.com,
James.Bottomley@HansenPartnership.com,
christian.brauner@mailbox.org, amir73il@gmail.com,
linux-security-module@vger.kernel.org, casey@schaufler-ca.com,
Stefan Berger <stefanb@linux.vnet.ibm.com>
Subject: Re: [PATCH v2] xattr: Enable security.capability in user namespaces
Date: Wed, 12 Jul 2017 13:53:57 -0400 [thread overview]
Message-ID: <20170712175357.GA32609@redhat.com> (raw)
In-Reply-To: <1499785511-17192-2-git-send-email-stefanb@linux.vnet.ibm.com>
On Tue, Jul 11, 2017 at 11:05:11AM -0400, Stefan Berger wrote:
[..]
> @@ -301,14 +721,39 @@ ssize_t
> __vfs_getxattr(struct dentry *dentry, struct inode *inode, const char *name,
> void *value, size_t size)
> {
> - const struct xattr_handler *handler;
> + const struct xattr_handler *handler = NULL;
> + char *newname = NULL;
> + int ret, userns_supt_xattr;
> + struct user_namespace *userns = current_user_ns();
> +
> + userns_supt_xattr = (xattr_is_userns_supported(name, false) >= 0);
> +
Hi Stephan,
> + do {
> + kfree(newname);
> +
> + newname = xattr_userns_name(name, userns);
^^^
Will name be pointing to a freed string in second iteration of loop.
> + if (IS_ERR(newname))
> + return PTR_ERR(newname);
> +
> + if (!handler) {
> + name = newname;
Here we assign name and at the beginning of second iteration we free
newname.
Also I am not sure why do we do this assignment only if handler is NULL.
BTW, I set cap_sys_admin on a file outside usernamespace and then launched
user namespace (mapping 1000 to 0). And then tried to do getcap on file
and I am not seeing security.capability set by host. Not sure what am I
doing wrong. getxattr() seems to return -ENODATA. Still debugging it.
Also, have we resovled the question of stacked filesystem like overlayfs.
There we are switching creds to mounter's creds when doing operations on
underlying filesystem. I am concenrned does that mean, we will get and
return security.capability to caller in usernamespace instead of
security.capability@uid=1000.
Vivek
> + handler = xattr_resolve_name(inode, &name);
> + if (IS_ERR(handler)) {
> + ret = PTR_ERR(handler);
> + goto out;
> + }
> + if (!handler->get) {
> + ret = -EOPNOTSUPP;
> + goto out;
> + }
> + }
> + ret = handler->get(handler, dentry, inode, name, value, size);
> + userns = userns->parent;
> + } while ((ret == -ENODATA) && userns && userns_supt_xattr);
>
> - handler = xattr_resolve_name(inode, &name);
> - if (IS_ERR(handler))
> - return PTR_ERR(handler);
> - if (!handler->get)
> - return -EOPNOTSUPP;
> - return handler->get(handler, dentry, inode, name, value, size);
> +out:
> + kfree(newname);
> + return ret;
> }
> EXPORT_SYMBOL(__vfs_getxattr);
>
Thanks
Vivek
next prev parent reply other threads:[~2017-07-12 17:54 UTC|newest]
Thread overview: 76+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-11 15:05 [PATCH v2] Enable namespaced file capabilities Stefan Berger
2017-07-11 15:05 ` [PATCH v2] xattr: Enable security.capability in user namespaces Stefan Berger
2017-07-11 17:12 ` Serge E. Hallyn
2017-07-12 0:15 ` Stefan Berger
2017-07-12 0:47 ` Serge E. Hallyn
2017-07-12 3:45 ` Serge E. Hallyn
2017-07-12 11:35 ` Stefan Berger
2017-07-12 17:32 ` Serge E. Hallyn
2017-07-12 7:59 ` James Morris
2017-07-12 13:25 ` Eric W. Biederman
2017-07-12 17:03 ` Serge E. Hallyn
2017-07-12 22:20 ` James Morris
2017-07-13 0:33 ` Eric W. Biederman
2017-07-13 1:01 ` Serge E. Hallyn
2017-07-12 23:13 ` Eric W. Biederman
2017-07-13 0:43 ` Serge E. Hallyn
2017-07-13 0:44 ` Stefan Berger
2017-07-13 1:15 ` Theodore Ts'o
2017-07-13 2:34 ` Serge E. Hallyn
2017-07-13 12:11 ` Eric W. Biederman
2017-07-13 16:40 ` Theodore Ts'o
2017-07-13 17:05 ` Stefan Berger
2017-07-13 17:39 ` Eric W. Biederman
2017-07-13 19:14 ` Theodore Ts'o
2017-07-13 19:41 ` Serge E. Hallyn
2017-07-13 21:17 ` Serge E. Hallyn
2017-07-18 7:01 ` James Morris
2017-07-18 12:12 ` Stefan Berger
2017-07-18 13:26 ` Eric W. Biederman
2017-07-18 23:13 ` Serge E. Hallyn
2017-07-13 17:14 ` Eric W. Biederman
2017-07-13 17:33 ` Stefan Berger
2017-07-13 17:49 ` Eric W. Biederman
2017-07-13 19:48 ` Serge E. Hallyn
2017-07-13 21:12 ` Eric W. Biederman
[not found] ` <9a3010e5-ca2b-5e7a-656b-fcc14f7bec4e@linux.vnet.ibm.com>
2017-07-14 0:38 ` Eric W. Biederman
2017-07-14 11:32 ` Stefan Berger
2017-07-14 12:04 ` Eric W. Biederman
2017-07-14 12:39 ` Stefan Berger
2017-07-14 13:34 ` Serge E. Hallyn
2017-07-14 15:22 ` Stefan Berger
2017-07-14 17:35 ` Serge E. Hallyn
2017-07-14 18:17 ` Eric W. Biederman
2017-07-14 18:48 ` Mimi Zohar
2017-07-14 18:52 ` James Bottomley
2017-07-14 20:03 ` Mimi Zohar
2017-07-14 20:39 ` James Bottomley
2017-07-14 21:34 ` Theodore Ts'o
2017-07-14 23:22 ` Eric W. Biederman
2017-07-14 23:29 ` Mimi Zohar
2017-07-14 23:53 ` Eric W. Biederman
2017-07-14 19:29 ` Theodore Ts'o
2017-07-14 19:43 ` Mimi Zohar
[not found] ` <xagsmtp2.20170714182525.6604@vmsdvm4.vnet.ibm.com>
2017-07-14 19:26 ` Mimi Zohar
2017-07-15 0:02 ` Eric W. Biederman
[not found] ` <xagsmtp3.20170715001054.9173@uk1vsc.vnet.ibm.com>
2017-07-16 11:25 ` Mimi Zohar
2017-07-26 3:00 ` Serge E. Hallyn
2017-07-26 13:57 ` Mimi Zohar
2017-07-14 17:36 ` Eric W. Biederman
2017-07-14 19:22 ` Stefan Berger
2017-07-13 21:21 ` Serge E. Hallyn
2017-07-13 21:13 ` Serge E. Hallyn
2017-07-12 17:53 ` Vivek Goyal [this message]
2017-07-12 19:19 ` Stefan Berger
2017-07-14 23:41 ` Eric W. Biederman
2017-07-15 21:27 ` Stefan Berger
2017-07-17 18:58 ` Vivek Goyal
2017-07-17 20:50 ` Stefan Berger
2017-07-18 11:48 ` Vivek Goyal
2017-07-18 12:05 ` Stefan Berger
2017-07-18 12:30 ` Vivek Goyal
2017-07-18 12:36 ` Vivek Goyal
2017-07-18 13:29 ` Eric W. Biederman
2017-07-18 13:21 ` Stefan Berger
2017-07-18 14:57 ` Vivek Goyal
2017-07-18 16:11 ` Stefan Berger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170712175357.GA32609@redhat.com \
--to=vgoyal@redhat.com \
--cc=James.Bottomley@HansenPartnership.com \
--cc=StefanBergerstefanb@linux.vnet.ibm.com \
--cc=amir73il@gmail.com \
--cc=casey@schaufler-ca.com \
--cc=christian.brauner@mailbox.org \
--cc=containers@lists.linux-foundation.org \
--cc=ebiederm@xmission.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=lkp@01.org \
--cc=serge@hallyn.com \
--cc=stefanb@linux.vnet.ibm.com \
--cc=tycho@docker.com \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).