From: ebiederm@xmission.com (Eric W. Biederman)
To: Al Viro <viro@zeniv.linux.org.uk>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
Christian Brauner <christian@brauner.io>,
Linux List Kernel Mailing <linux-kernel@vger.kernel.org>,
David Howells <dhowells@redhat.com>,
Miklos Szeredi <miklos@szeredi.hu>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>,
Linux API <linux-api@vger.kernel.org>
Subject: Re: Regression in 5.3 for some FS_USERNS_MOUNT (aka user-namespace-mountable) filesystems
Date: Sat, 27 Jul 2019 06:20:18 -0500 [thread overview]
Message-ID: <87h877pvv1.fsf@xmission.com> (raw)
In-Reply-To: <20190727022826.GO1131@ZenIV.linux.org.uk> (Al Viro's message of "Sat, 27 Jul 2019 03:28:26 +0100")
Al Viro <viro@zeniv.linux.org.uk> writes:
> On Fri, Jul 26, 2019 at 07:46:18PM -0500, Eric W. Biederman wrote:
>
>> If someone had bothered to actually look at how I was proposing to clean
>> things up before the new mount api we would already have that. Sigh.
>>
>> You should be able to get away with something like this which moves the
>> checks earlier and makes things clearer. My old patch against the pre
>> new mount api code.
>
> Check your instances of ->permission(); AFAICS in all cases it's (in
> current terms)
> return ns_capable(fc->user_ns, CAP_SYS_ADMIN) ? 0 : -EPERM;
Yes. Because I refactored all of the logic to be in terms of current
before we even get to the filesystem. The idea is on a per filesystem
basis to know which namespaces for the filesystem will be selected
and to check those.
Since all that version of the patch converts is the old API we know
from only looking at current what needs to be checked.
> In principle I like killing FS_USERNS_MOUNT flag, but when a method
> is always either NULL or exact same function...
Either you are being dramatic or you read the patch much too quickly.
userns_mount_permission covers the common case of FS_USERNS_MOUNT.
Then there are the cases where you need to know how the filesystem is
going to map current into the filesystem that will be mounted. Those
are: proc_mount_permission, sysfs_mount_permission,
mqueue_mount_permission, cgroup_mount_permission,
So yes I agree the function of interest is always capable in some form,
we just need the filesystem specific logic to check to see if we will
have capable over the filesystem that will be mounted.
I don't doubt that the new mount api has added a few new complexities.
*Shrug* I have done my best to keep it simple, and to help avoid
breaking changes. When you never post your patches for public review,
and don't take any feedback it is difficult to give help.
Eric
next prev parent reply other threads:[~2019-07-27 11:20 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-26 11:59 Regression in 5.3 for some FS_USERNS_MOUNT (aka user-namespace-mountable) filesystems Christian Brauner
2019-07-26 22:47 ` Linus Torvalds
2019-07-26 23:22 ` Al Viro
2019-07-27 0:46 ` Eric W. Biederman
2019-07-27 2:28 ` Al Viro
2019-07-27 11:20 ` Eric W. Biederman [this message]
2019-07-27 12:37 ` Al Viro
2019-07-27 13:17 ` Al Viro
2019-07-27 2:23 ` Al Viro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87h877pvv1.fsf@xmission.com \
--to=ebiederm@xmission.com \
--cc=christian@brauner.io \
--cc=dhowells@redhat.com \
--cc=linux-api@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox