Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753789AbbLDPka (ORCPT ); Fri, 4 Dec 2015 10:40:30 -0500 Received: from mail-ig0-f178.google.com ([209.85.213.178]:35078 "EHLO mail-ig0-f178.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753334AbbLDPk1 (ORCPT ); Fri, 4 Dec 2015 10:40:27 -0500 Date: Fri, 4 Dec 2015 09:38:55 -0600 From: Seth Forshee To: "Eric W. Biederman" , Miklos Szeredi Cc: Alexander Viro , Serge Hallyn , Richard Weinberger , Austin S Hemmelgarn , linux-bcache@vger.kernel.org, dm-devel@redhat.com, linux-raid@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mtd@lists.infradead.org, linux-fsdevel@vger.kernel.org, fuse-devel@lists.sourceforge.net, linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov Subject: Re: [PATCH 17/19] fuse: Support fuse filesystems outside of init_user_ns Message-ID: <20151204153855.GB147214@ubuntu-hedt> References: <1449070821-73820-1-git-send-email-seth.forshee@canonical.com> <1449070821-73820-18-git-send-email-seth.forshee@canonical.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1449070821-73820-18-git-send-email-seth.forshee@canonical.com> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1587 Lines: 39 On Wed, Dec 02, 2015 at 09:40:17AM -0600, Seth Forshee wrote: > @@ -155,11 +155,22 @@ static ino_t fuse_squash_ino(u64 ino64) > return ino; > } > > -void fuse_change_attributes_common(struct inode *inode, struct fuse_attr *attr, > - u64 attr_valid) > +int fuse_change_attributes_common(struct inode *inode, struct fuse_attr *attr, > + u64 attr_valid) > { > struct fuse_conn *fc = get_fuse_conn(inode); > struct fuse_inode *fi = get_fuse_inode(inode); > + kuid_t uid; > + kgid_t gid; > + > + uid = make_kuid(fc->user_ns, attr->uid); > + gid = make_kgid(fc->user_ns, attr->gid); > + if (!uid_valid(uid) || !gid_valid(gid)) { > + make_bad_inode(inode); > + return -EIO; > + } Eric - I had kind of forgotten about this part until just now, but previously with these patches we had discussed how to handle ids from the filesystem that aren't valid in s_user_ns. My intention is to set the kuids in the inode to invalid, and in these patches I've updated the vfs so that it should be safe to do that. But at some point I think you had suggested marking the inodes bad, and I must have added this as a result. I guess we need to decide which way to go. I favor using invalid ids so that a user privileged in s_user_ns can still access the inode, change ownership, etc., but I'm interested to hear your opinion. Thanks, Seth -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/