Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755728AbbLDTm5 (ORCPT ); Fri, 4 Dec 2015 14:42:57 -0500 Received: from h2.hallyn.com ([78.46.35.8]:44826 "EHLO h2.hallyn.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754574AbbLDTmz (ORCPT ); Fri, 4 Dec 2015 14:42:55 -0500 Date: Fri, 4 Dec 2015 13:42:54 -0600 From: "Serge E. Hallyn" To: Seth Forshee Cc: "Serge E. Hallyn" , "Eric W. Biederman" , Alexander Viro , Serge Hallyn , Richard Weinberger , Austin S Hemmelgarn , Miklos Szeredi , linux-bcache@vger.kernel.org, dm-devel@redhat.com, linux-raid@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mtd@lists.infradead.org, linux-fsdevel@vger.kernel.org, fuse-devel@lists.sourceforge.net, linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov Subject: Re: [PATCH 09/19] fs: Refuse uid/gid changes which don't map into s_user_ns Message-ID: <20151204194254.GG3624@mail.hallyn.com> References: <1449070821-73820-1-git-send-email-seth.forshee@canonical.com> <1449070821-73820-10-git-send-email-seth.forshee@canonical.com> <20151204172738.GA2280@mail.hallyn.com> <20151204174605.GC147214@ubuntu-hedt> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20151204174605.GC147214@ubuntu-hedt> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1145 Lines: 24 Quoting Seth Forshee (seth.forshee@canonical.com): > On Fri, Dec 04, 2015 at 11:27:38AM -0600, Serge E. Hallyn wrote: > > On Wed, Dec 02, 2015 at 09:40:09AM -0600, Seth Forshee wrote: > > > Add checks to inode_change_ok to verify that uid and gid changes > > > will map into the superblock's user namespace. If they do not > > > fail with -EOVERFLOW. This cannot be overriden with ATTR_FORCE. > > > > > > Signed-off-by: Seth Forshee > > > > Acked-by: Serge Hallyn > > > > ... although i could see root on the host being upset that it can't > > assign a uid not valid in the mounter's ns. But it does seem safer. > > That change wouldn't be representable in the backing store though, and > that could lead to unexpected behaviour. It's better to tell root that > we can't make the requested change, in my opinion. Makes sense. Thanks. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/