Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752313AbcDZTgv (ORCPT ); Tue, 26 Apr 2016 15:36:51 -0400 Received: from mail-ig0-f172.google.com ([209.85.213.172]:37245 "EHLO mail-ig0-f172.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751829AbcDZTgq (ORCPT ); Tue, 26 Apr 2016 15:36:46 -0400 From: Seth Forshee To: "Eric W. Biederman" , linux-bcache@vger.kernel.org, dm-devel@redhat.com, linux-raid@vger.kernel.org, linux-mtd@lists.infradead.org, linux-fsdevel@vger.kernel.org, fuse-devel@lists.sourceforge.net, cgroups@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov Cc: Alexander Viro , Serge Hallyn , Richard Weinberger , Austin S Hemmelgarn , Miklos Szeredi , Pavel Tikhomirov , linux-kernel@vger.kernel.org, Seth Forshee Subject: [PATCH v4 00/21] Support fuse mounts in user namespaces Date: Tue, 26 Apr 2016 14:36:13 -0500 Message-Id: <1461699396-33000-1-git-send-email-seth.forshee@canonical.com> X-Mailer: git-send-email 2.7.4 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 3614 Lines: 90 Hi Eric, Here's another update to my patches for mouning with fuse from unpivileged user namespaces. The main change here is a fix for a build failure when fuse is built as a module. As usual the series is also available at: git://git.kernel.org/pub/scm/linux/kernel/git/sforshee/linux.git fuse-userns Changes since v3: * Export current_in_userns() to fix an error when fuse is built as a module. * Add comment explaining the conditions for allowing CAP_CHOWN in s_user_ns to change the owner or group of an inode. * Added acks from Serge. Thanks, Seth --- Andy Lutomirski (1): fs: Treat foreign mounts as nosuid Pavel Tikhomirov (1): fs: fix a posible leak of allocated superblock Seth Forshee (19): fs: Remove check of s_user_ns for existing mounts in fs_fully_visible() fs: Allow sysfs and cgroupfs to share super blocks between user namespaces block_dev: Support checking inode permissions in lookup_bdev() block_dev: Check permissions towards block device inode when mounting selinux: Add support for unprivileged mounts from user namespaces userns: Replace in_userns with current_in_userns Smack: Handle labels consistently in untrusted mounts fs: Check for invalid i_uid in may_follow_link() cred: Reject inodes with invalid ids in set_create_file_as() fs: Refuse uid/gid changes which don't map into s_user_ns fs: Update posix_acl support to handle user namespace mounts fs: Allow superblock owner to change ownership of inodes with unmappable ids fs: Don't remove suid for CAP_FSETID in s_user_ns fs: Allow superblock owner to access do_remount_sb() capabilities: Allow privileged user in s_user_ns to set security.* xattrs fuse: Add support for pid namespaces fuse: Support fuse filesystems outside of init_user_ns fuse: Restrict allow_other to the superblock's namespace or a descendant fuse: Allow user namespace mounts drivers/md/bcache/super.c | 2 +- drivers/md/dm-table.c | 2 +- drivers/mtd/mtdsuper.c | 2 +- fs/attr.c | 73 ++++++++++++++++++++++++++++++++++++----- fs/block_dev.c | 18 ++++++++-- fs/exec.c | 2 +- fs/fuse/cuse.c | 3 +- fs/fuse/dev.c | 26 +++++++++++---- fs/fuse/dir.c | 16 ++++----- fs/fuse/file.c | 22 ++++++++++--- fs/fuse/fuse_i.h | 10 +++++- fs/fuse/inode.c | 40 ++++++++++++++-------- fs/inode.c | 3 +- fs/kernfs/inode.c | 2 ++ fs/namei.c | 2 +- fs/namespace.c | 20 ++++++++--- fs/posix_acl.c | 67 +++++++++++++++++++++++-------------- fs/proc/base.c | 2 ++ fs/proc/generic.c | 3 ++ fs/proc/proc_sysctl.c | 2 ++ fs/quota/quota.c | 2 +- fs/super.c | 7 +++- fs/sysfs/mount.c | 3 +- fs/xattr.c | 19 ++++++++--- include/linux/fs.h | 3 +- include/linux/mount.h | 1 + include/linux/posix_acl_xattr.h | 17 +++++++--- include/linux/uidgid.h | 10 ++++++ include/linux/user_namespace.h | 6 ++-- kernel/cgroup.c | 4 +-- kernel/cred.c | 2 ++ kernel/user_namespace.c | 7 ++-- security/commoncap.c | 22 +++++++++---- security/selinux/hooks.c | 25 +++++++++++++- security/smack/smack_lsm.c | 29 ++++++++++------ 35 files changed, 355 insertions(+), 119 deletions(-)