Received: by 10.223.185.116 with SMTP id b49csp3645215wrg; Tue, 13 Feb 2018 05:38:18 -0800 (PST) X-Google-Smtp-Source: AH8x227ZX/WqmEKC8P/8uSodq9+JppO41ptFn6iFvMShDrDvwbf8bIfmIT2mbABv8CjJed+l6Xo2 X-Received: by 10.99.4.131 with SMTP id 125mr997891pge.375.1518529098697; Tue, 13 Feb 2018 05:38:18 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1518529098; cv=none; d=google.com; s=arc-20160816; b=h0qOtvMxvtdqNReew+dK/LKzAGKb/AV13qvC1h0I7Wovr9H5h1onFZBpatR3a1FK+B lHezbyWMGS7/iiCCidWwlWtBgopJGW7j6yeGYaDseAU8TlYwNkBSW7dg9sddzobi99fk rijE3OG25IDW538aFC+gJTNfH8KLN4NOCXOjxIQ+w1cYRZQ/mGhZrBjKXQvTjvyrOZXR H0dCAqzdBoVZPRJwp2Xt0I2HAZMu7p8MpNnE/WisslSpdkpTJ/6ZU0J+FstlxgjWxkL8 lTWa3BFSahUMTgxMapB1GjQY6Xk5eBcqkzPrJmH8BCsm9NBwlH2zbMo57xEL2f5cx5NV BKjw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:arc-authentication-results; bh=B3w48aSgPINq8Y0FA5D6pUO26UgmsablEZwgaMZ19zI=; b=OccR4D9m+qKYpGMqs2eHYdGxx2qImhYSixAGl6qkPLvc5NV2c7kL8Rl2v4U62x/2IB 1ioCnC3NHct9Q/nfRfnA/L09yLp4gFl0o8EbVPogAieiLCdZRKUjVVK7esd/pc7qvsT6 Jw8gcAdVwmiOK/iYV1Caijr7RUGogg+C7+GHTdkWtsup/AqpfgfR+S+0bLmK5CEAgNBt yKE2HZ7maPycLmqhb2Bn2wPEGzUMTa/HWYnWqwjA8YR90sGL6bZExd9VzD5vZmQ4t5YX oN7nimu5Bq24BGuHGYVTu4jMS1hKTyOds2YsGmYkoI6C7l48hHqt1EWfLycy1hWqLzgq jbxQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 14-v6si891678plb.444.2018.02.13.05.38.03; Tue, 13 Feb 2018 05:38:18 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S964958AbeBMNhP (ORCPT + 99 others); Tue, 13 Feb 2018 08:37:15 -0500 Received: from mail-qt0-f195.google.com ([209.85.216.195]:39411 "EHLO mail-qt0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S964775AbeBMNhN (ORCPT ); Tue, 13 Feb 2018 08:37:13 -0500 Received: by mail-qt0-f195.google.com with SMTP id f4so3599045qtj.6 for ; Tue, 13 Feb 2018 05:37:13 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=B3w48aSgPINq8Y0FA5D6pUO26UgmsablEZwgaMZ19zI=; b=YhK5QXL1H8CnmtnQ6i1xQd0zuyS1to62cJ2jnMJq1wI6MBuArAC2giOBDlMfSy4TvT KXKXUOfDyE6q7BmDlA7QjecUNTYlUqQmQFG1Y1caDPUsEY6ETD/q98PonnDqoGrJvHXD hW9QXm/UrjMF40L2eMx5QK5Pn7MeKEzsyujFZYbyOkBx4r3MkvkwJmd3BfODGegAQ7bj rOjxbo93KUt/X89DXHf+0JPKUGMY3yKdaNfAlBI0r0u2HVOd4xVdSfcY2syR4SOrcw3k qaa1jvIEoCHrPnnlDpW+SwpXzansKgtzmsnvsnufXREMj5IFDPUwFRqvz0FlQYeWO7Qk Krkw== X-Gm-Message-State: APf1xPAUsUqOXqkb5J2Cb3JlnJ9FoOw9VltmdhmYNaAaA/4GQvY/skh1 i70xdZ/oFefFX+42pe315/Sa8TpEjFQNsjM/tfV5FQ== X-Received: by 10.200.39.173 with SMTP id w42mr1961411qtw.206.1518529033171; Tue, 13 Feb 2018 05:37:13 -0800 (PST) MIME-Version: 1.0 Received: by 10.140.95.17 with HTTP; Tue, 13 Feb 2018 05:37:12 -0800 (PST) In-Reply-To: References: <20171223032606.GD6837@mail.hallyn.com> From: Miklos Szeredi Date: Tue, 13 Feb 2018 14:37:12 +0100 Message-ID: Subject: Re: [PATCH 04/11] fs: Don't remove suid for CAP_FSETID for userns root To: Dongsu Park Cc: "Serge E. Hallyn" , LKML , Linux Containers , Alban Crequy , "Eric W . Biederman" , Seth Forshee , Sargun Dhillon , linux-fsdevel , Alexander Viro Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Dec 23, 2017 at 1:38 PM, Dongsu Park wrote: > Hi, > > On Sat, Dec 23, 2017 at 4:26 AM, Serge E. Hallyn wrote: >> On Fri, Dec 22, 2017 at 03:32:28PM +0100, Dongsu Park wrote: >>> From: Seth Forshee >>> >>> Expand the check in should_remove_suid() to keep privileges for >> >> I realize this description came from Seth, but reading it now, >> 'Expand' seems wrong. Expanding a check brings to my mind making >> it stricter, not looser. How about 'Relax the check' ? > > Makes sense. Will do. > >>> CAP_FSETID in s_user_ns rather than init_user_ns. >>> >>> Patch v4 is available: https://patchwork.kernel.org/patch/8944621/ >>> >>> --EWB Changed from ns_capable(sb->s_user_ns, ) to capable_wrt_inode_uidgid >> >> Why exactly? >> >> This is wrong, because capable_wrt_inode_uidgid() does a check >> against current_user_ns, not the inode->i_sb->s_user_ns I'm thoroughly confused. s_user_ns is supposed to be about the usernamespace the filesystem perceives to be in, right? How does that come into play when checking permissions to do something? Thanks, Miklos