Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp2834547imm; Thu, 24 May 2018 17:11:13 -0700 (PDT) X-Google-Smtp-Source: AB8JxZqUGUz+m7vCw/Wtr8LHDoqa+qhvXFbLcqrcvR+ZCFHi6+7wdqgEaiNx/f53aasyP71q89ft X-Received: by 2002:a17:902:1004:: with SMTP id b4-v6mr182224pla.82.1527207073762; Thu, 24 May 2018 17:11:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1527207073; cv=none; d=google.com; s=arc-20160816; b=avU4/cKU8K1+fz8y26PlY1VQRbsO6QFcWgvxnlcxZf1AJ4D929QvQpSsJOMCnngN2s L0KAIzUNaqC27CqFGBOaYYn5hA9L7Ub9gKlAULEMX/cuIGCxqqSqaB6NF03GhKy303ba u6BzZLPItLr+0qpLnK3JKd02oi/96vdFS8+Zm/KX7f0R7sbUzN7SLZ0nX68ANUq0bfH6 pnm4LQlJNy0TedSbyPJJOECIlp/WncHsvTPqLjueAwcwFl0ccaX1cbPO8f5f6O+y2bzb 9F5E1tROcU5HnSTcSSoQ6xbNOrN6FPTwGP9KnDkosNAJOG8uTD/jQqwmSbtFdsfF4M9H HREg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=tSsTpYHs4J36ihKYOCn6NMQD9bLPZ8YmhhqvgSJxpTw=; b=EppYuO9c/Kj6eDGTuqhRu0leMx1Y04yD2xKZ/iEEfuxx5yqdYez5Fb1LZVGzqvFEQi wekThaVardCe0aSaVBhuDNOePurufYBd0FA/42luWtJ4mLbVskyS+nCi51hg8Vm/bNQ/ oHiSj6REKRWAc3LhfTjm834UA3+0QB5M7xOv2UqP6sy133CtAp/PEb0cubdZx7Ir9mB1 pY2WOLo9V7eWBDvzfk5WG0jXFcL3AURi1M7cTkWcnNk07rhcAA/RYd6h4OKUkKSRje/0 /H7uNsHMubxCE+2jE9iY6TNX9zjB8oJiKbxFrERrEgyPIYbpzZ/qgqsIrDzIv9FJDATO R0/g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t5-v6si22359518plo.113.2018.05.24.17.10.59; Thu, 24 May 2018 17:11:13 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S966836AbeEXNzX (ORCPT + 99 others); Thu, 24 May 2018 09:55:23 -0400 Received: from youngberry.canonical.com ([91.189.89.112]:49580 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S966530AbeEXNzV (ORCPT ); Thu, 24 May 2018 09:55:21 -0400 Received: from mail-io0-f198.google.com ([209.85.223.198]) by youngberry.canonical.com with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1fLqi8-0005vc-K3 for linux-kernel@vger.kernel.org; Thu, 24 May 2018 13:55:20 +0000 Received: by mail-io0-f198.google.com with SMTP id o22-v6so588703ioh.23 for ; Thu, 24 May 2018 06:55:20 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=tSsTpYHs4J36ihKYOCn6NMQD9bLPZ8YmhhqvgSJxpTw=; b=WC3fKOz1Th0SH+HrVy2ljS6Gl9k5y4qxWeqmHip7SHyUl4Fr+SfQsfF24KagjwUh5W iR1pYm6k7jbZPVZmR4hStUeaAw47c7mFkRg/Hi+I94ZZt+YDa/Rsdy0tsG2+cjJvfWq2 Oa67cDFTKj0r6MvPe8dxr7jZZEBmsxOpQFmjOskLXOo8nSjYmBdqMZcUArfeH4fR8tUD q+OY8T7fhM6WWNchDyIMvuTqpWHEIdwZUn5Hild+QTSiwh9YmmXThFsqN42iRXUNADdp 7Atf8KDanykrwzQKHgy62St90SINW1DexKkUPqja299msR8rYsgxqgdbGTPla8sn5CxB MS7A== X-Gm-Message-State: ALKqPwf4/T5MZvBFZBV9HM7zmSwNC13v/8EEDa5+RmFzfwa/TnTTqpaV tkzLBMAUv7+04xYuSy2bK0/AOuSe8Pks9uwzbYHiCNY39w195zng02aSoglL5BLtJFlL+wL8DKI Czmvjo4ZKIjyBKCkkDuPqrPxKkJLyDTUUkmHUJssvtg== X-Received: by 2002:a6b:5804:: with SMTP id m4-v6mr7002921iob.46.1527170119363; Thu, 24 May 2018 06:55:19 -0700 (PDT) X-Received: by 2002:a6b:5804:: with SMTP id m4-v6mr7002903iob.46.1527170119113; Thu, 24 May 2018 06:55:19 -0700 (PDT) Received: from localhost ([2605:a601:ac6:7f20:64ef:8fb:fbce:66ef]) by smtp.gmail.com with ESMTPSA id j63-v6sm2470040itb.2.2018.05.24.06.55.18 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Thu, 24 May 2018 06:55:18 -0700 (PDT) Date: Thu, 24 May 2018 08:55:17 -0500 From: Seth Forshee To: "Eric W. Biederman" Cc: Linux Containers , linux-fsdevel@vger.kernel.org, "Serge E. Hallyn" , Christian Brauner , linux-kernel@vger.kernel.org Subject: Re: [REVIEW][PATCH 2/6] vfs: Allow userns root to call mknod on owned filesystems. Message-ID: <20180524135517.GQ3401@ubuntu-xps13> References: <87o9h6554f.fsf@xmission.com> <20180523232538.4880-2-ebiederm@xmission.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180523232538.4880-2-ebiederm@xmission.com> User-Agent: Mutt/1.9.5 (2018-04-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, May 23, 2018 at 06:25:34PM -0500, Eric W. Biederman wrote: > These filesystems already always set SB_I_NODEV so mknod will not be > useful for gaining control of any devices no matter their permissions. > This will allow overlayfs and applications to fakeroot to use device > nodes to represent things on disk. > > Signed-off-by: "Eric W. Biederman" For a normal filesystem this does seem safe enough. However, I'd also like to see us allow unprivileged mounting for overlayfs, and there we need to worry about whether this would allow a mknod in an underlying filesystem which should not be allowed. That mknod will be subject to this same check in the underlying filesystem using the credentials of the user that mounted the overaly fs, which should be sufficient to ensure that the mknod is permitted. Thus this looks okay to me. Acked-by: Seth Forshee