Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp3354462imm; Tue, 29 May 2018 05:57:32 -0700 (PDT) X-Google-Smtp-Source: AB8JxZogP5lMVq/4irTC6/ZvUxNo7atNrsitWOhVHMTCi5PaL3mudI2s7pctAvIlFrjisDS+vKQO X-Received: by 2002:a17:902:8685:: with SMTP id g5-v6mr17189604plo.302.1527598652572; Tue, 29 May 2018 05:57:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1527598652; cv=none; d=google.com; s=arc-20160816; b=M/bxQu/MUHxa9pABnGc4eRmhunOOxPa3vyOJGEhS2t4+wTVZ78vymi2xH3GqLKMJnr Xuj3X/PanrcrKiwxPM9E+W8LzWsnOfPLRVZrHUsM1JPznleOlCDTtDdhshkn3ldMseUA qatW/9yB6EtpMuzjMGVeX1edudfMhUvoJ+3NxpyUDzYBMOC6fmnJijKbRxyleYeZbmWq W7PKtV7YsRWwWich6FNgE4W5o8Jt3/jacqUcHyY4HttuWoJI7K4jXuTi9s/dS2j3dPxE 92FyEWt1eLaglkvwbzuWbQYLWgL68wxLNiQbuPiGstSKrZVj21LSUOVceDV/EeWBRuEw UVPA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:arc-authentication-results; bh=CJ9A7wwRn/soQIYJNZjiGGgvO6ixXUyEOI79kqTHTmM=; b=JvX2bUZQVVTwaf1NaKANwRU0NpMl18Euk6rbDLUy1NWfDlJVs11AOrbZq9eYhk8Ma0 qAtxGuGmX/BMZb+qdEyN9hrlMhyIwyUZaMtu/dE7TNsNR3wJEG+imIxtlFlbO3k1jij4 SJPrSpEoZd+b1aAyc3zWhktl3vgcwNJ0hCOpCjI0NB3s3CxHyYvQ7QorOP/agGeasgIt FVwYGmWKnCz2GU4VfBCT4cg3xqVSmvSEddzr9mIdI6k05NCEbu10vjAW9fY+Gpayg3BG 6lqZ76vJ8grH6dBbLj/MU/jpLnhxttfHLMa4/L7apIh0MbsSbD2JHItbxrZujzD7XY9I jm4w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id bb5-v6si30882175plb.80.2018.05.29.05.56.38; Tue, 29 May 2018 05:57:32 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933774AbeE2Mza (ORCPT + 99 others); Tue, 29 May 2018 08:55:30 -0400 Received: from mail-ot0-f194.google.com ([74.125.82.194]:43026 "EHLO mail-ot0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933548AbeE2Mz1 (ORCPT ); Tue, 29 May 2018 08:55:27 -0400 Received: by mail-ot0-f194.google.com with SMTP id y10-v6so16785679otg.10 for ; Tue, 29 May 2018 05:55:26 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=CJ9A7wwRn/soQIYJNZjiGGgvO6ixXUyEOI79kqTHTmM=; b=VIo8xm23h28thHWJ1q+DT+3+gi5MzWYOHIxIJpA6b9MM0i5Le4dI4gHJ0YtoUIOm8U DCWUpMlQShiFbmiCieJ4Dc49UUzDvkXGhFdOBrAr+5pSuCvpdOjxvVsxLv6noLTrNPum F/PXLfqKmH5yriyoDzK3KYbAo9pLr/kLKobX3MMqijOJ5AKzNrdnYgxxTKd+sOyUE6G5 pX6KBuP8BUwy3qtshJqzxvg2aKjsFL3e5yY1reIhTCsmTS+elAwHLx7bxO87H+ZR+cT8 uvQ9Lk4wiyJdQXXAVw2Y6hcvspUFIbmMAXY/JY03pvZTK4bg8BdqyQktBe0eQCwyUqOO GjHw== X-Gm-Message-State: ALKqPwedGrKGU0Ei/0ZWgK96TUUfhGaOv4ODIdPFp9T3KJriYksES118 RPoLL1ETJxeid62eVXnlvqRrtBgXbpzJpYclX3sGCw== X-Received: by 2002:a9d:1ba6:: with SMTP id z35-v6mr11567195otd.216.1527598526522; Tue, 29 May 2018 05:55:26 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a9d:58cd:0:0:0:0:0 with HTTP; Tue, 29 May 2018 05:55:25 -0700 (PDT) In-Reply-To: <877enmskec.fsf@xmission.com> References: <87r2mre5b3.fsf@xmission.com> <87wovubbdf.fsf@xmission.com> <877enmskec.fsf@xmission.com> From: Miklos Szeredi Date: Tue, 29 May 2018 14:55:25 +0200 Message-ID: Subject: Re: [PATCH] fuse: Ensure posix acls are translated outside of init_user_ns To: "Eric W. Biederman" Cc: Miklos Szeredi , lkml , Linux Containers , linux-fsdevel , Alban Crequy , Seth Forshee , Sargun Dhillon , Dongsu Park , "Serge E. Hallyn" Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, May 29, 2018 at 2:42 PM, Eric W. Biederman wrote: > ebiederm@xmission.com (Eric W. Biederman) writes: > >> ebiederm@xmission.com (Eric W. Biederman) writes: >> >>> Ensure the translation happens by failing to read or write >>> posix acls when the filesystem has not indicated it supports >>> posix acls. >>> >>> This ensures that modern cached posix acl support is available >>> and used when dealing with posix acls. This is important >>> because only that path has the code to convernt the uids and >>> gids in posix acls into the user namespace of a fuse filesystem. >>> >>> Signed-off-by: "Eric W. Biederman" >>> --- >> >> ping. >> >> Miklos are you around where you can look at this? > > Perhaps I got the wrong email address. No, sorry. I'll queue this up for 4.18. Just wanted to finish off overlayfs stuff before getting into fuse. Thanks, Miklos > >> >>> Miklos after several attempts to handle this better last cycle. I >>> figure we should go with the stupid version for now. I think I know >>> how to do better but I don't want that to gate forward progress on >>> fully unprivileged fuse mounts. Especially as this is the last known >>> issue to deal with. >>> >>> fs/fuse/fuse_i.h | 1 + >>> fs/fuse/inode.c | 7 +++++++ >>> fs/fuse/xattr.c | 43 +++++++++++++++++++++++++++++++++++++++++++ >>> 3 files changed, 51 insertions(+) >>> >>> diff --git a/fs/fuse/fuse_i.h b/fs/fuse/fuse_i.h >>> index f630951df8dc..5256ad333b05 100644 >>> --- a/fs/fuse/fuse_i.h >>> +++ b/fs/fuse/fuse_i.h >>> @@ -985,6 +985,7 @@ ssize_t fuse_listxattr(struct dentry *entry, char *list, size_t size); >>> int fuse_removexattr(struct inode *inode, const char *name); >>> extern const struct xattr_handler *fuse_xattr_handlers[]; >>> extern const struct xattr_handler *fuse_acl_xattr_handlers[]; >>> +extern const struct xattr_handler *fuse_no_acl_xattr_handlers[]; >>> >>> struct posix_acl; >>> struct posix_acl *fuse_get_acl(struct inode *inode, int type); >>> diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c >>> index 1643043d4fe5..22c76cf8c2e3 100644 >>> --- a/fs/fuse/inode.c >>> +++ b/fs/fuse/inode.c >>> @@ -1100,6 +1100,13 @@ static int fuse_fill_super(struct super_block *sb, void *data, int silent) >>> file->f_cred->user_ns != sb->s_user_ns) >>> goto err_fput; >>> >>> + /* >>> + * If we are not in the initial user namespace posix >>> + * acls must be translated. >>> + */ >>> + if (sb->s_user_ns != &init_user_ns) >>> + sb->s_xattr = fuse_no_acl_xattr_handlers; >>> + >>> fc = kmalloc(sizeof(*fc), GFP_KERNEL); >>> err = -ENOMEM; >>> if (!fc) >>> diff --git a/fs/fuse/xattr.c b/fs/fuse/xattr.c >>> index 3caac46b08b0..433717640f78 100644 >>> --- a/fs/fuse/xattr.c >>> +++ b/fs/fuse/xattr.c >>> @@ -192,6 +192,26 @@ static int fuse_xattr_set(const struct xattr_handler *handler, >>> return fuse_setxattr(inode, name, value, size, flags); >>> } >>> >>> +static bool no_xattr_list(struct dentry *dentry) >>> +{ >>> + return false; >>> +} >>> + >>> +static int no_xattr_get(const struct xattr_handler *handler, >>> + struct dentry *dentry, struct inode *inode, >>> + const char *name, void *value, size_t size) >>> +{ >>> + return -EOPNOTSUPP; >>> +} >>> + >>> +static int no_xattr_set(const struct xattr_handler *handler, >>> + struct dentry *dentry, struct inode *nodee, >>> + const char *name, const void *value, >>> + size_t size, int flags) >>> +{ >>> + return -EOPNOTSUPP; >>> +} >>> + >>> static const struct xattr_handler fuse_xattr_handler = { >>> .prefix = "", >>> .get = fuse_xattr_get, >>> @@ -209,3 +229,26 @@ const struct xattr_handler *fuse_acl_xattr_handlers[] = { >>> &fuse_xattr_handler, >>> NULL >>> }; >>> + >>> +static const struct xattr_handler fuse_no_acl_access_xattr_handler = { >>> + .name = XATTR_NAME_POSIX_ACL_ACCESS, >>> + .flags = ACL_TYPE_ACCESS, >>> + .list = no_xattr_list, >>> + .get = no_xattr_get, >>> + .set = no_xattr_set, >>> +}; >>> + >>> +static const struct xattr_handler fuse_no_acl_default_xattr_handler = { >>> + .name = XATTR_NAME_POSIX_ACL_DEFAULT, >>> + .flags = ACL_TYPE_ACCESS, >>> + .list = no_xattr_list, >>> + .get = no_xattr_get, >>> + .set = no_xattr_set, >>> +}; >>> + >>> +const struct xattr_handler *fuse_no_acl_xattr_handlers[] = { >>> + &fuse_no_acl_access_xattr_handler, >>> + &fuse_no_acl_default_xattr_handler, >>> + &fuse_xattr_handler, >>> + NULL >>> +};