Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp2500639imm; Sat, 29 Sep 2018 21:39:01 -0700 (PDT) X-Google-Smtp-Source: ACcGV624TCbg9LGoU0B+mo65OEyYKMXbb+7OzLm2IPhgqkJ2gw5HJFJRuRIOZ2fK1Bfh8rCvXDm4 X-Received: by 2002:a17:902:42e2:: with SMTP id h89-v6mr5689313pld.191.1538282341185; Sat, 29 Sep 2018 21:39:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538282341; cv=none; d=google.com; s=arc-20160816; b=n8gLU170TloGj2o1WWDlY3Qn4uDDzZ9ImWU55pb77pQ0T+W5qF7Vp69WTctUhbAeua 1U384YLAsuXlW0BjnACtVRUedsz8JiCZmw4YR0f7Zojyoglf/bjgz8tV0vJn6ng0onmq Q8X0EvzEvgoUj5lMjHAYnBPm7RoGQinKABwXyeP+mZbzormWRXrfxtGTFqloEJuB5QWt CSHyZ9v+2GdVYCBnHZBnO1NRRzdfZf+g9SZr6uRGzkRWIDC+qAAkkYwyPnpVcD9PYmwx qvepAmLRaKPqmHK/5ieuIuWdQhOPJORnROjcAub85vvSH7HiV59SSaQI6O2AhSKL3SWn xeSg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=BIMIkuHhJ6vjFuAx7L2VXdB1pUbJkiH9sG6CykjtbPc=; b=WYpBf6iR2YAJ5i8Cf7AEHbCEeIBmyyUPEd4mShej0RdjH0uBDwLC00LgwhbhvNkYaA D7uYsm1b6Ma05KX65IGtiaESlabsJf+ASlaYWxWwxATUU9kiTyUnkjuXJM3bqrrfgkoC D0c7WvgaRv9tmpL8lmYp0WMXPSPP2w1n2J5aTrVwaGRAvBl4y4ayhxb810SiKB7pJfxK DHDEeQnhjBIJroVkGsOU9hpcbCKgbboiHFpEqEc0ZsWHgeKMxKCsZbbTKJmgdnSWOGPA j/atMhJvewOEGJXcXCG17i/5hltG9PcWt6bLCRj1tdDqoKKcKlyshxAUURCT/wWNor96 4cmA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@cyphar-com.20150623.gappssmtp.com header.s=20150623 header.b=P0XGn8FG; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w4-v6si8833628pgj.566.2018.09.29.21.38.46; Sat, 29 Sep 2018 21:39:01 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@cyphar-com.20150623.gappssmtp.com header.s=20150623 header.b=P0XGn8FG; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727957AbeI3LKF (ORCPT + 99 others); Sun, 30 Sep 2018 07:10:05 -0400 Received: from mail-pg1-f194.google.com ([209.85.215.194]:42071 "EHLO mail-pg1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727643AbeI3LKF (ORCPT ); Sun, 30 Sep 2018 07:10:05 -0400 Received: by mail-pg1-f194.google.com with SMTP id i4-v6so6557958pgq.9 for ; Sat, 29 Sep 2018 21:38:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cyphar-com.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=BIMIkuHhJ6vjFuAx7L2VXdB1pUbJkiH9sG6CykjtbPc=; b=P0XGn8FGcF2KLJ6YFFf1gPjvXZ7pFIKrIYdmJeNx5oTMYxiKb3fAo6z5ZeXGG39fJ2 z7RKC495Eya6Fk5Tcg8b03naNCzg6xr+522aN9zWqNECYkcHt+++G3FTwGZR9SBX4dX2 8wbStJdj51ZqrhP+uuNNplBeBxwQqwJZ5IbemlqM0O5/+J65unLek6MqX+g7cfsz2i6D cKEeDXL9BjNsFNJW7NBqaFEVHG7RrrDa6TYo8VPySM6XLyhKUjP4c+8ds8b1ROy3hIHo tp17yQL75O7jMNyM4GoLAgMLUb0W1fdbIhhlXIOYQ1QS/gl4elmxMmyKowtUugTf/Vji w6tg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=BIMIkuHhJ6vjFuAx7L2VXdB1pUbJkiH9sG6CykjtbPc=; b=T+KEdG9M0AQVvoS4kXEnq6mrFWmt5ktMcsR902cGfSvWAke5yMj58RjSZyNYb8fQdY Vy66m6joJ3Y5AioWyhmROtmDS+maXYcSsBoCBbBMqxoge7zh2YrrVg1z5PpvnTJWaiD6 M1nfPPWvZyj3NCQj7JSyrehrvSE1Awkm9HUD/PPxYEvkAIQ0cbCT02jmR33h3OkuP2F+ 1fEzwYZADMgt+wHUO4/NAJkMctn1dDfqo2RVFxPsmRLRNJMq3BIQvQIy/cj2KgtwGda9 mzuZ0sRWtuYr0N2AtxRv5uAM3dha4hn6YEZjy8rP1qU/C8EMgbn9nLV2E125FqoPk6uZ FRfw== X-Gm-Message-State: ABuFfoi3qOsq+MaAwdzDRSorQbf7x3SCx59H4+6x4Zn4ErA2BfkmEHM8 Wg4pjcCry3j0Hu7zpP7U8Wrkqg== X-Received: by 2002:a62:1219:: with SMTP id a25-v6mr5549446pfj.104.1538282320643; Sat, 29 Sep 2018 21:38:40 -0700 (PDT) Received: from ryuk (pa49-199-129-238.pa.vic.optusnet.com.au. [49.199.129.238]) by smtp.gmail.com with ESMTPSA id j188-v6sm2870112pfg.132.2018.09.29.21.38.33 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sat, 29 Sep 2018 21:38:39 -0700 (PDT) Date: Sun, 30 Sep 2018 14:38:23 +1000 From: Aleksa Sarai To: Jeff Layton , "J. Bruce Fields" , Al Viro , Arnd Bergmann , Shuah Khan Cc: David Howells , Andy Lutomirski , Christian Brauner , Eric Biederman , Aleksa Sarai , Tycho Andersen , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-kselftest@vger.kernel.org, dev@opencontainers.org, containers@lists.linux-foundation.org Subject: Re: [PATCH 1/3] namei: implement O_BENEATH-style AT_* flags Message-ID: <20180930043823.2pgzrtgcziaou7ov@ryuk> References: <20180929103453.12025-1-cyphar@cyphar.com> <20180929103453.12025-2-cyphar@cyphar.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="r6lzrlms3sezh4bg" Content-Disposition: inline In-Reply-To: <20180929103453.12025-2-cyphar@cyphar.com> User-Agent: NeoMutt/20180716 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --r6lzrlms3sezh4bg Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2018-09-29, Aleksa Sarai wrote: > * AT_XDEV: Disallow mount-point crossing (both *down* into one, or *up* > from one). The primary "scoping" use is to blocking resolution that > crosses a bind-mount, which has a similar property to a symlink (in > the way that it allows for escape from the starting-point). Since it > is not possible to differentiate bind-mounts However since > bind-mounting requires privileges (in ways symlinks don't) this has > been split from LOOKUP_BENEATH. The naming is based on "find -xdev" > (though find(1) doesn't walk upwards, the semantics seem obvious). I've just noticed that the mountpoint-crossing code for AT_XDEV doesn't detect things like: % ln -s / /tmp/jumpup % vfs_helper -o open -F xdev -d /tmp jumpup / I will fix that in v2. --=20 Aleksa Sarai Senior Software Engineer (Containers) SUSE Linux GmbH --r6lzrlms3sezh4bg Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEXzbGxhtUYBJKdfWmnhiqJn3bjbQFAluwUz4ACgkQnhiqJn3b jbS7URAAsh090oENRqj3EHW+hMMyrQ8ZjdRvylkNYtvhnGchEihDVXj4/NTprb9L q1HdUQUW+v0CE7ow1H05L2F9RtMexztYwQvohdDNjgsaXFA5TYPB9cmkC6gaZoyE On907Yd6LD1AzK+UDaq9ZYxTOgVVFi12xc5lY84jp3EFgSLQ4NB6hD6K8g4eGKym 1lkClzi8seX4o6FziHQC/3al+e3hIRzYF0HTLUbh9+bfuzpKI1tE14Bk1ijLa0Ow jJdAuXcUfvYhznSjFUL0zbgXsUKQps9d/RnqVTb8gAI5Xa1r+Ht2ZpTdi3yt6LO6 SqQWCy/aIjc6dOu58xc6UeBW45iAzUFiD4VsH0qZtpHkbrvpUQ+K0rJ6fnEzdLr9 tN4X/cAY/q4DvuRwz69VgqjYXftgiilNwBKPMJewGl31ruGlywzrqgsYimuQFRXt qbhTQcKWht09S4IPKAXS2dBlhLG94/aUijjYg8HwXAtHUj+dOjExpvtaPkmAL3kU bgmB2kXlgcmLBLUSi8es5ILTD4N6wqgtwbcugCDHoiXwitprT9VHyIl/Tmm8G9nI SIXVe5P+AwvRVL+Bq/vWceyPYH8T9bCObdI3NvB9jdO4nU2xfEqLAFzICOKsdFow obiD/n0Cl60vdnJS6miCV7kzEkcnT4aPe5ycdkPI5y4dYEgWzOQ= =jwmS -----END PGP SIGNATURE----- --r6lzrlms3sezh4bg--