Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp2230415imu;
        Sat, 10 Nov 2018 10:13:04 -0800 (PST)
X-Google-Smtp-Source: AJdET5eqnGY+yg4zv297UUX3vtlyfp7VfJ4PuTaz8RL35SOUJvhlDWjSDxR2/oJduFS2kfvBi9Ni
X-Received: by 2002:a63:3703:: with SMTP id e3mr4475219pga.348.1541873584695;
        Sat, 10 Nov 2018 10:13:04 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1541873584; cv=none;
        d=google.com; s=arc-20160816;
        b=BsDmFWeSglLxRMCsT6nRjhxhZ8P3VG6w8OYPlag0cGlxylwLa/FGhLmjcuq6+fTVlJ
         1vNkus65mA+9+w7iJtrGA/a8YUNkEp8AQyf6umDbTmAwatRDKYHbKp5g336umQr/PkGR
         CJNLP4TboGuiiZHRzQbOmUY1w8V1Gr3wLpaXrT7nzLZbXwlxyhTNLN16lG6/nyU7x4XJ
         zGvNAcdzR0iLlLVuwR2rbJHem9KhS+7+efwGJlVj24NQgq44KiF00XIM3ooZLD0p4b0y
         +pYpg83WdX4ACs7DRfw6WCocq9YfLzE518emwH+531JHSanGoJnQyD0WA7qxSAYsJqpv
         ZGNA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:subject:mime-version:user-agent
         :message-id:date:cc:to:from;
        bh=FIV1dJ/6mLxC7HmlRs0WXrksAvNfJC5A/XegRxgR6w4=;
        b=bQvx/AW/hXWysQaOS593/VYKW4TecwTywUzxpkWvFUGUttAHeiZ9fNKSWf/33dHMpU
         FRmBIAP5m8NWdfjHM8kOVFfR9ihHPUQj5OQKCK9VJvnXRL7pLA4hHPzcf4YxNyV1YsTh
         mnU2qCsf4P009PmF7OOm9mHcLyCLC83WBRS0A3PWza/g4mZpgfyueYldEhOw+3tyEvID
         j8AYCXrPCnjd6vLG3sCjyXYnQW4IXJCWZcMiDDa2kHrg/0RK6TXPwI7DiB8zdxEi5l2Q
         6ofkO+Yt9BjGNXleaRwW4vbHQQEaXAt7SVcADKIfr198vOaJWCdotI9JKg8YaIWDAP52
         Kqeg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=xmission.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 91-v6si4225566ply.335.2018.11.10.10.12.48;
        Sat, 10 Nov 2018 10:13:04 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=xmission.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727324AbeKKD6K (ORCPT <rfc822;israelpgz17@gmail.com>
        + 99 others); Sat, 10 Nov 2018 22:58:10 -0500
Received: from out03.mta.xmission.com ([166.70.13.233]:54859 "EHLO
        out03.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726342AbeKKD6J (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 10 Nov 2018 22:58:09 -0500
Received: from in01.mta.xmission.com ([166.70.13.51])
        by out03.mta.xmission.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
        (Exim 4.87)
        (envelope-from <ebiederm@xmission.com>)
        id 1gLXk0-0007mS-RW; Sat, 10 Nov 2018 11:12:16 -0700
Received: from 67-3-154-154.omah.qwest.net ([67.3.154.154] helo=x220.xmission.com)
        by in01.mta.xmission.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
        (Exim 4.87)
        (envelope-from <ebiederm@xmission.com>)
        id 1gLXk0-0007No-6O; Sat, 10 Nov 2018 11:12:16 -0700
From:   ebiederm@xmission.com (Eric W. Biederman)
To:     Linus Torvalds <torvalds@linux-foundation.org>
Cc:     <linux-kernel@vger.kernel.org>, <linux-fsdevel@vger.kernel.org>,
        Linux Containers <containers@lists.linux-foundation.org>,
        Jann Horn <jannh@google.com>
Date:   Sat, 10 Nov 2018 12:12:12 -0600
Message-ID: <87pnvcls3n.fsf@xmission.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-XM-SPF: eid=1gLXk0-0007No-6O;;;mid=<87pnvcls3n.fsf@xmission.com>;;;hst=in01.mta.xmission.com;;;ip=67.3.154.154;;;frm=ebiederm@xmission.com;;;spf=neutral
X-XM-AID: U2FsdGVkX19qjDJhAPh4w1xmFrcKzVidinARQfrUDjs=
X-SA-Exim-Connect-IP: 67.3.154.154
X-SA-Exim-Mail-From: ebiederm@xmission.com
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on sa04.xmission.com
X-Spam-Level: **
X-Spam-Status: No, score=2.1 required=8.0 tests=ALL_TRUSTED,BAYES_50,
        DCC_CHECK_NEGATIVE,TVD_RCVD_IP,T_TooManySym_01,XMSubMetaSxObfu_03,
        XMSubMetaSx_00 autolearn=disabled version=3.4.2
X-Spam-Report: * -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP
        *  0.0 TVD_RCVD_IP Message was received from an IP address
        *  0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
        *      [score: 0.5000]
        * -0.0 DCC_CHECK_NEGATIVE Not listed in DCC
        *      [sa04 1397; Body=1 Fuz1=1 Fuz2=1]
        *  1.0 XMSubMetaSx_00 1+ Sexy Words
        *  0.0 T_TooManySym_01 4+ unique symbols in subject
        *  1.2 XMSubMetaSxObfu_03 Obfuscated Sexy Noun-People
X-Spam-DCC: XMission; sa04 1397; Body=1 Fuz1=1 Fuz2=1 
X-Spam-Combo: **;Linus Torvalds <torvalds@linux-foundation.org>
X-Spam-Relay-Country: 
X-Spam-Timing: total 226 ms - load_scoreonly_sql: 0.03 (0.0%),
        signal_user_changed: 3.7 (1.7%), b_tie_ro: 2.6 (1.1%), parse: 1.29
        (0.6%), extract_message_metadata: 4.8 (2.1%), get_uri_detail_list:
        1.89 (0.8%), tests_pri_-1000: 6 (2.6%), tests_pri_-950: 1.96 (0.9%),
        tests_pri_-900: 1.53 (0.7%), tests_pri_-400: 22 (9.9%), check_bayes:
        21 (9.2%), b_tokenize: 7 (3.2%), b_tok_get_all: 6 (2.5%), b_comp_prob:
        2.7 (1.2%), b_tok_touch_all: 2.8 (1.2%), b_finish: 0.77 (0.3%),
        tests_pri_0: 166 (73.4%), check_dkim_signature: 0.57 (0.3%),
        check_dkim_adsp: 2.6 (1.2%), poll_dns_idle: 0.65 (0.3%),
        tests_pri_500: 6 (2.7%), rewrite_mail: 0.00 (0.0%)
Subject: [GIT PULL] namespace fixes for v4.20-rc2
X-Spam-Flag: No
X-SA-Exim-Version: 4.2.1 (built Thu, 05 May 2016 13:38:54 -0600)
X-SA-Exim-Scanned: Yes (on in01.mta.xmission.com)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org


Linus,

Please pull the for-linus branch from the git tree:

   git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git for-linus

   HEAD: 9c8e0a1b683525464a2abe9fb4b54404a50ed2b4 mount: Prevent MNT_DETACH from disconnecting locked mounts

I believe all of these are simple obviously correct bug fixes.  These
fall into two groups.  Fixing the implementation of MNT_LOCKED which
prevents lesser privileged users from seeing unders mounts created by
more privileged users.  Fixing the extended uid and group mapping in
user namespaces.

As well as ensuring the code looks correct I have spot tested these
changes as well and in my testing the fixes are working.

I have let these changes sit on my branch for a few days as well and
none of the automated testing has found any problems either.

Eric W. Biederman (3):
      mount: Retest MNT_LOCKED in do_umount
      mount: Don't allow copying MNT_UNBINDABLE|MNT_LOCKED mounts
      mount: Prevent MNT_DETACH from disconnecting locked mounts

Jann Horn (1):
      userns: also map extents in the reverse map to kernel IDs

 fs/namespace.c          | 22 +++++++++++++++++-----
 kernel/user_namespace.c | 12 ++++++++----
 2 files changed, 25 insertions(+), 9 deletions(-)

Eric