Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp2059200ybv; Fri, 14 Feb 2020 10:39:06 -0800 (PST) X-Google-Smtp-Source: APXvYqzkujfylmgTwMYjoWZFKT+WV0grUapiNI5Pe3Q88DruwSfAISsv6ggN4txTIxY6XV5ZFRqN X-Received: by 2002:a05:6830:1bda:: with SMTP id v26mr3276503ota.314.1581705546646; Fri, 14 Feb 2020 10:39:06 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1581705546; cv=none; d=google.com; s=arc-20160816; b=SI6FBmYgLjfHwI5VcZGfwkDP+2e0LkOIB9tAkCl0PFvDC9Suqsuxo73Q4ocS3Cye1A UA2G2hpTZuPtYTtcU24gbIpI8vX1Rgswg9/pWWhxVTvvshE0wFg/YBGOWyqd5doTB9bx IIRikPpKyY249IpO395fDz+AHnQ1T6URwpgVpNsjlFU41UVnm0cGu5OwGX/3wXCF88Kb KtH0+LFB1wB+6ojGq9sU/Uq83+LwC7D/B6X//UQeV6jmKaw9hccwikf8gMuax64yNHT8 dNwa1Ay0Q/wGoduRQ/QQZf1Zafs9mesK3jLj8KqeyzbyZIRFF5gK5p/385XkC+0WL0nU md0Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=NJIK30NXwFxAmjaP4VBLC1ga3vCu8Q4clYpFhd+1gBk=; b=uAs1TAEY/TxsX64CYeOJh1ou5tu/GAr7ZI3P3jSsI+k83TtH07s4A76PdZEaf14fFM R8tj4jgyU3P3JK0lCQoiXFg54HUzVQInbmGD+2nG/uLiwJ5wiNdDSloj4FsPQeTPKPo9 ju2+nrOuNKpVHfOLySeLncjOPOxJ2ANTWBWhHICxRwT3kVDXH/Bakc0yXYkoVcyCdhyt spZwDnXuRaiQP0pOPOvKUwjgRBSb+EIeMsKvOiypKzQ1+GmLrELfza89N8OwoARPw7Q7 N3GPAT1LswbBSfoHd9BtC3qg5FAucHSJeUqfzGeOL6H6s4njhKfIij53hMTXJx94HKrF lBuA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k15si2915137oij.134.2020.02.14.10.38.54; Fri, 14 Feb 2020 10:39:06 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389939AbgBNSi1 (ORCPT + 99 others); Fri, 14 Feb 2020 13:38:27 -0500 Received: from youngberry.canonical.com ([91.189.89.112]:33727 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389485AbgBNSiJ (ORCPT ); Fri, 14 Feb 2020 13:38:09 -0500 Received: from ip5f5bf7ec.dynamic.kabel-deutschland.de ([95.91.247.236] helo=wittgenstein.fritz.box) by youngberry.canonical.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1j2fqX-0000uO-CI; Fri, 14 Feb 2020 18:37:49 +0000 From: Christian Brauner To: =?UTF-8?q?St=C3=A9phane=20Graber?= , "Eric W. Biederman" , Aleksa Sarai , Jann Horn Cc: smbarber@chromium.org, Seth Forshee , Alexander Viro , Alexey Dobriyan , Serge Hallyn , James Morris , Kees Cook , Jonathan Corbet , Phil Estes , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, containers@lists.linux-foundation.org, linux-security-module@vger.kernel.org, linux-api@vger.kernel.org, Christian Brauner Subject: [PATCH v2 14/28] sys:__sys_setresgid(): handle fsid mappings Date: Fri, 14 Feb 2020 19:35:40 +0100 Message-Id: <20200214183554.1133805-15-christian.brauner@ubuntu.com> X-Mailer: git-send-email 2.25.0 In-Reply-To: <20200214183554.1133805-1-christian.brauner@ubuntu.com> References: <20200214183554.1133805-1-christian.brauner@ubuntu.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Switch setresgid() to lookup fsids in the fsid mappings. If no fsid mappings are setup the behavior is unchanged, i.e. fsids are looked up in the id mappings. During setresgid() the kfsgid is set to the kegid corresponding the egid that is requested by userspace. If the requested egid is -1 the kfsgid is reset to the current kegid. For the latter case this means we need to lookup the corresponding userspace egid corresponding to the current kegid in the id mappings and translate this egid into the corresponding kfsgid in the fsid mappings. The kfsid to cleanly handle userns visible filesystem is set as before. We require that a user must have a valid fsid mapping for the target id. This is consistent with how the setid calls work today without fsid mappings. Signed-off-by: Christian Brauner --- /* v2 */ - Christian Brauner : - set kfsid which is used when dealing with proc permission checking --- kernel/sys.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/kernel/sys.c b/kernel/sys.c index 54e072145146..78592deee2d8 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -756,7 +756,7 @@ long __sys_setresgid(gid_t rgid, gid_t egid, gid_t sgid) const struct cred *old; struct cred *new; int retval; - kgid_t krgid, kegid, ksgid; + kgid_t krgid, kegid, ksgid, kfsgid; krgid = make_kgid(ns, rgid); kegid = make_kgid(ns, egid); @@ -789,11 +789,21 @@ long __sys_setresgid(gid_t rgid, gid_t egid, gid_t sgid) if (rgid != (gid_t) -1) new->gid = krgid; - if (egid != (gid_t) -1) + if (egid != (gid_t) -1) { new->egid = kegid; + kfsgid = make_kfsgid(ns, egid); + } else { + kfsgid = kgid_to_kfsgid(new->user_ns, new->egid); + } + if (!gid_valid(kfsgid)) { + retval = -EINVAL; + goto error; + } + if (sgid != (gid_t) -1) new->sgid = ksgid; - new->fsgid = new->egid; + new->kfsgid = new->egid; + new->fsgid = kfsgid; return commit_creds(new); -- 2.25.0