Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp2059390ybv;
        Fri, 14 Feb 2020 10:39:21 -0800 (PST)
X-Google-Smtp-Source: APXvYqxHNejPd8mLPUWWq/pBy/sy2FCnmzdAc0B83Rlu8g7QB0rEOUq0uUTEiWxlEbe7CMJFnvnd
X-Received: by 2002:aca:5dc3:: with SMTP id r186mr2856277oib.137.1581705560157;
        Fri, 14 Feb 2020 10:39:20 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1581705560; cv=none;
        d=google.com; s=arc-20160816;
        b=VMekHFrEXXDnKbmmPcvENTc3jZSjgGosLMhAj1Tph6pXGW3x+XTzxoExm4PWmWpoVw
         1Fc0fPOff5cmEFudAd7x+B5aUyXfi2aZ5CQs6FXgyjmrcFjGEj9HGy6ufbc55lp2dHgv
         aCTgcCEfUCXXEazMd99shjLd0PumV27ncGxXpi26aK+e+MYc5lfX1m+AoJWhamHRG5D+
         ISM93AclkmNXmTWnH1TyIrwMR07P9an4aMVJ3pSpKXc6sal/SlvbPq10xdRa7HTX/+t2
         SuujVutnEbY/NV5/oqclF8TwXlSURfgAbuH36M9m8eghShXOVJk6fHHD7s2hCEX3Kbb2
         Z0SA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from;
        bh=SCFZkRoqBjKeMOvcX1TPsrgquKLogxLqdNLbeiTYnxc=;
        b=K9f8GsrhQHuQbhit2rzA5OzAzHfoHD8iI89cPhIfj4SZXh3KgsXSvvANniRya0+6/C
         M89sAFB2mg3xVxDkTvA+mtJdX4hmv0nzXo3NqWhf63GXaqHxIuPEu2Ptxyr0IECGOY7e
         0Ja/0u6dlp7oSR+HIBQdjD48tQxi1BjyQ8oKXkAKC+shAF5FTu/xr3O/aVXLRnwhty6u
         uhMd+eYKxR1fu7l8hWk2F6vaze6IiE26rts9sO7XNTJ0lbVX4lk7lON3lclbbqgTpSnh
         iPgIWgBHRyb3Rpj5emnXlE3v6anFdumK64EyIw3aoIIJ3zAnnoB2mqRU51puREt6LS3c
         QXKQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id i11si3108630otc.105.2020.02.14.10.39.06;
        Fri, 14 Feb 2020 10:39:20 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2389539AbgBNSiI (ORCPT <rfc822;ahaning.tech@gmail.com>
        + 99 others); Fri, 14 Feb 2020 13:38:08 -0500
Received: from youngberry.canonical.com ([91.189.89.112]:33699 "EHLO
        youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1730686AbgBNSiE (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 14 Feb 2020 13:38:04 -0500
Received: from ip5f5bf7ec.dynamic.kabel-deutschland.de ([95.91.247.236] helo=wittgenstein.fritz.box)
        by youngberry.canonical.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
        (Exim 4.86_2)
        (envelope-from <christian.brauner@ubuntu.com>)
        id 1j2fqR-0000uO-Mb; Fri, 14 Feb 2020 18:37:43 +0000
From:   Christian Brauner <christian.brauner@ubuntu.com>
To:     =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber@ubuntu.com>,
        "Eric W. Biederman" <ebiederm@xmission.com>,
        Aleksa Sarai <cyphar@cyphar.com>, Jann Horn <jannh@google.com>
Cc:     smbarber@chromium.org, Seth Forshee <seth.forshee@canonical.com>,
        Alexander Viro <viro@zeniv.linux.org.uk>,
        Alexey Dobriyan <adobriyan@gmail.com>,
        Serge Hallyn <serge@hallyn.com>,
        James Morris <jmorris@namei.org>,
        Kees Cook <keescook@chromium.org>,
        Jonathan Corbet <corbet@lwn.net>,
        Phil Estes <estesp@gmail.com>, linux-kernel@vger.kernel.org,
        linux-fsdevel@vger.kernel.org,
        containers@lists.linux-foundation.org,
        linux-security-module@vger.kernel.org, linux-api@vger.kernel.org,
        Christian Brauner <christian.brauner@ubuntu.com>
Subject: [PATCH v2 10/28] sys:__sys_setgid(): handle fsid mappings
Date:   Fri, 14 Feb 2020 19:35:36 +0100
Message-Id: <20200214183554.1133805-11-christian.brauner@ubuntu.com>
X-Mailer: git-send-email 2.25.0
In-Reply-To: <20200214183554.1133805-1-christian.brauner@ubuntu.com>
References: <20200214183554.1133805-1-christian.brauner@ubuntu.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Switch setgid() to lookup fsids in the fsid mappings. If no fsid mappings are
setup the behavior is unchanged, i.e. fsids are looked up in the id mappings.
The kfsid to cleanly handle userns visible filesystem is set as before.

We require that a user must have a valid fsid mapping for the target id. This
is consistent with how the setid calls work today without fsid mappings.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---
/* v2 */
- Christian Brauner <christian.brauner@ubuntu.com>:
  - set kfsid which is used when dealing with proc permission checking
---
 kernel/sys.c | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/kernel/sys.c b/kernel/sys.c
index a8eefd748327..aa379fb5e93b 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -416,24 +416,31 @@ long __sys_setgid(gid_t gid)
 	const struct cred *old;
 	struct cred *new;
 	int retval;
-	kgid_t kgid;
+	kgid_t kgid, kfsgid;
 
 	kgid = make_kgid(ns, gid);
 	if (!gid_valid(kgid))
 		return -EINVAL;
 
+	kfsgid = make_kfsgid(ns, gid);
+	if (!gid_valid(kfsgid))
+		return -EINVAL;
+
 	new = prepare_creds();
 	if (!new)
 		return -ENOMEM;
 	old = current_cred();
 
 	retval = -EPERM;
-	if (ns_capable(old->user_ns, CAP_SETGID))
-		new->gid = new->egid = new->sgid = new->fsgid = kgid;
-	else if (gid_eq(kgid, old->gid) || gid_eq(kgid, old->sgid))
-		new->egid = new->fsgid = kgid;
-	else
+	if (ns_capable(old->user_ns, CAP_SETGID)) {
+		new->gid = new->egid = new->sgid = new->kfsgid = kgid;
+		new->fsgid = kfsgid;
+	} else if (gid_eq(kgid, old->gid) || gid_eq(kgid, old->sgid)) {
+		new->egid = new->kfsgid = kgid;
+		new->fsgid = kfsgid;
+	} else {
 		goto error;
+	}
 
 	return commit_creds(new);
 
-- 
2.25.0