Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp2059390ybv; Fri, 14 Feb 2020 10:39:21 -0800 (PST) X-Google-Smtp-Source: APXvYqxHNejPd8mLPUWWq/pBy/sy2FCnmzdAc0B83Rlu8g7QB0rEOUq0uUTEiWxlEbe7CMJFnvnd X-Received: by 2002:aca:5dc3:: with SMTP id r186mr2856277oib.137.1581705560157; Fri, 14 Feb 2020 10:39:20 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1581705560; cv=none; d=google.com; s=arc-20160816; b=VMekHFrEXXDnKbmmPcvENTc3jZSjgGosLMhAj1Tph6pXGW3x+XTzxoExm4PWmWpoVw 1Fc0fPOff5cmEFudAd7x+B5aUyXfi2aZ5CQs6FXgyjmrcFjGEj9HGy6ufbc55lp2dHgv aCTgcCEfUCXXEazMd99shjLd0PumV27ncGxXpi26aK+e+MYc5lfX1m+AoJWhamHRG5D+ ISM93AclkmNXmTWnH1TyIrwMR07P9an4aMVJ3pSpKXc6sal/SlvbPq10xdRa7HTX/+t2 SuujVutnEbY/NV5/oqclF8TwXlSURfgAbuH36M9m8eghShXOVJk6fHHD7s2hCEX3Kbb2 Z0SA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=SCFZkRoqBjKeMOvcX1TPsrgquKLogxLqdNLbeiTYnxc=; b=K9f8GsrhQHuQbhit2rzA5OzAzHfoHD8iI89cPhIfj4SZXh3KgsXSvvANniRya0+6/C M89sAFB2mg3xVxDkTvA+mtJdX4hmv0nzXo3NqWhf63GXaqHxIuPEu2Ptxyr0IECGOY7e 0Ja/0u6dlp7oSR+HIBQdjD48tQxi1BjyQ8oKXkAKC+shAF5FTu/xr3O/aVXLRnwhty6u uhMd+eYKxR1fu7l8hWk2F6vaze6IiE26rts9sO7XNTJ0lbVX4lk7lON3lclbbqgTpSnh iPgIWgBHRyb3Rpj5emnXlE3v6anFdumK64EyIw3aoIIJ3zAnnoB2mqRU51puREt6LS3c QXKQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i11si3108630otc.105.2020.02.14.10.39.06; Fri, 14 Feb 2020 10:39:20 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389539AbgBNSiI (ORCPT + 99 others); Fri, 14 Feb 2020 13:38:08 -0500 Received: from youngberry.canonical.com ([91.189.89.112]:33699 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730686AbgBNSiE (ORCPT ); Fri, 14 Feb 2020 13:38:04 -0500 Received: from ip5f5bf7ec.dynamic.kabel-deutschland.de ([95.91.247.236] helo=wittgenstein.fritz.box) by youngberry.canonical.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1j2fqR-0000uO-Mb; Fri, 14 Feb 2020 18:37:43 +0000 From: Christian Brauner To: =?UTF-8?q?St=C3=A9phane=20Graber?= , "Eric W. Biederman" , Aleksa Sarai , Jann Horn Cc: smbarber@chromium.org, Seth Forshee , Alexander Viro , Alexey Dobriyan , Serge Hallyn , James Morris , Kees Cook , Jonathan Corbet , Phil Estes , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, containers@lists.linux-foundation.org, linux-security-module@vger.kernel.org, linux-api@vger.kernel.org, Christian Brauner Subject: [PATCH v2 10/28] sys:__sys_setgid(): handle fsid mappings Date: Fri, 14 Feb 2020 19:35:36 +0100 Message-Id: <20200214183554.1133805-11-christian.brauner@ubuntu.com> X-Mailer: git-send-email 2.25.0 In-Reply-To: <20200214183554.1133805-1-christian.brauner@ubuntu.com> References: <20200214183554.1133805-1-christian.brauner@ubuntu.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Switch setgid() to lookup fsids in the fsid mappings. If no fsid mappings are setup the behavior is unchanged, i.e. fsids are looked up in the id mappings. The kfsid to cleanly handle userns visible filesystem is set as before. We require that a user must have a valid fsid mapping for the target id. This is consistent with how the setid calls work today without fsid mappings. Signed-off-by: Christian Brauner --- /* v2 */ - Christian Brauner : - set kfsid which is used when dealing with proc permission checking --- kernel/sys.c | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/kernel/sys.c b/kernel/sys.c index a8eefd748327..aa379fb5e93b 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -416,24 +416,31 @@ long __sys_setgid(gid_t gid) const struct cred *old; struct cred *new; int retval; - kgid_t kgid; + kgid_t kgid, kfsgid; kgid = make_kgid(ns, gid); if (!gid_valid(kgid)) return -EINVAL; + kfsgid = make_kfsgid(ns, gid); + if (!gid_valid(kfsgid)) + return -EINVAL; + new = prepare_creds(); if (!new) return -ENOMEM; old = current_cred(); retval = -EPERM; - if (ns_capable(old->user_ns, CAP_SETGID)) - new->gid = new->egid = new->sgid = new->fsgid = kgid; - else if (gid_eq(kgid, old->gid) || gid_eq(kgid, old->sgid)) - new->egid = new->fsgid = kgid; - else + if (ns_capable(old->user_ns, CAP_SETGID)) { + new->gid = new->egid = new->sgid = new->kfsgid = kgid; + new->fsgid = kfsgid; + } else if (gid_eq(kgid, old->gid) || gid_eq(kgid, old->sgid)) { + new->egid = new->kfsgid = kgid; + new->fsgid = kfsgid; + } else { goto error; + } return commit_creds(new); -- 2.25.0