Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp2059493ybv; Fri, 14 Feb 2020 10:39:29 -0800 (PST) X-Google-Smtp-Source: APXvYqzv1+z+mcbuLBfrz6Yp2wfUEJfAPcNz/BmBKUBWBSoC8E3q7FC+0cxmK5Cx6uv/UVfo4vMw X-Received: by 2002:a9d:4c81:: with SMTP id m1mr3360306otf.5.1581705569751; Fri, 14 Feb 2020 10:39:29 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1581705569; cv=none; d=google.com; s=arc-20160816; b=c5BCE/JHijy63CImYOwoVDat7cWwGSi1NiITIOvA5WIxmjM6yWUM57TbQ1cv+LEKPB n8f+2a67Lk++llD9UYw2kOMXHHPSlHKU8+4jQDnQvDCqu72Wxan2Sp+5vKujehjDeL/Q og3KNHnI3TqOhqHq6n4QS8w2YQJESPRfCwr8Gv2gHJGOmXUecIxIPL/6v6/giG0GV7wO T46rUeO36Mm2W3yblcJKV3+xA+p1riQ16v/VlB0iQ9qBJVacycXyHTD3E0J7W5ZL1Flr vDchq0LaOMUorTibyE9X3/I4Y9/w0kxRbUIyAaDwtoU3eckpuQLcXsDIHNTQAJzh+98l 4iDw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=gPTpY/tm2Jq0rse5MLRi/Bu+07J2412S2XqcssqwVM0=; b=AbNeNT8a8KkxF+6tn02Ss8C9LeMPLLniN0UViML89RK6sAhSPCLpmehn3Ajbceet6a BRyzZiEseGgk6jTCpo1K73lrpU6RnQLtLSMTO1pvwA2IsgnTOyMdIDBx18PVviJSJ3Jl sPQe0peVu7AsJfOoV9il/5bS539bTjeilbjs2Gae0uGj2ycprqtk53BSiZXG6bHT4pOU /a1oxj83vtGseSfbFVXRv2Ri/Nb1Rqt/pucRKvPZoOn6SsYtBP7c3qKpY6qE4eqh8kUE 7w1pslwxb42g+Z9TRnQX9lcf7VGDw9Mf+zqo4pn3IiUPIbn/eXEbfj7b5MyBQGZ+4mSF +6cQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o2si3456419otj.312.2020.02.14.10.39.17; Fri, 14 Feb 2020 10:39:29 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730618AbgBNSiB (ORCPT + 99 others); Fri, 14 Feb 2020 13:38:01 -0500 Received: from youngberry.canonical.com ([91.189.89.112]:33634 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728239AbgBNSh7 (ORCPT ); Fri, 14 Feb 2020 13:37:59 -0500 Received: from ip5f5bf7ec.dynamic.kabel-deutschland.de ([95.91.247.236] helo=wittgenstein.fritz.box) by youngberry.canonical.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1j2fqM-0000uO-FL; Fri, 14 Feb 2020 18:37:38 +0000 From: Christian Brauner To: =?UTF-8?q?St=C3=A9phane=20Graber?= , "Eric W. Biederman" , Aleksa Sarai , Jann Horn Cc: smbarber@chromium.org, Seth Forshee , Alexander Viro , Alexey Dobriyan , Serge Hallyn , James Morris , Kees Cook , Jonathan Corbet , Phil Estes , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, containers@lists.linux-foundation.org, linux-security-module@vger.kernel.org, linux-api@vger.kernel.org, Christian Brauner Subject: [PATCH v2 05/28] proc: task_state(): use from_kfs{g,u}id_munged Date: Fri, 14 Feb 2020 19:35:31 +0100 Message-Id: <20200214183554.1133805-6-christian.brauner@ubuntu.com> X-Mailer: git-send-email 2.25.0 In-Reply-To: <20200214183554.1133805-1-christian.brauner@ubuntu.com> References: <20200214183554.1133805-1-christian.brauner@ubuntu.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org If fsid mappings have been written, this will cause proc to look at fsid mappings for the user namespace. If no fsid mappings have been written the behavior is as before. Here is part of the output from /proc//status from the initial user namespace for systemd running in an unprivileged container as user namespace root with id mapping 0 100000 100000 and fsid mapping 0 300000 100000: Name: systemd Umask: 0000 State: S (sleeping) Tgid: 13023 Ngid: 0 Pid: 13023 PPid: 13008 TracerPid: 0 Uid: 100000 100000 100000 300000 Gid: 100000 100000 100000 300000 FDSize: 64 Groups: Signed-off-by: Christian Brauner --- /* v2 */ unchanged --- fs/proc/array.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/fs/proc/array.c b/fs/proc/array.c index 5efaf3708ec6..d4a04f85a67e 100644 --- a/fs/proc/array.c +++ b/fs/proc/array.c @@ -91,6 +91,7 @@ #include #include #include +#include #include #include @@ -193,11 +194,11 @@ static inline void task_state(struct seq_file *m, struct pid_namespace *ns, seq_put_decimal_ull(m, "\nUid:\t", from_kuid_munged(user_ns, cred->uid)); seq_put_decimal_ull(m, "\t", from_kuid_munged(user_ns, cred->euid)); seq_put_decimal_ull(m, "\t", from_kuid_munged(user_ns, cred->suid)); - seq_put_decimal_ull(m, "\t", from_kuid_munged(user_ns, cred->fsuid)); + seq_put_decimal_ull(m, "\t", from_kfsuid_munged(user_ns, cred->fsuid)); seq_put_decimal_ull(m, "\nGid:\t", from_kgid_munged(user_ns, cred->gid)); seq_put_decimal_ull(m, "\t", from_kgid_munged(user_ns, cred->egid)); seq_put_decimal_ull(m, "\t", from_kgid_munged(user_ns, cred->sgid)); - seq_put_decimal_ull(m, "\t", from_kgid_munged(user_ns, cred->fsgid)); + seq_put_decimal_ull(m, "\t", from_kfsgid_munged(user_ns, cred->fsgid)); seq_put_decimal_ull(m, "\nFDSize:\t", max_fds); seq_puts(m, "\nGroups:\t"); -- 2.25.0