Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp2063187ybv; Fri, 14 Feb 2020 10:43:52 -0800 (PST) X-Google-Smtp-Source: APXvYqy/tG52HXcTgWu61gOflwHFLZeX9Xv3ng9gBeJe+8VpZE300SiuAjifFoh/m34bSGdzWs00 X-Received: by 2002:aca:c7ca:: with SMTP id x193mr2844802oif.70.1581705831760; Fri, 14 Feb 2020 10:43:51 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1581705831; cv=none; d=google.com; s=arc-20160816; b=LgIZcRoxdpsfw+gz4fat/oMVa+CINnLX58rbzHaNmA93+OffndGJACX+mEEXS15Luu dRsN7aAjaojQL8gciIfw9cUVWFrpeo+gFfHLIPLXEcnJWDKATIPgxhd/6wbDiFQnryxw S/L2udis0khmXHjhIl2XzUS0t/AwzQwaBHkj+az8XToTP8H9P2ylX19bllJP1sbWBiST Yd3YSqs4WcReI4YdxCsjPCIc5aL828Bogb+S9HlzAXn3BSVFTosbIsGZpQfFkBFZT1Kc PeStukBOWKUW4sUiaUjL/xyAzsYbqjT7DEJVl915UiplWdBpmkfsoHCKy5xaLGPlUqKG dR0w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=QdUkrA6pY/QAMUS69UbhiU2snUlKnR3uWGis2SxCVHM=; b=VYSavbW+x/WXLJ7nWS/IgkAWpq9UZbXfteXksGpolWtjBMbchNA38eL9mzuZhsOgtX zjTu04yhn/MwkEnrRscYdhdjxd4HqtyHiLRk0eohNIw88Q5fs/JmlPkRzpQFZvYctv5j 20bYkEwNfVZq3mpGFa2MWhuSmiOqq0Z1DVMZcrePztMCz0jyr0HOVsmxSkVftNfduuOz mpl52w1HQ5CqZmebA5lgY/kTNBuv9eMnY6wi7xSFIXp1ft7SaspGye1luQuMwnVWTBph Fnmjxg5/h6MNTIqioyLhahukmS3XcH9QJNOEZm9ce9btUY/r31HaG90wDHLStxgNFIgB IUfw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i15si3038060oik.46.2020.02.14.10.43.39; Fri, 14 Feb 2020 10:43:51 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2390528AbgBNSmc (ORCPT + 99 others); Fri, 14 Feb 2020 13:42:32 -0500 Received: from youngberry.canonical.com ([91.189.89.112]:33940 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388570AbgBNSmc (ORCPT ); Fri, 14 Feb 2020 13:42:32 -0500 Received: from ip5f5bf7ec.dynamic.kabel-deutschland.de ([95.91.247.236] helo=wittgenstein.fritz.box) by youngberry.canonical.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1j2fqm-0000uO-LT; Fri, 14 Feb 2020 18:38:04 +0000 From: Christian Brauner To: =?UTF-8?q?St=C3=A9phane=20Graber?= , "Eric W. Biederman" , Aleksa Sarai , Jann Horn Cc: smbarber@chromium.org, Seth Forshee , Alexander Viro , Alexey Dobriyan , Serge Hallyn , James Morris , Kees Cook , Jonathan Corbet , Phil Estes , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, containers@lists.linux-foundation.org, linux-security-module@vger.kernel.org, linux-api@vger.kernel.org, Christian Brauner Subject: [PATCH v2 25/28] commoncap: handle fsid mappings with vfs caps Date: Fri, 14 Feb 2020 19:35:51 +0100 Message-Id: <20200214183554.1133805-26-christian.brauner@ubuntu.com> X-Mailer: git-send-email 2.25.0 In-Reply-To: <20200214183554.1133805-1-christian.brauner@ubuntu.com> References: <20200214183554.1133805-1-christian.brauner@ubuntu.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Signed-off-by: Christian Brauner --- security/commoncap.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/security/commoncap.c b/security/commoncap.c index 0581c6aa8bdc..d2259dc0450b 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -328,7 +328,7 @@ static bool rootid_owns_currentns(kuid_t kroot) return false; for (ns = current_user_ns(); ; ns = ns->parent) { - if (from_kuid(ns, kroot) == 0) + if (from_kfsuid(ns, kroot) == 0) return true; if (ns == &init_user_ns) break; @@ -411,11 +411,11 @@ int cap_inode_getsecurity(struct inode *inode, const char *name, void **buffer, nscap = (struct vfs_ns_cap_data *) tmpbuf; root = le32_to_cpu(nscap->rootid); - kroot = make_kuid(fs_ns, root); + kroot = make_kfsuid(fs_ns, root); - /* If the root kuid maps to a valid uid in current ns, then return + /* If the root kfsuid maps to a valid uid in current ns, then return * this as a nscap. */ - mappedroot = from_kuid(current_user_ns(), kroot); + mappedroot = from_kfsuid(current_user_ns(), kroot); if (mappedroot != (uid_t)-1 && mappedroot != (uid_t)0) { if (alloc) { *buffer = tmpbuf; @@ -460,7 +460,7 @@ static kuid_t rootid_from_xattr(const void *value, size_t size, if (size == XATTR_CAPS_SZ_3) rootid = le32_to_cpu(nscap->rootid); - return make_kuid(task_ns, rootid); + return make_kfsuid(task_ns, rootid); } static bool validheader(size_t size, const struct vfs_cap_data *cap) @@ -501,7 +501,7 @@ int cap_convert_nscap(struct dentry *dentry, void **ivalue, size_t size) if (!uid_valid(rootid)) return -EINVAL; - nsrootid = from_kuid(fs_ns, rootid); + nsrootid = from_kfsuid(fs_ns, rootid); if (nsrootid == -1) return -EINVAL; @@ -600,7 +600,7 @@ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data cpu_caps->magic_etc = magic_etc = le32_to_cpu(caps->magic_etc); - rootkuid = make_kuid(fs_ns, 0); + rootkuid = make_kfsuid(fs_ns, 0); switch (magic_etc & VFS_CAP_REVISION_MASK) { case VFS_CAP_REVISION_1: if (size != XATTR_CAPS_SZ_1) @@ -616,7 +616,7 @@ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data if (size != XATTR_CAPS_SZ_3) return -EINVAL; tocopy = VFS_CAP_U32_3; - rootkuid = make_kuid(fs_ns, le32_to_cpu(nscaps->rootid)); + rootkuid = make_kfsuid(fs_ns, le32_to_cpu(nscaps->rootid)); break; default: -- 2.25.0