Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp5927115ybv; Tue, 18 Feb 2020 06:37:19 -0800 (PST) X-Google-Smtp-Source: APXvYqw13Z47jr8MrgsmyXt/N1WxJ7gkkD8lEGxsqrRemgqbBzKl+5jQCdsu8D7/ieCX9lg5TDDg X-Received: by 2002:a9d:1928:: with SMTP id j40mr16078988ota.68.1582036639154; Tue, 18 Feb 2020 06:37:19 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1582036639; cv=none; d=google.com; s=arc-20160816; b=APcXr4Ihbd0Iwc8HCnxRNzJ3Rmd4BEWMAdR9RXGQScowPmsfw4zt16zamBzPM1RAjP X82JiZGFl1rY3lhESqQu+/NyK9J7geSGJLdYelc7sGZ76jeHQ0T5Hf0PtcFtQNGa9oBb pId7oqGCCxEBjJlOBISBcG/XMFWJSg2Bd8LdSU7dRA5h3xl8GFzo1voxy9bMD1qYLjZ2 Ene9iyDJJdboHNCQn3A6JlusaL8T1vee+JMLdwz12g7t7kZzeROnNQyKsjW5JfkjVQJA sVvCTFkHkh/YVq+uhzYlRgMq0Vja3AGMZCrj/j8I5mITecJW7ttvq+7d/pN9DXsvVeiH QIBg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=hSEnEbEM/a9BuOO2iNofsvlY5R7ezT64juYaE4SHgGw=; b=s7PGLnH6+/aO3JT7MwH4plWXu1FmNBngAcbntXkumAIWE3Yo4In1/QtfBK93uNwwly m/ev9EBZU0uBPqjNvGq5gGsEZmqBcP5+AxNNRxNXKe7VNf+KHBPXiuJt4f4dU/LTYRK3 gAnKOkUo3/JwJ1+U3YiYAcldS7Jl9+K0x6LE5XqHrpjzj0CZ7/eDuOJkYzMhdJdme3eH 3dtX/lOQWk6kZ7T+t3D9mWHkG3COyLLK7EvF9DEJ95SWgg55Iq59HZvSJFng8V9wkehY cSJgAFWFw8Fpx8vgr9D2wUKAQKrkNxRurN+N3p+zXGVPYgIQp9naTTdzfussQfSHYGPf O5MQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y19si1735382oto.102.2020.02.18.06.37.06; Tue, 18 Feb 2020 06:37:19 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726858AbgBROfi (ORCPT + 99 others); Tue, 18 Feb 2020 09:35:38 -0500 Received: from youngberry.canonical.com ([91.189.89.112]:52981 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726750AbgBROff (ORCPT ); Tue, 18 Feb 2020 09:35:35 -0500 Received: from ip5f5bf7ec.dynamic.kabel-deutschland.de ([95.91.247.236] helo=wittgenstein.fritz.box) by youngberry.canonical.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1j43xv-0000fF-6f; Tue, 18 Feb 2020 14:35:11 +0000 From: Christian Brauner To: =?UTF-8?q?St=C3=A9phane=20Graber?= , "Eric W. Biederman" , Aleksa Sarai , Jann Horn Cc: smbarber@chromium.org, Seth Forshee , Alexander Viro , Alexey Dobriyan , Serge Hallyn , James Morris , Kees Cook , Jonathan Corbet , Phil Estes , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, containers@lists.linux-foundation.org, linux-security-module@vger.kernel.org, linux-api@vger.kernel.org, Christian Brauner Subject: [PATCH v3 07/25] proc: task_state(): use from_kfs{g,u}id_munged Date: Tue, 18 Feb 2020 15:33:53 +0100 Message-Id: <20200218143411.2389182-8-christian.brauner@ubuntu.com> X-Mailer: git-send-email 2.25.0 In-Reply-To: <20200218143411.2389182-1-christian.brauner@ubuntu.com> References: <20200218143411.2389182-1-christian.brauner@ubuntu.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org If fsid mappings have been written, this will cause proc to look at fsid mappings for the user namespace. If no fsid mappings have been written the behavior is as before. Here is part of the output from /proc//status from the initial user namespace for systemd running in an unprivileged container as user namespace root with id mapping 0 100000 100000 and fsid mapping 0 300000 100000: Name: systemd Umask: 0000 State: S (sleeping) Tgid: 13023 Ngid: 0 Pid: 13023 PPid: 13008 TracerPid: 0 Uid: 100000 100000 100000 300000 Gid: 100000 100000 100000 300000 FDSize: 64 Groups: Signed-off-by: Christian Brauner --- /* v2 */ unchanged /* v3 */ unchanged --- fs/proc/array.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/fs/proc/array.c b/fs/proc/array.c index 5efaf3708ec6..d4a04f85a67e 100644 --- a/fs/proc/array.c +++ b/fs/proc/array.c @@ -91,6 +91,7 @@ #include #include #include +#include #include #include @@ -193,11 +194,11 @@ static inline void task_state(struct seq_file *m, struct pid_namespace *ns, seq_put_decimal_ull(m, "\nUid:\t", from_kuid_munged(user_ns, cred->uid)); seq_put_decimal_ull(m, "\t", from_kuid_munged(user_ns, cred->euid)); seq_put_decimal_ull(m, "\t", from_kuid_munged(user_ns, cred->suid)); - seq_put_decimal_ull(m, "\t", from_kuid_munged(user_ns, cred->fsuid)); + seq_put_decimal_ull(m, "\t", from_kfsuid_munged(user_ns, cred->fsuid)); seq_put_decimal_ull(m, "\nGid:\t", from_kgid_munged(user_ns, cred->gid)); seq_put_decimal_ull(m, "\t", from_kgid_munged(user_ns, cred->egid)); seq_put_decimal_ull(m, "\t", from_kgid_munged(user_ns, cred->sgid)); - seq_put_decimal_ull(m, "\t", from_kgid_munged(user_ns, cred->fsgid)); + seq_put_decimal_ull(m, "\t", from_kfsgid_munged(user_ns, cred->fsgid)); seq_put_decimal_ull(m, "\nFDSize:\t", max_fds); seq_puts(m, "\nGroups:\t"); -- 2.25.0