Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp506094ybt; Wed, 24 Jun 2020 04:46:26 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwBorGZ3hAiUbMxd6g/0TQBokqBbKABS0Fqxy2t3woSqoCSlyqTZlgheM53JePtExwetWvr X-Received: by 2002:a05:6402:283:: with SMTP id l3mr11507872edv.105.1592999186488; Wed, 24 Jun 2020 04:46:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1592999186; cv=none; d=google.com; s=arc-20160816; b=cHXGdckzBSLcrwj5Ecq4ZEuoNiSNtmdYq6r/bXIvhpbRLpvvrB1Zm45QLuFSb7+5n7 FmUVHs8Cy5Nfee+Cqex3NA1Pgt+EVg97Tlvu0k+QJ3uECuwwNx/GY0m57HrLpWgROkV/ poZIEpXWB3/t5JxgnrTTiOsHSlGqQybQigm/pl3DsJGJSsb3nVg6i1wpXfu8sMwpBOXT VLQpRsQWsUpsxfwsHlW6kbvEyqm4GPIPoHjEO/WyzgQDW9qkPJLcNXf/RGFqJ1Za1pOR da+97s0EMPpGZ7u67gW7njew621Z3+or+hABKz5ZI2pyT07PNVLw7GTA0EfElXya8x1/ s70Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=sE7zvTeo1f2Q/b4HRH9U9lWWTrfl3fmOE3A0casVEfk=; b=exHWYACcXomJuFCIPRzC2pcQhXp+NZn2up1cGociULCTbNm3ezlGSspSgoQ3NmjTcm 3tPgBovWlp63O3rcyA/7Pi4jVSh07PubrUc19jCz/JGlWRM0Au/Ql3apiB+ot2TxjqXM 7SxjiSMmy8YhHtkp21UaYTH3ABH5FOYW6l91UMgYbG2wE1zzjbPhkY80EaKOl4Bgv62s rWxsoqphwQ9zxY+YQj/fi4EqX5kFf9aLlpcjE7zJ/JDUMR/Eb7iOL2NaAMtZnDwzpUaw Co4AN/ovy3/WGypUcCUE53Nid4TpzEMDkFkRvK9vAtDfoOJlT+dCQtqlNNcY0tmjfW9/ CU8g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id bu27si327428edb.542.2020.06.24.04.46.02; Wed, 24 Jun 2020 04:46:26 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389143AbgFXLop (ORCPT + 99 others); Wed, 24 Jun 2020 07:44:45 -0400 Received: from mx2.suse.de ([195.135.220.15]:39432 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388844AbgFXLop (ORCPT ); Wed, 24 Jun 2020 07:44:45 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.221.27]) by mx2.suse.de (Postfix) with ESMTP id 892C4AF63; Wed, 24 Jun 2020 11:44:42 +0000 (UTC) Date: Wed, 24 Jun 2020 13:44:37 +0200 From: Michal =?iso-8859-1?Q?Koutn=FD?= To: Christian Brauner Cc: linux-kernel@vger.kernel.org, Alexander Viro , =?iso-8859-1?Q?St=E9phane?= Graber , Linux Containers , "Eric W . Biederman" , Serge Hallyn , Jann Horn , Michael Kerrisk , Aleksa Sarai , linux-api@vger.kernel.org, systemd-devel@lists.freedesktop.org Subject: Re: [PATCH v4 2/3] nsproxy: attach to namespaces via pidfds Message-ID: <20200624114437.GA117125@blackbook> References: <20200505140432.181565-1-christian.brauner@ubuntu.com> <20200505140432.181565-3-christian.brauner@ubuntu.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="WIyZ46R2i8wDzkSu" Content-Disposition: inline In-Reply-To: <20200505140432.181565-3-christian.brauner@ubuntu.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --WIyZ46R2i8wDzkSu Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi. On Tue, May 05, 2020 at 04:04:31PM +0200, Christian Brauner wrote: > -SYSCALL_DEFINE2(setns, int, fd, int, nstype) > +SYSCALL_DEFINE2(setns, int, fd, int, flags) > [...] > - file =3D proc_ns_fget(fd); > - if (IS_ERR(file)) > - return PTR_ERR(file); > + int err =3D 0; > =20 > - err =3D -EINVAL; > - ns =3D get_proc_ns(file_inode(file)); > - if (nstype && (ns->ops->type !=3D nstype)) > + file =3D fget(fd); > + if (!file) > + return -EBADF; > + > + if (proc_ns_file(file)) { > + ns =3D get_proc_ns(file_inode(file)); > + if (flags && (ns->ops->type !=3D flags)) > + err =3D -EINVAL; > + flags =3D ns->ops->type; > + } else if (pidfd_pid(file)) { > + err =3D check_setns_flags(flags); > + } else { > + err =3D -EBADF; > + } > + if (err) > goto out; > =20 > - err =3D prepare_nsset(ns->ops->type, &nsset); > + err =3D prepare_nsset(flags, &nsset); > if (err) > goto out; This modification changed the returned error when a valid file descriptor is passed but it doesn't represent a namespace (nor pidfd). The error is now EBADF although originally and per man page it was/should be EINVAL. A change like below would restore it, however, I see it may be less consistent with other pidfd calls(?), then I'd suggest updating the manpage to capture this. --- a/kernel/nsproxy.c +++ b/kernel/nsproxy.c @@ -531,7 +531,7 @@ SYSCALL_DEFINE2(setns, int, fd, int, flags) } else if (!IS_ERR(pidfd_pid(file))) { err =3D check_setns_flags(flags); } else { - err =3D -EBADF; + err =3D -EINVAL; } if (err) goto out; I noticed this breaks systemd self tests [1]. Regards, Michal [1] https://github.com/systemd/systemd/blob/a1ba8c5b71164665ccb53c9cec384e5= eef7d3689/src/test/test-seccomp.c#L246 --WIyZ46R2i8wDzkSu Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEEoQaUCWq8F2Id1tNia1+riC5qSgFAl7zPKAACgkQia1+riC5 qShOGhAAhxWTA7xASA29DshSor6gE8MSsisAOLrbdcAJxcTpEjK7SGBfiIAzRSqM ojDNJab5BA7AplrWQMI5dTvNC5OsdObhRe6HCzXeK/DL4st5WCHkGv084jGVtJkF t3uUc5yphr7K7Wyv5pTydMDYbPgVdtMLCMAJCzSSAm464cXc7yFUtLiuJTx4dWMS wj+dRMYjxqo8PMTo78lAOeo0Xga2sWunsc2RrvmCde1HAqEfX26xko2at3AhxJWI mA1qK4gYl0/0kRBKKbVH/Vc9cE3hVTwAKgLxm9JUJJoV/7zs61XPfGZZ1i1NUBJ5 ES1ybt5h1C5rtmpBGiH1Dd+D7i1ckdqEPupwJNzYze5y2QiEVVoF7csegk30Vdq7 0SQ9SAXOtRmfQC8VQXkWDOoqZarxPSgktRBfMZ3h18neURCFlmU0xcAY52mJODSf lyJPQmYUfCehLasPJJ3eUG9fhdSNuFH3Z6V2KfIjo2qKPbbEJONxb24OthyQzr6v kt3B/m7aseGZCxRu21SkkRIMa9aIngbkaOOiEwUd66wJtHKWJIn/D7sdcQvUGYpg e8J5uFPR7A0wJey2TZltEDF9nuuZarORd7BNREmm4nG1w3X3vsgUXXLfk9x8HQtg EG/+7T4HFcQXgeR/UBieyk0FQ98KRnJaSK6RJiShfEM2HIyvrZU= =zb4j -----END PGP SIGNATURE----- --WIyZ46R2i8wDzkSu--