Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp1144561ybh; Sun, 19 Jul 2020 09:51:44 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxjlWe6Vg0dzYsFBB84Aguu7Z/OfF7OprxNAMYi8b4iBsHUzDQJdE8TdPsjS1sUft6gHoSs X-Received: by 2002:a17:906:1f94:: with SMTP id t20mr16918175ejr.233.1595177504738; Sun, 19 Jul 2020 09:51:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1595177504; cv=none; d=google.com; s=arc-20160816; b=xQ7s3FKi9VoH2dyBAfrc01HO8tLEFLRX541opLyLVHi24hlxwWX6DruCdpMYnRrNd9 MrFF6FBWUW5O2UDwnDIKQNOD2T9GcdwD3dcy1It7IKY2MeD3QMVUvij9fnZPhVL7b9C9 OXxp5LQ3TzD+rDgf5PFXsAnK8izHqCUn8TAupYkr64xsc46Pe/kTbjyTSEJ3ZW7qVbJu ZbP/rrTA36o3F8ERKq5UJFUrVsIcKMMxreIg/qXVro21mqNGRgHZAXfNmgaTCrEd0OD/ 4WyqYSHd/Z1dWepF/k0OjBAs1WcSYrzIDFyrcJSw8D7bIgmQ+q2oTGtR7Hce5PP35wei 5hYA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=pDECnceK3sLONTbwFm6sCwC13/Mb7qJe/BU0pTBIPFo=; b=bcF0pZFytUBB6y9cxe8kmfpr79J7nOI/jfH73GJb+RrLMo1u4mDtKikoeis050XVxo dV+JI3weC3KganPAAizvj+n9TvHnY7t+HPz9v93j6mgOOcAJ5IQ0QC53QBcXiOhSEOAo 6Cxb5Ok2HZs3gEwC8tlqGfjPNKlpvnfJw1jEVcAZKjpeC2ohdDDF0RqBelqxjQBIGlhx xhLRM+0BD2Up7r1A6h5xWNFo8VmGUkMDdhx8RuxsyanpKCMTgSZ+NUyRcSvQ9WN1qXcg LF2eBJYr4fHqapjEQXvu78WpMqr/51HITrLI/3KOQlA6hqEx5gBTz/H9bZlyq7u4KiCa kqbA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id v25si9028916ejx.496.2020.07.19.09.51.21; Sun, 19 Jul 2020 09:51:44 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726255AbgGSQu5 (ORCPT + 99 others); Sun, 19 Jul 2020 12:50:57 -0400 Received: from mail.hallyn.com ([178.63.66.53]:52818 "EHLO mail.hallyn.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725783AbgGSQu5 (ORCPT ); Sun, 19 Jul 2020 12:50:57 -0400 Received: by mail.hallyn.com (Postfix, from userid 1001) id E91F9E93; Sun, 19 Jul 2020 11:50:54 -0500 (CDT) Date: Sun, 19 Jul 2020 11:50:54 -0500 From: "Serge E. Hallyn" To: Adrian Reber Cc: Christian Brauner , Eric Biederman , Pavel Emelyanov , Oleg Nesterov , Dmitry Safonov <0x7f454c46@gmail.com>, Andrei Vagin , Nicolas Viennot , =?utf-8?B?TWljaGHFgiBDxYJhcGnFhHNraQ==?= , Kamil Yurtsever , Dirk Petersen , Christine Flood , Casey Schaufler , Mike Rapoport , Radostin Stoyanov , Cyrill Gorcunov , Serge Hallyn , Stephen Smalley , Sargun Dhillon , Arnd Bergmann , linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, selinux@vger.kernel.org, Eric Paris , Jann Horn , linux-fsdevel@vger.kernel.org Subject: Re: [PATCH v6 4/7] proc: allow access in init userns for map_files with CAP_CHECKPOINT_RESTORE Message-ID: <20200719165054.GA3936@mail.hallyn.com> References: <20200719100418.2112740-1-areber@redhat.com> <20200719100418.2112740-5-areber@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200719100418.2112740-5-areber@redhat.com> User-Agent: Mutt/1.9.4 (2018-02-28) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Jul 19, 2020 at 12:04:14PM +0200, Adrian Reber wrote: > Opening files in /proc/pid/map_files when the current user is > CAP_CHECKPOINT_RESTORE capable in the root namespace is useful for > checkpointing and restoring to recover files that are unreachable via > the file system such as deleted files, or memfd files. > > Signed-off-by: Adrian Reber Reviewed-by: Serge Hallyn > Signed-off-by: Nicolas Viennot > Reviewed-by: Cyrill Gorcunov > --- > fs/proc/base.c | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) > > diff --git a/fs/proc/base.c b/fs/proc/base.c > index 65893686d1f1..b824a8c89011 100644 > --- a/fs/proc/base.c > +++ b/fs/proc/base.c > @@ -2194,16 +2194,16 @@ struct map_files_info { > }; > > /* > - * Only allow CAP_SYS_ADMIN to follow the links, due to concerns about how the > - * symlinks may be used to bypass permissions on ancestor directories in the > - * path to the file in question. > + * Only allow CAP_SYS_ADMIN and CAP_CHECKPOINT_RESTORE to follow the links, due > + * to concerns about how the symlinks may be used to bypass permissions on > + * ancestor directories in the path to the file in question. > */ > static const char * > proc_map_files_get_link(struct dentry *dentry, > struct inode *inode, > struct delayed_call *done) > { > - if (!capable(CAP_SYS_ADMIN)) > + if (!checkpoint_restore_ns_capable(&init_user_ns)) > return ERR_PTR(-EPERM); > > return proc_pid_get_link(dentry, inode, done); > -- > 2.26.2