Received: by 2002:a05:6a10:6744:0:0:0:0 with SMTP id w4csp5759848pxu; Thu, 22 Oct 2020 10:17:12 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxlmhcVb5XDR0Boug+ouMu1gWBDR78P4H7DOFuG+NtBjFQW2MjDzrVJkVs86B3QhCy7dK4L X-Received: by 2002:aa7:d992:: with SMTP id u18mr3171495eds.284.1603387032123; Thu, 22 Oct 2020 10:17:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1603387032; cv=none; d=google.com; s=arc-20160816; b=KIDrC+1wXaDS/0rT66hQNAlicp5abPr5Zb8MUMx5fa/KEVtwoczN8K6hwrI9Wdxwz2 yk7p5FC9aBwNMUgk54t8kfx50QIqqlXBprQTGFAiy8GWXQokEyd3T4aO7fXBTJQFJ+u2 i2oxizk9ZC/f8MRfkO/JhtoUr/VMugogh5PyCg7P6bPQZtROgtxHiNmhCMJmeWpgLPms 1K2RESWl9qAfhARUBl4HuHjMaLlGXbmR5+5dRvDPaHClnZ16lDLj7caJqWgHQH4gM/pY q4S6tpTeyHx+MHOMpyBMPql+BW8q4KmsROfj7vfS8IdRS6c3DPaV6hRFJHi5z2HPI/+v aRfw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-language:content-transfer-encoding :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject:dkim-signature; bh=c5p1zV1CqKVH8prpsj7PEX/s64deTtbH6mLHz/sTWPo=; b=p+Bn1Qv/L2NBtkyJ7cfjPPqMIVVOiQyY0HbluCJ6yDeAGSPUfl9hUWoRtDX5/VmG+y 9sE7KGs0ki7Irw0kIjgGI78y0QikI1lux9gcvQIM9+ILUws+N+rGAX1bQ1a82Mx+pSub m6ESF+u5OHb5McnFP1p5Cp6b+j76LNIeYn8iQyiSf+YoYO35jxD0r/fEchXq+8Xj21+T 2/SfcLML335T6x2/qSr1f0E1LMK3pMLpjKX9+U6q3Q/zUUI/HhaxopXzcsUI5EZdV9Lw p9XcHF9m3K9KjkyZTTub7OpVYG/afe1OQI+n/+rwRQ22oFen6A5Pi6fWh/oPaq8m5yYw PJMg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@android.com header.s=20161025 header.b="sPxj/eeS"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=android.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id g5si1311636edu.574.2020.10.22.10.16.49; Thu, 22 Oct 2020 10:17:12 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@android.com header.s=20161025 header.b="sPxj/eeS"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=android.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2899470AbgJVNSG (ORCPT + 99 others); Thu, 22 Oct 2020 09:18:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50504 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2899459AbgJVNSF (ORCPT ); Thu, 22 Oct 2020 09:18:05 -0400 Received: from mail-pj1-x1043.google.com (mail-pj1-x1043.google.com [IPv6:2607:f8b0:4864:20::1043]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 720B2C0613D2 for ; Thu, 22 Oct 2020 06:18:05 -0700 (PDT) Received: by mail-pj1-x1043.google.com with SMTP id o1so1011146pjt.2 for ; Thu, 22 Oct 2020 06:18:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=android.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding:content-language; bh=c5p1zV1CqKVH8prpsj7PEX/s64deTtbH6mLHz/sTWPo=; b=sPxj/eeSkGniZwpwGV+0kEAq//Ks1jlWunt480rMLYVSZRIi4xZOoKAn9mkn5HYPkN Fkw7AxIajl0UYvbLyw5iKfkrY3DUZs7/K5NVP0ecCTnIx4XoITfdeSBZU9NLP3nJbR+F m/CP8lnN5y45pgRiZup/NSe3sXBPCK7l1KQFu1/5XhbAsdix6UTYgjsk5NHZUggsf+R+ buouCHVOu8EJVTknoEH0SXsWkVrr8c8UNxqUbrsdOW6XsWwDwjpR++Idct8cm2lU+IO3 4ycrvMIJ47PM0kZ2TAbRvP2JqSFxdRFAQ6RAz6wopnTtNzOjDYWuHQiGClajvFJGWlHo G06Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=c5p1zV1CqKVH8prpsj7PEX/s64deTtbH6mLHz/sTWPo=; b=dtROhi7hJxfJS3CWYh1MJitJ53WGBqh5SaK/tJ298Pr67fmF3gAmgQg+VKM/acR9Fk 2fBa+Nouh1vWZLrDZlGS3jActjN0S0rC92KkU0/XJGAtbYiO5fQkI7UWBBcd+08JeedS 5vEZzxBuphhrM3YgrxdN8X11IpAKCzQ18hWJYyCGFTCScWi/jEllcz61aSIxvbB7eP9n Phwq2aJb1tLsABr/yVUBEk5AZvCqkDyu3BUh3MgWN2zyS4DdcN/5umC5BYVTq/xSQ26y 0KhLbsPEZRyUqYgieH6NICHbLQGI6GOkBR8Q7Gtq6vPn5NUiNvOLHrKESHWN2uo0/zLR d5tA== X-Gm-Message-State: AOAM532DH+UsvApzLzAh0gqmOZ5+pWcsocmgJ6bTk5ZXJhX+8OWtPyO+ aO7vBwjWtfq3vAEhOcJ0XZGXZg== X-Received: by 2002:a17:902:b40a:b029:d5:f77c:fb4e with SMTP id x10-20020a170902b40ab02900d5f77cfb4emr2576354plr.14.1603372684980; Thu, 22 Oct 2020 06:18:04 -0700 (PDT) Received: from nebulus.mtv.corp.google.com ([2620:15c:211:200:4a0f:cfff:fe35:d61b]) by smtp.googlemail.com with ESMTPSA id w19sm2248589pfn.174.2020.10.22.06.18.03 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 22 Oct 2020 06:18:04 -0700 (PDT) Subject: Re: [RESEND PATCH v18 0/4] overlayfs override_creds=off & nested get xattr fix To: Eric Biggers Cc: linux-kernel@vger.kernel.org, kernel-team@android.com, Miklos Szeredi , Jonathan Corbet , Vivek Goyal , "Eric W . Biederman" , Amir Goldstein , Randy Dunlap , Stephen Smalley , John Stultz , linux-doc@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-unionfs@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org References: <20201021151903.652827-1-salyzyn@android.com> <20201022051914.GI857@sol.localdomain> From: Mark Salyzyn Message-ID: Date: Thu, 22 Oct 2020 06:18:02 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.12.0 MIME-Version: 1.0 In-Reply-To: <20201022051914.GI857@sol.localdomain> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-GB Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 10/21/20 10:19 PM, Eric Biggers wrote: > On Wed, Oct 21, 2020 at 08:18:59AM -0700, Mark Salyzyn wrote: >> Mark Salyzyn (3): >> Add flags option to get xattr method paired to __vfs_getxattr >> overlayfs: handle XATTR_NOSECURITY flag for get xattr method >> overlayfs: override_creds=off option bypass creator_cred >> >> Mark Salyzyn + John Stultz (1): >> overlayfs: inode_owner_or_capable called during execv >> >> The first three patches address fundamental security issues that should >> be solved regardless of the override_creds=off feature. >> >> The fourth adds the feature depends on these other fixes. > FYI, I didn't receive patch 4, and neither https://lkml.kernel.org/linux-fsdevel > nor https://lkml.kernel.org/linux-unionfs have it either. > > - Eric Resent again, thanks.