Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp3708563pxb; Tue, 26 Jan 2021 02:41:30 -0800 (PST) X-Google-Smtp-Source: ABdhPJzztFU9YRYkQ44MJFyMikwwIFnOoZtTK2sHe7iTHY/i6pohYKt0mQxaOw3Q1MCP5aScdPLw X-Received: by 2002:aa7:db4e:: with SMTP id n14mr4048017edt.101.1611657690566; Tue, 26 Jan 2021 02:41:30 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1611657690; cv=none; d=google.com; s=arc-20160816; b=z6brbr9tQ9QUspqQyFHRoJeVVNrqBu7K6uODL7j4HEkWISO99sXlbxpvhmk/YfkAR0 EB/ywUpBq2mKXv0fsc3l4EE3QW0O/84YUomf/LNzHRg5p8jsPFxyHo9bVbPE3SfKZoCo 5WG01iBXxoJibSHEZhVVUnMXnEE++larjDtZ3mM6tvivWEpGz4FYIHt6Xw3DabSzZkNZ TC8k4i1j1TpP6vtLNEQKCzr0CB3defXFMnJ6/9iomJMj2tuE4pYtsdoAaj71n/NtgsZ1 lVLgovKUQLV9EDue71lTYzXbxoH7sOssO2n0+2X6gC6cQW56Ny2XpoxTowjumgExL5ul wjLw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=xxAVgjAWeUTEVk1HKoPhPhQyjhCFuGz73HIshLBYon4=; b=G/DT7kh5CStYQJj90eQiQLwQnusxSIUoOSzOc++5H2sZt1OW4IwH9VGgAlkB8L+yig IHGGwWUwv4pZZfiEgZqeMAbjrKWMk4y09Pqb5hUg27wK9sBx0TpkVJkBG5b6QPXaFAWp UnALqX1eNBv5uAhyns0hRzvNUOYDLOHcEeCzgT3BkJILwDPSolcBqm+Z+6z2NjzOArWo bW7CyFzmCy01tNbDnse/9Mha0CuCc19R4A2cMRJXZCvYIQFM8yMjnIKwo+Jt5wkzD8qS +kuGwBGNGAfbgJGk7Npgt1JPx6q++CAXCPjd+icitI8HSvtpz5egB3VOLT13Z5zSTjhQ PqHQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@tyhicks-com.20150623.gappssmtp.com header.s=20150623 header.b="riPm+/XU"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id f6si8826085edq.152.2021.01.26.02.41.06; Tue, 26 Jan 2021 02:41:30 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@tyhicks-com.20150623.gappssmtp.com header.s=20150623 header.b="riPm+/XU"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2404103AbhAZKiE (ORCPT + 99 others); Tue, 26 Jan 2021 05:38:04 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51894 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729907AbhAZBxp (ORCPT ); Mon, 25 Jan 2021 20:53:45 -0500 Received: from mail-ot1-x331.google.com (mail-ot1-x331.google.com [IPv6:2607:f8b0:4864:20::331]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DC855C06121C for ; Mon, 25 Jan 2021 17:53:01 -0800 (PST) Received: by mail-ot1-x331.google.com with SMTP id k8so14819823otr.8 for ; Mon, 25 Jan 2021 17:53:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tyhicks-com.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=xxAVgjAWeUTEVk1HKoPhPhQyjhCFuGz73HIshLBYon4=; b=riPm+/XUbjsAldf1p8jPot+uVTxVczaBXz0aEQG7pvqrNi1989sRc/7cbedqpPJPx9 nzsf66cprhMZT2cJbOEQAnxvi48Dds+OfeLAYrGgEbRez4WPjZ7WxbOHuJSganDrzCSi Y/15cdUHCTLPzgEzBOxIy8h27TyTOwjjBZpGjsievDj3LuyRVXuBDwo3n1ZT3pXS2N7V 2vlii1CFP1R7IoYfng2lqfkebgwsEVGHnh6Rd/Ok01UoeEZjeakwah+DQcwmHUu1F+uF AeglkbPIhIr6BMfzKfqBgePaBlZrhitoSQuxrRHN8B3xZo/nro6oNYhHlsOgx0FMwri0 b7mg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=xxAVgjAWeUTEVk1HKoPhPhQyjhCFuGz73HIshLBYon4=; b=M1VJ8hSoAUvsc2mi6KJY7bOpv2ZT4B9nShsFGZIEPQJkSO5gcprA+pOKlm0rr7c08u 4h7hU+xyUOMPIANzGiUulpupE2oIoMxZA9DjvM5Y9N310mcXZ6edq+5Vrv0sjS9Yi4tC hwSk8Nv2ydRDnhRO+oNBnUyQPSEVUjlaXnOOdUEkM90Ikgdtg2jUrYHlyXEUi/eWsKF1 0S1WsVUXxqBHONHpaWbPclxjBG6OZG4+uqz7Q65U6LGZvICnJhr1UxrYAo5Uxh+lhJU0 EfZyA2uP14F3PjcjlTsoXx6hnRn6cww7aAUqWi8Z84Lq386T77XbVcdH/Nz9xXvD7Uj+ Kngw== X-Gm-Message-State: AOAM533YuzUH+FIQvYqXeB/zx535VljHF4DDhbNLcomp5C1oUyH72d0e Y2VPxzrmq2SMPKoy5kjGaXGMNg== X-Received: by 2002:a05:6830:1545:: with SMTP id l5mr2484767otp.61.1611625981223; Mon, 25 Jan 2021 17:53:01 -0800 (PST) Received: from sequoia (162-237-133-238.lightspeed.rcsntx.sbcglobal.net. [162.237.133.238]) by smtp.gmail.com with ESMTPSA id y10sm2846742ooy.11.2021.01.25.17.53.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 25 Jan 2021 17:53:00 -0800 (PST) Date: Mon, 25 Jan 2021 19:52:59 -0600 From: Tyler Hicks To: Miklos Szeredi Cc: "Eric W . Biederman" , linux-fsdevel , overlayfs , linux-security-module@vger.kernel.org, lkml , "Serge E . Hallyn" Subject: Re: [PATCH 1/2] ecryptfs: fix uid translation for setxattr on security.capability Message-ID: <20210126015259.GC81247@sequoia> References: <20210119162204.2081137-1-mszeredi@redhat.com> <20210119162204.2081137-2-mszeredi@redhat.com> <20210122183141.GB81247@sequoia> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2021-01-25 14:25:38, Miklos Szeredi wrote: > On Fri, Jan 22, 2021 at 7:31 PM Tyler Hicks wrote: > > > > On 2021-01-19 17:22:03, Miklos Szeredi wrote: > > > Prior to commit 7c03e2cda4a5 ("vfs: move cap_convert_nscap() call into > > > vfs_setxattr()") the translation of nscap->rootid did not take stacked > > > filesystems (overlayfs and ecryptfs) into account. > > > > > > That patch fixed the overlay case, but made the ecryptfs case worse. > > > > Thanks for sending a fix! > > > > I know that you don't have an eCryptfs setup to test with but I'm at a > > loss about how to test this from the userns/fscaps side of things. Do > > you have a sequence of unshare/setcap/getcap commands that I can run on > > a file inside of an eCryptfs mount to verify that the bug exists after > > 7c03e2cda4a5 and then again to verify that this patch fixes the bug? > > You need two terminals: > $ = > # = root > > $ unshare -Um > $ echo $$ > > # echo "0 1000 1" > uid_map > # cp uid_map gid_map > # echo 1000 2000 1 >> uid_map > # echo 2000 3000 1 >> uid_map > # cat uid_map > /proc//uid_map > # cat gid_map > /proc//gid_map > $ mkdir ~/tmp ~/mnt > $ mount -t tmpfs tmpfs ~/tmp > $ pwd > /home/ > # nsenter -t -m > # [setup ecryptfs on /home//mnt using /home//tmp] > $ cd ~/mnt > $ touch test > $ /sbin/setcap -n 1000 cap_dac_override+eip test > $ /sbin/getcap -n test > test = cap_dac_override+eip [rootid=1000] > > Without the patch, I'm thinking that it will do a double translate and > end up with rootid=2000 in the user namespace, but I might well have > messed it up... > > Let me know how this goes. Spot-on instructions. Thank you for taking the time to provide the steps. I was able to repro the bug and verify the fix. The change visually looks good to me and it passed through the eCryptfs regression tests. I've pushed it to the eCryptfs next branch and I plan to submit it to Linus on Thursday. Thanks again! Tyler > > Thanks, > Miklos >