tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge tag 'idmapped-mounts-v5.12' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux
Pull idmapped mounts from Christian Brauner:
"This introduces idmapped mounts which has been in the making for some
time. Simply put, different mounts can expose the same file or
directory with different ownership. This initial implementation comes
with ports for fat, ext4 and with Christoph's port for xfs with more
filesystems being actively worked on by independent people and
maintainers.
Idmapping mounts handle a wide range of long standing use-cases. Here
are just a few:
- Idmapped mounts make it possible to easily share files between
multiple users or multiple machines especially in complex
scenarios. For example, idmapped mounts will be used in the
implementation of portable home directories in
systemd-homed.service(8) where they allow users to move their home
directory to an external storage device and use it on multiple
computers where they are assigned different uids and gids. This
effectively makes it possible to assign random uids and gids at
login time.
- It is possible to share files from the host with unprivileged
containers without having to change ownership permanently through
chown(2).
- It is possible to idmap a container's rootfs and without having to
mangle every file. For example, Chromebooks use it to share the
user's Download folder with their unprivileged containers in their
Linux subsystem.
- It is possible to share files between containers with
non-overlapping idmappings.
- Filesystem that lack a proper concept of ownership such as fat can
use idmapped mounts to implement discretionary access (DAC)
permission checking.
- They allow users to efficiently changing ownership on a per-mount
basis without having to (recursively) chown(2) all files. In
contrast to chown (2) changing ownership of large sets of files is
instantenous with idmapped mounts. This is especially useful when
ownership of a whole root filesystem of a virtual machine or
container is changed. With idmapped mounts a single syscall
mount_setattr syscall will be sufficient to change the ownership of
all files.
- Idmapped mounts always take the current ownership into account as
idmappings specify what a given uid or gid is supposed to be mapped
to. This contrasts with the chown(2) syscall which cannot by itself
take the current ownership of the files it changes into account. It
simply changes the ownership to the specified uid and gid. This is
especially problematic when recursively chown(2)ing a large set of
files which is commong with the aforementioned portable home
directory and container and vm scenario.
- Idmapped mounts allow to change ownership locally, restricting it
to specific mounts, and temporarily as the ownership changes only
apply as long as the mount exists.
Several userspace projects have either already put up patches and
pull-requests for this feature or will do so should you decide to pull
this:
- systemd: In a wide variety of scenarios but especially right away
in their implementation of portable home directories.
https://systemd.io/HOME_DIRECTORY/
- container runtimes: containerd, runC, LXD:To share data between
host and unprivileged containers, unprivileged and privileged
containers, etc. The pull request for idmapped mounts support in
containerd, the default Kubernetes runtime is already up for quite
a while now: https://github.com/containerd/containerd/pull/4734
- The virtio-fs developers and several users have expressed interest
in using this feature with virtual machines once virtio-fs is
ported.
- ChromeOS: Sharing host-directories with unprivileged containers.
I've tightly synced with all those projects and all of those listed
here have also expressed their need/desire for this feature on the
mailing list. For more info on how people use this there's a bunch of
talks about this too. Here's just two recent ones:
https://www.cncf.io/wp-content/uploads/2020/12/Rootless-Containers-in-Gitpod.pdf
https://fosdem.org/2021/schedule/event/containers_idmap/
This comes with an extensive xfstests suite covering both ext4 and
xfs:
https://git.kernel.org/brauner/xfstests-dev/h/idmapped_mounts
It covers truncation, creation, opening, xattrs, vfscaps, setid
execution, setgid inheritance and more both with idmapped and
non-idmapped mounts. It already helped to discover an unrelated xfs
setgid inheritance bug which has since been fixed in mainline. It will
be sent for inclusion with the xfstests project should you decide to
merge this.
In order to support per-mount idmappings vfsmounts are marked with
user namespaces. The idmapping of the user namespace will be used to
map the ids of vfs objects when they are accessed through that mount.
By default all vfsmounts are marked with the initial user namespace.
The initial user namespace is used to indicate that a mount is not
idmapped. All operations behave as before and this is verified in the
testsuite.
Based on prior discussions we want to attach the whole user namespace
and not just a dedicated idmapping struct. This allows us to reuse all
the helpers that already exist for dealing with idmappings instead of
introducing a whole new range of helpers. In addition, if we decide in
the future that we are confident enough to enable unprivileged users
to setup idmapped mounts the permission checking can take into account
whether the caller is privileged in the user namespace the mount is
currently marked with.
The user namespace the mount will be marked with can be specified by
passing a file descriptor refering to the user namespace as an
argument to the new mount_setattr() syscall together with the new
MOUNT_ATTR_IDMAP flag. The system call follows the openat2() pattern
of extensibility.
The following conditions must be met in order to create an idmapped
mount:
- The caller must currently have the CAP_SYS_ADMIN capability in the
user namespace the underlying filesystem has been mounted in.
- The underlying filesystem must support idmapped mounts.
- The mount must not already be idmapped. This also implies that the
idmapping of a mount cannot be altered once it has been idmapped.
- The mount must be a detached/anonymous mount, i.e. it must have
been created by calling open_tree() with the OPEN_TREE_CLONE flag
and it must not already have been visible in the filesystem.
The last two points guarantee easier semantics for userspace and the
kernel and make the implementation significantly simpler.
By default vfsmounts are marked with the initial user namespace and no
behavioral or performance changes are observed.
The manpage with a detailed description can be found here:
https://git.kernel.org/brauner/man-pages/c/1d7b902e2875a1ff342e036a9f866a995640aea8
In order to support idmapped mounts, filesystems need to be changed
and mark themselves with the FS_ALLOW_IDMAP flag in fs_flags. The
patches to convert individual filesystem are not very large or
complicated overall as can be seen from the included fat, ext4, and
xfs ports. Patches for other filesystems are actively worked on and
will be sent out separately. The xfstestsuite can be used to verify
that port has been done correctly.
The mount_setattr() syscall is motivated independent of the idmapped
mounts patches and it's been around since July 2019. One of the most
valuable features of the new mount api is the ability to perform
mounts based on file descriptors only.
Together with the lookup restrictions available in the openat2()
RESOLVE_* flag namespace which we added in v5.6 this is the first time
we are close to hardened and race-free (e.g. symlinks) mounting and
path resolution.
While userspace has started porting to the new mount api to mount
proper filesystems and create new bind-mounts it is currently not
possible to change mount options of an already existing bind mount in
the new mount api since the mount_setattr() syscall is missing.
With the addition of the mount_setattr() syscall we remove this last
restriction and userspace can now fully port to the new mount api,
covering every use-case the old mount api could. We also add the
crucial ability to recursively change mount options for a whole mount
tree, both removing and adding mount options at the same time. This
syscall has been requested multiple times by various people and
projects.
There is a simple tool available at
https://github.com/brauner/mount-idmapped
that allows to create idmapped mounts so people can play with this
patch series. I'll add support for the regular mount binary should you
decide to pull this in the following weeks:
Here's an example to a simple idmapped mount of another user's home
directory:
u1001@f2-vm:/$ sudo ./mount --idmap both:1000:1001:1 /home/ubuntu/ /mnt
u1001@f2-vm:/$ ls -al /home/ubuntu/
total 28
drwxr-xr-x 2 ubuntu ubuntu 4096 Oct 28 22:07 .
drwxr-xr-x 4 root root 4096 Oct 28 04:00 ..
-rw------- 1 ubuntu ubuntu 3154 Oct 28 22:12 .bash_history
-rw-r--r-- 1 ubuntu ubuntu 220 Feb 25 2020 .bash_logout
-rw-r--r-- 1 ubuntu ubuntu 3771 Feb 25 2020 .bashrc
-rw-r--r-- 1 ubuntu ubuntu 807 Feb 25 2020 .profile
-rw-r--r-- 1 ubuntu ubuntu 0 Oct 16 16:11 .sudo_as_admin_successful
-rw------- 1 ubuntu ubuntu 1144 Oct 28 00:43 .viminfo
u1001@f2-vm:/$ ls -al /mnt/
total 28
drwxr-xr-x 2 u1001 u1001 4096 Oct 28 22:07 .
drwxr-xr-x 29 root root 4096 Oct 28 22:01 ..
-rw------- 1 u1001 u1001 3154 Oct 28 22:12 .bash_history
-rw-r--r-- 1 u1001 u1001 220 Feb 25 2020 .bash_logout
-rw-r--r-- 1 u1001 u1001 3771 Feb 25 2020 .bashrc
-rw-r--r-- 1 u1001 u1001 807 Feb 25 2020 .profile
-rw-r--r-- 1 u1001 u1001 0 Oct 16 16:11 .sudo_as_admin_successful
-rw------- 1 u1001 u1001 1144 Oct 28 00:43 .viminfo
u1001@f2-vm:/$ touch /mnt/my-file
u1001@f2-vm:/$ setfacl -m u:1001:rwx /mnt/my-file
u1001@f2-vm:/$ sudo setcap -n 1001 cap_net_raw+ep /mnt/my-file
u1001@f2-vm:/$ ls -al /mnt/my-file
-rw-rwxr--+ 1 u1001 u1001 0 Oct 28 22:14 /mnt/my-file
u1001@f2-vm:/$ ls -al /home/ubuntu/my-file
-rw-rwxr--+ 1 ubuntu ubuntu 0 Oct 28 22:14 /home/ubuntu/my-file
u1001@f2-vm:/$ getfacl /mnt/my-file
getfacl: Removing leading '/' from absolute path names
# file: mnt/my-file
# owner: u1001
# group: u1001
user::rw-
user:u1001:rwx
group::rw-
mask::rwx
other::r--
u1001@f2-vm:/$ getfacl /home/ubuntu/my-file
getfacl: Removing leading '/' from absolute path names
# file: home/ubuntu/my-file
# owner: ubuntu
# group: ubuntu
user::rw-
user:ubuntu:rwx
group::rw-
mask::rwx
other::r--"
* tag 'idmapped-mounts-v5.12' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux: (41 commits)
xfs: remove the possibly unused mp variable in xfs_file_compat_ioctl
xfs: support idmapped mounts
ext4: support idmapped mounts
fat: handle idmapped mounts
tests: add mount_setattr() selftests
fs: introduce MOUNT_ATTR_IDMAP
fs: add mount_setattr()
fs: add attr_flags_to_mnt_flags helper
fs: split out functions to hold writers
namespace: only take read lock in do_reconfigure_mnt()
mount: make {lock,unlock}_mount_hash() static
namespace: take lock_mount_hash() directly when changing flags
nfs: do not export idmapped mounts
overlayfs: do not mount on top of idmapped mounts
ecryptfs: do not mount on top of idmapped mounts
ima: handle idmapped mounts
apparmor: handle idmapped mounts
fs: make helpers idmap mount aware
exec: handle idmapped mounts
would_dump: handle idmapped mounts
...
+4902
-1761
+4
-3
Documentation/filesystems/locking.rst
+4
-3
Documentation/filesystems/locking.rst
···
126
126
int (*get)(const struct xattr_handler *handler, struct dentry *dentry,
127
127
struct inode *inode, const char *name, void *buffer,
128
128
size_t size);
129
-
int (*set)(const struct xattr_handler *handler, struct dentry *dentry,
130
-
struct inode *inode, const char *name, const void *buffer,
131
-
size_t size, int flags);
129
+
int (*set)(const struct xattr_handler *handler,
130
+
struct user_namespace *mnt_userns,
131
+
struct dentry *dentry, struct inode *inode, const char *name,
132
+
const void *buffer, size_t size, int flags);
132
133
133
134
locking rules:
134
135
all may block
+2
Documentation/filesystems/porting.rst
+2
Documentation/filesystems/porting.rst
···
717
717
**mandatory**
718
718
719
719
->setxattr() and xattr_handler.set() get dentry and inode passed separately.
720
+
The xattr_handler.set() gets passed the user namespace of the mount the inode
721
+
is seen from so filesystems can idmap the i_uid and i_gid accordingly.
720
722
dentry might be yet to be attached to inode, so do _not_ use its ->d_inode
721
723
in the instances. Rationale: !@#!@# security_d_instantiate() needs to be
722
724
called before we attach dentry to inode and !@#!@##!@$!$#!@#$!@$!@$ smack
+10
-9
Documentation/filesystems/vfs.rst
+10
-9
Documentation/filesystems/vfs.rst
···
418
418
.. code-block:: c
419
419
420
420
struct inode_operations {
421
-
int (*create) (struct inode *,struct dentry *, umode_t, bool);
421
+
int (*create) (struct user_namespace *, struct inode *,struct dentry *, umode_t, bool);
422
422
struct dentry * (*lookup) (struct inode *,struct dentry *, unsigned int);
423
423
int (*link) (struct dentry *,struct inode *,struct dentry *);
424
424
int (*unlink) (struct inode *,struct dentry *);
425
-
int (*symlink) (struct inode *,struct dentry *,const char *);
426
-
int (*mkdir) (struct inode *,struct dentry *,umode_t);
425
+
int (*symlink) (struct user_namespace *, struct inode *,struct dentry *,const char *);
426
+
int (*mkdir) (struct user_namespace *, struct inode *,struct dentry *,umode_t);
427
427
int (*rmdir) (struct inode *,struct dentry *);
428
-
int (*mknod) (struct inode *,struct dentry *,umode_t,dev_t);
429
-
int (*rename) (struct inode *, struct dentry *,
428
+
int (*mknod) (struct user_namespace *, struct inode *,struct dentry *,umode_t,dev_t);
429
+
int (*rename) (struct user_namespace *, struct inode *, struct dentry *,
430
430
struct inode *, struct dentry *, unsigned int);
431
431
int (*readlink) (struct dentry *, char __user *,int);
432
432
const char *(*get_link) (struct dentry *, struct inode *,
433
433
struct delayed_call *);
434
-
int (*permission) (struct inode *, int);
434
+
int (*permission) (struct user_namespace *, struct inode *, int);
435
435
int (*get_acl)(struct inode *, int);
436
-
int (*setattr) (struct dentry *, struct iattr *);
437
-
int (*getattr) (const struct path *, struct kstat *, u32, unsigned int);
436
+
int (*setattr) (struct user_namespace *, struct dentry *, struct iattr *);
437
+
int (*getattr) (struct user_namespace *, const struct path *, struct kstat *, u32, unsigned int);
438
438
ssize_t (*listxattr) (struct dentry *, char *, size_t);
439
439
void (*update_time)(struct inode *, struct timespec *, int);
440
440
int (*atomic_open)(struct inode *, struct dentry *, struct file *,
441
441
unsigned open_flag, umode_t create_mode);
442
-
int (*tmpfile) (struct inode *, struct dentry *, umode_t);
442
+
int (*tmpfile) (struct user_namespace *, struct inode *, struct dentry *, umode_t);
443
+
int (*set_acl)(struct user_namespace *, struct inode *, struct posix_acl *, int);
443
444
};
444
445
445
446
Again, all methods are called without any locks being held, unless
+1
arch/alpha/kernel/syscalls/syscall.tbl
+1
arch/alpha/kernel/syscalls/syscall.tbl
+1
arch/arm/tools/syscall.tbl
+1
arch/arm/tools/syscall.tbl
+1
-1
arch/arm64/include/asm/unistd.h
+1
-1
arch/arm64/include/asm/unistd.h
+2
arch/arm64/include/asm/unistd32.h
+2
arch/arm64/include/asm/unistd32.h
···
891
891
__SYSCALL(__NR_process_madvise, sys_process_madvise)
892
892
#define __NR_epoll_pwait2 441
893
893
__SYSCALL(__NR_epoll_pwait2, compat_sys_epoll_pwait2)
894
+
#define __NR_mount_setattr 442
895
+
__SYSCALL(__NR_mount_setattr, sys_mount_setattr)
894
896
895
897
/*
896
898
* Please add new compat syscalls above this comment and update
+1
arch/ia64/kernel/syscalls/syscall.tbl
+1
arch/ia64/kernel/syscalls/syscall.tbl
+1
arch/m68k/kernel/syscalls/syscall.tbl
+1
arch/m68k/kernel/syscalls/syscall.tbl
+1
arch/microblaze/kernel/syscalls/syscall.tbl
+1
arch/microblaze/kernel/syscalls/syscall.tbl
+1
arch/mips/kernel/syscalls/syscall_n32.tbl
+1
arch/mips/kernel/syscalls/syscall_n32.tbl
+1
arch/mips/kernel/syscalls/syscall_n64.tbl
+1
arch/mips/kernel/syscalls/syscall_n64.tbl
+1
arch/mips/kernel/syscalls/syscall_o32.tbl
+1
arch/mips/kernel/syscalls/syscall_o32.tbl
+1
arch/parisc/kernel/syscalls/syscall.tbl
+1
arch/parisc/kernel/syscalls/syscall.tbl
+1
arch/powerpc/kernel/syscalls/syscall.tbl
+1
arch/powerpc/kernel/syscalls/syscall.tbl
+3
-2
arch/powerpc/platforms/cell/spufs/inode.c
+3
-2
arch/powerpc/platforms/cell/spufs/inode.c
···
91
91
}
92
92
93
93
static int
94
-
spufs_setattr(struct dentry *dentry, struct iattr *attr)
94
+
spufs_setattr(struct user_namespace *mnt_userns, struct dentry *dentry,
95
+
struct iattr *attr)
95
96
{
96
97
struct inode *inode = d_inode(dentry);
97
98
98
99
if ((attr->ia_valid & ATTR_SIZE) &&
99
100
(attr->ia_size != inode->i_size))
100
101
return -EINVAL;
101
-
setattr_copy(inode, attr);
102
+
setattr_copy(&init_user_ns, inode, attr);
102
103
mark_inode_dirty(inode);
103
104
return 0;
104
105
}
+1
arch/s390/kernel/syscalls/syscall.tbl
+1
arch/s390/kernel/syscalls/syscall.tbl
+1
arch/sh/kernel/syscalls/syscall.tbl
+1
arch/sh/kernel/syscalls/syscall.tbl
+1
arch/sparc/kernel/syscalls/syscall.tbl
+1
arch/sparc/kernel/syscalls/syscall.tbl
+1
arch/x86/entry/syscalls/syscall_32.tbl
+1
arch/x86/entry/syscalls/syscall_32.tbl
+1
arch/x86/entry/syscalls/syscall_64.tbl
+1
arch/x86/entry/syscalls/syscall_64.tbl
···
363
363
439 common faccessat2 sys_faccessat2
364
364
440 common process_madvise sys_process_madvise
365
365
441 common epoll_pwait2 sys_epoll_pwait2
366
+
442 common mount_setattr sys_mount_setattr
366
367
367
368
#
368
369
# Due to a historical design error, certain syscalls are numbered differently
+1
arch/xtensa/kernel/syscalls/syscall.tbl
+1
arch/xtensa/kernel/syscalls/syscall.tbl
+4
-2
drivers/android/binderfs.c
+4
-2
drivers/android/binderfs.c
···
355
355
return info->control_dentry == dentry;
356
356
}
357
357
358
-
static int binderfs_rename(struct inode *old_dir, struct dentry *old_dentry,
358
+
static int binderfs_rename(struct user_namespace *mnt_userns,
359
+
struct inode *old_dir, struct dentry *old_dentry,
359
360
struct inode *new_dir, struct dentry *new_dentry,
360
361
unsigned int flags)
361
362
{
···
364
363
is_binderfs_control_device(new_dentry))
365
364
return -EPERM;
366
365
367
-
return simple_rename(old_dir, old_dentry, new_dir, new_dentry, flags);
366
+
return simple_rename(&init_user_ns, old_dir, old_dentry, new_dir,
367
+
new_dentry, flags);
368
368
}
369
369
370
370
static int binderfs_unlink(struct inode *dir, struct dentry *dentry)
+9
-6
drivers/base/devtmpfs.c
+9
-6
drivers/base/devtmpfs.c
···
162
162
if (IS_ERR(dentry))
163
163
return PTR_ERR(dentry);
164
164
165
-
err = vfs_mkdir(d_inode(path.dentry), dentry, mode);
165
+
err = vfs_mkdir(&init_user_ns, d_inode(path.dentry), dentry, mode);
166
166
if (!err)
167
167
/* mark as kernel-created inode */
168
168
d_inode(dentry)->i_private = &thread;
···
212
212
if (IS_ERR(dentry))
213
213
return PTR_ERR(dentry);
214
214
215
-
err = vfs_mknod(d_inode(path.dentry), dentry, mode, dev->devt);
215
+
err = vfs_mknod(&init_user_ns, d_inode(path.dentry), dentry, mode,
216
+
dev->devt);
216
217
if (!err) {
217
218
struct iattr newattrs;
218
219
···
222
221
newattrs.ia_gid = gid;
223
222
newattrs.ia_valid = ATTR_MODE|ATTR_UID|ATTR_GID;
224
223
inode_lock(d_inode(dentry));
225
-
notify_change(dentry, &newattrs, NULL);
224
+
notify_change(&init_user_ns, dentry, &newattrs, NULL);
226
225
inode_unlock(d_inode(dentry));
227
226
228
227
/* mark as kernel-created inode */
···
243
242
return PTR_ERR(dentry);
244
243
if (d_really_is_positive(dentry)) {
245
244
if (d_inode(dentry)->i_private == &thread)
246
-
err = vfs_rmdir(d_inode(parent.dentry), dentry);
245
+
err = vfs_rmdir(&init_user_ns, d_inode(parent.dentry),
246
+
dentry);
247
247
else
248
248
err = -EPERM;
249
249
} else {
···
330
328
newattrs.ia_valid =
331
329
ATTR_UID|ATTR_GID|ATTR_MODE;
332
330
inode_lock(d_inode(dentry));
333
-
notify_change(dentry, &newattrs, NULL);
331
+
notify_change(&init_user_ns, dentry, &newattrs, NULL);
334
332
inode_unlock(d_inode(dentry));
335
-
err = vfs_unlink(d_inode(parent.dentry), dentry, NULL);
333
+
err = vfs_unlink(&init_user_ns, d_inode(parent.dentry),
334
+
dentry, NULL);
336
335
if (!err || err == -ENOENT)
337
336
deleted = 1;
338
337
}
+5
-3
fs/9p/acl.c
+5
-3
fs/9p/acl.c
···
239
239
}
240
240
241
241
static int v9fs_xattr_set_acl(const struct xattr_handler *handler,
242
+
struct user_namespace *mnt_userns,
242
243
struct dentry *dentry, struct inode *inode,
243
244
const char *name, const void *value,
244
245
size_t size, int flags)
···
259
258
260
259
if (S_ISLNK(inode->i_mode))
261
260
return -EOPNOTSUPP;
262
-
if (!inode_owner_or_capable(inode))
261
+
if (!inode_owner_or_capable(&init_user_ns, inode))
263
262
return -EPERM;
264
263
if (value) {
265
264
/* update the cached acl value */
···
280
279
struct iattr iattr = { 0 };
281
280
struct posix_acl *old_acl = acl;
282
281
283
-
retval = posix_acl_update_mode(inode, &iattr.ia_mode, &acl);
282
+
retval = posix_acl_update_mode(&init_user_ns, inode,
283
+
&iattr.ia_mode, &acl);
284
284
if (retval)
285
285
goto err_out;
286
286
if (!acl) {
···
299
297
* What is the following setxattr update the
300
298
* mode ?
301
299
*/
302
-
v9fs_vfs_setattr_dotl(dentry, &iattr);
300
+
v9fs_vfs_setattr_dotl(&init_user_ns, dentry, &iattr);
303
301
}
304
302
break;
305
303
case ACL_TYPE_DEFAULT:
+2
-1
fs/9p/v9fs.h
+2
-1
fs/9p/v9fs.h
···
135
135
unsigned int flags);
136
136
extern int v9fs_vfs_unlink(struct inode *i, struct dentry *d);
137
137
extern int v9fs_vfs_rmdir(struct inode *i, struct dentry *d);
138
-
extern int v9fs_vfs_rename(struct inode *old_dir, struct dentry *old_dentry,
138
+
extern int v9fs_vfs_rename(struct user_namespace *mnt_userns,
139
+
struct inode *old_dir, struct dentry *old_dentry,
139
140
struct inode *new_dir, struct dentry *new_dentry,
140
141
unsigned int flags);
141
142
extern struct inode *v9fs_inode_from_fid(struct v9fs_session_info *v9ses,
+2
-1
fs/9p/v9fs_vfs.h
+2
-1
fs/9p/v9fs_vfs.h
···
59
59
int v9fs_uflags2omode(int uflags, int extended);
60
60
61
61
void v9fs_blank_wstat(struct p9_wstat *wstat);
62
-
int v9fs_vfs_setattr_dotl(struct dentry *, struct iattr *);
62
+
int v9fs_vfs_setattr_dotl(struct user_namespace *, struct dentry *,
63
+
struct iattr *);
63
64
int v9fs_file_fsync_dotl(struct file *filp, loff_t start, loff_t end,
64
65
int datasync);
65
66
int v9fs_refresh_inode(struct p9_fid *fid, struct inode *inode);
+20
-16
fs/9p/vfs_inode.c
+20
-16
fs/9p/vfs_inode.c
···
251
251
{
252
252
int err = 0;
253
253
254
-
inode_init_owner(inode, NULL, mode);
254
+
inode_init_owner(&init_user_ns,inode, NULL, mode);
255
255
inode->i_blocks = 0;
256
256
inode->i_rdev = rdev;
257
257
inode->i_atime = inode->i_mtime = inode->i_ctime = current_time(inode);
···
676
676
*/
677
677
678
678
static int
679
-
v9fs_vfs_create(struct inode *dir, struct dentry *dentry, umode_t mode,
680
-
bool excl)
679
+
v9fs_vfs_create(struct user_namespace *mnt_userns, struct inode *dir,
680
+
struct dentry *dentry, umode_t mode, bool excl)
681
681
{
682
682
struct v9fs_session_info *v9ses = v9fs_inode2v9ses(dir);
683
683
u32 perm = unixmode2p9mode(v9ses, mode);
···
702
702
*
703
703
*/
704
704
705
-
static int v9fs_vfs_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
705
+
static int v9fs_vfs_mkdir(struct user_namespace *mnt_userns, struct inode *dir,
706
+
struct dentry *dentry, umode_t mode)
706
707
{
707
708
int err;
708
709
u32 perm;
···
908
907
*/
909
908
910
909
int
911
-
v9fs_vfs_rename(struct inode *old_dir, struct dentry *old_dentry,
912
-
struct inode *new_dir, struct dentry *new_dentry,
913
-
unsigned int flags)
910
+
v9fs_vfs_rename(struct user_namespace *mnt_userns, struct inode *old_dir,
911
+
struct dentry *old_dentry, struct inode *new_dir,
912
+
struct dentry *new_dentry, unsigned int flags)
914
913
{
915
914
int retval;
916
915
struct inode *old_inode;
···
1017
1016
*/
1018
1017
1019
1018
static int
1020
-
v9fs_vfs_getattr(const struct path *path, struct kstat *stat,
1021
-
u32 request_mask, unsigned int flags)
1019
+
v9fs_vfs_getattr(struct user_namespace *mnt_userns, const struct path *path,
1020
+
struct kstat *stat, u32 request_mask, unsigned int flags)
1022
1021
{
1023
1022
struct dentry *dentry = path->dentry;
1024
1023
struct v9fs_session_info *v9ses;
···
1028
1027
p9_debug(P9_DEBUG_VFS, "dentry: %p\n", dentry);
1029
1028
v9ses = v9fs_dentry2v9ses(dentry);
1030
1029
if (v9ses->cache == CACHE_LOOSE || v9ses->cache == CACHE_FSCACHE) {
1031
-
generic_fillattr(d_inode(dentry), stat);
1030
+
generic_fillattr(&init_user_ns, d_inode(dentry), stat);
1032
1031
return 0;
1033
1032
}
1034
1033
fid = v9fs_fid_lookup(dentry);
···
1041
1040
return PTR_ERR(st);
1042
1041
1043
1042
v9fs_stat2inode(st, d_inode(dentry), dentry->d_sb, 0);
1044
-
generic_fillattr(d_inode(dentry), stat);
1043
+
generic_fillattr(&init_user_ns, d_inode(dentry), stat);
1045
1044
1046
1045
p9stat_free(st);
1047
1046
kfree(st);
···
1055
1054
*
1056
1055
*/
1057
1056
1058
-
static int v9fs_vfs_setattr(struct dentry *dentry, struct iattr *iattr)
1057
+
static int v9fs_vfs_setattr(struct user_namespace *mnt_userns,
1058
+
struct dentry *dentry, struct iattr *iattr)
1059
1059
{
1060
1060
int retval, use_dentry = 0;
1061
1061
struct v9fs_session_info *v9ses;
···
1064
1062
struct p9_wstat wstat;
1065
1063
1066
1064
p9_debug(P9_DEBUG_VFS, "\n");
1067
-
retval = setattr_prepare(dentry, iattr);
1065
+
retval = setattr_prepare(&init_user_ns, dentry, iattr);
1068
1066
if (retval)
1069
1067
return retval;
1070
1068
···
1120
1118
1121
1119
v9fs_invalidate_inode_attr(d_inode(dentry));
1122
1120
1123
-
setattr_copy(d_inode(dentry), iattr);
1121
+
setattr_copy(&init_user_ns, d_inode(dentry), iattr);
1124
1122
mark_inode_dirty(d_inode(dentry));
1125
1123
return 0;
1126
1124
}
···
1297
1295
*/
1298
1296
1299
1297
static int
1300
-
v9fs_vfs_symlink(struct inode *dir, struct dentry *dentry, const char *symname)
1298
+
v9fs_vfs_symlink(struct user_namespace *mnt_userns, struct inode *dir,
1299
+
struct dentry *dentry, const char *symname)
1301
1300
{
1302
1301
p9_debug(P9_DEBUG_VFS, " %lu,%pd,%s\n",
1303
1302
dir->i_ino, dentry, symname);
···
1351
1348
*/
1352
1349
1353
1350
static int
1354
-
v9fs_vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t rdev)
1351
+
v9fs_vfs_mknod(struct user_namespace *mnt_userns, struct inode *dir,
1352
+
struct dentry *dentry, umode_t mode, dev_t rdev)
1355
1353
{
1356
1354
struct v9fs_session_info *v9ses = v9fs_inode2v9ses(dir);
1357
1355
int retval;
+21
-18
fs/9p/vfs_inode_dotl.c
+21
-18
fs/9p/vfs_inode_dotl.c
···
33
33
#include "acl.h"
34
34
35
35
static int
36
-
v9fs_vfs_mknod_dotl(struct inode *dir, struct dentry *dentry, umode_t omode,
37
-
dev_t rdev);
36
+
v9fs_vfs_mknod_dotl(struct user_namespace *mnt_userns, struct inode *dir,
37
+
struct dentry *dentry, umode_t omode, dev_t rdev);
38
38
39
39
/**
40
40
* v9fs_get_fsgid_for_create - Helper function to get the gid for creating a
···
218
218
*/
219
219
220
220
static int
221
-
v9fs_vfs_create_dotl(struct inode *dir, struct dentry *dentry, umode_t omode,
222
-
bool excl)
221
+
v9fs_vfs_create_dotl(struct user_namespace *mnt_userns, struct inode *dir,
222
+
struct dentry *dentry, umode_t omode, bool excl)
223
223
{
224
-
return v9fs_vfs_mknod_dotl(dir, dentry, omode, 0);
224
+
return v9fs_vfs_mknod_dotl(mnt_userns, dir, dentry, omode, 0);
225
225
}
226
226
227
227
static int
···
367
367
*
368
368
*/
369
369
370
-
static int v9fs_vfs_mkdir_dotl(struct inode *dir,
371
-
struct dentry *dentry, umode_t omode)
370
+
static int v9fs_vfs_mkdir_dotl(struct user_namespace *mnt_userns,
371
+
struct inode *dir, struct dentry *dentry,
372
+
umode_t omode)
372
373
{
373
374
int err;
374
375
struct v9fs_session_info *v9ses;
···
458
457
}
459
458
460
459
static int
461
-
v9fs_vfs_getattr_dotl(const struct path *path, struct kstat *stat,
462
-
u32 request_mask, unsigned int flags)
460
+
v9fs_vfs_getattr_dotl(struct user_namespace *mnt_userns,
461
+
const struct path *path, struct kstat *stat,
462
+
u32 request_mask, unsigned int flags)
463
463
{
464
464
struct dentry *dentry = path->dentry;
465
465
struct v9fs_session_info *v9ses;
···
470
468
p9_debug(P9_DEBUG_VFS, "dentry: %p\n", dentry);
471
469
v9ses = v9fs_dentry2v9ses(dentry);
472
470
if (v9ses->cache == CACHE_LOOSE || v9ses->cache == CACHE_FSCACHE) {
473
-
generic_fillattr(d_inode(dentry), stat);
471
+
generic_fillattr(&init_user_ns, d_inode(dentry), stat);
474
472
return 0;
475
473
}
476
474
fid = v9fs_fid_lookup(dentry);
···
487
485
return PTR_ERR(st);
488
486
489
487
v9fs_stat2inode_dotl(st, d_inode(dentry), 0);
490
-
generic_fillattr(d_inode(dentry), stat);
488
+
generic_fillattr(&init_user_ns, d_inode(dentry), stat);
491
489
/* Change block size to what the server returned */
492
490
stat->blksize = st->st_blksize;
493
491
···
542
540
*
543
541
*/
544
542
545
-
int v9fs_vfs_setattr_dotl(struct dentry *dentry, struct iattr *iattr)
543
+
int v9fs_vfs_setattr_dotl(struct user_namespace *mnt_userns,
544
+
struct dentry *dentry, struct iattr *iattr)
546
545
{
547
546
int retval, use_dentry = 0;
548
547
struct p9_fid *fid = NULL;
···
552
549
553
550
p9_debug(P9_DEBUG_VFS, "\n");
554
551
555
-
retval = setattr_prepare(dentry, iattr);
552
+
retval = setattr_prepare(&init_user_ns, dentry, iattr);
556
553
if (retval)
557
554
return retval;
558
555
···
593
590
truncate_setsize(inode, iattr->ia_size);
594
591
595
592
v9fs_invalidate_inode_attr(inode);
596
-
setattr_copy(inode, iattr);
593
+
setattr_copy(&init_user_ns, inode, iattr);
597
594
mark_inode_dirty(inode);
598
595
if (iattr->ia_valid & ATTR_MODE) {
599
596
/* We also want to update ACL when we update mode bits */
···
687
684
}
688
685
689
686
static int
690
-
v9fs_vfs_symlink_dotl(struct inode *dir, struct dentry *dentry,
691
-
const char *symname)
687
+
v9fs_vfs_symlink_dotl(struct user_namespace *mnt_userns, struct inode *dir,
688
+
struct dentry *dentry, const char *symname)
692
689
{
693
690
int err;
694
691
kgid_t gid;
···
827
824
*
828
825
*/
829
826
static int
830
-
v9fs_vfs_mknod_dotl(struct inode *dir, struct dentry *dentry, umode_t omode,
831
-
dev_t rdev)
827
+
v9fs_vfs_mknod_dotl(struct user_namespace *mnt_userns, struct inode *dir,
828
+
struct dentry *dentry, umode_t omode, dev_t rdev)
832
829
{
833
830
int err;
834
831
kgid_t gid;
+1
fs/9p/xattr.c
+1
fs/9p/xattr.c
+2
-1
fs/adfs/adfs.h
+2
-1
fs/adfs/adfs.h
···
144
144
/* Inode stuff */
145
145
struct inode *adfs_iget(struct super_block *sb, struct object_info *obj);
146
146
int adfs_write_inode(struct inode *inode, struct writeback_control *wbc);
147
-
int adfs_notify_change(struct dentry *dentry, struct iattr *attr);
147
+
int adfs_notify_change(struct user_namespace *mnt_userns, struct dentry *dentry,
148
+
struct iattr *attr);
148
149
149
150
/* map.c */
150
151
int adfs_map_lookup(struct super_block *sb, u32 frag_id, unsigned int offset);
+3
-2
fs/adfs/inode.c
+3
-2
fs/adfs/inode.c
···
292
292
* later.
293
293
*/
294
294
int
295
-
adfs_notify_change(struct dentry *dentry, struct iattr *attr)
295
+
adfs_notify_change(struct user_namespace *mnt_userns, struct dentry *dentry,
296
+
struct iattr *attr)
296
297
{
297
298
struct inode *inode = d_inode(dentry);
298
299
struct super_block *sb = inode->i_sb;
299
300
unsigned int ia_valid = attr->ia_valid;
300
301
int error;
301
302
302
-
error = setattr_prepare(dentry, attr);
303
+
error = setattr_prepare(&init_user_ns, dentry, attr);
303
304
304
305
/*
305
306
* we can't change the UID or GID of any file -
+15
-9
fs/affs/affs.h
+15
-9
fs/affs/affs.h
···
167
167
extern int affs_hash_name(struct super_block *sb, const u8 *name, unsigned int len);
168
168
extern struct dentry *affs_lookup(struct inode *dir, struct dentry *dentry, unsigned int);
169
169
extern int affs_unlink(struct inode *dir, struct dentry *dentry);
170
-
extern int affs_create(struct inode *dir, struct dentry *dentry, umode_t mode, bool);
171
-
extern int affs_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode);
170
+
extern int affs_create(struct user_namespace *mnt_userns, struct inode *dir,
171
+
struct dentry *dentry, umode_t mode, bool);
172
+
extern int affs_mkdir(struct user_namespace *mnt_userns, struct inode *dir,
173
+
struct dentry *dentry, umode_t mode);
172
174
extern int affs_rmdir(struct inode *dir, struct dentry *dentry);
173
175
extern int affs_link(struct dentry *olddentry, struct inode *dir,
174
176
struct dentry *dentry);
175
-
extern int affs_symlink(struct inode *dir, struct dentry *dentry,
176
-
const char *symname);
177
-
extern int affs_rename2(struct inode *old_dir, struct dentry *old_dentry,
178
-
struct inode *new_dir, struct dentry *new_dentry,
179
-
unsigned int flags);
177
+
extern int affs_symlink(struct user_namespace *mnt_userns,
178
+
struct inode *dir, struct dentry *dentry,
179
+
const char *symname);
180
+
extern int affs_rename2(struct user_namespace *mnt_userns,
181
+
struct inode *old_dir, struct dentry *old_dentry,
182
+
struct inode *new_dir, struct dentry *new_dentry,
183
+
unsigned int flags);
180
184
181
185
/* inode.c */
182
186
183
187
extern struct inode *affs_new_inode(struct inode *dir);
184
-
extern int affs_notify_change(struct dentry *dentry, struct iattr *attr);
188
+
extern int affs_notify_change(struct user_namespace *mnt_userns,
189
+
struct dentry *dentry, struct iattr *attr);
185
190
extern void affs_evict_inode(struct inode *inode);
186
191
extern struct inode *affs_iget(struct super_block *sb,
187
192
unsigned long ino);
188
193
extern int affs_write_inode(struct inode *inode,
189
194
struct writeback_control *wbc);
190
-
extern int affs_add_entry(struct inode *dir, struct inode *inode, struct dentry *dentry, s32 type);
195
+
extern int affs_add_entry(struct inode *dir, struct inode *inode,
196
+
struct dentry *dentry, s32 type);
191
197
192
198
/* file.c */
193
199
+4
-3
fs/affs/inode.c
+4
-3
fs/affs/inode.c
···
216
216
}
217
217
218
218
int
219
-
affs_notify_change(struct dentry *dentry, struct iattr *attr)
219
+
affs_notify_change(struct user_namespace *mnt_userns, struct dentry *dentry,
220
+
struct iattr *attr)
220
221
{
221
222
struct inode *inode = d_inode(dentry);
222
223
int error;
223
224
224
225
pr_debug("notify_change(%lu,0x%x)\n", inode->i_ino, attr->ia_valid);
225
226
226
-
error = setattr_prepare(dentry, attr);
227
+
error = setattr_prepare(&init_user_ns, dentry, attr);
227
228
if (error)
228
229
goto out;
229
230
···
250
249
affs_truncate(inode);
251
250
}
252
251
253
-
setattr_copy(inode, attr);
252
+
setattr_copy(&init_user_ns, inode, attr);
254
253
mark_inode_dirty(inode);
255
254
256
255
if (attr->ia_valid & ATTR_MODE)
+9
-6
fs/affs/namei.c
+9
-6
fs/affs/namei.c
···
242
242
}
243
243
244
244
int
245
-
affs_create(struct inode *dir, struct dentry *dentry, umode_t mode, bool excl)
245
+
affs_create(struct user_namespace *mnt_userns, struct inode *dir,
246
+
struct dentry *dentry, umode_t mode, bool excl)
246
247
{
247
248
struct super_block *sb = dir->i_sb;
248
249
struct inode *inode;
···
274
273
}
275
274
276
275
int
277
-
affs_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
276
+
affs_mkdir(struct user_namespace *mnt_userns, struct inode *dir,
277
+
struct dentry *dentry, umode_t mode)
278
278
{
279
279
struct inode *inode;
280
280
int error;
···
313
311
}
314
312
315
313
int
316
-
affs_symlink(struct inode *dir, struct dentry *dentry, const char *symname)
314
+
affs_symlink(struct user_namespace *mnt_userns, struct inode *dir,
315
+
struct dentry *dentry, const char *symname)
317
316
{
318
317
struct super_block *sb = dir->i_sb;
319
318
struct buffer_head *bh;
···
503
500
return retval;
504
501
}
505
502
506
-
int affs_rename2(struct inode *old_dir, struct dentry *old_dentry,
507
-
struct inode *new_dir, struct dentry *new_dentry,
508
-
unsigned int flags)
503
+
int affs_rename2(struct user_namespace *mnt_userns, struct inode *old_dir,
504
+
struct dentry *old_dentry, struct inode *new_dir,
505
+
struct dentry *new_dentry, unsigned int flags)
509
506
{
510
507
511
508
if (flags & ~(RENAME_NOREPLACE | RENAME_EXCHANGE))
+18
-16
fs/afs/dir.c
+18
-16
fs/afs/dir.c
···
28
28
loff_t fpos, u64 ino, unsigned dtype);
29
29
static int afs_lookup_filldir(struct dir_context *ctx, const char *name, int nlen,
30
30
loff_t fpos, u64 ino, unsigned dtype);
31
-
static int afs_create(struct inode *dir, struct dentry *dentry, umode_t mode,
32
-
bool excl);
33
-
static int afs_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode);
31
+
static int afs_create(struct user_namespace *mnt_userns, struct inode *dir,
32
+
struct dentry *dentry, umode_t mode, bool excl);
33
+
static int afs_mkdir(struct user_namespace *mnt_userns, struct inode *dir,
34
+
struct dentry *dentry, umode_t mode);
34
35
static int afs_rmdir(struct inode *dir, struct dentry *dentry);
35
36
static int afs_unlink(struct inode *dir, struct dentry *dentry);
36
37
static int afs_link(struct dentry *from, struct inode *dir,
37
38
struct dentry *dentry);
38
-
static int afs_symlink(struct inode *dir, struct dentry *dentry,
39
-
const char *content);
40
-
static int afs_rename(struct inode *old_dir, struct dentry *old_dentry,
41
-
struct inode *new_dir, struct dentry *new_dentry,
42
-
unsigned int flags);
39
+
static int afs_symlink(struct user_namespace *mnt_userns, struct inode *dir,
40
+
struct dentry *dentry, const char *content);
41
+
static int afs_rename(struct user_namespace *mnt_userns, struct inode *old_dir,
42
+
struct dentry *old_dentry, struct inode *new_dir,
43
+
struct dentry *new_dentry, unsigned int flags);
43
44
static int afs_dir_releasepage(struct page *page, gfp_t gfp_flags);
44
45
static void afs_dir_invalidatepage(struct page *page, unsigned int offset,
45
46
unsigned int length);
···
1326
1325
/*
1327
1326
* create a directory on an AFS filesystem
1328
1327
*/
1329
-
static int afs_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
1328
+
static int afs_mkdir(struct user_namespace *mnt_userns, struct inode *dir,
1329
+
struct dentry *dentry, umode_t mode)
1330
1330
{
1331
1331
struct afs_operation *op;
1332
1332
struct afs_vnode *dvnode = AFS_FS_I(dir);
···
1621
1619
/*
1622
1620
* create a regular file on an AFS filesystem
1623
1621
*/
1624
-
static int afs_create(struct inode *dir, struct dentry *dentry, umode_t mode,
1625
-
bool excl)
1622
+
static int afs_create(struct user_namespace *mnt_userns, struct inode *dir,
1623
+
struct dentry *dentry, umode_t mode, bool excl)
1626
1624
{
1627
1625
struct afs_operation *op;
1628
1626
struct afs_vnode *dvnode = AFS_FS_I(dir);
···
1743
1741
/*
1744
1742
* create a symlink in an AFS filesystem
1745
1743
*/
1746
-
static int afs_symlink(struct inode *dir, struct dentry *dentry,
1747
-
const char *content)
1744
+
static int afs_symlink(struct user_namespace *mnt_userns, struct inode *dir,
1745
+
struct dentry *dentry, const char *content)
1748
1746
{
1749
1747
struct afs_operation *op;
1750
1748
struct afs_vnode *dvnode = AFS_FS_I(dir);
···
1878
1876
/*
1879
1877
* rename a file in an AFS filesystem and/or move it between directories
1880
1878
*/
1881
-
static int afs_rename(struct inode *old_dir, struct dentry *old_dentry,
1882
-
struct inode *new_dir, struct dentry *new_dentry,
1883
-
unsigned int flags)
1879
+
static int afs_rename(struct user_namespace *mnt_userns, struct inode *old_dir,
1880
+
struct dentry *old_dentry, struct inode *new_dir,
1881
+
struct dentry *new_dentry, unsigned int flags)
1884
1882
{
1885
1883
struct afs_operation *op;
1886
1884
struct afs_vnode *orig_dvnode, *new_dvnode, *vnode;
+5
-4
fs/afs/inode.c
+5
-4
fs/afs/inode.c
···
734
734
/*
735
735
* read the attributes of an inode
736
736
*/
737
-
int afs_getattr(const struct path *path, struct kstat *stat,
738
-
u32 request_mask, unsigned int query_flags)
737
+
int afs_getattr(struct user_namespace *mnt_userns, const struct path *path,
738
+
struct kstat *stat, u32 request_mask, unsigned int query_flags)
739
739
{
740
740
struct inode *inode = d_inode(path->dentry);
741
741
struct afs_vnode *vnode = AFS_FS_I(inode);
···
745
745
746
746
do {
747
747
read_seqbegin_or_lock(&vnode->cb_lock, &seq);
748
-
generic_fillattr(inode, stat);
748
+
generic_fillattr(&init_user_ns, inode, stat);
749
749
if (test_bit(AFS_VNODE_SILLY_DELETED, &vnode->flags) &&
750
750
stat->nlink > 0)
751
751
stat->nlink -= 1;
···
857
857
/*
858
858
* set the attributes of an inode
859
859
*/
860
-
int afs_setattr(struct dentry *dentry, struct iattr *attr)
860
+
int afs_setattr(struct user_namespace *mnt_userns, struct dentry *dentry,
861
+
struct iattr *attr)
861
862
{
862
863
struct afs_operation *op;
863
864
struct afs_vnode *vnode = AFS_FS_I(d_inode(dentry));
+4
-3
fs/afs/internal.h
+4
-3
fs/afs/internal.h
···
1149
1149
extern struct inode *afs_root_iget(struct super_block *, struct key *);
1150
1150
extern bool afs_check_validity(struct afs_vnode *);
1151
1151
extern int afs_validate(struct afs_vnode *, struct key *);
1152
-
extern int afs_getattr(const struct path *, struct kstat *, u32, unsigned int);
1153
-
extern int afs_setattr(struct dentry *, struct iattr *);
1152
+
extern int afs_getattr(struct user_namespace *mnt_userns, const struct path *,
1153
+
struct kstat *, u32, unsigned int);
1154
+
extern int afs_setattr(struct user_namespace *mnt_userns, struct dentry *, struct iattr *);
1154
1155
extern void afs_evict_inode(struct inode *);
1155
1156
extern int afs_drop_inode(struct inode *);
1156
1157
···
1362
1361
extern struct key *afs_request_key(struct afs_cell *);
1363
1362
extern struct key *afs_request_key_rcu(struct afs_cell *);
1364
1363
extern int afs_check_permit(struct afs_vnode *, struct key *, afs_access_t *);
1365
-
extern int afs_permission(struct inode *, int);
1364
+
extern int afs_permission(struct user_namespace *, struct inode *, int);
1366
1365
extern void __exit afs_clean_up_permit_cache(void);
1367
1366
1368
1367
/*
+2
-1
fs/afs/security.c
+2
-1
fs/afs/security.c
···
396
396
* - AFS ACLs are attached to directories only, and a file is controlled by its
397
397
* parent directory's ACL
398
398
*/
399
-
int afs_permission(struct inode *inode, int mask)
399
+
int afs_permission(struct user_namespace *mnt_userns, struct inode *inode,
400
+
int mask)
400
401
{
401
402
struct afs_vnode *vnode = AFS_FS_I(inode);
402
403
afs_access_t access;
+2
fs/afs/xattr.c
+2
fs/afs/xattr.c
···
120
120
* Set a file's AFS3 ACL.
121
121
*/
122
122
static int afs_xattr_set_acl(const struct xattr_handler *handler,
123
+
struct user_namespace *mnt_userns,
123
124
struct dentry *dentry,
124
125
struct inode *inode, const char *name,
125
126
const void *buffer, size_t size, int flags)
···
249
248
* Set a file's YFS ACL.
250
249
*/
251
250
static int afs_xattr_set_yfs(const struct xattr_handler *handler,
251
+
struct user_namespace *mnt_userns,
252
252
struct dentry *dentry,
253
253
struct inode *inode, const char *name,
254
254
const void *buffer, size_t size, int flags)
+94
-32
fs/attr.c
+94
-32
fs/attr.c
···
18
18
#include <linux/evm.h>
19
19
#include <linux/ima.h>
20
20
21
-
static bool chown_ok(const struct inode *inode, kuid_t uid)
21
+
/**
22
+
* chown_ok - verify permissions to chown inode
23
+
* @mnt_userns: user namespace of the mount @inode was found from
24
+
* @inode: inode to check permissions on
25
+
* @uid: uid to chown @inode to
26
+
*
27
+
* If the inode has been found through an idmapped mount the user namespace of
28
+
* the vfsmount must be passed through @mnt_userns. This function will then
29
+
* take care to map the inode according to @mnt_userns before checking
30
+
* permissions. On non-idmapped mounts or if permission checking is to be
31
+
* performed on the raw inode simply passs init_user_ns.
32
+
*/
33
+
static bool chown_ok(struct user_namespace *mnt_userns,
34
+
const struct inode *inode,
35
+
kuid_t uid)
22
36
{
23
-
if (uid_eq(current_fsuid(), inode->i_uid) &&
24
-
uid_eq(uid, inode->i_uid))
37
+
kuid_t kuid = i_uid_into_mnt(mnt_userns, inode);
38
+
if (uid_eq(current_fsuid(), kuid) && uid_eq(uid, kuid))
25
39
return true;
26
-
if (capable_wrt_inode_uidgid(inode, CAP_CHOWN))
40
+
if (capable_wrt_inode_uidgid(mnt_userns, inode, CAP_CHOWN))
27
41
return true;
28
-
if (uid_eq(inode->i_uid, INVALID_UID) &&
42
+
if (uid_eq(kuid, INVALID_UID) &&
29
43
ns_capable(inode->i_sb->s_user_ns, CAP_CHOWN))
30
44
return true;
31
45
return false;
32
46
}
33
47
34
-
static bool chgrp_ok(const struct inode *inode, kgid_t gid)
48
+
/**
49
+
* chgrp_ok - verify permissions to chgrp inode
50
+
* @mnt_userns: user namespace of the mount @inode was found from
51
+
* @inode: inode to check permissions on
52
+
* @gid: gid to chown @inode to
53
+
*
54
+
* If the inode has been found through an idmapped mount the user namespace of
55
+
* the vfsmount must be passed through @mnt_userns. This function will then
56
+
* take care to map the inode according to @mnt_userns before checking
57
+
* permissions. On non-idmapped mounts or if permission checking is to be
58
+
* performed on the raw inode simply passs init_user_ns.
59
+
*/
60
+
static bool chgrp_ok(struct user_namespace *mnt_userns,
61
+
const struct inode *inode, kgid_t gid)
35
62
{
36
-
if (uid_eq(current_fsuid(), inode->i_uid) &&
37
-
(in_group_p(gid) || gid_eq(gid, inode->i_gid)))
63
+
kgid_t kgid = i_gid_into_mnt(mnt_userns, inode);
64
+
if (uid_eq(current_fsuid(), i_uid_into_mnt(mnt_userns, inode)) &&
65
+
(in_group_p(gid) || gid_eq(gid, kgid)))
38
66
return true;
39
-
if (capable_wrt_inode_uidgid(inode, CAP_CHOWN))
67
+
if (capable_wrt_inode_uidgid(mnt_userns, inode, CAP_CHOWN))
40
68
return true;
41
-
if (gid_eq(inode->i_gid, INVALID_GID) &&
69
+
if (gid_eq(kgid, INVALID_GID) &&
42
70
ns_capable(inode->i_sb->s_user_ns, CAP_CHOWN))
43
71
return true;
44
72
return false;
···
74
46
75
47
/**
76
48
* setattr_prepare - check if attribute changes to a dentry are allowed
49
+
* @mnt_userns: user namespace of the mount the inode was found from
77
50
* @dentry: dentry to check
78
51
* @attr: attributes to change
79
52
*
···
84
55
* SGID bit from mode if user is not allowed to set it. Also file capabilities
85
56
* and IMA extended attributes are cleared if ATTR_KILL_PRIV is set.
86
57
*
58
+
* If the inode has been found through an idmapped mount the user namespace of
59
+
* the vfsmount must be passed through @mnt_userns. This function will then
60
+
* take care to map the inode according to @mnt_userns before checking
61
+
* permissions. On non-idmapped mounts or if permission checking is to be
62
+
* performed on the raw inode simply passs init_user_ns.
63
+
*
87
64
* Should be called as the first thing in ->setattr implementations,
88
65
* possibly after taking additional locks.
89
66
*/
90
-
int setattr_prepare(struct dentry *dentry, struct iattr *attr)
67
+
int setattr_prepare(struct user_namespace *mnt_userns, struct dentry *dentry,
68
+
struct iattr *attr)
91
69
{
92
70
struct inode *inode = d_inode(dentry);
93
71
unsigned int ia_valid = attr->ia_valid;
···
114
78
goto kill_priv;
115
79
116
80
/* Make sure a caller can chown. */
117
-
if ((ia_valid & ATTR_UID) && !chown_ok(inode, attr->ia_uid))
81
+
if ((ia_valid & ATTR_UID) && !chown_ok(mnt_userns, inode, attr->ia_uid))
118
82
return -EPERM;
119
83
120
84
/* Make sure caller can chgrp. */
121
-
if ((ia_valid & ATTR_GID) && !chgrp_ok(inode, attr->ia_gid))
85
+
if ((ia_valid & ATTR_GID) && !chgrp_ok(mnt_userns, inode, attr->ia_gid))
122
86
return -EPERM;
123
87
124
88
/* Make sure a caller can chmod. */
125
89
if (ia_valid & ATTR_MODE) {
126
-
if (!inode_owner_or_capable(inode))
90
+
if (!inode_owner_or_capable(mnt_userns, inode))
127
91
return -EPERM;
128
92
/* Also check the setgid bit! */
129
-
if (!in_group_p((ia_valid & ATTR_GID) ? attr->ia_gid :
130
-
inode->i_gid) &&
131
-
!capable_wrt_inode_uidgid(inode, CAP_FSETID))
93
+
if (!in_group_p((ia_valid & ATTR_GID) ? attr->ia_gid :
94
+
i_gid_into_mnt(mnt_userns, inode)) &&
95
+
!capable_wrt_inode_uidgid(mnt_userns, inode, CAP_FSETID))
132
96
attr->ia_mode &= ~S_ISGID;
133
97
}
134
98
135
99
/* Check for setting the inode time. */
136
100
if (ia_valid & (ATTR_MTIME_SET | ATTR_ATIME_SET | ATTR_TIMES_SET)) {
137
-
if (!inode_owner_or_capable(inode))
101
+
if (!inode_owner_or_capable(mnt_userns, inode))
138
102
return -EPERM;
139
103
}
140
104
···
143
107
if (ia_valid & ATTR_KILL_PRIV) {
144
108
int error;
145
109
146
-
error = security_inode_killpriv(dentry);
110
+
error = security_inode_killpriv(mnt_userns, dentry);
147
111
if (error)
148
112
return error;
149
113
}
···
198
162
199
163
/**
200
164
* setattr_copy - copy simple metadata updates into the generic inode
165
+
* @mnt_userns: user namespace of the mount the inode was found from
201
166
* @inode: the inode to be updated
202
167
* @attr: the new attributes
203
168
*
204
169
* setattr_copy must be called with i_mutex held.
205
170
*
206
171
* setattr_copy updates the inode's metadata with that specified
207
-
* in attr. Noticeably missing is inode size update, which is more complex
172
+
* in attr on idmapped mounts. If file ownership is changed setattr_copy
173
+
* doesn't map ia_uid and ia_gid. It will asssume the caller has already
174
+
* provided the intended values. Necessary permission checks to determine
175
+
* whether or not the S_ISGID property needs to be removed are performed with
176
+
* the correct idmapped mount permission helpers.
177
+
* Noticeably missing is inode size update, which is more complex
208
178
* as it requires pagecache updates.
179
+
*
180
+
* If the inode has been found through an idmapped mount the user namespace of
181
+
* the vfsmount must be passed through @mnt_userns. This function will then
182
+
* take care to map the inode according to @mnt_userns before checking
183
+
* permissions. On non-idmapped mounts or if permission checking is to be
184
+
* performed on the raw inode simply passs init_user_ns.
209
185
*
210
186
* The inode is not marked as dirty after this operation. The rationale is
211
187
* that for "simple" filesystems, the struct inode is the inode storage.
212
188
* The caller is free to mark the inode dirty afterwards if needed.
213
189
*/
214
-
void setattr_copy(struct inode *inode, const struct iattr *attr)
190
+
void setattr_copy(struct user_namespace *mnt_userns, struct inode *inode,
191
+
const struct iattr *attr)
215
192
{
216
193
unsigned int ia_valid = attr->ia_valid;
217
194
···
240
191
inode->i_ctime = attr->ia_ctime;
241
192
if (ia_valid & ATTR_MODE) {
242
193
umode_t mode = attr->ia_mode;
243
-
244
-
if (!in_group_p(inode->i_gid) &&
245
-
!capable_wrt_inode_uidgid(inode, CAP_FSETID))
194
+
kgid_t kgid = i_gid_into_mnt(mnt_userns, inode);
195
+
if (!in_group_p(kgid) &&
196
+
!capable_wrt_inode_uidgid(mnt_userns, inode, CAP_FSETID))
246
197
mode &= ~S_ISGID;
247
198
inode->i_mode = mode;
248
199
}
···
251
202
252
203
/**
253
204
* notify_change - modify attributes of a filesytem object
205
+
* @mnt_userns: user namespace of the mount the inode was found from
254
206
* @dentry: object affected
255
207
* @attr: new attributes
256
208
* @delegated_inode: returns inode, if the inode is delegated
···
264
214
* retry. Because breaking a delegation may take a long time, the
265
215
* caller should drop the i_mutex before doing so.
266
216
*
217
+
* If file ownership is changed notify_change() doesn't map ia_uid and
218
+
* ia_gid. It will asssume the caller has already provided the intended values.
219
+
*
267
220
* Alternatively, a caller may pass NULL for delegated_inode. This may
268
221
* be appropriate for callers that expect the underlying filesystem not
269
222
* to be NFS exported. Also, passing NULL is fine for callers holding
270
223
* the file open for write, as there can be no conflicting delegation in
271
224
* that case.
225
+
*
226
+
* If the inode has been found through an idmapped mount the user namespace of
227
+
* the vfsmount must be passed through @mnt_userns. This function will then
228
+
* take care to map the inode according to @mnt_userns before checking
229
+
* permissions. On non-idmapped mounts or if permission checking is to be
230
+
* performed on the raw inode simply passs init_user_ns.
272
231
*/
273
-
int notify_change(struct dentry * dentry, struct iattr * attr, struct inode **delegated_inode)
232
+
int notify_change(struct user_namespace *mnt_userns, struct dentry *dentry,
233
+
struct iattr *attr, struct inode **delegated_inode)
274
234
{
275
235
struct inode *inode = dentry->d_inode;
276
236
umode_t mode = inode->i_mode;
···
303
243
if (IS_IMMUTABLE(inode))
304
244
return -EPERM;
305
245
306
-
if (!inode_owner_or_capable(inode)) {
307
-
error = inode_permission(inode, MAY_WRITE);
246
+
if (!inode_owner_or_capable(mnt_userns, inode)) {
247
+
error = inode_permission(mnt_userns, inode, MAY_WRITE);
308
248
if (error)
309
249
return error;
310
250
}
···
380
320
/* Don't allow modifications of files with invalid uids or
381
321
* gids unless those uids & gids are being made valid.
382
322
*/
383
-
if (!(ia_valid & ATTR_UID) && !uid_valid(inode->i_uid))
323
+
if (!(ia_valid & ATTR_UID) &&
324
+
!uid_valid(i_uid_into_mnt(mnt_userns, inode)))
384
325
return -EOVERFLOW;
385
-
if (!(ia_valid & ATTR_GID) && !gid_valid(inode->i_gid))
326
+
if (!(ia_valid & ATTR_GID) &&
327
+
!gid_valid(i_gid_into_mnt(mnt_userns, inode)))
386
328
return -EOVERFLOW;
387
329
388
330
error = security_inode_setattr(dentry, attr);
···
395
333
return error;
396
334
397
335
if (inode->i_op->setattr)
398
-
error = inode->i_op->setattr(dentry, attr);
336
+
error = inode->i_op->setattr(mnt_userns, dentry, attr);
399
337
else
400
-
error = simple_setattr(dentry, attr);
338
+
error = simple_setattr(mnt_userns, dentry, attr);
401
339
402
340
if (!error) {
403
341
fsnotify_change(dentry, ia_valid);
404
-
ima_inode_post_setattr(dentry);
342
+
ima_inode_post_setattr(mnt_userns, dentry);
405
343
evm_inode_post_setattr(dentry, ia_valid);
406
344
}
407
345
+10
-7
fs/autofs/root.c
+10
-7
fs/autofs/root.c
···
10
10
11
11
#include "autofs_i.h"
12
12
13
-
static int autofs_dir_symlink(struct inode *, struct dentry *, const char *);
13
+
static int autofs_dir_symlink(struct user_namespace *, struct inode *,
14
+
struct dentry *, const char *);
14
15
static int autofs_dir_unlink(struct inode *, struct dentry *);
15
16
static int autofs_dir_rmdir(struct inode *, struct dentry *);
16
-
static int autofs_dir_mkdir(struct inode *, struct dentry *, umode_t);
17
+
static int autofs_dir_mkdir(struct user_namespace *, struct inode *,
18
+
struct dentry *, umode_t);
17
19
static long autofs_root_ioctl(struct file *, unsigned int, unsigned long);
18
20
#ifdef CONFIG_COMPAT
19
21
static long autofs_root_compat_ioctl(struct file *,
···
526
524
return NULL;
527
525
}
528
526
529
-
static int autofs_dir_symlink(struct inode *dir,
530
-
struct dentry *dentry,
531
-
const char *symname)
527
+
static int autofs_dir_symlink(struct user_namespace *mnt_userns,
528
+
struct inode *dir, struct dentry *dentry,
529
+
const char *symname)
532
530
{
533
531
struct autofs_sb_info *sbi = autofs_sbi(dir->i_sb);
534
532
struct autofs_info *ino = autofs_dentry_ino(dentry);
···
717
715
return 0;
718
716
}
719
717
720
-
static int autofs_dir_mkdir(struct inode *dir,
721
-
struct dentry *dentry, umode_t mode)
718
+
static int autofs_dir_mkdir(struct user_namespace *mnt_userns,
719
+
struct inode *dir, struct dentry *dentry,
720
+
umode_t mode)
722
721
{
723
722
struct autofs_sb_info *sbi = autofs_sbi(dir->i_sb);
724
723
struct autofs_info *ino = autofs_dentry_ino(dentry);
+22
-14
fs/bad_inode.c
+22
-14
fs/bad_inode.c
···
27
27
.open = bad_file_open,
28
28
};
29
29
30
-
static int bad_inode_create (struct inode *dir, struct dentry *dentry,
31
-
umode_t mode, bool excl)
30
+
static int bad_inode_create(struct user_namespace *mnt_userns,
31
+
struct inode *dir, struct dentry *dentry,
32
+
umode_t mode, bool excl)
32
33
{
33
34
return -EIO;
34
35
}
···
51
50
return -EIO;
52
51
}
53
52
54
-
static int bad_inode_symlink (struct inode *dir, struct dentry *dentry,
55
-
const char *symname)
53
+
static int bad_inode_symlink(struct user_namespace *mnt_userns,
54
+
struct inode *dir, struct dentry *dentry,
55
+
const char *symname)
56
56
{
57
57
return -EIO;
58
58
}
59
59
60
-
static int bad_inode_mkdir(struct inode *dir, struct dentry *dentry,
61
-
umode_t mode)
60
+
static int bad_inode_mkdir(struct user_namespace *mnt_userns, struct inode *dir,
61
+
struct dentry *dentry, umode_t mode)
62
62
{
63
63
return -EIO;
64
64
}
···
69
67
return -EIO;
70
68
}
71
69
72
-
static int bad_inode_mknod (struct inode *dir, struct dentry *dentry,
73
-
umode_t mode, dev_t rdev)
70
+
static int bad_inode_mknod(struct user_namespace *mnt_userns, struct inode *dir,
71
+
struct dentry *dentry, umode_t mode, dev_t rdev)
74
72
{
75
73
return -EIO;
76
74
}
77
75
78
-
static int bad_inode_rename2(struct inode *old_dir, struct dentry *old_dentry,
76
+
static int bad_inode_rename2(struct user_namespace *mnt_userns,
77
+
struct inode *old_dir, struct dentry *old_dentry,
79
78
struct inode *new_dir, struct dentry *new_dentry,
80
79
unsigned int flags)
81
80
{
···
89
86
return -EIO;
90
87
}
91
88
92
-
static int bad_inode_permission(struct inode *inode, int mask)
89
+
static int bad_inode_permission(struct user_namespace *mnt_userns,
90
+
struct inode *inode, int mask)
93
91
{
94
92
return -EIO;
95
93
}
96
94
97
-
static int bad_inode_getattr(const struct path *path, struct kstat *stat,
95
+
static int bad_inode_getattr(struct user_namespace *mnt_userns,
96
+
const struct path *path, struct kstat *stat,
98
97
u32 request_mask, unsigned int query_flags)
99
98
{
100
99
return -EIO;
101
100
}
102
101
103
-
static int bad_inode_setattr(struct dentry *direntry, struct iattr *attrs)
102
+
static int bad_inode_setattr(struct user_namespace *mnt_userns,
103
+
struct dentry *direntry, struct iattr *attrs)
104
104
{
105
105
return -EIO;
106
106
}
···
146
140
return -EIO;
147
141
}
148
142
149
-
static int bad_inode_tmpfile(struct inode *inode, struct dentry *dentry,
143
+
static int bad_inode_tmpfile(struct user_namespace *mnt_userns,
144
+
struct inode *inode, struct dentry *dentry,
150
145
umode_t mode)
151
146
{
152
147
return -EIO;
153
148
}
154
149
155
-
static int bad_inode_set_acl(struct inode *inode, struct posix_acl *acl,
150
+
static int bad_inode_set_acl(struct user_namespace *mnt_userns,
151
+
struct inode *inode, struct posix_acl *acl,
156
152
int type)
157
153
{
158
154
return -EIO;
+6
-6
fs/bfs/dir.c
+6
-6
fs/bfs/dir.c
···
75
75
.llseek = generic_file_llseek,
76
76
};
77
77
78
-
static int bfs_create(struct inode *dir, struct dentry *dentry, umode_t mode,
79
-
bool excl)
78
+
static int bfs_create(struct user_namespace *mnt_userns, struct inode *dir,
79
+
struct dentry *dentry, umode_t mode, bool excl)
80
80
{
81
81
int err;
82
82
struct inode *inode;
···
96
96
}
97
97
set_bit(ino, info->si_imap);
98
98
info->si_freei--;
99
-
inode_init_owner(inode, dir, mode);
99
+
inode_init_owner(&init_user_ns, inode, dir, mode);
100
100
inode->i_mtime = inode->i_atime = inode->i_ctime = current_time(inode);
101
101
inode->i_blocks = 0;
102
102
inode->i_op = &bfs_file_inops;
···
199
199
return error;
200
200
}
201
201
202
-
static int bfs_rename(struct inode *old_dir, struct dentry *old_dentry,
203
-
struct inode *new_dir, struct dentry *new_dentry,
204
-
unsigned int flags)
202
+
static int bfs_rename(struct user_namespace *mnt_userns, struct inode *old_dir,
203
+
struct dentry *old_dentry, struct inode *new_dir,
204
+
struct dentry *new_dentry, unsigned int flags)
205
205
{
206
206
struct inode *old_inode, *new_inode;
207
207
struct buffer_head *old_bh, *new_bh;
+4
-2
fs/btrfs/acl.c
+4
-2
fs/btrfs/acl.c
···
107
107
return ret;
108
108
}
109
109
110
-
int btrfs_set_acl(struct inode *inode, struct posix_acl *acl, int type)
110
+
int btrfs_set_acl(struct user_namespace *mnt_userns, struct inode *inode,
111
+
struct posix_acl *acl, int type)
111
112
{
112
113
int ret;
113
114
umode_t old_mode = inode->i_mode;
114
115
115
116
if (type == ACL_TYPE_ACCESS && acl) {
116
-
ret = posix_acl_update_mode(inode, &inode->i_mode, &acl);
117
+
ret = posix_acl_update_mode(&init_user_ns, inode,
118
+
&inode->i_mode, &acl);
117
119
if (ret)
118
120
return ret;
119
121
}
+2
-1
fs/btrfs/ctree.h
+2
-1
fs/btrfs/ctree.h
···
3635
3635
/* acl.c */
3636
3636
#ifdef CONFIG_BTRFS_FS_POSIX_ACL
3637
3637
struct posix_acl *btrfs_get_acl(struct inode *inode, int type);
3638
-
int btrfs_set_acl(struct inode *inode, struct posix_acl *acl, int type);
3638
+
int btrfs_set_acl(struct user_namespace *mnt_userns, struct inode *inode,
3639
+
struct posix_acl *acl, int type);
3639
3640
int btrfs_init_acl(struct btrfs_trans_handle *trans,
3640
3641
struct inode *inode, struct inode *dir);
3641
3642
#else
+26
-20
fs/btrfs/inode.c
+26
-20
fs/btrfs/inode.c
···
5212
5212
return ret;
5213
5213
}
5214
5214
5215
-
static int btrfs_setattr(struct dentry *dentry, struct iattr *attr)
5215
+
static int btrfs_setattr(struct user_namespace *mnt_userns, struct dentry *dentry,
5216
+
struct iattr *attr)
5216
5217
{
5217
5218
struct inode *inode = d_inode(dentry);
5218
5219
struct btrfs_root *root = BTRFS_I(inode)->root;
···
5222
5221
if (btrfs_root_readonly(root))
5223
5222
return -EROFS;
5224
5223
5225
-
err = setattr_prepare(dentry, attr);
5224
+
err = setattr_prepare(&init_user_ns, dentry, attr);
5226
5225
if (err)
5227
5226
return err;
5228
5227
···
5233
5232
}
5234
5233
5235
5234
if (attr->ia_valid) {
5236
-
setattr_copy(inode, attr);
5235
+
setattr_copy(&init_user_ns, inode, attr);
5237
5236
inode_inc_iversion(inode);
5238
5237
err = btrfs_dirty_inode(inode);
5239
5238
5240
5239
if (!err && attr->ia_valid & ATTR_MODE)
5241
-
err = posix_acl_chmod(inode, inode->i_mode);
5240
+
err = posix_acl_chmod(&init_user_ns, inode,
5241
+
inode->i_mode);
5242
5242
}
5243
5243
5244
5244
return err;
···
6359
6357
if (ret != 0)
6360
6358
goto fail_unlock;
6361
6359
6362
-
inode_init_owner(inode, dir, mode);
6360
+
inode_init_owner(&init_user_ns, inode, dir, mode);
6363
6361
inode_set_bytes(inode, 0);
6364
6362
6365
6363
inode->i_mtime = current_time(inode);
···
6520
6518
return err;
6521
6519
}
6522
6520
6523
-
static int btrfs_mknod(struct inode *dir, struct dentry *dentry,
6524
-
umode_t mode, dev_t rdev)
6521
+
static int btrfs_mknod(struct user_namespace *mnt_userns, struct inode *dir,
6522
+
struct dentry *dentry, umode_t mode, dev_t rdev)
6525
6523
{
6526
6524
struct btrfs_fs_info *fs_info = btrfs_sb(dir->i_sb);
6527
6525
struct btrfs_trans_handle *trans;
···
6584
6582
return err;
6585
6583
}
6586
6584
6587
-
static int btrfs_create(struct inode *dir, struct dentry *dentry,
6588
-
umode_t mode, bool excl)
6585
+
static int btrfs_create(struct user_namespace *mnt_userns, struct inode *dir,
6586
+
struct dentry *dentry, umode_t mode, bool excl)
6589
6587
{
6590
6588
struct btrfs_fs_info *fs_info = btrfs_sb(dir->i_sb);
6591
6589
struct btrfs_trans_handle *trans;
···
6729
6727
return err;
6730
6728
}
6731
6729
6732
-
static int btrfs_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
6730
+
static int btrfs_mkdir(struct user_namespace *mnt_userns, struct inode *dir,
6731
+
struct dentry *dentry, umode_t mode)
6733
6732
{
6734
6733
struct btrfs_fs_info *fs_info = btrfs_sb(dir->i_sb);
6735
6734
struct inode *inode = NULL;
···
9020
9017
return -ENOMEM;
9021
9018
}
9022
9019
9023
-
static int btrfs_getattr(const struct path *path, struct kstat *stat,
9020
+
static int btrfs_getattr(struct user_namespace *mnt_userns,
9021
+
const struct path *path, struct kstat *stat,
9024
9022
u32 request_mask, unsigned int flags)
9025
9023
{
9026
9024
u64 delalloc_bytes;
···
9047
9043
STATX_ATTR_IMMUTABLE |
9048
9044
STATX_ATTR_NODUMP);
9049
9045
9050
-
generic_fillattr(inode, stat);
9046
+
generic_fillattr(&init_user_ns, inode, stat);
9051
9047
stat->dev = BTRFS_I(inode)->root->anon_dev;
9052
9048
9053
9049
spin_lock(&BTRFS_I(inode)->lock);
···
9538
9534
return ret;
9539
9535
}
9540
9536
9541
-
static int btrfs_rename2(struct inode *old_dir, struct dentry *old_dentry,
9542
-
struct inode *new_dir, struct dentry *new_dentry,
9543
-
unsigned int flags)
9537
+
static int btrfs_rename2(struct user_namespace *mnt_userns, struct inode *old_dir,
9538
+
struct dentry *old_dentry, struct inode *new_dir,
9539
+
struct dentry *new_dentry, unsigned int flags)
9544
9540
{
9545
9541
if (flags & ~(RENAME_NOREPLACE | RENAME_EXCHANGE | RENAME_WHITEOUT))
9546
9542
return -EINVAL;
···
9748
9744
return ret;
9749
9745
}
9750
9746
9751
-
static int btrfs_symlink(struct inode *dir, struct dentry *dentry,
9752
-
const char *symname)
9747
+
static int btrfs_symlink(struct user_namespace *mnt_userns, struct inode *dir,
9748
+
struct dentry *dentry, const char *symname)
9753
9749
{
9754
9750
struct btrfs_fs_info *fs_info = btrfs_sb(dir->i_sb);
9755
9751
struct btrfs_trans_handle *trans;
···
10083
10079
return __set_page_dirty_nobuffers(page);
10084
10080
}
10085
10081
10086
-
static int btrfs_permission(struct inode *inode, int mask)
10082
+
static int btrfs_permission(struct user_namespace *mnt_userns,
10083
+
struct inode *inode, int mask)
10087
10084
{
10088
10085
struct btrfs_root *root = BTRFS_I(inode)->root;
10089
10086
umode_t mode = inode->i_mode;
···
10096
10091
if (BTRFS_I(inode)->flags & BTRFS_INODE_READONLY)
10097
10092
return -EACCES;
10098
10093
}
10099
-
return generic_permission(inode, mask);
10094
+
return generic_permission(&init_user_ns, inode, mask);
10100
10095
}
10101
10096
10102
-
static int btrfs_tmpfile(struct inode *dir, struct dentry *dentry, umode_t mode)
10097
+
static int btrfs_tmpfile(struct user_namespace *mnt_userns, struct inode *dir,
10098
+
struct dentry *dentry, umode_t mode)
10103
10099
{
10104
10100
struct btrfs_fs_info *fs_info = btrfs_sb(dir->i_sb);
10105
10101
struct btrfs_trans_handle *trans;
+15
-12
fs/btrfs/ioctl.c
+15
-12
fs/btrfs/ioctl.c
···
213
213
const char *comp = NULL;
214
214
u32 binode_flags;
215
215
216
-
if (!inode_owner_or_capable(inode))
216
+
if (!inode_owner_or_capable(&init_user_ns, inode))
217
217
return -EPERM;
218
218
219
219
if (btrfs_root_readonly(root))
···
429
429
unsigned old_i_flags;
430
430
int ret = 0;
431
431
432
-
if (!inode_owner_or_capable(inode))
432
+
if (!inode_owner_or_capable(&init_user_ns, inode))
433
433
return -EPERM;
434
434
435
435
if (btrfs_root_readonly(root))
···
925
925
BUG_ON(d_inode(victim->d_parent) != dir);
926
926
audit_inode_child(dir, victim, AUDIT_TYPE_CHILD_DELETE);
927
927
928
-
error = inode_permission(dir, MAY_WRITE | MAY_EXEC);
928
+
error = inode_permission(&init_user_ns, dir, MAY_WRITE | MAY_EXEC);
929
929
if (error)
930
930
return error;
931
931
if (IS_APPEND(dir))
932
932
return -EPERM;
933
-
if (check_sticky(dir, d_inode(victim)) || IS_APPEND(d_inode(victim)) ||
934
-
IS_IMMUTABLE(d_inode(victim)) || IS_SWAPFILE(d_inode(victim)))
933
+
if (check_sticky(&init_user_ns, dir, d_inode(victim)) ||
934
+
IS_APPEND(d_inode(victim)) || IS_IMMUTABLE(d_inode(victim)) ||
935
+
IS_SWAPFILE(d_inode(victim)))
935
936
return -EPERM;
936
937
if (isdir) {
937
938
if (!d_is_dir(victim))
···
955
954
return -EEXIST;
956
955
if (IS_DEADDIR(dir))
957
956
return -ENOENT;
958
-
return inode_permission(dir, MAY_WRITE | MAY_EXEC);
957
+
return inode_permission(&init_user_ns, dir, MAY_WRITE | MAY_EXEC);
959
958
}
960
959
961
960
/*
···
1872
1871
btrfs_info(BTRFS_I(file_inode(file))->root->fs_info,
1873
1872
"Snapshot src from another FS");
1874
1873
ret = -EXDEV;
1875
-
} else if (!inode_owner_or_capable(src_inode)) {
1874
+
} else if (!inode_owner_or_capable(&init_user_ns, src_inode)) {
1876
1875
/*
1877
1876
* Subvolume creation is not restricted, but snapshots
1878
1877
* are limited to own subvolumes only
···
1992
1991
u64 flags;
1993
1992
int ret = 0;
1994
1993
1995
-
if (!inode_owner_or_capable(inode))
1994
+
if (!inode_owner_or_capable(&init_user_ns, inode))
1996
1995
return -EPERM;
1997
1996
1998
1997
ret = mnt_want_write_file(file);
···
2548
2547
ret = PTR_ERR(temp_inode);
2549
2548
goto out_put;
2550
2549
}
2551
-
ret = inode_permission(temp_inode, MAY_READ | MAY_EXEC);
2550
+
ret = inode_permission(&init_user_ns, temp_inode,
2551
+
MAY_READ | MAY_EXEC);
2552
2552
iput(temp_inode);
2553
2553
if (ret) {
2554
2554
ret = -EACCES;
···
3079
3077
if (root == dest)
3080
3078
goto out_dput;
3081
3079
3082
-
err = inode_permission(inode, MAY_WRITE | MAY_EXEC);
3080
+
err = inode_permission(&init_user_ns, inode,
3081
+
MAY_WRITE | MAY_EXEC);
3083
3082
if (err)
3084
3083
goto out_dput;
3085
3084
}
···
3151
3148
* running and allows defrag on files open in read-only mode.
3152
3149
*/
3153
3150
if (!capable(CAP_SYS_ADMIN) &&
3154
-
inode_permission(inode, MAY_WRITE)) {
3151
+
inode_permission(&init_user_ns, inode, MAY_WRITE)) {
3155
3152
ret = -EPERM;
3156
3153
goto out;
3157
3154
}
···
4463
4460
int ret = 0;
4464
4461
int received_uuid_changed;
4465
4462
4466
-
if (!inode_owner_or_capable(inode))
4463
+
if (!inode_owner_or_capable(&init_user_ns, inode))
4467
4464
return -EPERM;
4468
4465
4469
4466
ret = mnt_want_write_file(file);
+1
-1
fs/btrfs/tests/btrfs-tests.c
+1
-1
fs/btrfs/tests/btrfs-tests.c
···
62
62
BTRFS_I(inode)->location.type = BTRFS_INODE_ITEM_KEY;
63
63
BTRFS_I(inode)->location.objectid = BTRFS_FIRST_FREE_OBJECTID;
64
64
BTRFS_I(inode)->location.offset = 0;
65
-
inode_init_owner(inode, NULL, S_IFREG);
65
+
inode_init_owner(&init_user_ns, inode, NULL, S_IFREG);
66
66
67
67
return inode;
68
68
}
+2
fs/btrfs/xattr.c
+2
fs/btrfs/xattr.c
···
362
362
}
363
363
364
364
static int btrfs_xattr_handler_set(const struct xattr_handler *handler,
365
+
struct user_namespace *mnt_userns,
365
366
struct dentry *unused, struct inode *inode,
366
367
const char *name, const void *buffer,
367
368
size_t size, int flags)
···
372
371
}
373
372
374
373
static int btrfs_xattr_handler_set_prop(const struct xattr_handler *handler,
374
+
struct user_namespace *mnt_userns,
375
375
struct dentry *unused, struct inode *inode,
376
376
const char *name, const void *value,
377
377
size_t size, int flags)
+2
-2
fs/cachefiles/interface.c
+2
-2
fs/cachefiles/interface.c
···
470
470
_debug("discard tail %llx", oi_size);
471
471
newattrs.ia_valid = ATTR_SIZE;
472
472
newattrs.ia_size = oi_size & PAGE_MASK;
473
-
ret = notify_change(object->backer, &newattrs, NULL);
473
+
ret = notify_change(&init_user_ns, object->backer, &newattrs, NULL);
474
474
if (ret < 0)
475
475
goto truncate_failed;
476
476
}
477
477
478
478
newattrs.ia_valid = ATTR_SIZE;
479
479
newattrs.ia_size = ni_size;
480
-
ret = notify_change(object->backer, &newattrs, NULL);
480
+
ret = notify_change(&init_user_ns, object->backer, &newattrs, NULL);
481
481
482
482
truncate_failed:
483
483
inode_unlock(d_inode(object->backer));
+15
-6
fs/cachefiles/namei.c
+15
-6
fs/cachefiles/namei.c
···
311
311
cachefiles_io_error(cache, "Unlink security error");
312
312
} else {
313
313
trace_cachefiles_unlink(object, rep, why);
314
-
ret = vfs_unlink(d_inode(dir), rep, NULL);
314
+
ret = vfs_unlink(&init_user_ns, d_inode(dir), rep,
315
+
NULL);
315
316
316
317
if (preemptive)
317
318
cachefiles_mark_object_buried(cache, rep, why);
···
413
412
if (ret < 0) {
414
413
cachefiles_io_error(cache, "Rename security error %d", ret);
415
414
} else {
415
+
struct renamedata rd = {
416
+
.old_mnt_userns = &init_user_ns,
417
+
.old_dir = d_inode(dir),
418
+
.old_dentry = rep,
419
+
.new_mnt_userns = &init_user_ns,
420
+
.new_dir = d_inode(cache->graveyard),
421
+
.new_dentry = grave,
422
+
};
416
423
trace_cachefiles_rename(object, rep, grave, why);
417
-
ret = vfs_rename(d_inode(dir), rep,
418
-
d_inode(cache->graveyard), grave, NULL, 0);
424
+
ret = vfs_rename(&rd);
419
425
if (ret != 0 && ret != -ENOMEM)
420
426
cachefiles_io_error(cache,
421
427
"Rename failed with error %d", ret);
···
569
561
if (ret < 0)
570
562
goto create_error;
571
563
start = jiffies;
572
-
ret = vfs_mkdir(d_inode(dir), next, 0);
564
+
ret = vfs_mkdir(&init_user_ns, d_inode(dir), next, 0);
573
565
cachefiles_hist(cachefiles_mkdir_histogram, start);
574
566
if (!key)
575
567
trace_cachefiles_mkdir(object, next, ret);
···
605
597
if (ret < 0)
606
598
goto create_error;
607
599
start = jiffies;
608
-
ret = vfs_create(d_inode(dir), next, S_IFREG, true);
600
+
ret = vfs_create(&init_user_ns, d_inode(dir), next,
601
+
S_IFREG, true);
609
602
cachefiles_hist(cachefiles_create_histogram, start);
610
603
trace_cachefiles_create(object, next, ret);
611
604
if (ret < 0)
···
800
791
ret = security_path_mkdir(&path, subdir, 0700);
801
792
if (ret < 0)
802
793
goto mkdir_error;
803
-
ret = vfs_mkdir(d_inode(dir), subdir, 0700);
794
+
ret = vfs_mkdir(&init_user_ns, d_inode(dir), subdir, 0700);
804
795
if (ret < 0)
805
796
goto mkdir_error;
806
797
+14
-15
fs/cachefiles/xattr.c
+14
-15
fs/cachefiles/xattr.c
···
39
39
_enter("%p{%s}", object, type);
40
40
41
41
/* attempt to install a type label directly */
42
-
ret = vfs_setxattr(dentry, cachefiles_xattr_cache, type, 2,
43
-
XATTR_CREATE);
42
+
ret = vfs_setxattr(&init_user_ns, dentry, cachefiles_xattr_cache, type,
43
+
2, XATTR_CREATE);
44
44
if (ret == 0) {
45
45
_debug("SET"); /* we succeeded */
46
46
goto error;
···
54
54
}
55
55
56
56
/* read the current type label */
57
-
ret = vfs_getxattr(dentry, cachefiles_xattr_cache, xtype, 3);
57
+
ret = vfs_getxattr(&init_user_ns, dentry, cachefiles_xattr_cache, xtype,
58
+
3);
58
59
if (ret < 0) {
59
60
if (ret == -ERANGE)
60
61
goto bad_type_length;
···
111
110
_debug("SET #%u", auxdata->len);
112
111
113
112
clear_bit(FSCACHE_COOKIE_AUX_UPDATED, &object->fscache.cookie->flags);
114
-
ret = vfs_setxattr(dentry, cachefiles_xattr_cache,
115
-
&auxdata->type, auxdata->len,
116
-
XATTR_CREATE);
113
+
ret = vfs_setxattr(&init_user_ns, dentry, cachefiles_xattr_cache,
114
+
&auxdata->type, auxdata->len, XATTR_CREATE);
117
115
if (ret < 0 && ret != -ENOMEM)
118
116
cachefiles_io_error_obj(
119
117
object,
···
140
140
_debug("SET #%u", auxdata->len);
141
141
142
142
clear_bit(FSCACHE_COOKIE_AUX_UPDATED, &object->fscache.cookie->flags);
143
-
ret = vfs_setxattr(dentry, cachefiles_xattr_cache,
144
-
&auxdata->type, auxdata->len,
145
-
XATTR_REPLACE);
143
+
ret = vfs_setxattr(&init_user_ns, dentry, cachefiles_xattr_cache,
144
+
&auxdata->type, auxdata->len, XATTR_REPLACE);
146
145
if (ret < 0 && ret != -ENOMEM)
147
146
cachefiles_io_error_obj(
148
147
object,
···
170
171
if (!auxbuf)
171
172
return -ENOMEM;
172
173
173
-
xlen = vfs_getxattr(dentry, cachefiles_xattr_cache,
174
+
xlen = vfs_getxattr(&init_user_ns, dentry, cachefiles_xattr_cache,
174
175
&auxbuf->type, 512 + 1);
175
176
ret = -ESTALE;
176
177
if (xlen < 1 ||
···
212
213
}
213
214
214
215
/* read the current type label */
215
-
ret = vfs_getxattr(dentry, cachefiles_xattr_cache,
216
+
ret = vfs_getxattr(&init_user_ns, dentry, cachefiles_xattr_cache,
216
217
&auxbuf->type, 512 + 1);
217
218
if (ret < 0) {
218
219
if (ret == -ENODATA)
···
269
270
}
270
271
271
272
/* update the current label */
272
-
ret = vfs_setxattr(dentry, cachefiles_xattr_cache,
273
-
&auxdata->type, auxdata->len,
274
-
XATTR_REPLACE);
273
+
ret = vfs_setxattr(&init_user_ns, dentry,
274
+
cachefiles_xattr_cache, &auxdata->type,
275
+
auxdata->len, XATTR_REPLACE);
275
276
if (ret < 0) {
276
277
cachefiles_io_error_obj(object,
277
278
"Can't update xattr on %lu"
···
308
309
{
309
310
int ret;
310
311
311
-
ret = vfs_removexattr(dentry, cachefiles_xattr_cache);
312
+
ret = vfs_removexattr(&init_user_ns, dentry, cachefiles_xattr_cache);
312
313
if (ret < 0) {
313
314
if (ret == -ENOENT || ret == -ENODATA)
314
315
ret = 0;
+4
-2
fs/ceph/acl.c
+4
-2
fs/ceph/acl.c
···
82
82
return acl;
83
83
}
84
84
85
-
int ceph_set_acl(struct inode *inode, struct posix_acl *acl, int type)
85
+
int ceph_set_acl(struct user_namespace *mnt_userns, struct inode *inode,
86
+
struct posix_acl *acl, int type)
86
87
{
87
88
int ret = 0, size = 0;
88
89
const char *name = NULL;
···
101
100
case ACL_TYPE_ACCESS:
102
101
name = XATTR_NAME_POSIX_ACL_ACCESS;
103
102
if (acl) {
104
-
ret = posix_acl_update_mode(inode, &new_mode, &acl);
103
+
ret = posix_acl_update_mode(&init_user_ns, inode,
104
+
&new_mode, &acl);
105
105
if (ret)
106
106
goto out;
107
107
}
+12
-11
fs/ceph/dir.c
+12
-11
fs/ceph/dir.c
···
823
823
return PTR_ERR(result);
824
824
}
825
825
826
-
static int ceph_mknod(struct inode *dir, struct dentry *dentry,
827
-
umode_t mode, dev_t rdev)
826
+
static int ceph_mknod(struct user_namespace *mnt_userns, struct inode *dir,
827
+
struct dentry *dentry, umode_t mode, dev_t rdev)
828
828
{
829
829
struct ceph_mds_client *mdsc = ceph_sb_to_mdsc(dir->i_sb);
830
830
struct ceph_mds_request *req;
···
878
878
return err;
879
879
}
880
880
881
-
static int ceph_create(struct inode *dir, struct dentry *dentry, umode_t mode,
882
-
bool excl)
881
+
static int ceph_create(struct user_namespace *mnt_userns, struct inode *dir,
882
+
struct dentry *dentry, umode_t mode, bool excl)
883
883
{
884
-
return ceph_mknod(dir, dentry, mode, 0);
884
+
return ceph_mknod(mnt_userns, dir, dentry, mode, 0);
885
885
}
886
886
887
-
static int ceph_symlink(struct inode *dir, struct dentry *dentry,
888
-
const char *dest)
887
+
static int ceph_symlink(struct user_namespace *mnt_userns, struct inode *dir,
888
+
struct dentry *dentry, const char *dest)
889
889
{
890
890
struct ceph_mds_client *mdsc = ceph_sb_to_mdsc(dir->i_sb);
891
891
struct ceph_mds_request *req;
···
937
937
return err;
938
938
}
939
939
940
-
static int ceph_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
940
+
static int ceph_mkdir(struct user_namespace *mnt_userns, struct inode *dir,
941
+
struct dentry *dentry, umode_t mode)
941
942
{
942
943
struct ceph_mds_client *mdsc = ceph_sb_to_mdsc(dir->i_sb);
943
944
struct ceph_mds_request *req;
···
1184
1183
return err;
1185
1184
}
1186
1185
1187
-
static int ceph_rename(struct inode *old_dir, struct dentry *old_dentry,
1188
-
struct inode *new_dir, struct dentry *new_dentry,
1189
-
unsigned int flags)
1186
+
static int ceph_rename(struct user_namespace *mnt_userns, struct inode *old_dir,
1187
+
struct dentry *old_dentry, struct inode *new_dir,
1188
+
struct dentry *new_dentry, unsigned int flags)
1190
1189
{
1191
1190
struct ceph_mds_client *mdsc = ceph_sb_to_mdsc(old_dir->i_sb);
1192
1191
struct ceph_mds_request *req;
+10
-8
fs/ceph/inode.c
+10
-8
fs/ceph/inode.c
···
2201
2201
/*
2202
2202
* setattr
2203
2203
*/
2204
-
int ceph_setattr(struct dentry *dentry, struct iattr *attr)
2204
+
int ceph_setattr(struct user_namespace *mnt_userns, struct dentry *dentry,
2205
+
struct iattr *attr)
2205
2206
{
2206
2207
struct inode *inode = d_inode(dentry);
2207
2208
struct ceph_fs_client *fsc = ceph_inode_to_client(inode);
···
2211
2210
if (ceph_snap(inode) != CEPH_NOSNAP)
2212
2211
return -EROFS;
2213
2212
2214
-
err = setattr_prepare(dentry, attr);
2213
+
err = setattr_prepare(&init_user_ns, dentry, attr);
2215
2214
if (err != 0)
2216
2215
return err;
2217
2216
···
2226
2225
err = __ceph_setattr(inode, attr);
2227
2226
2228
2227
if (err >= 0 && (attr->ia_valid & ATTR_MODE))
2229
-
err = posix_acl_chmod(inode, attr->ia_mode);
2228
+
err = posix_acl_chmod(&init_user_ns, inode, attr->ia_mode);
2230
2229
2231
2230
return err;
2232
2231
}
···
2285
2284
* Check inode permissions. We verify we have a valid value for
2286
2285
* the AUTH cap, then call the generic handler.
2287
2286
*/
2288
-
int ceph_permission(struct inode *inode, int mask)
2287
+
int ceph_permission(struct user_namespace *mnt_userns, struct inode *inode,
2288
+
int mask)
2289
2289
{
2290
2290
int err;
2291
2291
···
2296
2294
err = ceph_do_getattr(inode, CEPH_CAP_AUTH_SHARED, false);
2297
2295
2298
2296
if (!err)
2299
-
err = generic_permission(inode, mask);
2297
+
err = generic_permission(&init_user_ns, inode, mask);
2300
2298
return err;
2301
2299
}
2302
2300
···
2333
2331
* Get all the attributes. If we have sufficient caps for the requested attrs,
2334
2332
* then we can avoid talking to the MDS at all.
2335
2333
*/
2336
-
int ceph_getattr(const struct path *path, struct kstat *stat,
2337
-
u32 request_mask, unsigned int flags)
2334
+
int ceph_getattr(struct user_namespace *mnt_userns, const struct path *path,
2335
+
struct kstat *stat, u32 request_mask, unsigned int flags)
2338
2336
{
2339
2337
struct inode *inode = d_inode(path->dentry);
2340
2338
struct ceph_inode_info *ci = ceph_inode(inode);
···
2350
2348
return err;
2351
2349
}
2352
2350
2353
-
generic_fillattr(inode, stat);
2351
+
generic_fillattr(&init_user_ns, inode, stat);
2354
2352
stat->ino = ceph_present_inode(inode);
2355
2353
2356
2354
/*
+8
-4
fs/ceph/super.h
+8
-4
fs/ceph/super.h
···
1000
1000
{
1001
1001
return __ceph_do_getattr(inode, NULL, mask, force);
1002
1002
}
1003
-
extern int ceph_permission(struct inode *inode, int mask);
1003
+
extern int ceph_permission(struct user_namespace *mnt_userns,
1004
+
struct inode *inode, int mask);
1004
1005
extern int __ceph_setattr(struct inode *inode, struct iattr *attr);
1005
-
extern int ceph_setattr(struct dentry *dentry, struct iattr *attr);
1006
-
extern int ceph_getattr(const struct path *path, struct kstat *stat,
1006
+
extern int ceph_setattr(struct user_namespace *mnt_userns,
1007
+
struct dentry *dentry, struct iattr *attr);
1008
+
extern int ceph_getattr(struct user_namespace *mnt_userns,
1009
+
const struct path *path, struct kstat *stat,
1007
1010
u32 request_mask, unsigned int flags);
1008
1011
1009
1012
/* xattr.c */
···
1067
1064
#ifdef CONFIG_CEPH_FS_POSIX_ACL
1068
1065
1069
1066
struct posix_acl *ceph_get_acl(struct inode *, int);
1070
-
int ceph_set_acl(struct inode *inode, struct posix_acl *acl, int type);
1067
+
int ceph_set_acl(struct user_namespace *mnt_userns,
1068
+
struct inode *inode, struct posix_acl *acl, int type);
1071
1069
int ceph_pre_init_acls(struct inode *dir, umode_t *mode,
1072
1070
struct ceph_acl_sec_ctx *as_ctx);
1073
1071
void ceph_init_inode_acls(struct inode *inode,
+1
fs/ceph/xattr.c
+1
fs/ceph/xattr.c
+3
-2
fs/cifs/cifsfs.c
+3
-2
fs/cifs/cifsfs.c
···
305
305
return -EOPNOTSUPP;
306
306
}
307
307
308
-
static int cifs_permission(struct inode *inode, int mask)
308
+
static int cifs_permission(struct user_namespace *mnt_userns,
309
+
struct inode *inode, int mask)
309
310
{
310
311
struct cifs_sb_info *cifs_sb;
311
312
···
321
320
on the client (above and beyond ACL on servers) for
322
321
servers which do not support setting and viewing mode bits,
323
322
so allowing client to check permissions is useful */
324
-
return generic_permission(inode, mask);
323
+
return generic_permission(&init_user_ns, inode, mask);
325
324
}
326
325
327
326
static struct kmem_cache *cifs_inode_cachep;
+15
-10
fs/cifs/cifsfs.h
+15
-10
fs/cifs/cifsfs.h
···
62
62
/* Functions related to inodes */
63
63
extern const struct inode_operations cifs_dir_inode_ops;
64
64
extern struct inode *cifs_root_iget(struct super_block *);
65
-
extern int cifs_create(struct inode *, struct dentry *, umode_t,
66
-
bool excl);
65
+
extern int cifs_create(struct user_namespace *, struct inode *,
66
+
struct dentry *, umode_t, bool excl);
67
67
extern int cifs_atomic_open(struct inode *, struct dentry *,
68
68
struct file *, unsigned, umode_t);
69
69
extern struct dentry *cifs_lookup(struct inode *, struct dentry *,
70
70
unsigned int);
71
71
extern int cifs_unlink(struct inode *dir, struct dentry *dentry);
72
72
extern int cifs_hardlink(struct dentry *, struct inode *, struct dentry *);
73
-
extern int cifs_mknod(struct inode *, struct dentry *, umode_t, dev_t);
74
-
extern int cifs_mkdir(struct inode *, struct dentry *, umode_t);
73
+
extern int cifs_mknod(struct user_namespace *, struct inode *, struct dentry *,
74
+
umode_t, dev_t);
75
+
extern int cifs_mkdir(struct user_namespace *, struct inode *, struct dentry *,
76
+
umode_t);
75
77
extern int cifs_rmdir(struct inode *, struct dentry *);
76
-
extern int cifs_rename2(struct inode *, struct dentry *, struct inode *,
77
-
struct dentry *, unsigned int);
78
+
extern int cifs_rename2(struct user_namespace *, struct inode *,
79
+
struct dentry *, struct inode *, struct dentry *,
80
+
unsigned int);
78
81
extern int cifs_revalidate_file_attr(struct file *filp);
79
82
extern int cifs_revalidate_dentry_attr(struct dentry *);
80
83
extern int cifs_revalidate_file(struct file *filp);
···
85
82
extern int cifs_invalidate_mapping(struct inode *inode);
86
83
extern int cifs_revalidate_mapping(struct inode *inode);
87
84
extern int cifs_zap_mapping(struct inode *inode);
88
-
extern int cifs_getattr(const struct path *, struct kstat *, u32, unsigned int);
89
-
extern int cifs_setattr(struct dentry *, struct iattr *);
85
+
extern int cifs_getattr(struct user_namespace *, const struct path *,
86
+
struct kstat *, u32, unsigned int);
87
+
extern int cifs_setattr(struct user_namespace *, struct dentry *,
88
+
struct iattr *);
90
89
extern int cifs_fiemap(struct inode *, struct fiemap_extent_info *, u64 start,
91
90
u64 len);
92
91
···
137
132
/* Functions related to symlinks */
138
133
extern const char *cifs_get_link(struct dentry *, struct inode *,
139
134
struct delayed_call *);
140
-
extern int cifs_symlink(struct inode *inode, struct dentry *direntry,
141
-
const char *symname);
135
+
extern int cifs_symlink(struct user_namespace *mnt_userns, struct inode *inode,
136
+
struct dentry *direntry, const char *symname);
142
137
143
138
#ifdef CONFIG_CIFS_XATTR
144
139
extern const struct xattr_handler *cifs_xattr_handlers[];
+4
-4
fs/cifs/dir.c
+4
-4
fs/cifs/dir.c
···
567
567
return rc;
568
568
}
569
569
570
-
int cifs_create(struct inode *inode, struct dentry *direntry, umode_t mode,
571
-
bool excl)
570
+
int cifs_create(struct user_namespace *mnt_userns, struct inode *inode,
571
+
struct dentry *direntry, umode_t mode, bool excl)
572
572
{
573
573
int rc;
574
574
unsigned int xid = get_xid();
···
611
611
return rc;
612
612
}
613
613
614
-
int cifs_mknod(struct inode *inode, struct dentry *direntry, umode_t mode,
615
-
dev_t device_number)
614
+
int cifs_mknod(struct user_namespace *mnt_userns, struct inode *inode,
615
+
struct dentry *direntry, umode_t mode, dev_t device_number)
616
616
{
617
617
int rc = -EPERM;
618
618
unsigned int xid;
+14
-12
fs/cifs/inode.c
+14
-12
fs/cifs/inode.c
···
1857
1857
goto posix_mkdir_out;
1858
1858
}
1859
1859
1860
-
int cifs_mkdir(struct inode *inode, struct dentry *direntry, umode_t mode)
1860
+
int cifs_mkdir(struct user_namespace *mnt_userns, struct inode *inode,
1861
+
struct dentry *direntry, umode_t mode)
1861
1862
{
1862
1863
int rc = 0;
1863
1864
unsigned int xid;
···
2068
2067
}
2069
2068
2070
2069
int
2071
-
cifs_rename2(struct inode *source_dir, struct dentry *source_dentry,
2072
-
struct inode *target_dir, struct dentry *target_dentry,
2073
-
unsigned int flags)
2070
+
cifs_rename2(struct user_namespace *mnt_userns, struct inode *source_dir,
2071
+
struct dentry *source_dentry, struct inode *target_dir,
2072
+
struct dentry *target_dentry, unsigned int flags)
2074
2073
{
2075
2074
char *from_name = NULL;
2076
2075
char *to_name = NULL;
···
2371
2370
return cifs_revalidate_mapping(inode);
2372
2371
}
2373
2372
2374
-
int cifs_getattr(const struct path *path, struct kstat *stat,
2375
-
u32 request_mask, unsigned int flags)
2373
+
int cifs_getattr(struct user_namespace *mnt_userns, const struct path *path,
2374
+
struct kstat *stat, u32 request_mask, unsigned int flags)
2376
2375
{
2377
2376
struct dentry *dentry = path->dentry;
2378
2377
struct cifs_sb_info *cifs_sb = CIFS_SB(dentry->d_sb);
···
2409
2408
return rc;
2410
2409
}
2411
2410
2412
-
generic_fillattr(inode, stat);
2411
+
generic_fillattr(&init_user_ns, inode, stat);
2413
2412
stat->blksize = cifs_sb->ctx->bsize;
2414
2413
stat->ino = CIFS_I(inode)->uniqueid;
2415
2414
···
2611
2610
if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_NO_PERM)
2612
2611
attrs->ia_valid |= ATTR_FORCE;
2613
2612
2614
-
rc = setattr_prepare(direntry, attrs);
2613
+
rc = setattr_prepare(&init_user_ns, direntry, attrs);
2615
2614
if (rc < 0)
2616
2615
goto out;
2617
2616
···
2716
2715
attrs->ia_size != i_size_read(inode))
2717
2716
truncate_setsize(inode, attrs->ia_size);
2718
2717
2719
-
setattr_copy(inode, attrs);
2718
+
setattr_copy(&init_user_ns, inode, attrs);
2720
2719
mark_inode_dirty(inode);
2721
2720
2722
2721
/* force revalidate when any of these times are set since some
···
2758
2757
if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_NO_PERM)
2759
2758
attrs->ia_valid |= ATTR_FORCE;
2760
2759
2761
-
rc = setattr_prepare(direntry, attrs);
2760
+
rc = setattr_prepare(&init_user_ns, direntry, attrs);
2762
2761
if (rc < 0) {
2763
2762
free_xid(xid);
2764
2763
return rc;
···
2914
2913
attrs->ia_size != i_size_read(inode))
2915
2914
truncate_setsize(inode, attrs->ia_size);
2916
2915
2917
-
setattr_copy(inode, attrs);
2916
+
setattr_copy(&init_user_ns, inode, attrs);
2918
2917
mark_inode_dirty(inode);
2919
2918
2920
2919
cifs_setattr_exit:
···
2924
2923
}
2925
2924
2926
2925
int
2927
-
cifs_setattr(struct dentry *direntry, struct iattr *attrs)
2926
+
cifs_setattr(struct user_namespace *mnt_userns, struct dentry *direntry,
2927
+
struct iattr *attrs)
2928
2928
{
2929
2929
struct cifs_sb_info *cifs_sb = CIFS_SB(direntry->d_sb);
2930
2930
struct cifs_tcon *pTcon = cifs_sb_master_tcon(cifs_sb);
+2
-1
fs/cifs/link.c
+2
-1
fs/cifs/link.c
···
661
661
}
662
662
663
663
int
664
-
cifs_symlink(struct inode *inode, struct dentry *direntry, const char *symname)
664
+
cifs_symlink(struct user_namespace *mnt_userns, struct inode *inode,
665
+
struct dentry *direntry, const char *symname)
665
666
{
666
667
int rc = -EOPNOTSUPP;
667
668
unsigned int xid;
+1
fs/cifs/xattr.c
+1
fs/cifs/xattr.c
+5
-3
fs/coda/coda_linux.h
+5
-3
fs/coda/coda_linux.h
···
46
46
/* operations shared over more than one file */
47
47
int coda_open(struct inode *i, struct file *f);
48
48
int coda_release(struct inode *i, struct file *f);
49
-
int coda_permission(struct inode *inode, int mask);
49
+
int coda_permission(struct user_namespace *mnt_userns, struct inode *inode,
50
+
int mask);
50
51
int coda_revalidate_inode(struct inode *);
51
-
int coda_getattr(const struct path *, struct kstat *, u32, unsigned int);
52
-
int coda_setattr(struct dentry *, struct iattr *);
52
+
int coda_getattr(struct user_namespace *, const struct path *, struct kstat *,
53
+
u32, unsigned int);
54
+
int coda_setattr(struct user_namespace *, struct dentry *, struct iattr *);
53
55
54
56
/* this file: heloers */
55
57
char *coda_f2s(struct CodaFid *f);
+11
-7
fs/coda/dir.c
+11
-7
fs/coda/dir.c
···
73
73
}
74
74
75
75
76
-
int coda_permission(struct inode *inode, int mask)
76
+
int coda_permission(struct user_namespace *mnt_userns, struct inode *inode,
77
+
int mask)
77
78
{
78
79
int error;
79
80
···
133
132
}
134
133
135
134
/* creation routines: create, mknod, mkdir, link, symlink */
136
-
static int coda_create(struct inode *dir, struct dentry *de, umode_t mode, bool excl)
135
+
static int coda_create(struct user_namespace *mnt_userns, struct inode *dir,
136
+
struct dentry *de, umode_t mode, bool excl)
137
137
{
138
138
int error;
139
139
const char *name=de->d_name.name;
···
166
164
return error;
167
165
}
168
166
169
-
static int coda_mkdir(struct inode *dir, struct dentry *de, umode_t mode)
167
+
static int coda_mkdir(struct user_namespace *mnt_userns, struct inode *dir,
168
+
struct dentry *de, umode_t mode)
170
169
{
171
170
struct inode *inode;
172
171
struct coda_vattr attrs;
···
228
225
}
229
226
230
227
231
-
static int coda_symlink(struct inode *dir_inode, struct dentry *de,
228
+
static int coda_symlink(struct user_namespace *mnt_userns,
229
+
struct inode *dir_inode, struct dentry *de,
232
230
const char *symname)
233
231
{
234
232
const char *name = de->d_name.name;
···
295
291
}
296
292
297
293
/* rename */
298
-
static int coda_rename(struct inode *old_dir, struct dentry *old_dentry,
299
-
struct inode *new_dir, struct dentry *new_dentry,
300
-
unsigned int flags)
294
+
static int coda_rename(struct user_namespace *mnt_userns, struct inode *old_dir,
295
+
struct dentry *old_dentry, struct inode *new_dir,
296
+
struct dentry *new_dentry, unsigned int flags)
301
297
{
302
298
const char *old_name = old_dentry->d_name.name;
303
299
const char *new_name = new_dentry->d_name.name;
+5
-4
fs/coda/inode.c
+5
-4
fs/coda/inode.c
···
251
251
coda_cache_clear_inode(inode);
252
252
}
253
253
254
-
int coda_getattr(const struct path *path, struct kstat *stat,
255
-
u32 request_mask, unsigned int flags)
254
+
int coda_getattr(struct user_namespace *mnt_userns, const struct path *path,
255
+
struct kstat *stat, u32 request_mask, unsigned int flags)
256
256
{
257
257
int err = coda_revalidate_inode(d_inode(path->dentry));
258
258
if (!err)
259
-
generic_fillattr(d_inode(path->dentry), stat);
259
+
generic_fillattr(&init_user_ns, d_inode(path->dentry), stat);
260
260
return err;
261
261
}
262
262
263
-
int coda_setattr(struct dentry *de, struct iattr *iattr)
263
+
int coda_setattr(struct user_namespace *mnt_userns, struct dentry *de,
264
+
struct iattr *iattr)
264
265
{
265
266
struct inode *inode = d_inode(de);
266
267
struct coda_vattr vattr;
+4
-2
fs/coda/pioctl.c
+4
-2
fs/coda/pioctl.c
···
24
24
#include "coda_linux.h"
25
25
26
26
/* pioctl ops */
27
-
static int coda_ioctl_permission(struct inode *inode, int mask);
27
+
static int coda_ioctl_permission(struct user_namespace *mnt_userns,
28
+
struct inode *inode, int mask);
28
29
static long coda_pioctl(struct file *filp, unsigned int cmd,
29
30
unsigned long user_data);
30
31
···
41
40
};
42
41
43
42
/* the coda pioctl inode ops */
44
-
static int coda_ioctl_permission(struct inode *inode, int mask)
43
+
static int coda_ioctl_permission(struct user_namespace *mnt_userns,
44
+
struct inode *inode, int mask)
45
45
{
46
46
return (mask & MAY_EXEC) ? -EACCES : 0;
47
47
}
+4
-2
fs/configfs/configfs_internal.h
+4
-2
fs/configfs/configfs_internal.h
···
79
79
80
80
extern const unsigned char * configfs_get_name(struct configfs_dirent *sd);
81
81
extern void configfs_drop_dentry(struct configfs_dirent *sd, struct dentry *parent);
82
-
extern int configfs_setattr(struct dentry *dentry, struct iattr *iattr);
82
+
extern int configfs_setattr(struct user_namespace *mnt_userns,
83
+
struct dentry *dentry, struct iattr *iattr);
83
84
84
85
extern struct dentry *configfs_pin_fs(void);
85
86
extern void configfs_release_fs(void);
···
93
92
extern const struct inode_operations configfs_symlink_inode_operations;
94
93
extern const struct dentry_operations configfs_dentry_ops;
95
94
96
-
extern int configfs_symlink(struct inode *dir, struct dentry *dentry,
95
+
extern int configfs_symlink(struct user_namespace *mnt_userns,
96
+
struct inode *dir, struct dentry *dentry,
97
97
const char *symname);
98
98
extern int configfs_unlink(struct inode *dir, struct dentry *dentry);
99
99
+2
-1
fs/configfs/dir.c
+2
-1
fs/configfs/dir.c
···
1268
1268
}
1269
1269
EXPORT_SYMBOL(configfs_depend_item_unlocked);
1270
1270
1271
-
static int configfs_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
1271
+
static int configfs_mkdir(struct user_namespace *mnt_userns, struct inode *dir,
1272
+
struct dentry *dentry, umode_t mode)
1272
1273
{
1273
1274
int ret = 0;
1274
1275
int module_got = 0;
+3
-2
fs/configfs/inode.c
+3
-2
fs/configfs/inode.c
···
40
40
.setattr = configfs_setattr,
41
41
};
42
42
43
-
int configfs_setattr(struct dentry * dentry, struct iattr * iattr)
43
+
int configfs_setattr(struct user_namespace *mnt_userns, struct dentry *dentry,
44
+
struct iattr *iattr)
44
45
{
45
46
struct inode * inode = d_inode(dentry);
46
47
struct configfs_dirent * sd = dentry->d_fsdata;
···
68
67
}
69
68
/* attributes were changed atleast once in past */
70
69
71
-
error = simple_setattr(dentry, iattr);
70
+
error = simple_setattr(mnt_userns, dentry, iattr);
72
71
if (error)
73
72
return error;
74
73
+4
-2
fs/configfs/symlink.c
+4
-2
fs/configfs/symlink.c
···
139
139
}
140
140
141
141
142
-
int configfs_symlink(struct inode *dir, struct dentry *dentry, const char *symname)
142
+
int configfs_symlink(struct user_namespace *mnt_userns, struct inode *dir,
143
+
struct dentry *dentry, const char *symname)
143
144
{
144
145
int ret;
145
146
struct path path;
···
198
197
if (dentry->d_inode || d_unhashed(dentry))
199
198
ret = -EEXIST;
200
199
else
201
-
ret = inode_permission(dir, MAY_WRITE | MAY_EXEC);
200
+
ret = inode_permission(&init_user_ns, dir,
201
+
MAY_WRITE | MAY_EXEC);
202
202
if (!ret)
203
203
ret = type->ct_item_ops->allow_link(parent_item, target_item);
204
204
if (!ret) {
+7
-3
fs/coredump.c
+7
-3
fs/coredump.c
···
703
703
goto close_fail;
704
704
}
705
705
} else {
706
+
struct user_namespace *mnt_userns;
706
707
struct inode *inode;
707
708
int open_flags = O_CREAT | O_RDWR | O_NOFOLLOW |
708
709
O_LARGEFILE | O_EXCL;
···
781
780
* a process dumps core while its cwd is e.g. on a vfat
782
781
* filesystem.
783
782
*/
784
-
if (!uid_eq(inode->i_uid, current_fsuid()))
783
+
mnt_userns = file_mnt_user_ns(cprm.file);
784
+
if (!uid_eq(i_uid_into_mnt(mnt_userns, inode), current_fsuid()))
785
785
goto close_fail;
786
786
if ((inode->i_mode & 0677) != 0600)
787
787
goto close_fail;
788
788
if (!(cprm.file->f_mode & FMODE_CAN_WRITE))
789
789
goto close_fail;
790
-
if (do_truncate(cprm.file->f_path.dentry, 0, 0, cprm.file))
790
+
if (do_truncate(mnt_userns, cprm.file->f_path.dentry,
791
+
0, 0, cprm.file))
791
792
goto close_fail;
792
793
}
793
794
···
934
931
if (file->f_op->llseek && file->f_op->llseek != no_llseek) {
935
932
offset = file->f_op->llseek(file, 0, SEEK_CUR);
936
933
if (i_size_read(file->f_mapping->host) < offset)
937
-
do_truncate(file->f_path.dentry, offset, 0, file);
934
+
do_truncate(file_mnt_user_ns(file), file->f_path.dentry,
935
+
offset, 0, file);
938
936
}
939
937
}
940
938
EXPORT_SYMBOL(dump_truncate);
+1
-1
fs/crypto/policy.c
+1
-1
fs/crypto/policy.c
+5
-4
fs/debugfs/inode.c
+5
-4
fs/debugfs/inode.c
···
42
42
* so that we can use the file mode as part of a heuristic to determine whether
43
43
* to lock down individual files.
44
44
*/
45
-
static int debugfs_setattr(struct dentry *dentry, struct iattr *ia)
45
+
static int debugfs_setattr(struct user_namespace *mnt_userns,
46
+
struct dentry *dentry, struct iattr *ia)
46
47
{
47
48
int ret = security_locked_down(LOCKDOWN_DEBUGFS);
48
49
49
50
if (ret && (ia->ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID)))
50
51
return ret;
51
-
return simple_setattr(dentry, ia);
52
+
return simple_setattr(&init_user_ns, dentry, ia);
52
53
}
53
54
54
55
static const struct inode_operations debugfs_file_inode_operations = {
···
776
775
777
776
take_dentry_name_snapshot(&old_name, old_dentry);
778
777
779
-
error = simple_rename(d_inode(old_dir), old_dentry, d_inode(new_dir),
780
-
dentry, 0);
778
+
error = simple_rename(&init_user_ns, d_inode(old_dir), old_dentry,
779
+
d_inode(new_dir), dentry, 0);
781
780
if (error) {
782
781
release_dentry_name_snapshot(&old_name);
783
782
goto exit;
+2
-2
fs/ecryptfs/crypto.c
+2
-2
fs/ecryptfs/crypto.c
···
1110
1110
}
1111
1111
1112
1112
inode_lock(lower_inode);
1113
-
rc = __vfs_setxattr(lower_dentry, lower_inode, ECRYPTFS_XATTR_NAME,
1114
-
page_virt, size, 0);
1113
+
rc = __vfs_setxattr(&init_user_ns, lower_dentry, lower_inode,
1114
+
ECRYPTFS_XATTR_NAME, page_virt, size, 0);
1115
1115
if (!rc && ecryptfs_inode)
1116
1116
fsstack_copy_attr_all(ecryptfs_inode, lower_inode);
1117
1117
inode_unlock(lower_inode);
+53
-31
fs/ecryptfs/inode.c
+53
-31
fs/ecryptfs/inode.c
···
141
141
else if (d_unhashed(lower_dentry))
142
142
rc = -EINVAL;
143
143
else
144
-
rc = vfs_unlink(lower_dir_inode, lower_dentry, NULL);
144
+
rc = vfs_unlink(&init_user_ns, lower_dir_inode, lower_dentry,
145
+
NULL);
145
146
if (rc) {
146
147
printk(KERN_ERR "Error in vfs_unlink; rc = [%d]\n", rc);
147
148
goto out_unlock;
···
181
180
182
181
lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry);
183
182
lower_dir_dentry = lock_parent(lower_dentry);
184
-
rc = vfs_create(d_inode(lower_dir_dentry), lower_dentry, mode, true);
183
+
rc = vfs_create(&init_user_ns, d_inode(lower_dir_dentry), lower_dentry,
184
+
mode, true);
185
185
if (rc) {
186
186
printk(KERN_ERR "%s: Failure to create dentry in lower fs; "
187
187
"rc = [%d]\n", __func__, rc);
···
192
190
inode = __ecryptfs_get_inode(d_inode(lower_dentry),
193
191
directory_inode->i_sb);
194
192
if (IS_ERR(inode)) {
195
-
vfs_unlink(d_inode(lower_dir_dentry), lower_dentry, NULL);
193
+
vfs_unlink(&init_user_ns, d_inode(lower_dir_dentry),
194
+
lower_dentry, NULL);
196
195
goto out_lock;
197
196
}
198
197
fsstack_copy_attr_times(directory_inode, d_inode(lower_dir_dentry));
···
257
254
* Returns zero on success; non-zero on error condition
258
255
*/
259
256
static int
260
-
ecryptfs_create(struct inode *directory_inode, struct dentry *ecryptfs_dentry,
257
+
ecryptfs_create(struct user_namespace *mnt_userns,
258
+
struct inode *directory_inode, struct dentry *ecryptfs_dentry,
261
259
umode_t mode, bool excl)
262
260
{
263
261
struct inode *ecryptfs_inode;
···
440
436
dget(lower_old_dentry);
441
437
dget(lower_new_dentry);
442
438
lower_dir_dentry = lock_parent(lower_new_dentry);
443
-
rc = vfs_link(lower_old_dentry, d_inode(lower_dir_dentry),
444
-
lower_new_dentry, NULL);
439
+
rc = vfs_link(lower_old_dentry, &init_user_ns,
440
+
d_inode(lower_dir_dentry), lower_new_dentry, NULL);
445
441
if (rc || d_really_is_negative(lower_new_dentry))
446
442
goto out_lock;
447
443
rc = ecryptfs_interpose(lower_new_dentry, new_dentry, dir->i_sb);
···
464
460
return ecryptfs_do_unlink(dir, dentry, d_inode(dentry));
465
461
}
466
462
467
-
static int ecryptfs_symlink(struct inode *dir, struct dentry *dentry,
463
+
static int ecryptfs_symlink(struct user_namespace *mnt_userns,
464
+
struct inode *dir, struct dentry *dentry,
468
465
const char *symname)
469
466
{
470
467
int rc;
···
486
481
strlen(symname));
487
482
if (rc)
488
483
goto out_lock;
489
-
rc = vfs_symlink(d_inode(lower_dir_dentry), lower_dentry,
484
+
rc = vfs_symlink(&init_user_ns, d_inode(lower_dir_dentry), lower_dentry,
490
485
encoded_symname);
491
486
kfree(encoded_symname);
492
487
if (rc || d_really_is_negative(lower_dentry))
···
504
499
return rc;
505
500
}
506
501
507
-
static int ecryptfs_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
502
+
static int ecryptfs_mkdir(struct user_namespace *mnt_userns, struct inode *dir,
503
+
struct dentry *dentry, umode_t mode)
508
504
{
509
505
int rc;
510
506
struct dentry *lower_dentry;
···
513
507
514
508
lower_dentry = ecryptfs_dentry_to_lower(dentry);
515
509
lower_dir_dentry = lock_parent(lower_dentry);
516
-
rc = vfs_mkdir(d_inode(lower_dir_dentry), lower_dentry, mode);
510
+
rc = vfs_mkdir(&init_user_ns, d_inode(lower_dir_dentry), lower_dentry,
511
+
mode);
517
512
if (rc || d_really_is_negative(lower_dentry))
518
513
goto out;
519
514
rc = ecryptfs_interpose(lower_dentry, dentry, dir->i_sb);
···
548
541
else if (d_unhashed(lower_dentry))
549
542
rc = -EINVAL;
550
543
else
551
-
rc = vfs_rmdir(lower_dir_inode, lower_dentry);
544
+
rc = vfs_rmdir(&init_user_ns, lower_dir_inode, lower_dentry);
552
545
if (!rc) {
553
546
clear_nlink(d_inode(dentry));
554
547
fsstack_copy_attr_times(dir, lower_dir_inode);
···
562
555
}
563
556
564
557
static int
565
-
ecryptfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
558
+
ecryptfs_mknod(struct user_namespace *mnt_userns, struct inode *dir,
559
+
struct dentry *dentry, umode_t mode, dev_t dev)
566
560
{
567
561
int rc;
568
562
struct dentry *lower_dentry;
···
571
563
572
564
lower_dentry = ecryptfs_dentry_to_lower(dentry);
573
565
lower_dir_dentry = lock_parent(lower_dentry);
574
-
rc = vfs_mknod(d_inode(lower_dir_dentry), lower_dentry, mode, dev);
566
+
rc = vfs_mknod(&init_user_ns, d_inode(lower_dir_dentry), lower_dentry,
567
+
mode, dev);
575
568
if (rc || d_really_is_negative(lower_dentry))
576
569
goto out;
577
570
rc = ecryptfs_interpose(lower_dentry, dentry, dir->i_sb);
···
588
579
}
589
580
590
581
static int
591
-
ecryptfs_rename(struct inode *old_dir, struct dentry *old_dentry,
592
-
struct inode *new_dir, struct dentry *new_dentry,
593
-
unsigned int flags)
582
+
ecryptfs_rename(struct user_namespace *mnt_userns, struct inode *old_dir,
583
+
struct dentry *old_dentry, struct inode *new_dir,
584
+
struct dentry *new_dentry, unsigned int flags)
594
585
{
595
586
int rc;
596
587
struct dentry *lower_old_dentry;
···
599
590
struct dentry *lower_new_dir_dentry;
600
591
struct dentry *trap;
601
592
struct inode *target_inode;
593
+
struct renamedata rd = {};
602
594
603
595
if (flags)
604
596
return -EINVAL;
···
629
619
rc = -ENOTEMPTY;
630
620
goto out_lock;
631
621
}
632
-
rc = vfs_rename(d_inode(lower_old_dir_dentry), lower_old_dentry,
633
-
d_inode(lower_new_dir_dentry), lower_new_dentry,
634
-
NULL, 0);
622
+
623
+
rd.old_mnt_userns = &init_user_ns;
624
+
rd.old_dir = d_inode(lower_old_dir_dentry);
625
+
rd.old_dentry = lower_old_dentry;
626
+
rd.new_mnt_userns = &init_user_ns;
627
+
rd.new_dir = d_inode(lower_new_dir_dentry);
628
+
rd.new_dentry = lower_new_dentry;
629
+
rc = vfs_rename(&rd);
635
630
if (rc)
636
631
goto out_lock;
637
632
if (target_inode)
···
870
855
struct dentry *lower_dentry = ecryptfs_dentry_to_lower(dentry);
871
856
872
857
inode_lock(d_inode(lower_dentry));
873
-
rc = notify_change(lower_dentry, &lower_ia, NULL);
858
+
rc = notify_change(&init_user_ns, lower_dentry,
859
+
&lower_ia, NULL);
874
860
inode_unlock(d_inode(lower_dentry));
875
861
}
876
862
return rc;
877
863
}
878
864
879
865
static int
880
-
ecryptfs_permission(struct inode *inode, int mask)
866
+
ecryptfs_permission(struct user_namespace *mnt_userns, struct inode *inode,
867
+
int mask)
881
868
{
882
-
return inode_permission(ecryptfs_inode_to_lower(inode), mask);
869
+
return inode_permission(&init_user_ns,
870
+
ecryptfs_inode_to_lower(inode), mask);
883
871
}
884
872
885
873
/**
···
897
879
* All other metadata changes will be passed right to the lower filesystem,
898
880
* and we will just update our inode to look like the lower.
899
881
*/
900
-
static int ecryptfs_setattr(struct dentry *dentry, struct iattr *ia)
882
+
static int ecryptfs_setattr(struct user_namespace *mnt_userns,
883
+
struct dentry *dentry, struct iattr *ia)
901
884
{
902
885
int rc = 0;
903
886
struct dentry *lower_dentry;
···
952
933
}
953
934
mutex_unlock(&crypt_stat->cs_mutex);
954
935
955
-
rc = setattr_prepare(dentry, ia);
936
+
rc = setattr_prepare(&init_user_ns, dentry, ia);
956
937
if (rc)
957
938
goto out;
958
939
if (ia->ia_valid & ATTR_SIZE) {
···
978
959
lower_ia.ia_valid &= ~ATTR_MODE;
979
960
980
961
inode_lock(d_inode(lower_dentry));
981
-
rc = notify_change(lower_dentry, &lower_ia, NULL);
962
+
rc = notify_change(&init_user_ns, lower_dentry, &lower_ia, NULL);
982
963
inode_unlock(d_inode(lower_dentry));
983
964
out:
984
965
fsstack_copy_attr_all(inode, lower_inode);
985
966
return rc;
986
967
}
987
968
988
-
static int ecryptfs_getattr_link(const struct path *path, struct kstat *stat,
969
+
static int ecryptfs_getattr_link(struct user_namespace *mnt_userns,
970
+
const struct path *path, struct kstat *stat,
989
971
u32 request_mask, unsigned int flags)
990
972
{
991
973
struct dentry *dentry = path->dentry;
···
995
975
996
976
mount_crypt_stat = &ecryptfs_superblock_to_private(
997
977
dentry->d_sb)->mount_crypt_stat;
998
-
generic_fillattr(d_inode(dentry), stat);
978
+
generic_fillattr(&init_user_ns, d_inode(dentry), stat);
999
979
if (mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES) {
1000
980
char *target;
1001
981
size_t targetsiz;
···
1011
991
return rc;
1012
992
}
1013
993
1014
-
static int ecryptfs_getattr(const struct path *path, struct kstat *stat,
994
+
static int ecryptfs_getattr(struct user_namespace *mnt_userns,
995
+
const struct path *path, struct kstat *stat,
1015
996
u32 request_mask, unsigned int flags)
1016
997
{
1017
998
struct dentry *dentry = path->dentry;
···
1024
1003
if (!rc) {
1025
1004
fsstack_copy_attr_all(d_inode(dentry),
1026
1005
ecryptfs_inode_to_lower(d_inode(dentry)));
1027
-
generic_fillattr(d_inode(dentry), stat);
1006
+
generic_fillattr(&init_user_ns, d_inode(dentry), stat);
1028
1007
stat->blocks = lower_stat.blocks;
1029
1008
}
1030
1009
return rc;
···
1046
1025
goto out;
1047
1026
}
1048
1027
inode_lock(lower_inode);
1049
-
rc = __vfs_setxattr_locked(lower_dentry, name, value, size, flags, NULL);
1028
+
rc = __vfs_setxattr_locked(&init_user_ns, lower_dentry, name, value, size, flags, NULL);
1050
1029
inode_unlock(lower_inode);
1051
1030
if (!rc && inode)
1052
1031
fsstack_copy_attr_all(inode, lower_inode);
···
1112
1091
goto out;
1113
1092
}
1114
1093
inode_lock(lower_inode);
1115
-
rc = __vfs_removexattr(lower_dentry, name);
1094
+
rc = __vfs_removexattr(&init_user_ns, lower_dentry, name);
1116
1095
inode_unlock(lower_inode);
1117
1096
out:
1118
1097
return rc;
···
1156
1135
}
1157
1136
1158
1137
static int ecryptfs_xattr_set(const struct xattr_handler *handler,
1138
+
struct user_namespace *mnt_userns,
1159
1139
struct dentry *dentry, struct inode *inode,
1160
1140
const char *name, const void *value, size_t size,
1161
1141
int flags)
+6
fs/ecryptfs/main.c
+6
fs/ecryptfs/main.c
···
531
531
goto out_free;
532
532
}
533
533
534
+
if (mnt_user_ns(path.mnt) != &init_user_ns) {
535
+
rc = -EINVAL;
536
+
printk(KERN_ERR "Mounting on idmapped mounts currently disallowed\n");
537
+
goto out_free;
538
+
}
539
+
534
540
if (check_ruid && !uid_eq(d_inode(path.dentry)->i_uid, current_uid())) {
535
541
rc = -EPERM;
536
542
printk(KERN_ERR "Mount of device (uid: %d) not owned by "
+2
-2
fs/ecryptfs/mmap.c
+2
-2
fs/ecryptfs/mmap.c
···
426
426
if (size < 0)
427
427
size = 8;
428
428
put_unaligned_be64(i_size_read(ecryptfs_inode), xattr_virt);
429
-
rc = __vfs_setxattr(lower_dentry, lower_inode, ECRYPTFS_XATTR_NAME,
430
-
xattr_virt, size, 0);
429
+
rc = __vfs_setxattr(&init_user_ns, lower_dentry, lower_inode,
430
+
ECRYPTFS_XATTR_NAME, xattr_virt, size, 0);
431
431
inode_unlock(lower_inode);
432
432
if (rc)
433
433
printk(KERN_ERR "Error whilst attempting to write inode size "
+1
-1
fs/efivarfs/file.c
+1
-1
fs/efivarfs/file.c
+2
-2
fs/efivarfs/inode.c
+2
-2
fs/efivarfs/inode.c
···
66
66
return uuid_is_valid(s);
67
67
}
68
68
69
-
static int efivarfs_create(struct inode *dir, struct dentry *dentry,
70
-
umode_t mode, bool excl)
69
+
static int efivarfs_create(struct user_namespace *mnt_userns, struct inode *dir,
70
+
struct dentry *dentry, umode_t mode, bool excl)
71
71
{
72
72
struct inode *inode = NULL;
73
73
struct efivar_entry *var;
+4
-3
fs/erofs/inode.c
+4
-3
fs/erofs/inode.c
···
331
331
return inode;
332
332
}
333
333
334
-
int erofs_getattr(const struct path *path, struct kstat *stat,
335
-
u32 request_mask, unsigned int query_flags)
334
+
int erofs_getattr(struct user_namespace *mnt_userns, const struct path *path,
335
+
struct kstat *stat, u32 request_mask,
336
+
unsigned int query_flags)
336
337
{
337
338
struct inode *const inode = d_inode(path->dentry);
338
339
···
344
343
stat->attributes_mask |= (STATX_ATTR_COMPRESSED |
345
344
STATX_ATTR_IMMUTABLE);
346
345
347
-
generic_fillattr(inode, stat);
346
+
generic_fillattr(&init_user_ns, inode, stat);
348
347
return 0;
349
348
}
350
349
+3
-2
fs/erofs/internal.h
+3
-2
fs/erofs/internal.h
···
373
373
extern const struct inode_operations erofs_fast_symlink_iops;
374
374
375
375
struct inode *erofs_iget(struct super_block *sb, erofs_nid_t nid, bool dir);
376
-
int erofs_getattr(const struct path *path, struct kstat *stat,
377
-
u32 request_mask, unsigned int query_flags);
376
+
int erofs_getattr(struct user_namespace *mnt_userns, const struct path *path,
377
+
struct kstat *stat, u32 request_mask,
378
+
unsigned int query_flags);
378
379
379
380
/* namei.c */
380
381
extern const struct inode_operations erofs_dir_iops;
+8
-4
fs/exec.c
+8
-4
fs/exec.c
···
1404
1404
void would_dump(struct linux_binprm *bprm, struct file *file)
1405
1405
{
1406
1406
struct inode *inode = file_inode(file);
1407
-
if (inode_permission(inode, MAY_READ) < 0) {
1407
+
struct user_namespace *mnt_userns = file_mnt_user_ns(file);
1408
+
if (inode_permission(mnt_userns, inode, MAY_READ) < 0) {
1408
1409
struct user_namespace *old, *user_ns;
1409
1410
bprm->interp_flags |= BINPRM_FLAGS_ENFORCE_NONDUMP;
1410
1411
1411
1412
/* Ensure mm->user_ns contains the executable */
1412
1413
user_ns = old = bprm->mm->user_ns;
1413
1414
while ((user_ns != &init_user_ns) &&
1414
-
!privileged_wrt_inode_uidgid(user_ns, inode))
1415
+
!privileged_wrt_inode_uidgid(user_ns, mnt_userns, inode))
1415
1416
user_ns = user_ns->parent;
1416
1417
1417
1418
if (old != user_ns) {
···
1580
1579
static void bprm_fill_uid(struct linux_binprm *bprm, struct file *file)
1581
1580
{
1582
1581
/* Handle suid and sgid on files */
1582
+
struct user_namespace *mnt_userns;
1583
1583
struct inode *inode;
1584
1584
unsigned int mode;
1585
1585
kuid_t uid;
···
1597
1595
if (!(mode & (S_ISUID|S_ISGID)))
1598
1596
return;
1599
1597
1598
+
mnt_userns = file_mnt_user_ns(file);
1599
+
1600
1600
/* Be careful if suid/sgid is set */
1601
1601
inode_lock(inode);
1602
1602
1603
1603
/* reload atomically mode/uid/gid now that lock held */
1604
1604
mode = inode->i_mode;
1605
-
uid = inode->i_uid;
1606
-
gid = inode->i_gid;
1605
+
uid = i_uid_into_mnt(mnt_userns, inode);
1606
+
gid = i_gid_into_mnt(mnt_userns, inode);
1607
1607
inode_unlock(inode);
1608
1608
1609
1609
/* We ignore suid/sgid if there are no mappings for them in the ns */
+5
-3
fs/exfat/exfat_fs.h
+5
-3
fs/exfat/exfat_fs.h
···
416
416
extern const struct file_operations exfat_file_operations;
417
417
int __exfat_truncate(struct inode *inode, loff_t new_size);
418
418
void exfat_truncate(struct inode *inode, loff_t size);
419
-
int exfat_setattr(struct dentry *dentry, struct iattr *attr);
420
-
int exfat_getattr(const struct path *path, struct kstat *stat,
421
-
unsigned int request_mask, unsigned int query_flags);
419
+
int exfat_setattr(struct user_namespace *mnt_userns, struct dentry *dentry,
420
+
struct iattr *attr);
421
+
int exfat_getattr(struct user_namespace *mnt_userns, const struct path *path,
422
+
struct kstat *stat, unsigned int request_mask,
423
+
unsigned int query_flags);
422
424
int exfat_file_fsync(struct file *file, loff_t start, loff_t end, int datasync);
423
425
424
426
/* namei.c */
+8
-6
fs/exfat/file.c
+8
-6
fs/exfat/file.c
···
267
267
mutex_unlock(&sbi->s_lock);
268
268
}
269
269
270
-
int exfat_getattr(const struct path *path, struct kstat *stat,
271
-
unsigned int request_mask, unsigned int query_flags)
270
+
int exfat_getattr(struct user_namespace *mnt_uerns, const struct path *path,
271
+
struct kstat *stat, unsigned int request_mask,
272
+
unsigned int query_flags)
272
273
{
273
274
struct inode *inode = d_backing_inode(path->dentry);
274
275
struct exfat_inode_info *ei = EXFAT_I(inode);
275
276
276
-
generic_fillattr(inode, stat);
277
+
generic_fillattr(&init_user_ns, inode, stat);
277
278
exfat_truncate_atime(&stat->atime);
278
279
stat->result_mask |= STATX_BTIME;
279
280
stat->btime.tv_sec = ei->i_crtime.tv_sec;
···
283
282
return 0;
284
283
}
285
284
286
-
int exfat_setattr(struct dentry *dentry, struct iattr *attr)
285
+
int exfat_setattr(struct user_namespace *mnt_userns, struct dentry *dentry,
286
+
struct iattr *attr)
287
287
{
288
288
struct exfat_sb_info *sbi = EXFAT_SB(dentry->d_sb);
289
289
struct inode *inode = dentry->d_inode;
···
307
305
ATTR_TIMES_SET);
308
306
}
309
307
310
-
error = setattr_prepare(dentry, attr);
308
+
error = setattr_prepare(&init_user_ns, dentry, attr);
311
309
attr->ia_valid = ia_valid;
312
310
if (error)
313
311
goto out;
···
342
340
up_write(&EXFAT_I(inode)->truncate_lock);
343
341
}
344
342
345
-
setattr_copy(inode, attr);
343
+
setattr_copy(&init_user_ns, inode, attr);
346
344
exfat_truncate_atime(&inode->i_atime);
347
345
mark_inode_dirty(inode);
348
346
+8
-6
fs/exfat/namei.c
+8
-6
fs/exfat/namei.c
···
541
541
return ret;
542
542
}
543
543
544
-
static int exfat_create(struct inode *dir, struct dentry *dentry, umode_t mode,
545
-
bool excl)
544
+
static int exfat_create(struct user_namespace *mnt_userns, struct inode *dir,
545
+
struct dentry *dentry, umode_t mode, bool excl)
546
546
{
547
547
struct super_block *sb = dir->i_sb;
548
548
struct inode *inode;
···
827
827
return err;
828
828
}
829
829
830
-
static int exfat_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
830
+
static int exfat_mkdir(struct user_namespace *mnt_userns, struct inode *dir,
831
+
struct dentry *dentry, umode_t mode)
831
832
{
832
833
struct super_block *sb = dir->i_sb;
833
834
struct inode *inode;
···
1319
1318
return ret;
1320
1319
}
1321
1320
1322
-
static int exfat_rename(struct inode *old_dir, struct dentry *old_dentry,
1323
-
struct inode *new_dir, struct dentry *new_dentry,
1324
-
unsigned int flags)
1321
+
static int exfat_rename(struct user_namespace *mnt_userns,
1322
+
struct inode *old_dir, struct dentry *old_dentry,
1323
+
struct inode *new_dir, struct dentry *new_dentry,
1324
+
unsigned int flags)
1325
1325
{
1326
1326
struct inode *old_inode, *new_inode;
1327
1327
struct super_block *sb = old_dir->i_sb;
+4
-2
fs/ext2/acl.c
+4
-2
fs/ext2/acl.c
···
216
216
* inode->i_mutex: down
217
217
*/
218
218
int
219
-
ext2_set_acl(struct inode *inode, struct posix_acl *acl, int type)
219
+
ext2_set_acl(struct user_namespace *mnt_userns, struct inode *inode,
220
+
struct posix_acl *acl, int type)
220
221
{
221
222
int error;
222
223
int update_mode = 0;
223
224
umode_t mode = inode->i_mode;
224
225
225
226
if (type == ACL_TYPE_ACCESS && acl) {
226
-
error = posix_acl_update_mode(inode, &mode, &acl);
227
+
error = posix_acl_update_mode(&init_user_ns, inode, &mode,
228
+
&acl);
227
229
if (error)
228
230
return error;
229
231
update_mode = 1;
+2
-1
fs/ext2/acl.h
+2
-1
fs/ext2/acl.h
···
56
56
57
57
/* acl.c */
58
58
extern struct posix_acl *ext2_get_acl(struct inode *inode, int type);
59
-
extern int ext2_set_acl(struct inode *inode, struct posix_acl *acl, int type);
59
+
extern int ext2_set_acl(struct user_namespace *mnt_userns, struct inode *inode,
60
+
struct posix_acl *acl, int type);
60
61
extern int ext2_init_acl (struct inode *, struct inode *);
61
62
62
63
#else
+3
-2
fs/ext2/ext2.h
+3
-2
fs/ext2/ext2.h
···
764
764
extern int ext2_write_inode (struct inode *, struct writeback_control *);
765
765
extern void ext2_evict_inode(struct inode *);
766
766
extern int ext2_get_block(struct inode *, sector_t, struct buffer_head *, int);
767
-
extern int ext2_setattr (struct dentry *, struct iattr *);
768
-
extern int ext2_getattr (const struct path *, struct kstat *, u32, unsigned int);
767
+
extern int ext2_setattr (struct user_namespace *, struct dentry *, struct iattr *);
768
+
extern int ext2_getattr (struct user_namespace *, const struct path *,
769
+
struct kstat *, u32, unsigned int);
769
770
extern void ext2_set_inode_flags(struct inode *inode);
770
771
extern int ext2_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo,
771
772
u64 start, u64 len);
+1
-1
fs/ext2/ialloc.c
+1
-1
fs/ext2/ialloc.c
+8
-7
fs/ext2/inode.c
+8
-7
fs/ext2/inode.c
···
1638
1638
return __ext2_write_inode(inode, wbc->sync_mode == WB_SYNC_ALL);
1639
1639
}
1640
1640
1641
-
int ext2_getattr(const struct path *path, struct kstat *stat,
1642
-
u32 request_mask, unsigned int query_flags)
1641
+
int ext2_getattr(struct user_namespace *mnt_userns, const struct path *path,
1642
+
struct kstat *stat, u32 request_mask, unsigned int query_flags)
1643
1643
{
1644
1644
struct inode *inode = d_inode(path->dentry);
1645
1645
struct ext2_inode_info *ei = EXT2_I(inode);
···
1660
1660
STATX_ATTR_IMMUTABLE |
1661
1661
STATX_ATTR_NODUMP);
1662
1662
1663
-
generic_fillattr(inode, stat);
1663
+
generic_fillattr(&init_user_ns, inode, stat);
1664
1664
return 0;
1665
1665
}
1666
1666
1667
-
int ext2_setattr(struct dentry *dentry, struct iattr *iattr)
1667
+
int ext2_setattr(struct user_namespace *mnt_userns, struct dentry *dentry,
1668
+
struct iattr *iattr)
1668
1669
{
1669
1670
struct inode *inode = d_inode(dentry);
1670
1671
int error;
1671
1672
1672
-
error = setattr_prepare(dentry, iattr);
1673
+
error = setattr_prepare(&init_user_ns, dentry, iattr);
1673
1674
if (error)
1674
1675
return error;
1675
1676
···
1690
1689
if (error)
1691
1690
return error;
1692
1691
}
1693
-
setattr_copy(inode, iattr);
1692
+
setattr_copy(&init_user_ns, inode, iattr);
1694
1693
if (iattr->ia_valid & ATTR_MODE)
1695
-
error = posix_acl_chmod(inode, inode->i_mode);
1694
+
error = posix_acl_chmod(&init_user_ns, inode, inode->i_mode);
1696
1695
mark_inode_dirty(inode);
1697
1696
1698
1697
return error;
+3
-3
fs/ext2/ioctl.c
+3
-3
fs/ext2/ioctl.c
···
39
39
if (ret)
40
40
return ret;
41
41
42
-
if (!inode_owner_or_capable(inode)) {
42
+
if (!inode_owner_or_capable(&init_user_ns, inode)) {
43
43
ret = -EACCES;
44
44
goto setflags_out;
45
45
}
···
84
84
case EXT2_IOC_SETVERSION: {
85
85
__u32 generation;
86
86
87
-
if (!inode_owner_or_capable(inode))
87
+
if (!inode_owner_or_capable(&init_user_ns, inode))
88
88
return -EPERM;
89
89
ret = mnt_want_write_file(filp);
90
90
if (ret)
···
117
117
if (!test_opt(inode->i_sb, RESERVATION) ||!S_ISREG(inode->i_mode))
118
118
return -ENOTTY;
119
119
120
-
if (!inode_owner_or_capable(inode))
120
+
if (!inode_owner_or_capable(&init_user_ns, inode))
121
121
return -EACCES;
122
122
123
123
if (get_user(rsv_window_size, (int __user *)arg))
+14
-8
fs/ext2/namei.c
+14
-8
fs/ext2/namei.c
···
100
100
* If the create succeeds, we fill in the inode information
101
101
* with d_instantiate().
102
102
*/
103
-
static int ext2_create (struct inode * dir, struct dentry * dentry, umode_t mode, bool excl)
103
+
static int ext2_create (struct user_namespace * mnt_userns,
104
+
struct inode * dir, struct dentry * dentry,
105
+
umode_t mode, bool excl)
104
106
{
105
107
struct inode *inode;
106
108
int err;
···
120
118
return ext2_add_nondir(dentry, inode);
121
119
}
122
120
123
-
static int ext2_tmpfile(struct inode *dir, struct dentry *dentry, umode_t mode)
121
+
static int ext2_tmpfile(struct user_namespace *mnt_userns, struct inode *dir,
122
+
struct dentry *dentry, umode_t mode)
124
123
{
125
124
struct inode *inode = ext2_new_inode(dir, mode, NULL);
126
125
if (IS_ERR(inode))
···
134
131
return 0;
135
132
}
136
133
137
-
static int ext2_mknod (struct inode * dir, struct dentry *dentry, umode_t mode, dev_t rdev)
134
+
static int ext2_mknod (struct user_namespace * mnt_userns, struct inode * dir,
135
+
struct dentry *dentry, umode_t mode, dev_t rdev)
138
136
{
139
137
struct inode * inode;
140
138
int err;
···
155
151
return err;
156
152
}
157
153
158
-
static int ext2_symlink (struct inode * dir, struct dentry * dentry,
159
-
const char * symname)
154
+
static int ext2_symlink (struct user_namespace * mnt_userns, struct inode * dir,
155
+
struct dentry * dentry, const char * symname)
160
156
{
161
157
struct super_block * sb = dir->i_sb;
162
158
int err = -ENAMETOOLONG;
···
229
225
return err;
230
226
}
231
227
232
-
static int ext2_mkdir(struct inode * dir, struct dentry * dentry, umode_t mode)
228
+
static int ext2_mkdir(struct user_namespace * mnt_userns,
229
+
struct inode * dir, struct dentry * dentry, umode_t mode)
233
230
{
234
231
struct inode * inode;
235
232
int err;
···
320
315
return err;
321
316
}
322
317
323
-
static int ext2_rename (struct inode * old_dir, struct dentry * old_dentry,
324
-
struct inode * new_dir, struct dentry * new_dentry,
318
+
static int ext2_rename (struct user_namespace * mnt_userns,
319
+
struct inode * old_dir, struct dentry * old_dentry,
320
+
struct inode * new_dir, struct dentry * new_dentry,
325
321
unsigned int flags)
326
322
{
327
323
struct inode * old_inode = d_inode(old_dentry);
+1
fs/ext2/xattr_security.c
+1
fs/ext2/xattr_security.c
+1
fs/ext2/xattr_trusted.c
+1
fs/ext2/xattr_trusted.c
+1
fs/ext2/xattr_user.c
+1
fs/ext2/xattr_user.c
+3
-2
fs/ext4/acl.c
+3
-2
fs/ext4/acl.c
···
222
222
}
223
223
224
224
int
225
-
ext4_set_acl(struct inode *inode, struct posix_acl *acl, int type)
225
+
ext4_set_acl(struct user_namespace *mnt_userns, struct inode *inode,
226
+
struct posix_acl *acl, int type)
226
227
{
227
228
handle_t *handle;
228
229
int error, credits, retries = 0;
···
246
245
ext4_fc_start_update(inode);
247
246
248
247
if ((type == ACL_TYPE_ACCESS) && acl) {
249
-
error = posix_acl_update_mode(inode, &mode, &acl);
248
+
error = posix_acl_update_mode(mnt_userns, inode, &mode, &acl);
250
249
if (error)
251
250
goto out_stop;
252
251
if (mode != inode->i_mode)
+2
-1
fs/ext4/acl.h
+2
-1
fs/ext4/acl.h
···
56
56
57
57
/* acl.c */
58
58
struct posix_acl *ext4_get_acl(struct inode *inode, int type);
59
-
int ext4_set_acl(struct inode *inode, struct posix_acl *acl, int type);
59
+
int ext4_set_acl(struct user_namespace *mnt_userns, struct inode *inode,
60
+
struct posix_acl *acl, int type);
60
61
extern int ext4_init_acl(handle_t *, struct inode *, struct inode *);
61
62
62
63
#else /* CONFIG_EXT4_FS_POSIX_ACL */
+13
-9
fs/ext4/ext4.h
+13
-9
fs/ext4/ext4.h
···
2755
2755
2756
2756
/* ialloc.c */
2757
2757
extern int ext4_mark_inode_used(struct super_block *sb, int ino);
2758
-
extern struct inode *__ext4_new_inode(handle_t *, struct inode *, umode_t,
2758
+
extern struct inode *__ext4_new_inode(struct user_namespace *, handle_t *,
2759
+
struct inode *, umode_t,
2759
2760
const struct qstr *qstr, __u32 goal,
2760
2761
uid_t *owner, __u32 i_flags,
2761
2762
int handle_type, unsigned int line_no,
2762
2763
int nblocks);
2763
2764
2764
-
#define ext4_new_inode(handle, dir, mode, qstr, goal, owner, i_flags) \
2765
-
__ext4_new_inode((handle), (dir), (mode), (qstr), (goal), (owner), \
2766
-
i_flags, 0, 0, 0)
2767
-
#define ext4_new_inode_start_handle(dir, mode, qstr, goal, owner, \
2765
+
#define ext4_new_inode(handle, dir, mode, qstr, goal, owner, i_flags) \
2766
+
__ext4_new_inode(&init_user_ns, (handle), (dir), (mode), (qstr), \
2767
+
(goal), (owner), i_flags, 0, 0, 0)
2768
+
#define ext4_new_inode_start_handle(mnt_userns, dir, mode, qstr, goal, owner, \
2768
2769
type, nblocks) \
2769
-
__ext4_new_inode(NULL, (dir), (mode), (qstr), (goal), (owner), \
2770
+
__ext4_new_inode((mnt_userns), NULL, (dir), (mode), (qstr), (goal), (owner), \
2770
2771
0, (type), __LINE__, (nblocks))
2771
2772
2772
2773
···
2878
2877
__ext4_iget((sb), (ino), (flags), __func__, __LINE__)
2879
2878
2880
2879
extern int ext4_write_inode(struct inode *, struct writeback_control *);
2881
-
extern int ext4_setattr(struct dentry *, struct iattr *);
2882
-
extern int ext4_getattr(const struct path *, struct kstat *, u32, unsigned int);
2880
+
extern int ext4_setattr(struct user_namespace *, struct dentry *,
2881
+
struct iattr *);
2882
+
extern int ext4_getattr(struct user_namespace *, const struct path *,
2883
+
struct kstat *, u32, unsigned int);
2883
2884
extern void ext4_evict_inode(struct inode *);
2884
2885
extern void ext4_clear_inode(struct inode *);
2885
-
extern int ext4_file_getattr(const struct path *, struct kstat *, u32, unsigned int);
2886
+
extern int ext4_file_getattr(struct user_namespace *, const struct path *,
2887
+
struct kstat *, u32, unsigned int);
2886
2888
extern int ext4_sync_inode(handle_t *, struct inode *);
2887
2889
extern void ext4_dirty_inode(struct inode *, int);
2888
2890
extern int ext4_change_inode_journal_flag(struct inode *, int);
+4
-3
fs/ext4/ialloc.c
+4
-3
fs/ext4/ialloc.c
···
919
919
* For other inodes, search forward from the parent directory's block
920
920
* group to find a free inode.
921
921
*/
922
-
struct inode *__ext4_new_inode(handle_t *handle, struct inode *dir,
922
+
struct inode *__ext4_new_inode(struct user_namespace *mnt_userns,
923
+
handle_t *handle, struct inode *dir,
923
924
umode_t mode, const struct qstr *qstr,
924
925
__u32 goal, uid_t *owner, __u32 i_flags,
925
926
int handle_type, unsigned int line_no,
···
970
969
i_gid_write(inode, owner[1]);
971
970
} else if (test_opt(sb, GRPID)) {
972
971
inode->i_mode = mode;
973
-
inode->i_uid = current_fsuid();
972
+
inode->i_uid = fsuid_into_mnt(mnt_userns);
974
973
inode->i_gid = dir->i_gid;
975
974
} else
976
-
inode_init_owner(inode, dir, mode);
975
+
inode_init_owner(mnt_userns, inode, dir, mode);
977
976
978
977
if (ext4_has_feature_project(sb) &&
979
978
ext4_test_inode_flag(dir, EXT4_INODE_PROJINHERIT))
+12
-9
fs/ext4/inode.c
+12
-9
fs/ext4/inode.c
···
20
20
*/
21
21
22
22
#include <linux/fs.h>
23
+
#include <linux/mount.h>
23
24
#include <linux/time.h>
24
25
#include <linux/highuid.h>
25
26
#include <linux/pagemap.h>
···
5316
5315
*
5317
5316
* Called with inode->i_mutex down.
5318
5317
*/
5319
-
int ext4_setattr(struct dentry *dentry, struct iattr *attr)
5318
+
int ext4_setattr(struct user_namespace *mnt_userns, struct dentry *dentry,
5319
+
struct iattr *attr)
5320
5320
{
5321
5321
struct inode *inode = d_inode(dentry);
5322
5322
int error, rc = 0;
···
5335
5333
ATTR_GID | ATTR_TIMES_SET))))
5336
5334
return -EPERM;
5337
5335
5338
-
error = setattr_prepare(dentry, attr);
5336
+
error = setattr_prepare(mnt_userns, dentry, attr);
5339
5337
if (error)
5340
5338
return error;
5341
5339
···
5510
5508
}
5511
5509
5512
5510
if (!error) {
5513
-
setattr_copy(inode, attr);
5511
+
setattr_copy(mnt_userns, inode, attr);
5514
5512
mark_inode_dirty(inode);
5515
5513
}
5516
5514
···
5522
5520
ext4_orphan_del(NULL, inode);
5523
5521
5524
5522
if (!error && (ia_valid & ATTR_MODE))
5525
-
rc = posix_acl_chmod(inode, inode->i_mode);
5523
+
rc = posix_acl_chmod(mnt_userns, inode, inode->i_mode);
5526
5524
5527
5525
err_out:
5528
5526
if (error)
···
5533
5531
return error;
5534
5532
}
5535
5533
5536
-
int ext4_getattr(const struct path *path, struct kstat *stat,
5537
-
u32 request_mask, unsigned int query_flags)
5534
+
int ext4_getattr(struct user_namespace *mnt_userns, const struct path *path,
5535
+
struct kstat *stat, u32 request_mask, unsigned int query_flags)
5538
5536
{
5539
5537
struct inode *inode = d_inode(path->dentry);
5540
5538
struct ext4_inode *raw_inode;
···
5569
5567
STATX_ATTR_NODUMP |
5570
5568
STATX_ATTR_VERITY);
5571
5569
5572
-
generic_fillattr(inode, stat);
5570
+
generic_fillattr(mnt_userns, inode, stat);
5573
5571
return 0;
5574
5572
}
5575
5573
5576
-
int ext4_file_getattr(const struct path *path, struct kstat *stat,
5574
+
int ext4_file_getattr(struct user_namespace *mnt_userns,
5575
+
const struct path *path, struct kstat *stat,
5577
5576
u32 request_mask, unsigned int query_flags)
5578
5577
{
5579
5578
struct inode *inode = d_inode(path->dentry);
5580
5579
u64 delalloc_blocks;
5581
5580
5582
-
ext4_getattr(path, stat, request_mask, query_flags);
5581
+
ext4_getattr(mnt_userns, path, stat, request_mask, query_flags);
5583
5582
5584
5583
/*
5585
5584
* If there is inline data in the inode, the inode will normally not
+12
-8
fs/ext4/ioctl.c
+12
-8
fs/ext4/ioctl.c
···
107
107
* important fields of the inodes.
108
108
*
109
109
* @sb: the super block of the filesystem
110
+
* @mnt_userns: user namespace of the mount the inode was found from
110
111
* @inode: the inode to swap with EXT4_BOOT_LOADER_INO
111
112
*
112
113
*/
113
114
static long swap_inode_boot_loader(struct super_block *sb,
115
+
struct user_namespace *mnt_userns,
114
116
struct inode *inode)
115
117
{
116
118
handle_t *handle;
···
141
139
}
142
140
143
141
if (IS_RDONLY(inode) || IS_APPEND(inode) || IS_IMMUTABLE(inode) ||
144
-
!inode_owner_or_capable(inode) || !capable(CAP_SYS_ADMIN)) {
142
+
!inode_owner_or_capable(mnt_userns, inode) ||
143
+
!capable(CAP_SYS_ADMIN)) {
145
144
err = -EPERM;
146
145
goto journal_err_out;
147
146
}
···
817
814
struct inode *inode = file_inode(filp);
818
815
struct super_block *sb = inode->i_sb;
819
816
struct ext4_inode_info *ei = EXT4_I(inode);
817
+
struct user_namespace *mnt_userns = file_mnt_user_ns(filp);
820
818
unsigned int flags;
821
819
822
820
ext4_debug("cmd = %u, arg = %lu\n", cmd, arg);
···
833
829
case FS_IOC_SETFLAGS: {
834
830
int err;
835
831
836
-
if (!inode_owner_or_capable(inode))
832
+
if (!inode_owner_or_capable(mnt_userns, inode))
837
833
return -EACCES;
838
834
839
835
if (get_user(flags, (int __user *) arg))
···
875
871
__u32 generation;
876
872
int err;
877
873
878
-
if (!inode_owner_or_capable(inode))
874
+
if (!inode_owner_or_capable(mnt_userns, inode))
879
875
return -EPERM;
880
876
881
877
if (ext4_has_metadata_csum(inode->i_sb)) {
···
1014
1010
case EXT4_IOC_MIGRATE:
1015
1011
{
1016
1012
int err;
1017
-
if (!inode_owner_or_capable(inode))
1013
+
if (!inode_owner_or_capable(mnt_userns, inode))
1018
1014
return -EACCES;
1019
1015
1020
1016
err = mnt_want_write_file(filp);
···
1036
1032
case EXT4_IOC_ALLOC_DA_BLKS:
1037
1033
{
1038
1034
int err;
1039
-
if (!inode_owner_or_capable(inode))
1035
+
if (!inode_owner_or_capable(mnt_userns, inode))
1040
1036
return -EACCES;
1041
1037
1042
1038
err = mnt_want_write_file(filp);
···
1055
1051
err = mnt_want_write_file(filp);
1056
1052
if (err)
1057
1053
return err;
1058
-
err = swap_inode_boot_loader(sb, inode);
1054
+
err = swap_inode_boot_loader(sb, mnt_userns, inode);
1059
1055
mnt_drop_write_file(filp);
1060
1056
return err;
1061
1057
}
···
1221
1217
1222
1218
case EXT4_IOC_CLEAR_ES_CACHE:
1223
1219
{
1224
-
if (!inode_owner_or_capable(inode))
1220
+
if (!inode_owner_or_capable(mnt_userns, inode))
1225
1221
return -EACCES;
1226
1222
ext4_clear_inode_es(inode);
1227
1223
return 0;
···
1267
1263
return -EFAULT;
1268
1264
1269
1265
/* Make sure caller has proper permission */
1270
-
if (!inode_owner_or_capable(inode))
1266
+
if (!inode_owner_or_capable(mnt_userns, inode))
1271
1267
return -EACCES;
1272
1268
1273
1269
if (fa.fsx_xflags & ~EXT4_SUPPORTED_FS_XFLAGS)
+27
-22
fs/ext4/namei.c
+27
-22
fs/ext4/namei.c
···
2596
2596
* If the create succeeds, we fill in the inode information
2597
2597
* with d_instantiate().
2598
2598
*/
2599
-
static int ext4_create(struct inode *dir, struct dentry *dentry, umode_t mode,
2600
-
bool excl)
2599
+
static int ext4_create(struct user_namespace *mnt_userns, struct inode *dir,
2600
+
struct dentry *dentry, umode_t mode, bool excl)
2601
2601
{
2602
2602
handle_t *handle;
2603
2603
struct inode *inode;
···
2610
2610
credits = (EXT4_DATA_TRANS_BLOCKS(dir->i_sb) +
2611
2611
EXT4_INDEX_EXTRA_TRANS_BLOCKS + 3);
2612
2612
retry:
2613
-
inode = ext4_new_inode_start_handle(dir, mode, &dentry->d_name, 0,
2614
-
NULL, EXT4_HT_DIR, credits);
2613
+
inode = ext4_new_inode_start_handle(mnt_userns, dir, mode, &dentry->d_name,
2614
+
0, NULL, EXT4_HT_DIR, credits);
2615
2615
handle = ext4_journal_current_handle();
2616
2616
err = PTR_ERR(inode);
2617
2617
if (!IS_ERR(inode)) {
···
2631
2631
return err;
2632
2632
}
2633
2633
2634
-
static int ext4_mknod(struct inode *dir, struct dentry *dentry,
2635
-
umode_t mode, dev_t rdev)
2634
+
static int ext4_mknod(struct user_namespace *mnt_userns, struct inode *dir,
2635
+
struct dentry *dentry, umode_t mode, dev_t rdev)
2636
2636
{
2637
2637
handle_t *handle;
2638
2638
struct inode *inode;
···
2645
2645
credits = (EXT4_DATA_TRANS_BLOCKS(dir->i_sb) +
2646
2646
EXT4_INDEX_EXTRA_TRANS_BLOCKS + 3);
2647
2647
retry:
2648
-
inode = ext4_new_inode_start_handle(dir, mode, &dentry->d_name, 0,
2649
-
NULL, EXT4_HT_DIR, credits);
2648
+
inode = ext4_new_inode_start_handle(mnt_userns, dir, mode, &dentry->d_name,
2649
+
0, NULL, EXT4_HT_DIR, credits);
2650
2650
handle = ext4_journal_current_handle();
2651
2651
err = PTR_ERR(inode);
2652
2652
if (!IS_ERR(inode)) {
···
2665
2665
return err;
2666
2666
}
2667
2667
2668
-
static int ext4_tmpfile(struct inode *dir, struct dentry *dentry, umode_t mode)
2668
+
static int ext4_tmpfile(struct user_namespace *mnt_userns, struct inode *dir,
2669
+
struct dentry *dentry, umode_t mode)
2669
2670
{
2670
2671
handle_t *handle;
2671
2672
struct inode *inode;
···
2677
2676
return err;
2678
2677
2679
2678
retry:
2680
-
inode = ext4_new_inode_start_handle(dir, mode,
2679
+
inode = ext4_new_inode_start_handle(mnt_userns, dir, mode,
2681
2680
NULL, 0, NULL,
2682
2681
EXT4_HT_DIR,
2683
2682
EXT4_MAXQUOTAS_INIT_BLOCKS(dir->i_sb) +
···
2775
2774
return err;
2776
2775
}
2777
2776
2778
-
static int ext4_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
2777
+
static int ext4_mkdir(struct user_namespace *mnt_userns, struct inode *dir,
2778
+
struct dentry *dentry, umode_t mode)
2779
2779
{
2780
2780
handle_t *handle;
2781
2781
struct inode *inode;
···
2792
2790
credits = (EXT4_DATA_TRANS_BLOCKS(dir->i_sb) +
2793
2791
EXT4_INDEX_EXTRA_TRANS_BLOCKS + 3);
2794
2792
retry:
2795
-
inode = ext4_new_inode_start_handle(dir, S_IFDIR | mode,
2793
+
inode = ext4_new_inode_start_handle(mnt_userns, dir, S_IFDIR | mode,
2796
2794
&dentry->d_name,
2797
2795
0, NULL, EXT4_HT_DIR, credits);
2798
2796
handle = ext4_journal_current_handle();
···
3294
3292
return retval;
3295
3293
}
3296
3294
3297
-
static int ext4_symlink(struct inode *dir,
3295
+
static int ext4_symlink(struct user_namespace *mnt_userns, struct inode *dir,
3298
3296
struct dentry *dentry, const char *symname)
3299
3297
{
3300
3298
handle_t *handle;
···
3335
3333
EXT4_INDEX_EXTRA_TRANS_BLOCKS + 3;
3336
3334
}
3337
3335
3338
-
inode = ext4_new_inode_start_handle(dir, S_IFLNK|S_IRWXUGO,
3336
+
inode = ext4_new_inode_start_handle(mnt_userns, dir, S_IFLNK|S_IRWXUGO,
3339
3337
&dentry->d_name, 0, NULL,
3340
3338
EXT4_HT_DIR, credits);
3341
3339
handle = ext4_journal_current_handle();
···
3664
3662
}
3665
3663
}
3666
3664
3667
-
static struct inode *ext4_whiteout_for_rename(struct ext4_renament *ent,
3665
+
static struct inode *ext4_whiteout_for_rename(struct user_namespace *mnt_userns,
3666
+
struct ext4_renament *ent,
3668
3667
int credits, handle_t **h)
3669
3668
{
3670
3669
struct inode *wh;
···
3679
3676
credits += (EXT4_MAXQUOTAS_TRANS_BLOCKS(ent->dir->i_sb) +
3680
3677
EXT4_XATTR_TRANS_BLOCKS + 4);
3681
3678
retry:
3682
-
wh = ext4_new_inode_start_handle(ent->dir, S_IFCHR | WHITEOUT_MODE,
3679
+
wh = ext4_new_inode_start_handle(mnt_userns, ent->dir,
3680
+
S_IFCHR | WHITEOUT_MODE,
3683
3681
&ent->dentry->d_name, 0, NULL,
3684
3682
EXT4_HT_DIR, credits);
3685
3683
···
3707
3703
* while new_{dentry,inode) refers to the destination dentry/inode
3708
3704
* This comes from rename(const char *oldpath, const char *newpath)
3709
3705
*/
3710
-
static int ext4_rename(struct inode *old_dir, struct dentry *old_dentry,
3711
-
struct inode *new_dir, struct dentry *new_dentry,
3712
-
unsigned int flags)
3706
+
static int ext4_rename(struct user_namespace *mnt_userns, struct inode *old_dir,
3707
+
struct dentry *old_dentry, struct inode *new_dir,
3708
+
struct dentry *new_dentry, unsigned int flags)
3713
3709
{
3714
3710
handle_t *handle = NULL;
3715
3711
struct ext4_renament old = {
···
3793
3789
goto end_rename;
3794
3790
}
3795
3791
} else {
3796
-
whiteout = ext4_whiteout_for_rename(&old, credits, &handle);
3792
+
whiteout = ext4_whiteout_for_rename(mnt_userns, &old, credits, &handle);
3797
3793
if (IS_ERR(whiteout)) {
3798
3794
retval = PTR_ERR(whiteout);
3799
3795
whiteout = NULL;
···
4089
4085
return retval;
4090
4086
}
4091
4087
4092
-
static int ext4_rename2(struct inode *old_dir, struct dentry *old_dentry,
4088
+
static int ext4_rename2(struct user_namespace *mnt_userns,
4089
+
struct inode *old_dir, struct dentry *old_dentry,
4093
4090
struct inode *new_dir, struct dentry *new_dentry,
4094
4091
unsigned int flags)
4095
4092
{
···
4112
4107
new_dir, new_dentry);
4113
4108
}
4114
4109
4115
-
return ext4_rename(old_dir, old_dentry, new_dir, new_dentry, flags);
4110
+
return ext4_rename(mnt_userns, old_dir, old_dentry, new_dir, new_dentry, flags);
4116
4111
}
4117
4112
4118
4113
/*
+1
-1
fs/ext4/super.c
+1
-1
fs/ext4/super.c
+1
fs/ext4/xattr_hurd.c
+1
fs/ext4/xattr_hurd.c
+1
fs/ext4/xattr_security.c
+1
fs/ext4/xattr_security.c
+1
fs/ext4/xattr_trusted.c
+1
fs/ext4/xattr_trusted.c
+1
fs/ext4/xattr_user.c
+1
fs/ext4/xattr_user.c
+4
-3
fs/f2fs/acl.c
+4
-3
fs/f2fs/acl.c
···
214
214
return error;
215
215
if (error == 0)
216
216
*acl = NULL;
217
-
if (!in_group_p(inode->i_gid) &&
218
-
!capable_wrt_inode_uidgid(inode, CAP_FSETID))
217
+
if (!in_group_p(i_gid_into_mnt(&init_user_ns, inode)) &&
218
+
!capable_wrt_inode_uidgid(&init_user_ns, inode, CAP_FSETID))
219
219
mode &= ~S_ISGID;
220
220
*mode_p = mode;
221
221
return 0;
···
269
269
return error;
270
270
}
271
271
272
-
int f2fs_set_acl(struct inode *inode, struct posix_acl *acl, int type)
272
+
int f2fs_set_acl(struct user_namespace *mnt_userns, struct inode *inode,
273
+
struct posix_acl *acl, int type)
273
274
{
274
275
if (unlikely(f2fs_cp_error(F2FS_I_SB(inode))))
275
276
return -EIO;
+2
-1
fs/f2fs/acl.h
+2
-1
fs/f2fs/acl.h
···
34
34
#ifdef CONFIG_F2FS_FS_POSIX_ACL
35
35
36
36
extern struct posix_acl *f2fs_get_acl(struct inode *, int);
37
-
extern int f2fs_set_acl(struct inode *, struct posix_acl *, int);
37
+
extern int f2fs_set_acl(struct user_namespace *, struct inode *,
38
+
struct posix_acl *, int);
38
39
extern int f2fs_init_acl(struct inode *, struct inode *, struct page *,
39
40
struct page *);
40
41
#else
+4
-3
fs/f2fs/f2fs.h
+4
-3
fs/f2fs/f2fs.h
···
3187
3187
int f2fs_do_truncate_blocks(struct inode *inode, u64 from, bool lock);
3188
3188
int f2fs_truncate_blocks(struct inode *inode, u64 from, bool lock);
3189
3189
int f2fs_truncate(struct inode *inode);
3190
-
int f2fs_getattr(const struct path *path, struct kstat *stat,
3191
-
u32 request_mask, unsigned int flags);
3192
-
int f2fs_setattr(struct dentry *dentry, struct iattr *attr);
3190
+
int f2fs_getattr(struct user_namespace *mnt_userns, const struct path *path,
3191
+
struct kstat *stat, u32 request_mask, unsigned int flags);
3192
+
int f2fs_setattr(struct user_namespace *mnt_userns, struct dentry *dentry,
3193
+
struct iattr *attr);
3193
3194
int f2fs_truncate_hole(struct inode *inode, pgoff_t pg_start, pgoff_t pg_end);
3194
3195
void f2fs_truncate_data_blocks_range(struct dnode_of_data *dn, int count);
3195
3196
int f2fs_precache_extents(struct inode *inode);
+19
-17
fs/f2fs/file.c
+19
-17
fs/f2fs/file.c
···
789
789
return 0;
790
790
}
791
791
792
-
int f2fs_getattr(const struct path *path, struct kstat *stat,
793
-
u32 request_mask, unsigned int query_flags)
792
+
int f2fs_getattr(struct user_namespace *mnt_userns, const struct path *path,
793
+
struct kstat *stat, u32 request_mask, unsigned int query_flags)
794
794
{
795
795
struct inode *inode = d_inode(path->dentry);
796
796
struct f2fs_inode_info *fi = F2FS_I(inode);
···
826
826
STATX_ATTR_NODUMP |
827
827
STATX_ATTR_VERITY);
828
828
829
-
generic_fillattr(inode, stat);
829
+
generic_fillattr(&init_user_ns, inode, stat);
830
830
831
831
/* we need to show initial sectors used for inline_data/dentries */
832
832
if ((S_ISREG(inode->i_mode) && f2fs_has_inline_data(inode)) ||
···
837
837
}
838
838
839
839
#ifdef CONFIG_F2FS_FS_POSIX_ACL
840
-
static void __setattr_copy(struct inode *inode, const struct iattr *attr)
840
+
static void __setattr_copy(struct user_namespace *mnt_userns,
841
+
struct inode *inode, const struct iattr *attr)
841
842
{
842
843
unsigned int ia_valid = attr->ia_valid;
843
844
···
854
853
inode->i_ctime = attr->ia_ctime;
855
854
if (ia_valid & ATTR_MODE) {
856
855
umode_t mode = attr->ia_mode;
856
+
kgid_t kgid = i_gid_into_mnt(mnt_userns, inode);
857
857
858
-
if (!in_group_p(inode->i_gid) &&
859
-
!capable_wrt_inode_uidgid(inode, CAP_FSETID))
858
+
if (!in_group_p(kgid) && !capable_wrt_inode_uidgid(mnt_userns, inode, CAP_FSETID))
860
859
mode &= ~S_ISGID;
861
860
set_acl_inode(inode, mode);
862
861
}
···
865
864
#define __setattr_copy setattr_copy
866
865
#endif
867
866
868
-
int f2fs_setattr(struct dentry *dentry, struct iattr *attr)
867
+
int f2fs_setattr(struct user_namespace *mnt_userns, struct dentry *dentry,
868
+
struct iattr *attr)
869
869
{
870
870
struct inode *inode = d_inode(dentry);
871
871
int err;
···
886
884
!f2fs_is_compress_backend_ready(inode))
887
885
return -EOPNOTSUPP;
888
886
889
-
err = setattr_prepare(dentry, attr);
887
+
err = setattr_prepare(&init_user_ns, dentry, attr);
890
888
if (err)
891
889
return err;
892
890
···
962
960
spin_unlock(&F2FS_I(inode)->i_size_lock);
963
961
}
964
962
965
-
__setattr_copy(inode, attr);
963
+
__setattr_copy(&init_user_ns, inode, attr);
966
964
967
965
if (attr->ia_valid & ATTR_MODE) {
968
-
err = posix_acl_chmod(inode, f2fs_get_inode_mode(inode));
966
+
err = posix_acl_chmod(&init_user_ns, inode, f2fs_get_inode_mode(inode));
969
967
970
968
if (is_inode_flag_set(inode, FI_ACL_MODE)) {
971
969
if (!err)
···
1980
1978
u32 iflags;
1981
1979
int ret;
1982
1980
1983
-
if (!inode_owner_or_capable(inode))
1981
+
if (!inode_owner_or_capable(&init_user_ns, inode))
1984
1982
return -EACCES;
1985
1983
1986
1984
if (get_user(fsflags, (int __user *)arg))
···
2027
2025
struct f2fs_sb_info *sbi = F2FS_I_SB(inode);
2028
2026
int ret;
2029
2027
2030
-
if (!inode_owner_or_capable(inode))
2028
+
if (!inode_owner_or_capable(&init_user_ns, inode))
2031
2029
return -EACCES;
2032
2030
2033
2031
if (!S_ISREG(inode->i_mode))
···
2094
2092
struct inode *inode = file_inode(filp);
2095
2093
int ret;
2096
2094
2097
-
if (!inode_owner_or_capable(inode))
2095
+
if (!inode_owner_or_capable(&init_user_ns, inode))
2098
2096
return -EACCES;
2099
2097
2100
2098
ret = mnt_want_write_file(filp);
···
2136
2134
struct inode *inode = file_inode(filp);
2137
2135
int ret;
2138
2136
2139
-
if (!inode_owner_or_capable(inode))
2137
+
if (!inode_owner_or_capable(&init_user_ns, inode))
2140
2138
return -EACCES;
2141
2139
2142
2140
if (!S_ISREG(inode->i_mode))
···
2171
2169
struct inode *inode = file_inode(filp);
2172
2170
int ret;
2173
2171
2174
-
if (!inode_owner_or_capable(inode))
2172
+
if (!inode_owner_or_capable(&init_user_ns, inode))
2175
2173
return -EACCES;
2176
2174
2177
2175
ret = mnt_want_write_file(filp);
···
2200
2198
struct inode *inode = file_inode(filp);
2201
2199
int ret;
2202
2200
2203
-
if (!inode_owner_or_capable(inode))
2201
+
if (!inode_owner_or_capable(&init_user_ns, inode))
2204
2202
return -EACCES;
2205
2203
2206
2204
ret = mnt_want_write_file(filp);
···
3177
3175
return -EFAULT;
3178
3176
3179
3177
/* Make sure caller has proper permission */
3180
-
if (!inode_owner_or_capable(inode))
3178
+
if (!inode_owner_or_capable(&init_user_ns, inode))
3181
3179
return -EACCES;
3182
3180
3183
3181
if (fa.fsx_xflags & ~F2FS_SUPPORTED_XFLAGS)
+13
-10
fs/f2fs/namei.c
+13
-10
fs/f2fs/namei.c
···
46
46
47
47
nid_free = true;
48
48
49
-
inode_init_owner(inode, dir, mode);
49
+
inode_init_owner(&init_user_ns, inode, dir, mode);
50
50
51
51
inode->i_ino = ino;
52
52
inode->i_blocks = 0;
···
314
314
}
315
315
}
316
316
317
-
static int f2fs_create(struct inode *dir, struct dentry *dentry, umode_t mode,
318
-
bool excl)
317
+
static int f2fs_create(struct user_namespace *mnt_userns, struct inode *dir,
318
+
struct dentry *dentry, umode_t mode, bool excl)
319
319
{
320
320
struct f2fs_sb_info *sbi = F2FS_I_SB(dir);
321
321
struct inode *inode;
···
637
637
return link;
638
638
}
639
639
640
-
static int f2fs_symlink(struct inode *dir, struct dentry *dentry,
641
-
const char *symname)
640
+
static int f2fs_symlink(struct user_namespace *mnt_userns, struct inode *dir,
641
+
struct dentry *dentry, const char *symname)
642
642
{
643
643
struct f2fs_sb_info *sbi = F2FS_I_SB(dir);
644
644
struct inode *inode;
···
717
717
return err;
718
718
}
719
719
720
-
static int f2fs_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
720
+
static int f2fs_mkdir(struct user_namespace *mnt_userns, struct inode *dir,
721
+
struct dentry *dentry, umode_t mode)
721
722
{
722
723
struct f2fs_sb_info *sbi = F2FS_I_SB(dir);
723
724
struct inode *inode;
···
771
770
return -ENOTEMPTY;
772
771
}
773
772
774
-
static int f2fs_mknod(struct inode *dir, struct dentry *dentry,
775
-
umode_t mode, dev_t rdev)
773
+
static int f2fs_mknod(struct user_namespace *mnt_userns, struct inode *dir,
774
+
struct dentry *dentry, umode_t mode, dev_t rdev)
776
775
{
777
776
struct f2fs_sb_info *sbi = F2FS_I_SB(dir);
778
777
struct inode *inode;
···
879
878
return err;
880
879
}
881
880
882
-
static int f2fs_tmpfile(struct inode *dir, struct dentry *dentry, umode_t mode)
881
+
static int f2fs_tmpfile(struct user_namespace *mnt_userns, struct inode *dir,
882
+
struct dentry *dentry, umode_t mode)
883
883
{
884
884
struct f2fs_sb_info *sbi = F2FS_I_SB(dir);
885
885
···
1257
1255
return err;
1258
1256
}
1259
1257
1260
-
static int f2fs_rename2(struct inode *old_dir, struct dentry *old_dentry,
1258
+
static int f2fs_rename2(struct user_namespace *mnt_userns,
1259
+
struct inode *old_dir, struct dentry *old_dentry,
1261
1260
struct inode *new_dir, struct dentry *new_dentry,
1262
1261
unsigned int flags)
1263
1262
{
+3
-1
fs/f2fs/xattr.c
+3
-1
fs/f2fs/xattr.c
···
64
64
}
65
65
66
66
static int f2fs_xattr_generic_set(const struct xattr_handler *handler,
67
+
struct user_namespace *mnt_userns,
67
68
struct dentry *unused, struct inode *inode,
68
69
const char *name, const void *value,
69
70
size_t size, int flags)
···
108
107
}
109
108
110
109
static int f2fs_xattr_advise_set(const struct xattr_handler *handler,
110
+
struct user_namespace *mnt_userns,
111
111
struct dentry *unused, struct inode *inode,
112
112
const char *name, const void *value,
113
113
size_t size, int flags)
···
116
114
unsigned char old_advise = F2FS_I(inode)->i_advise;
117
115
unsigned char new_advise;
118
116
119
-
if (!inode_owner_or_capable(inode))
117
+
if (!inode_owner_or_capable(&init_user_ns, inode))
120
118
return -EPERM;
121
119
if (value == NULL)
122
120
return -EINVAL;
+4
-2
fs/fat/fat.h
+4
-2
fs/fat/fat.h
···
397
397
unsigned long arg);
398
398
extern const struct file_operations fat_file_operations;
399
399
extern const struct inode_operations fat_file_inode_operations;
400
-
extern int fat_setattr(struct dentry *dentry, struct iattr *attr);
400
+
extern int fat_setattr(struct user_namespace *mnt_userns, struct dentry *dentry,
401
+
struct iattr *attr);
401
402
extern void fat_truncate_blocks(struct inode *inode, loff_t offset);
402
-
extern int fat_getattr(const struct path *path, struct kstat *stat,
403
+
extern int fat_getattr(struct user_namespace *mnt_userns,
404
+
const struct path *path, struct kstat *stat,
403
405
u32 request_mask, unsigned int flags);
404
406
extern int fat_file_fsync(struct file *file, loff_t start, loff_t end,
405
407
int datasync);
+13
-11
fs/fat/file.c
+13
-11
fs/fat/file.c
···
95
95
goto out_unlock_inode;
96
96
97
97
/* This MUST be done before doing anything irreversible... */
98
-
err = fat_setattr(file->f_path.dentry, &ia);
98
+
err = fat_setattr(file_mnt_user_ns(file), file->f_path.dentry, &ia);
99
99
if (err)
100
100
goto out_unlock_inode;
101
101
···
394
394
fat_flush_inodes(inode->i_sb, inode, NULL);
395
395
}
396
396
397
-
int fat_getattr(const struct path *path, struct kstat *stat,
398
-
u32 request_mask, unsigned int flags)
397
+
int fat_getattr(struct user_namespace *mnt_userns, const struct path *path,
398
+
struct kstat *stat, u32 request_mask, unsigned int flags)
399
399
{
400
400
struct inode *inode = d_inode(path->dentry);
401
-
generic_fillattr(inode, stat);
401
+
generic_fillattr(mnt_userns, inode, stat);
402
402
stat->blksize = MSDOS_SB(inode->i_sb)->cluster_size;
403
403
404
404
if (MSDOS_SB(inode->i_sb)->options.nfs == FAT_NFS_NOSTALE_RO) {
···
447
447
return 0;
448
448
}
449
449
450
-
static int fat_allow_set_time(struct msdos_sb_info *sbi, struct inode *inode)
450
+
static int fat_allow_set_time(struct user_namespace *mnt_userns,
451
+
struct msdos_sb_info *sbi, struct inode *inode)
451
452
{
452
453
umode_t allow_utime = sbi->options.allow_utime;
453
454
454
-
if (!uid_eq(current_fsuid(), inode->i_uid)) {
455
-
if (in_group_p(inode->i_gid))
455
+
if (!uid_eq(current_fsuid(), i_uid_into_mnt(mnt_userns, inode))) {
456
+
if (in_group_p(i_gid_into_mnt(mnt_userns, inode)))
456
457
allow_utime >>= 3;
457
458
if (allow_utime & MAY_WRITE)
458
459
return 1;
···
467
466
/* valid file mode bits */
468
467
#define FAT_VALID_MODE (S_IFREG | S_IFDIR | S_IRWXUGO)
469
468
470
-
int fat_setattr(struct dentry *dentry, struct iattr *attr)
469
+
int fat_setattr(struct user_namespace *mnt_userns, struct dentry *dentry,
470
+
struct iattr *attr)
471
471
{
472
472
struct msdos_sb_info *sbi = MSDOS_SB(dentry->d_sb);
473
473
struct inode *inode = d_inode(dentry);
···
478
476
/* Check for setting the inode time. */
479
477
ia_valid = attr->ia_valid;
480
478
if (ia_valid & TIMES_SET_FLAGS) {
481
-
if (fat_allow_set_time(sbi, inode))
479
+
if (fat_allow_set_time(mnt_userns, sbi, inode))
482
480
attr->ia_valid &= ~TIMES_SET_FLAGS;
483
481
}
484
482
485
-
error = setattr_prepare(dentry, attr);
483
+
error = setattr_prepare(mnt_userns, dentry, attr);
486
484
attr->ia_valid = ia_valid;
487
485
if (error) {
488
486
if (sbi->options.quiet)
···
552
550
fat_truncate_time(inode, &attr->ia_mtime, S_MTIME);
553
551
attr->ia_valid &= ~(ATTR_ATIME|ATTR_CTIME|ATTR_MTIME);
554
552
555
-
setattr_copy(inode, attr);
553
+
setattr_copy(mnt_userns, inode, attr);
556
554
mark_inode_dirty(inode);
557
555
out:
558
556
return error;
+7
-5
fs/fat/namei_msdos.c
+7
-5
fs/fat/namei_msdos.c
···
261
261
}
262
262
263
263
/***** Create a file */
264
-
static int msdos_create(struct inode *dir, struct dentry *dentry, umode_t mode,
265
-
bool excl)
264
+
static int msdos_create(struct user_namespace *mnt_userns, struct inode *dir,
265
+
struct dentry *dentry, umode_t mode, bool excl)
266
266
{
267
267
struct super_block *sb = dir->i_sb;
268
268
struct inode *inode = NULL;
···
339
339
}
340
340
341
341
/***** Make a directory */
342
-
static int msdos_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
342
+
static int msdos_mkdir(struct user_namespace *mnt_userns, struct inode *dir,
343
+
struct dentry *dentry, umode_t mode)
343
344
{
344
345
struct super_block *sb = dir->i_sb;
345
346
struct fat_slot_info sinfo;
···
594
593
}
595
594
596
595
/***** Rename, a wrapper for rename_same_dir & rename_diff_dir */
597
-
static int msdos_rename(struct inode *old_dir, struct dentry *old_dentry,
596
+
static int msdos_rename(struct user_namespace *mnt_userns,
597
+
struct inode *old_dir, struct dentry *old_dentry,
598
598
struct inode *new_dir, struct dentry *new_dentry,
599
599
unsigned int flags)
600
600
{
···
667
665
.name = "msdos",
668
666
.mount = msdos_mount,
669
667
.kill_sb = kill_block_super,
670
-
.fs_flags = FS_REQUIRES_DEV,
668
+
.fs_flags = FS_REQUIRES_DEV | FS_ALLOW_IDMAP,
671
669
};
672
670
MODULE_ALIAS_FS("msdos");
673
671
+8
-7
fs/fat/namei_vfat.c
+8
-7
fs/fat/namei_vfat.c
···
756
756
return ERR_PTR(err);
757
757
}
758
758
759
-
static int vfat_create(struct inode *dir, struct dentry *dentry, umode_t mode,
760
-
bool excl)
759
+
static int vfat_create(struct user_namespace *mnt_userns, struct inode *dir,
760
+
struct dentry *dentry, umode_t mode, bool excl)
761
761
{
762
762
struct super_block *sb = dir->i_sb;
763
763
struct inode *inode;
···
846
846
return err;
847
847
}
848
848
849
-
static int vfat_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
849
+
static int vfat_mkdir(struct user_namespace *mnt_userns, struct inode *dir,
850
+
struct dentry *dentry, umode_t mode)
850
851
{
851
852
struct super_block *sb = dir->i_sb;
852
853
struct inode *inode;
···
893
892
return err;
894
893
}
895
894
896
-
static int vfat_rename(struct inode *old_dir, struct dentry *old_dentry,
897
-
struct inode *new_dir, struct dentry *new_dentry,
898
-
unsigned int flags)
895
+
static int vfat_rename(struct user_namespace *mnt_userns, struct inode *old_dir,
896
+
struct dentry *old_dentry, struct inode *new_dir,
897
+
struct dentry *new_dentry, unsigned int flags)
899
898
{
900
899
struct buffer_head *dotdot_bh;
901
900
struct msdos_dir_entry *dotdot_de;
···
1063
1062
.name = "vfat",
1064
1063
.mount = vfat_mount,
1065
1064
.kill_sb = kill_block_super,
1066
-
.fs_flags = FS_REQUIRES_DEV,
1065
+
.fs_flags = FS_REQUIRES_DEV | FS_ALLOW_IDMAP,
1067
1066
};
1068
1067
MODULE_ALIAS_FS("vfat");
1069
1068
+2
-1
fs/fcntl.c
+2
-1
fs/fcntl.c
···
25
25
#include <linux/user_namespace.h>
26
26
#include <linux/memfd.h>
27
27
#include <linux/compat.h>
28
+
#include <linux/mount.h>
28
29
29
30
#include <linux/poll.h>
30
31
#include <asm/siginfo.h>
···
47
46
48
47
/* O_NOATIME can only be set by the owner or superuser */
49
48
if ((arg & O_NOATIME) && !(filp->f_flags & O_NOATIME))
50
-
if (!inode_owner_or_capable(inode))
49
+
if (!inode_owner_or_capable(file_mnt_user_ns(filp), inode))
51
50
return -EPERM;
52
51
53
52
/* required for strict SunOS emulation */
+2
-1
fs/fuse/acl.c
+2
-1
fs/fuse/acl.c
···
50
50
return acl;
51
51
}
52
52
53
-
int fuse_set_acl(struct inode *inode, struct posix_acl *acl, int type)
53
+
int fuse_set_acl(struct user_namespace *mnt_userns, struct inode *inode,
54
+
struct posix_acl *acl, int type)
54
55
{
55
56
struct fuse_conn *fc = get_fuse_conn(inode);
56
57
const char *name;
+26
-20
fs/fuse/dir.c
+26
-20
fs/fuse/dir.c
···
605
605
return err;
606
606
}
607
607
608
-
static int fuse_mknod(struct inode *, struct dentry *, umode_t, dev_t);
608
+
static int fuse_mknod(struct user_namespace *, struct inode *, struct dentry *,
609
+
umode_t, dev_t);
609
610
static int fuse_atomic_open(struct inode *dir, struct dentry *entry,
610
611
struct file *file, unsigned flags,
611
612
umode_t mode)
···
646
645
return err;
647
646
648
647
mknod:
649
-
err = fuse_mknod(dir, entry, mode, 0);
648
+
err = fuse_mknod(&init_user_ns, dir, entry, mode, 0);
650
649
if (err)
651
650
goto out_dput;
652
651
no_open:
···
716
715
return err;
717
716
}
718
717
719
-
static int fuse_mknod(struct inode *dir, struct dentry *entry, umode_t mode,
720
-
dev_t rdev)
718
+
static int fuse_mknod(struct user_namespace *mnt_userns, struct inode *dir,
719
+
struct dentry *entry, umode_t mode, dev_t rdev)
721
720
{
722
721
struct fuse_mknod_in inarg;
723
722
struct fuse_mount *fm = get_fuse_mount(dir);
···
739
738
return create_new_entry(fm, &args, dir, entry, mode);
740
739
}
741
740
742
-
static int fuse_create(struct inode *dir, struct dentry *entry, umode_t mode,
743
-
bool excl)
741
+
static int fuse_create(struct user_namespace *mnt_userns, struct inode *dir,
742
+
struct dentry *entry, umode_t mode, bool excl)
744
743
{
745
-
return fuse_mknod(dir, entry, mode, 0);
744
+
return fuse_mknod(&init_user_ns, dir, entry, mode, 0);
746
745
}
747
746
748
-
static int fuse_mkdir(struct inode *dir, struct dentry *entry, umode_t mode)
747
+
static int fuse_mkdir(struct user_namespace *mnt_userns, struct inode *dir,
748
+
struct dentry *entry, umode_t mode)
749
749
{
750
750
struct fuse_mkdir_in inarg;
751
751
struct fuse_mount *fm = get_fuse_mount(dir);
···
767
765
return create_new_entry(fm, &args, dir, entry, S_IFDIR);
768
766
}
769
767
770
-
static int fuse_symlink(struct inode *dir, struct dentry *entry,
771
-
const char *link)
768
+
static int fuse_symlink(struct user_namespace *mnt_userns, struct inode *dir,
769
+
struct dentry *entry, const char *link)
772
770
{
773
771
struct fuse_mount *fm = get_fuse_mount(dir);
774
772
unsigned len = strlen(link) + 1;
···
910
908
return err;
911
909
}
912
910
913
-
static int fuse_rename2(struct inode *olddir, struct dentry *oldent,
914
-
struct inode *newdir, struct dentry *newent,
915
-
unsigned int flags)
911
+
static int fuse_rename2(struct user_namespace *mnt_userns, struct inode *olddir,
912
+
struct dentry *oldent, struct inode *newdir,
913
+
struct dentry *newent, unsigned int flags)
916
914
{
917
915
struct fuse_conn *fc = get_fuse_conn(olddir);
918
916
int err;
···
1089
1087
forget_all_cached_acls(inode);
1090
1088
err = fuse_do_getattr(inode, stat, file);
1091
1089
} else if (stat) {
1092
-
generic_fillattr(inode, stat);
1090
+
generic_fillattr(&init_user_ns, inode, stat);
1093
1091
stat->mode = fi->orig_i_mode;
1094
1092
stat->ino = fi->orig_ino;
1095
1093
}
···
1251
1249
* access request is sent. Execute permission is still checked
1252
1250
* locally based on file mode.
1253
1251
*/
1254
-
static int fuse_permission(struct inode *inode, int mask)
1252
+
static int fuse_permission(struct user_namespace *mnt_userns,
1253
+
struct inode *inode, int mask)
1255
1254
{
1256
1255
struct fuse_conn *fc = get_fuse_conn(inode);
1257
1256
bool refreshed = false;
···
1283
1280
}
1284
1281
1285
1282
if (fc->default_permissions) {
1286
-
err = generic_permission(inode, mask);
1283
+
err = generic_permission(&init_user_ns, inode, mask);
1287
1284
1288
1285
/* If permission is denied, try to refresh file
1289
1286
attributes. This is also needed, because the root
···
1291
1288
if (err == -EACCES && !refreshed) {
1292
1289
err = fuse_perm_getattr(inode, mask);
1293
1290
if (!err)
1294
-
err = generic_permission(inode, mask);
1291
+
err = generic_permission(&init_user_ns,
1292
+
inode, mask);
1295
1293
}
1296
1294
1297
1295
/* Note: the opposite of the above test does not
···
1614
1610
if (!fc->default_permissions)
1615
1611
attr->ia_valid |= ATTR_FORCE;
1616
1612
1617
-
err = setattr_prepare(dentry, attr);
1613
+
err = setattr_prepare(&init_user_ns, dentry, attr);
1618
1614
if (err)
1619
1615
return err;
1620
1616
···
1760
1756
return err;
1761
1757
}
1762
1758
1763
-
static int fuse_setattr(struct dentry *entry, struct iattr *attr)
1759
+
static int fuse_setattr(struct user_namespace *mnt_userns, struct dentry *entry,
1760
+
struct iattr *attr)
1764
1761
{
1765
1762
struct inode *inode = d_inode(entry);
1766
1763
struct fuse_conn *fc = get_fuse_conn(inode);
···
1823
1818
return ret;
1824
1819
}
1825
1820
1826
-
static int fuse_getattr(const struct path *path, struct kstat *stat,
1821
+
static int fuse_getattr(struct user_namespace *mnt_userns,
1822
+
const struct path *path, struct kstat *stat,
1827
1823
u32 request_mask, unsigned int flags)
1828
1824
{
1829
1825
struct inode *inode = d_inode(path->dentry);
+2
-2
fs/fuse/fuse_i.h
+2
-2
fs/fuse/fuse_i.h
···
1180
1180
1181
1181
struct posix_acl;
1182
1182
struct posix_acl *fuse_get_acl(struct inode *inode, int type);
1183
-
int fuse_set_acl(struct inode *inode, struct posix_acl *acl, int type);
1184
-
1183
+
int fuse_set_acl(struct user_namespace *mnt_userns, struct inode *inode,
1184
+
struct posix_acl *acl, int type);
1185
1185
1186
1186
/* readdir.c */
1187
1187
int fuse_readdir(struct file *file, struct dir_context *ctx);
+2
fs/fuse/xattr.c
+2
fs/fuse/xattr.c
···
188
188
}
189
189
190
190
static int fuse_xattr_set(const struct xattr_handler *handler,
191
+
struct user_namespace *mnt_userns,
191
192
struct dentry *dentry, struct inode *inode,
192
193
const char *name, const void *value, size_t size,
193
194
int flags)
···
215
214
}
216
215
217
216
static int no_xattr_set(const struct xattr_handler *handler,
217
+
struct user_namespace *mnt_userns,
218
218
struct dentry *dentry, struct inode *nodee,
219
219
const char *name, const void *value,
220
220
size_t size, int flags)
+3
-2
fs/gfs2/acl.c
+3
-2
fs/gfs2/acl.c
···
106
106
return error;
107
107
}
108
108
109
-
int gfs2_set_acl(struct inode *inode, struct posix_acl *acl, int type)
109
+
int gfs2_set_acl(struct user_namespace *mnt_userns, struct inode *inode,
110
+
struct posix_acl *acl, int type)
110
111
{
111
112
struct gfs2_inode *ip = GFS2_I(inode);
112
113
struct gfs2_holder gh;
···
131
130
132
131
mode = inode->i_mode;
133
132
if (type == ACL_TYPE_ACCESS && acl) {
134
-
ret = posix_acl_update_mode(inode, &mode, &acl);
133
+
ret = posix_acl_update_mode(&init_user_ns, inode, &mode, &acl);
135
134
if (ret)
136
135
goto unlock;
137
136
}
+2
-1
fs/gfs2/acl.h
+2
-1
fs/gfs2/acl.h
···
13
13
14
14
extern struct posix_acl *gfs2_get_acl(struct inode *inode, int type);
15
15
extern int __gfs2_set_acl(struct inode *inode, struct posix_acl *acl, int type);
16
-
extern int gfs2_set_acl(struct inode *inode, struct posix_acl *acl, int type);
16
+
extern int gfs2_set_acl(struct user_namespace *mnt_userns, struct inode *inode,
17
+
struct posix_acl *acl, int type);
17
18
18
19
#endif /* __ACL_DOT_H__ */
+2
-2
fs/gfs2/file.c
+2
-2
fs/gfs2/file.c
···
238
238
goto out;
239
239
240
240
error = -EACCES;
241
-
if (!inode_owner_or_capable(inode))
241
+
if (!inode_owner_or_capable(&init_user_ns, inode))
242
242
goto out;
243
243
244
244
error = 0;
···
256
256
!capable(CAP_LINUX_IMMUTABLE))
257
257
goto out;
258
258
if (!IS_IMMUTABLE(inode)) {
259
-
error = gfs2_permission(inode, MAY_WRITE);
259
+
error = gfs2_permission(&init_user_ns, inode, MAY_WRITE);
260
260
if (error)
261
261
goto out;
262
262
}
+38
-26
fs/gfs2/inode.c
+38
-26
fs/gfs2/inode.c
···
325
325
}
326
326
327
327
if (!is_root) {
328
-
error = gfs2_permission(dir, MAY_EXEC);
328
+
error = gfs2_permission(&init_user_ns, dir, MAY_EXEC);
329
329
if (error)
330
330
goto out;
331
331
}
···
355
355
{
356
356
int error;
357
357
358
-
error = gfs2_permission(&dip->i_inode, MAY_WRITE | MAY_EXEC);
358
+
error = gfs2_permission(&init_user_ns, &dip->i_inode,
359
+
MAY_WRITE | MAY_EXEC);
359
360
if (error)
360
361
return error;
361
362
···
844
843
* Returns: errno
845
844
*/
846
845
847
-
static int gfs2_create(struct inode *dir, struct dentry *dentry,
848
-
umode_t mode, bool excl)
846
+
static int gfs2_create(struct user_namespace *mnt_userns, struct inode *dir,
847
+
struct dentry *dentry, umode_t mode, bool excl)
849
848
{
850
849
return gfs2_create_inode(dir, dentry, NULL, S_IFREG | mode, 0, NULL, 0, excl);
851
850
}
···
952
951
if (inode->i_nlink == 0)
953
952
goto out_gunlock;
954
953
955
-
error = gfs2_permission(dir, MAY_WRITE | MAY_EXEC);
954
+
error = gfs2_permission(&init_user_ns, dir, MAY_WRITE | MAY_EXEC);
956
955
if (error)
957
956
goto out_gunlock;
958
957
···
1069
1068
if (IS_APPEND(&dip->i_inode))
1070
1069
return -EPERM;
1071
1070
1072
-
error = gfs2_permission(&dip->i_inode, MAY_WRITE | MAY_EXEC);
1071
+
error = gfs2_permission(&init_user_ns, &dip->i_inode,
1072
+
MAY_WRITE | MAY_EXEC);
1073
1073
if (error)
1074
1074
return error;
1075
1075
···
1206
1204
* Returns: errno
1207
1205
*/
1208
1206
1209
-
static int gfs2_symlink(struct inode *dir, struct dentry *dentry,
1210
-
const char *symname)
1207
+
static int gfs2_symlink(struct user_namespace *mnt_userns, struct inode *dir,
1208
+
struct dentry *dentry, const char *symname)
1211
1209
{
1212
1210
unsigned int size;
1213
1211
···
1227
1225
* Returns: errno
1228
1226
*/
1229
1227
1230
-
static int gfs2_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
1228
+
static int gfs2_mkdir(struct user_namespace *mnt_userns, struct inode *dir,
1229
+
struct dentry *dentry, umode_t mode)
1231
1230
{
1232
1231
unsigned dsize = gfs2_max_stuffed_size(GFS2_I(dir));
1233
1232
return gfs2_create_inode(dir, dentry, NULL, S_IFDIR | mode, 0, NULL, dsize, 0);
···
1243
1240
*
1244
1241
*/
1245
1242
1246
-
static int gfs2_mknod(struct inode *dir, struct dentry *dentry, umode_t mode,
1247
-
dev_t dev)
1243
+
static int gfs2_mknod(struct user_namespace *mnt_userns, struct inode *dir,
1244
+
struct dentry *dentry, umode_t mode, dev_t dev)
1248
1245
{
1249
1246
return gfs2_create_inode(dir, dentry, NULL, mode, dev, NULL, 0, 0);
1250
1247
}
···
1493
1490
}
1494
1491
}
1495
1492
} else {
1496
-
error = gfs2_permission(ndir, MAY_WRITE | MAY_EXEC);
1493
+
error = gfs2_permission(&init_user_ns, ndir,
1494
+
MAY_WRITE | MAY_EXEC);
1497
1495
if (error)
1498
1496
goto out_gunlock;
1499
1497
···
1529
1525
/* Check out the dir to be renamed */
1530
1526
1531
1527
if (dir_rename) {
1532
-
error = gfs2_permission(d_inode(odentry), MAY_WRITE);
1528
+
error = gfs2_permission(&init_user_ns, d_inode(odentry),
1529
+
MAY_WRITE);
1533
1530
if (error)
1534
1531
goto out_gunlock;
1535
1532
}
···
1693
1688
goto out_gunlock;
1694
1689
1695
1690
if (S_ISDIR(old_mode)) {
1696
-
error = gfs2_permission(odentry->d_inode, MAY_WRITE);
1691
+
error = gfs2_permission(&init_user_ns, odentry->d_inode,
1692
+
MAY_WRITE);
1697
1693
if (error)
1698
1694
goto out_gunlock;
1699
1695
}
1700
1696
if (S_ISDIR(new_mode)) {
1701
-
error = gfs2_permission(ndentry->d_inode, MAY_WRITE);
1697
+
error = gfs2_permission(&init_user_ns, ndentry->d_inode,
1698
+
MAY_WRITE);
1702
1699
if (error)
1703
1700
goto out_gunlock;
1704
1701
}
···
1754
1747
return error;
1755
1748
}
1756
1749
1757
-
static int gfs2_rename2(struct inode *odir, struct dentry *odentry,
1758
-
struct inode *ndir, struct dentry *ndentry,
1759
-
unsigned int flags)
1750
+
static int gfs2_rename2(struct user_namespace *mnt_userns, struct inode *odir,
1751
+
struct dentry *odentry, struct inode *ndir,
1752
+
struct dentry *ndentry, unsigned int flags)
1760
1753
{
1761
1754
flags &= ~RENAME_NOREPLACE;
1762
1755
···
1840
1833
* Returns: errno
1841
1834
*/
1842
1835
1843
-
int gfs2_permission(struct inode *inode, int mask)
1836
+
int gfs2_permission(struct user_namespace *mnt_userns, struct inode *inode,
1837
+
int mask)
1844
1838
{
1845
1839
struct gfs2_inode *ip;
1846
1840
struct gfs2_holder i_gh;
···
1860
1852
if ((mask & MAY_WRITE) && IS_IMMUTABLE(inode))
1861
1853
error = -EPERM;
1862
1854
else
1863
-
error = generic_permission(inode, mask);
1855
+
error = generic_permission(&init_user_ns, inode, mask);
1864
1856
if (gfs2_holder_initialized(&i_gh))
1865
1857
gfs2_glock_dq_uninit(&i_gh);
1866
1858
···
1869
1861
1870
1862
static int __gfs2_setattr_simple(struct inode *inode, struct iattr *attr)
1871
1863
{
1872
-
setattr_copy(inode, attr);
1864
+
setattr_copy(&init_user_ns, inode, attr);
1873
1865
mark_inode_dirty(inode);
1874
1866
return 0;
1875
1867
}
···
1971
1963
* Returns: errno
1972
1964
*/
1973
1965
1974
-
static int gfs2_setattr(struct dentry *dentry, struct iattr *attr)
1966
+
static int gfs2_setattr(struct user_namespace *mnt_userns,
1967
+
struct dentry *dentry, struct iattr *attr)
1975
1968
{
1976
1969
struct inode *inode = d_inode(dentry);
1977
1970
struct gfs2_inode *ip = GFS2_I(inode);
···
1991
1982
if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
1992
1983
goto error;
1993
1984
1994
-
error = setattr_prepare(dentry, attr);
1985
+
error = setattr_prepare(&init_user_ns, dentry, attr);
1995
1986
if (error)
1996
1987
goto error;
1997
1988
···
2002
1993
else {
2003
1994
error = gfs2_setattr_simple(inode, attr);
2004
1995
if (!error && attr->ia_valid & ATTR_MODE)
2005
-
error = posix_acl_chmod(inode, inode->i_mode);
1996
+
error = posix_acl_chmod(&init_user_ns, inode,
1997
+
inode->i_mode);
2006
1998
}
2007
1999
2008
2000
error:
···
2017
2007
2018
2008
/**
2019
2009
* gfs2_getattr - Read out an inode's attributes
2010
+
* @mnt_userns: user namespace of the mount the inode was found from
2020
2011
* @path: Object to query
2021
2012
* @stat: The inode's stats
2022
2013
* @request_mask: Mask of STATX_xxx flags indicating the caller's interests
···
2032
2021
* Returns: errno
2033
2022
*/
2034
2023
2035
-
static int gfs2_getattr(const struct path *path, struct kstat *stat,
2024
+
static int gfs2_getattr(struct user_namespace *mnt_userns,
2025
+
const struct path *path, struct kstat *stat,
2036
2026
u32 request_mask, unsigned int flags)
2037
2027
{
2038
2028
struct inode *inode = d_inode(path->dentry);
···
2061
2049
STATX_ATTR_IMMUTABLE |
2062
2050
STATX_ATTR_NODUMP);
2063
2051
2064
-
generic_fillattr(inode, stat);
2052
+
generic_fillattr(&init_user_ns, inode, stat);
2065
2053
2066
2054
if (gfs2_holder_initialized(&gh))
2067
2055
gfs2_glock_dq_uninit(&gh);
+2
-1
fs/gfs2/inode.h
+2
-1
fs/gfs2/inode.h
···
99
99
100
100
extern struct inode *gfs2_lookupi(struct inode *dir, const struct qstr *name,
101
101
int is_root);
102
-
extern int gfs2_permission(struct inode *inode, int mask);
102
+
extern int gfs2_permission(struct user_namespace *mnt_userns,
103
+
struct inode *inode, int mask);
103
104
extern int gfs2_setattr_simple(struct inode *inode, struct iattr *attr);
104
105
extern struct inode *gfs2_lookup_simple(struct inode *dip, const char *name);
105
106
extern void gfs2_dinode_out(const struct gfs2_inode *ip, void *buf);
+1
fs/gfs2/xattr.c
+1
fs/gfs2/xattr.c
+1
fs/hfs/attr.c
+1
fs/hfs/attr.c
+7
-6
fs/hfs/dir.c
+7
-6
fs/hfs/dir.c
···
189
189
* a directory and return a corresponding inode, given the inode for
190
190
* the directory and the name (and its length) of the new file.
191
191
*/
192
-
static int hfs_create(struct inode *dir, struct dentry *dentry, umode_t mode,
193
-
bool excl)
192
+
static int hfs_create(struct user_namespace *mnt_userns, struct inode *dir,
193
+
struct dentry *dentry, umode_t mode, bool excl)
194
194
{
195
195
struct inode *inode;
196
196
int res;
···
219
219
* in a directory, given the inode for the parent directory and the
220
220
* name (and its length) of the new directory.
221
221
*/
222
-
static int hfs_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
222
+
static int hfs_mkdir(struct user_namespace *mnt_userns, struct inode *dir,
223
+
struct dentry *dentry, umode_t mode)
223
224
{
224
225
struct inode *inode;
225
226
int res;
···
280
279
* new file/directory.
281
280
* XXX: how do you handle must_be dir?
282
281
*/
283
-
static int hfs_rename(struct inode *old_dir, struct dentry *old_dentry,
284
-
struct inode *new_dir, struct dentry *new_dentry,
285
-
unsigned int flags)
282
+
static int hfs_rename(struct user_namespace *mnt_userns, struct inode *old_dir,
283
+
struct dentry *old_dentry, struct inode *new_dir,
284
+
struct dentry *new_dentry, unsigned int flags)
286
285
{
287
286
int res;
288
287
+2
-1
fs/hfs/hfs_fs.h
+2
-1
fs/hfs/hfs_fs.h
···
204
204
extern struct inode *hfs_new_inode(struct inode *, const struct qstr *, umode_t);
205
205
extern void hfs_inode_write_fork(struct inode *, struct hfs_extent *, __be32 *, __be32 *);
206
206
extern int hfs_write_inode(struct inode *, struct writeback_control *);
207
-
extern int hfs_inode_setattr(struct dentry *, struct iattr *);
207
+
extern int hfs_inode_setattr(struct user_namespace *, struct dentry *,
208
+
struct iattr *);
208
209
extern void hfs_inode_read_fork(struct inode *inode, struct hfs_extent *ext,
209
210
__be32 log_size, __be32 phys_size, u32 clump_size);
210
211
extern struct inode *hfs_iget(struct super_block *, struct hfs_cat_key *, hfs_cat_rec *);
+5
-3
fs/hfs/inode.c
+5
-3
fs/hfs/inode.c
···
602
602
* correspond to the same HFS file.
603
603
*/
604
604
605
-
int hfs_inode_setattr(struct dentry *dentry, struct iattr * attr)
605
+
int hfs_inode_setattr(struct user_namespace *mnt_userns, struct dentry *dentry,
606
+
struct iattr *attr)
606
607
{
607
608
struct inode *inode = d_inode(dentry);
608
609
struct hfs_sb_info *hsb = HFS_SB(inode->i_sb);
609
610
int error;
610
611
611
-
error = setattr_prepare(dentry, attr); /* basic permission checks */
612
+
error = setattr_prepare(&init_user_ns, dentry,
613
+
attr); /* basic permission checks */
612
614
if (error)
613
615
return error;
614
616
···
649
647
current_time(inode);
650
648
}
651
649
652
-
setattr_copy(inode, attr);
650
+
setattr_copy(&init_user_ns, inode, attr);
653
651
mark_inode_dirty(inode);
654
652
return 0;
655
653
}
+12
-10
fs/hfsplus/dir.c
+12
-10
fs/hfsplus/dir.c
···
434
434
return res;
435
435
}
436
436
437
-
static int hfsplus_symlink(struct inode *dir, struct dentry *dentry,
438
-
const char *symname)
437
+
static int hfsplus_symlink(struct user_namespace *mnt_userns, struct inode *dir,
438
+
struct dentry *dentry, const char *symname)
439
439
{
440
440
struct hfsplus_sb_info *sbi = HFSPLUS_SB(dir->i_sb);
441
441
struct inode *inode;
···
476
476
return res;
477
477
}
478
478
479
-
static int hfsplus_mknod(struct inode *dir, struct dentry *dentry,
480
-
umode_t mode, dev_t rdev)
479
+
static int hfsplus_mknod(struct user_namespace *mnt_userns, struct inode *dir,
480
+
struct dentry *dentry, umode_t mode, dev_t rdev)
481
481
{
482
482
struct hfsplus_sb_info *sbi = HFSPLUS_SB(dir->i_sb);
483
483
struct inode *inode;
···
517
517
return res;
518
518
}
519
519
520
-
static int hfsplus_create(struct inode *dir, struct dentry *dentry, umode_t mode,
521
-
bool excl)
520
+
static int hfsplus_create(struct user_namespace *mnt_userns, struct inode *dir,
521
+
struct dentry *dentry, umode_t mode, bool excl)
522
522
{
523
-
return hfsplus_mknod(dir, dentry, mode, 0);
523
+
return hfsplus_mknod(&init_user_ns, dir, dentry, mode, 0);
524
524
}
525
525
526
-
static int hfsplus_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
526
+
static int hfsplus_mkdir(struct user_namespace *mnt_userns, struct inode *dir,
527
+
struct dentry *dentry, umode_t mode)
527
528
{
528
-
return hfsplus_mknod(dir, dentry, mode | S_IFDIR, 0);
529
+
return hfsplus_mknod(&init_user_ns, dir, dentry, mode | S_IFDIR, 0);
529
530
}
530
531
531
-
static int hfsplus_rename(struct inode *old_dir, struct dentry *old_dentry,
532
+
static int hfsplus_rename(struct user_namespace *mnt_userns,
533
+
struct inode *old_dir, struct dentry *old_dentry,
532
534
struct inode *new_dir, struct dentry *new_dentry,
533
535
unsigned int flags)
534
536
{
+3
-2
fs/hfsplus/hfsplus_fs.h
+3
-2
fs/hfsplus/hfsplus_fs.h
···
488
488
struct hfsplus_fork_raw *fork);
489
489
int hfsplus_cat_read_inode(struct inode *inode, struct hfs_find_data *fd);
490
490
int hfsplus_cat_write_inode(struct inode *inode);
491
-
int hfsplus_getattr(const struct path *path, struct kstat *stat,
492
-
u32 request_mask, unsigned int query_flags);
491
+
int hfsplus_getattr(struct user_namespace *mnt_userns, const struct path *path,
492
+
struct kstat *stat, u32 request_mask,
493
+
unsigned int query_flags);
493
494
int hfsplus_file_fsync(struct file *file, loff_t start, loff_t end,
494
495
int datasync);
495
496
+9
-7
fs/hfsplus/inode.c
+9
-7
fs/hfsplus/inode.c
···
241
241
return 0;
242
242
}
243
243
244
-
static int hfsplus_setattr(struct dentry *dentry, struct iattr *attr)
244
+
static int hfsplus_setattr(struct user_namespace *mnt_userns,
245
+
struct dentry *dentry, struct iattr *attr)
245
246
{
246
247
struct inode *inode = d_inode(dentry);
247
248
int error;
248
249
249
-
error = setattr_prepare(dentry, attr);
250
+
error = setattr_prepare(&init_user_ns, dentry, attr);
250
251
if (error)
251
252
return error;
252
253
···
265
264
inode->i_mtime = inode->i_ctime = current_time(inode);
266
265
}
267
266
268
-
setattr_copy(inode, attr);
267
+
setattr_copy(&init_user_ns, inode, attr);
269
268
mark_inode_dirty(inode);
270
269
271
270
return 0;
272
271
}
273
272
274
-
int hfsplus_getattr(const struct path *path, struct kstat *stat,
275
-
u32 request_mask, unsigned int query_flags)
273
+
int hfsplus_getattr(struct user_namespace *mnt_userns, const struct path *path,
274
+
struct kstat *stat, u32 request_mask,
275
+
unsigned int query_flags)
276
276
{
277
277
struct inode *inode = d_inode(path->dentry);
278
278
struct hfsplus_inode_info *hip = HFSPLUS_I(inode);
···
288
286
stat->attributes_mask |= STATX_ATTR_APPEND | STATX_ATTR_IMMUTABLE |
289
287
STATX_ATTR_NODUMP;
290
288
291
-
generic_fillattr(inode, stat);
289
+
generic_fillattr(&init_user_ns, inode, stat);
292
290
return 0;
293
291
}
294
292
···
378
376
return NULL;
379
377
380
378
inode->i_ino = sbi->next_cnid++;
381
-
inode_init_owner(inode, dir, mode);
379
+
inode_init_owner(&init_user_ns, inode, dir, mode);
382
380
set_nlink(inode, 1);
383
381
inode->i_mtime = inode->i_atime = inode->i_ctime = current_time(inode);
384
382
+1
-1
fs/hfsplus/ioctl.c
+1
-1
fs/hfsplus/ioctl.c
+1
fs/hfsplus/xattr.c
+1
fs/hfsplus/xattr.c
+1
fs/hfsplus/xattr_security.c
+1
fs/hfsplus/xattr_security.c
+1
fs/hfsplus/xattr_trusted.c
+1
fs/hfsplus/xattr_trusted.c
+1
fs/hfsplus/xattr_user.c
+1
fs/hfsplus/xattr_user.c
+17
-12
fs/hostfs/hostfs_kern.c
+17
-12
fs/hostfs/hostfs_kern.c
···
557
557
return 0;
558
558
}
559
559
560
-
static int hostfs_create(struct inode *dir, struct dentry *dentry, umode_t mode,
561
-
bool excl)
560
+
static int hostfs_create(struct user_namespace *mnt_userns, struct inode *dir,
561
+
struct dentry *dentry, umode_t mode, bool excl)
562
562
{
563
563
struct inode *inode;
564
564
char *name;
···
656
656
return err;
657
657
}
658
658
659
-
static int hostfs_symlink(struct inode *ino, struct dentry *dentry,
660
-
const char *to)
659
+
static int hostfs_symlink(struct user_namespace *mnt_userns, struct inode *ino,
660
+
struct dentry *dentry, const char *to)
661
661
{
662
662
char *file;
663
663
int err;
···
669
669
return err;
670
670
}
671
671
672
-
static int hostfs_mkdir(struct inode *ino, struct dentry *dentry, umode_t mode)
672
+
static int hostfs_mkdir(struct user_namespace *mnt_userns, struct inode *ino,
673
+
struct dentry *dentry, umode_t mode)
673
674
{
674
675
char *file;
675
676
int err;
···
694
693
return err;
695
694
}
696
695
697
-
static int hostfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
696
+
static int hostfs_mknod(struct user_namespace *mnt_userns, struct inode *dir,
697
+
struct dentry *dentry, umode_t mode, dev_t dev)
698
698
{
699
699
struct inode *inode;
700
700
char *name;
···
733
731
return err;
734
732
}
735
733
736
-
static int hostfs_rename2(struct inode *old_dir, struct dentry *old_dentry,
734
+
static int hostfs_rename2(struct user_namespace *mnt_userns,
735
+
struct inode *old_dir, struct dentry *old_dentry,
737
736
struct inode *new_dir, struct dentry *new_dentry,
738
737
unsigned int flags)
739
738
{
···
762
759
return err;
763
760
}
764
761
765
-
static int hostfs_permission(struct inode *ino, int desired)
762
+
static int hostfs_permission(struct user_namespace *mnt_userns,
763
+
struct inode *ino, int desired)
766
764
{
767
765
char *name;
768
766
int r = 0, w = 0, x = 0, err;
···
785
781
err = access_file(name, r, w, x);
786
782
__putname(name);
787
783
if (!err)
788
-
err = generic_permission(ino, desired);
784
+
err = generic_permission(&init_user_ns, ino, desired);
789
785
return err;
790
786
}
791
787
792
-
static int hostfs_setattr(struct dentry *dentry, struct iattr *attr)
788
+
static int hostfs_setattr(struct user_namespace *mnt_userns,
789
+
struct dentry *dentry, struct iattr *attr)
793
790
{
794
791
struct inode *inode = d_inode(dentry);
795
792
struct hostfs_iattr attrs;
···
799
794
800
795
int fd = HOSTFS_I(inode)->fd;
801
796
802
-
err = setattr_prepare(dentry, attr);
797
+
err = setattr_prepare(&init_user_ns, dentry, attr);
803
798
if (err)
804
799
return err;
805
800
···
856
851
attr->ia_size != i_size_read(inode))
857
852
truncate_setsize(inode, attr->ia_size);
858
853
859
-
setattr_copy(inode, attr);
854
+
setattr_copy(&init_user_ns, inode, attr);
860
855
mark_inode_dirty(inode);
861
856
return 0;
862
857
}
+1
-1
fs/hpfs/hpfs_fn.h
+1
-1
fs/hpfs/hpfs_fn.h
···
280
280
void hpfs_read_inode(struct inode *);
281
281
void hpfs_write_inode(struct inode *);
282
282
void hpfs_write_inode_nolock(struct inode *);
283
-
int hpfs_setattr(struct dentry *, struct iattr *);
283
+
int hpfs_setattr(struct user_namespace *, struct dentry *, struct iattr *);
284
284
void hpfs_write_if_changed(struct inode *);
285
285
void hpfs_evict_inode(struct inode *);
286
286
+4
-3
fs/hpfs/inode.c
+4
-3
fs/hpfs/inode.c
···
257
257
brelse(bh);
258
258
}
259
259
260
-
int hpfs_setattr(struct dentry *dentry, struct iattr *attr)
260
+
int hpfs_setattr(struct user_namespace *mnt_userns, struct dentry *dentry,
261
+
struct iattr *attr)
261
262
{
262
263
struct inode *inode = d_inode(dentry);
263
264
int error = -EINVAL;
···
275
274
if ((attr->ia_valid & ATTR_SIZE) && attr->ia_size > inode->i_size)
276
275
goto out_unlock;
277
276
278
-
error = setattr_prepare(dentry, attr);
277
+
error = setattr_prepare(&init_user_ns, dentry, attr);
279
278
if (error)
280
279
goto out_unlock;
281
280
···
289
288
hpfs_truncate(inode);
290
289
}
291
290
292
-
setattr_copy(inode, attr);
291
+
setattr_copy(&init_user_ns, inode, attr);
293
292
294
293
hpfs_write_inode(inode);
295
294
+12
-8
fs/hpfs/namei.c
+12
-8
fs/hpfs/namei.c
···
20
20
hpfs_write_inode_nolock(dir);
21
21
}
22
22
23
-
static int hpfs_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
23
+
static int hpfs_mkdir(struct user_namespace *mnt_userns, struct inode *dir,
24
+
struct dentry *dentry, umode_t mode)
24
25
{
25
26
const unsigned char *name = dentry->d_name.name;
26
27
unsigned len = dentry->d_name.len;
···
129
128
return err;
130
129
}
131
130
132
-
static int hpfs_create(struct inode *dir, struct dentry *dentry, umode_t mode, bool excl)
131
+
static int hpfs_create(struct user_namespace *mnt_userns, struct inode *dir,
132
+
struct dentry *dentry, umode_t mode, bool excl)
133
133
{
134
134
const unsigned char *name = dentry->d_name.name;
135
135
unsigned len = dentry->d_name.len;
···
217
215
return err;
218
216
}
219
217
220
-
static int hpfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t rdev)
218
+
static int hpfs_mknod(struct user_namespace *mnt_userns, struct inode *dir,
219
+
struct dentry *dentry, umode_t mode, dev_t rdev)
221
220
{
222
221
const unsigned char *name = dentry->d_name.name;
223
222
unsigned len = dentry->d_name.len;
···
292
289
return err;
293
290
}
294
291
295
-
static int hpfs_symlink(struct inode *dir, struct dentry *dentry, const char *symlink)
292
+
static int hpfs_symlink(struct user_namespace *mnt_userns, struct inode *dir,
293
+
struct dentry *dentry, const char *symlink)
296
294
{
297
295
const unsigned char *name = dentry->d_name.name;
298
296
unsigned len = dentry->d_name.len;
···
510
506
const struct address_space_operations hpfs_symlink_aops = {
511
507
.readpage = hpfs_symlink_readpage
512
508
};
513
-
514
-
static int hpfs_rename(struct inode *old_dir, struct dentry *old_dentry,
515
-
struct inode *new_dir, struct dentry *new_dentry,
516
-
unsigned int flags)
509
+
510
+
static int hpfs_rename(struct user_namespace *mnt_userns, struct inode *old_dir,
511
+
struct dentry *old_dentry, struct inode *new_dir,
512
+
struct dentry *new_dentry, unsigned int flags)
517
513
{
518
514
const unsigned char *old_name = old_dentry->d_name.name;
519
515
unsigned old_len = old_dentry->d_name.len;
+21
-14
fs/hugetlbfs/inode.c
+21
-14
fs/hugetlbfs/inode.c
···
752
752
return error;
753
753
}
754
754
755
-
static int hugetlbfs_setattr(struct dentry *dentry, struct iattr *attr)
755
+
static int hugetlbfs_setattr(struct user_namespace *mnt_userns,
756
+
struct dentry *dentry, struct iattr *attr)
756
757
{
757
758
struct inode *inode = d_inode(dentry);
758
759
struct hstate *h = hstate_inode(inode);
···
763
762
764
763
BUG_ON(!inode);
765
764
766
-
error = setattr_prepare(dentry, attr);
765
+
error = setattr_prepare(&init_user_ns, dentry, attr);
767
766
if (error)
768
767
return error;
769
768
···
782
781
return error;
783
782
}
784
783
785
-
setattr_copy(inode, attr);
784
+
setattr_copy(&init_user_ns, inode, attr);
786
785
mark_inode_dirty(inode);
787
786
return 0;
788
787
}
···
838
837
struct hugetlbfs_inode_info *info = HUGETLBFS_I(inode);
839
838
840
839
inode->i_ino = get_next_ino();
841
-
inode_init_owner(inode, dir, mode);
840
+
inode_init_owner(&init_user_ns, inode, dir, mode);
842
841
lockdep_set_class(&inode->i_mapping->i_mmap_rwsem,
843
842
&hugetlbfs_i_mmap_rwsem_key);
844
843
inode->i_mapping->a_ops = &hugetlbfs_aops;
···
900
899
return error;
901
900
}
902
901
903
-
static int hugetlbfs_mknod(struct inode *dir,
904
-
struct dentry *dentry, umode_t mode, dev_t dev)
902
+
static int hugetlbfs_mknod(struct user_namespace *mnt_userns, struct inode *dir,
903
+
struct dentry *dentry, umode_t mode, dev_t dev)
905
904
{
906
905
return do_hugetlbfs_mknod(dir, dentry, mode, dev, false);
907
906
}
908
907
909
-
static int hugetlbfs_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
908
+
static int hugetlbfs_mkdir(struct user_namespace *mnt_userns, struct inode *dir,
909
+
struct dentry *dentry, umode_t mode)
910
910
{
911
-
int retval = hugetlbfs_mknod(dir, dentry, mode | S_IFDIR, 0);
911
+
int retval = hugetlbfs_mknod(&init_user_ns, dir, dentry,
912
+
mode | S_IFDIR, 0);
912
913
if (!retval)
913
914
inc_nlink(dir);
914
915
return retval;
915
916
}
916
917
917
-
static int hugetlbfs_create(struct inode *dir, struct dentry *dentry, umode_t mode, bool excl)
918
+
static int hugetlbfs_create(struct user_namespace *mnt_userns,
919
+
struct inode *dir, struct dentry *dentry,
920
+
umode_t mode, bool excl)
918
921
{
919
-
return hugetlbfs_mknod(dir, dentry, mode | S_IFREG, 0);
922
+
return hugetlbfs_mknod(&init_user_ns, dir, dentry, mode | S_IFREG, 0);
920
923
}
921
924
922
-
static int hugetlbfs_tmpfile(struct inode *dir,
923
-
struct dentry *dentry, umode_t mode)
925
+
static int hugetlbfs_tmpfile(struct user_namespace *mnt_userns,
926
+
struct inode *dir, struct dentry *dentry,
927
+
umode_t mode)
924
928
{
925
929
return do_hugetlbfs_mknod(dir, dentry, mode | S_IFREG, 0, true);
926
930
}
927
931
928
-
static int hugetlbfs_symlink(struct inode *dir,
929
-
struct dentry *dentry, const char *symname)
932
+
static int hugetlbfs_symlink(struct user_namespace *mnt_userns,
933
+
struct inode *dir, struct dentry *dentry,
934
+
const char *symname)
930
935
{
931
936
struct inode *inode;
932
937
int error = -ENOSPC;
+14
-10
fs/init.c
+14
-10
fs/init.c
···
49
49
error = kern_path(filename, LOOKUP_FOLLOW | LOOKUP_DIRECTORY, &path);
50
50
if (error)
51
51
return error;
52
-
error = inode_permission(path.dentry->d_inode, MAY_EXEC | MAY_CHDIR);
52
+
error = path_permission(&path, MAY_EXEC | MAY_CHDIR);
53
53
if (!error)
54
54
set_fs_pwd(current->fs, &path);
55
55
path_put(&path);
···
64
64
error = kern_path(filename, LOOKUP_FOLLOW | LOOKUP_DIRECTORY, &path);
65
65
if (error)
66
66
return error;
67
-
error = inode_permission(path.dentry->d_inode, MAY_EXEC | MAY_CHDIR);
67
+
error = path_permission(&path, MAY_EXEC | MAY_CHDIR);
68
68
if (error)
69
69
goto dput_and_out;
70
70
error = -EPERM;
···
118
118
error = kern_path(filename, LOOKUP_FOLLOW, &path);
119
119
if (error)
120
120
return error;
121
-
error = inode_permission(d_inode(path.dentry), MAY_ACCESS);
121
+
error = path_permission(&path, MAY_ACCESS);
122
122
path_put(&path);
123
123
return error;
124
124
}
···
157
157
mode &= ~current_umask();
158
158
error = security_path_mknod(&path, dentry, mode, dev);
159
159
if (!error)
160
-
error = vfs_mknod(path.dentry->d_inode, dentry, mode,
161
-
new_decode_dev(dev));
160
+
error = vfs_mknod(mnt_user_ns(path.mnt), path.dentry->d_inode,
161
+
dentry, mode, new_decode_dev(dev));
162
162
done_path_create(&path, dentry);
163
163
return error;
164
164
}
···
167
167
{
168
168
struct dentry *new_dentry;
169
169
struct path old_path, new_path;
170
+
struct user_namespace *mnt_userns;
170
171
int error;
171
172
172
173
error = kern_path(oldname, 0, &old_path);
···
182
181
error = -EXDEV;
183
182
if (old_path.mnt != new_path.mnt)
184
183
goto out_dput;
185
-
error = may_linkat(&old_path);
184
+
mnt_userns = mnt_user_ns(new_path.mnt);
185
+
error = may_linkat(mnt_userns, &old_path);
186
186
if (unlikely(error))
187
187
goto out_dput;
188
188
error = security_path_link(old_path.dentry, &new_path, new_dentry);
189
189
if (error)
190
190
goto out_dput;
191
-
error = vfs_link(old_path.dentry, new_path.dentry->d_inode, new_dentry,
192
-
NULL);
191
+
error = vfs_link(old_path.dentry, mnt_userns, new_path.dentry->d_inode,
192
+
new_dentry, NULL);
193
193
out_dput:
194
194
done_path_create(&new_path, new_dentry);
195
195
out:
···
209
207
return PTR_ERR(dentry);
210
208
error = security_path_symlink(&path, dentry, oldname);
211
209
if (!error)
212
-
error = vfs_symlink(path.dentry->d_inode, dentry, oldname);
210
+
error = vfs_symlink(mnt_user_ns(path.mnt), path.dentry->d_inode,
211
+
dentry, oldname);
213
212
done_path_create(&path, dentry);
214
213
return error;
215
214
}
···
233
230
mode &= ~current_umask();
234
231
error = security_path_mkdir(&path, dentry, mode);
235
232
if (!error)
236
-
error = vfs_mkdir(path.dentry->d_inode, dentry, mode);
233
+
error = vfs_mkdir(mnt_user_ns(path.mnt), path.dentry->d_inode,
234
+
dentry, mode);
237
235
done_path_create(&path, dentry);
238
236
return error;
239
237
}
+31
-13
fs/inode.c
+31
-13
fs/inode.c
···
1798
1798
/* Atime updates will likely cause i_uid and i_gid to be written
1799
1799
* back improprely if their true value is unknown to the vfs.
1800
1800
*/
1801
-
if (HAS_UNMAPPED_ID(inode))
1801
+
if (HAS_UNMAPPED_ID(mnt_user_ns(mnt), inode))
1802
1802
return false;
1803
1803
1804
1804
if (IS_NOATIME(inode))
···
1905
1905
return mask;
1906
1906
}
1907
1907
1908
-
static int __remove_privs(struct dentry *dentry, int kill)
1908
+
static int __remove_privs(struct user_namespace *mnt_userns,
1909
+
struct dentry *dentry, int kill)
1909
1910
{
1910
1911
struct iattr newattrs;
1911
1912
···
1915
1914
* Note we call this on write, so notify_change will not
1916
1915
* encounter any conflicting delegations:
1917
1916
*/
1918
-
return notify_change(dentry, &newattrs, NULL);
1917
+
return notify_change(mnt_userns, dentry, &newattrs, NULL);
1919
1918
}
1920
1919
1921
1920
/*
···
1942
1941
if (kill < 0)
1943
1942
return kill;
1944
1943
if (kill)
1945
-
error = __remove_privs(dentry, kill);
1944
+
error = __remove_privs(file_mnt_user_ns(file), dentry, kill);
1946
1945
if (!error)
1947
1946
inode_has_no_xattr(inode);
1948
1947
···
2133
2132
2134
2133
/**
2135
2134
* inode_init_owner - Init uid,gid,mode for new inode according to posix standards
2135
+
* @mnt_userns: User namespace of the mount the inode was created from
2136
2136
* @inode: New inode
2137
2137
* @dir: Directory inode
2138
2138
* @mode: mode of the new inode
2139
+
*
2140
+
* If the inode has been created through an idmapped mount the user namespace of
2141
+
* the vfsmount must be passed through @mnt_userns. This function will then take
2142
+
* care to map the inode according to @mnt_userns before checking permissions
2143
+
* and initializing i_uid and i_gid. On non-idmapped mounts or if permission
2144
+
* checking is to be performed on the raw inode simply passs init_user_ns.
2139
2145
*/
2140
-
void inode_init_owner(struct inode *inode, const struct inode *dir,
2141
-
umode_t mode)
2146
+
void inode_init_owner(struct user_namespace *mnt_userns, struct inode *inode,
2147
+
const struct inode *dir, umode_t mode)
2142
2148
{
2143
-
inode->i_uid = current_fsuid();
2149
+
inode->i_uid = fsuid_into_mnt(mnt_userns);
2144
2150
if (dir && dir->i_mode & S_ISGID) {
2145
2151
inode->i_gid = dir->i_gid;
2146
2152
···
2155
2147
if (S_ISDIR(mode))
2156
2148
mode |= S_ISGID;
2157
2149
else if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP) &&
2158
-
!in_group_p(inode->i_gid) &&
2159
-
!capable_wrt_inode_uidgid(dir, CAP_FSETID))
2150
+
!in_group_p(i_gid_into_mnt(mnt_userns, dir)) &&
2151
+
!capable_wrt_inode_uidgid(mnt_userns, dir, CAP_FSETID))
2160
2152
mode &= ~S_ISGID;
2161
2153
} else
2162
-
inode->i_gid = current_fsgid();
2154
+
inode->i_gid = fsgid_into_mnt(mnt_userns);
2163
2155
inode->i_mode = mode;
2164
2156
}
2165
2157
EXPORT_SYMBOL(inode_init_owner);
2166
2158
2167
2159
/**
2168
2160
* inode_owner_or_capable - check current task permissions to inode
2161
+
* @mnt_userns: user namespace of the mount the inode was found from
2169
2162
* @inode: inode being checked
2170
2163
*
2171
2164
* Return true if current either has CAP_FOWNER in a namespace with the
2172
2165
* inode owner uid mapped, or owns the file.
2166
+
*
2167
+
* If the inode has been found through an idmapped mount the user namespace of
2168
+
* the vfsmount must be passed through @mnt_userns. This function will then take
2169
+
* care to map the inode according to @mnt_userns before checking permissions.
2170
+
* On non-idmapped mounts or if permission checking is to be performed on the
2171
+
* raw inode simply passs init_user_ns.
2173
2172
*/
2174
-
bool inode_owner_or_capable(const struct inode *inode)
2173
+
bool inode_owner_or_capable(struct user_namespace *mnt_userns,
2174
+
const struct inode *inode)
2175
2175
{
2176
+
kuid_t i_uid;
2176
2177
struct user_namespace *ns;
2177
2178
2178
-
if (uid_eq(current_fsuid(), inode->i_uid))
2179
+
i_uid = i_uid_into_mnt(mnt_userns, inode);
2180
+
if (uid_eq(current_fsuid(), i_uid))
2179
2181
return true;
2180
2182
2181
2183
ns = current_user_ns();
2182
-
if (kuid_has_mapping(ns, inode->i_uid) && ns_capable(ns, CAP_FOWNER))
2184
+
if (kuid_has_mapping(ns, i_uid) && ns_capable(ns, CAP_FOWNER))
2183
2185
return true;
2184
2186
return false;
2185
2187
}
+1
-1
fs/internal.h
+1
-1
fs/internal.h
···
74
74
const char *, unsigned int, struct path *);
75
75
long do_rmdir(int dfd, struct filename *name);
76
76
long do_unlinkat(int dfd, struct filename *name);
77
-
int may_linkat(struct path *link);
77
+
int may_linkat(struct user_namespace *mnt_userns, struct path *link);
78
78
int do_renameat2(int olddfd, struct filename *oldname, int newdfd,
79
79
struct filename *newname, unsigned int flags);
80
80
+4
-2
fs/jffs2/acl.c
+4
-2
fs/jffs2/acl.c
···
226
226
return rc;
227
227
}
228
228
229
-
int jffs2_set_acl(struct inode *inode, struct posix_acl *acl, int type)
229
+
int jffs2_set_acl(struct user_namespace *mnt_userns, struct inode *inode,
230
+
struct posix_acl *acl, int type)
230
231
{
231
232
int rc, xprefix;
232
233
···
237
236
if (acl) {
238
237
umode_t mode;
239
238
240
-
rc = posix_acl_update_mode(inode, &mode, &acl);
239
+
rc = posix_acl_update_mode(&init_user_ns, inode, &mode,
240
+
&acl);
241
241
if (rc)
242
242
return rc;
243
243
if (inode->i_mode != mode) {
+2
-1
fs/jffs2/acl.h
+2
-1
fs/jffs2/acl.h
···
28
28
#ifdef CONFIG_JFFS2_FS_POSIX_ACL
29
29
30
30
struct posix_acl *jffs2_get_acl(struct inode *inode, int type);
31
-
int jffs2_set_acl(struct inode *inode, struct posix_acl *acl, int type);
31
+
int jffs2_set_acl(struct user_namespace *mnt_userns, struct inode *inode,
32
+
struct posix_acl *acl, int type);
32
33
extern int jffs2_init_acl_pre(struct inode *, struct inode *, umode_t *);
33
34
extern int jffs2_init_acl_post(struct inode *);
34
35
+20
-13
fs/jffs2/dir.c
+20
-13
fs/jffs2/dir.c
···
24
24
25
25
static int jffs2_readdir (struct file *, struct dir_context *);
26
26
27
-
static int jffs2_create (struct inode *,struct dentry *,umode_t,
28
-
bool);
27
+
static int jffs2_create (struct user_namespace *, struct inode *,
28
+
struct dentry *, umode_t, bool);
29
29
static struct dentry *jffs2_lookup (struct inode *,struct dentry *,
30
30
unsigned int);
31
31
static int jffs2_link (struct dentry *,struct inode *,struct dentry *);
32
32
static int jffs2_unlink (struct inode *,struct dentry *);
33
-
static int jffs2_symlink (struct inode *,struct dentry *,const char *);
34
-
static int jffs2_mkdir (struct inode *,struct dentry *,umode_t);
33
+
static int jffs2_symlink (struct user_namespace *, struct inode *,
34
+
struct dentry *, const char *);
35
+
static int jffs2_mkdir (struct user_namespace *, struct inode *,struct dentry *,
36
+
umode_t);
35
37
static int jffs2_rmdir (struct inode *,struct dentry *);
36
-
static int jffs2_mknod (struct inode *,struct dentry *,umode_t,dev_t);
37
-
static int jffs2_rename (struct inode *, struct dentry *,
38
-
struct inode *, struct dentry *,
38
+
static int jffs2_mknod (struct user_namespace *, struct inode *,struct dentry *,
39
+
umode_t,dev_t);
40
+
static int jffs2_rename (struct user_namespace *, struct inode *,
41
+
struct dentry *, struct inode *, struct dentry *,
39
42
unsigned int);
40
43
41
44
const struct file_operations jffs2_dir_operations =
···
160
157
/***********************************************************************/
161
158
162
159
163
-
static int jffs2_create(struct inode *dir_i, struct dentry *dentry,
164
-
umode_t mode, bool excl)
160
+
static int jffs2_create(struct user_namespace *mnt_userns, struct inode *dir_i,
161
+
struct dentry *dentry, umode_t mode, bool excl)
165
162
{
166
163
struct jffs2_raw_inode *ri;
167
164
struct jffs2_inode_info *f, *dir_f;
···
279
276
280
277
/***********************************************************************/
281
278
282
-
static int jffs2_symlink (struct inode *dir_i, struct dentry *dentry, const char *target)
279
+
static int jffs2_symlink (struct user_namespace *mnt_userns, struct inode *dir_i,
280
+
struct dentry *dentry, const char *target)
283
281
{
284
282
struct jffs2_inode_info *f, *dir_f;
285
283
struct jffs2_sb_info *c;
···
442
438
}
443
439
444
440
445
-
static int jffs2_mkdir (struct inode *dir_i, struct dentry *dentry, umode_t mode)
441
+
static int jffs2_mkdir (struct user_namespace *mnt_userns, struct inode *dir_i,
442
+
struct dentry *dentry, umode_t mode)
446
443
{
447
444
struct jffs2_inode_info *f, *dir_f;
448
445
struct jffs2_sb_info *c;
···
614
609
return ret;
615
610
}
616
611
617
-
static int jffs2_mknod (struct inode *dir_i, struct dentry *dentry, umode_t mode, dev_t rdev)
612
+
static int jffs2_mknod (struct user_namespace *mnt_userns, struct inode *dir_i,
613
+
struct dentry *dentry, umode_t mode, dev_t rdev)
618
614
{
619
615
struct jffs2_inode_info *f, *dir_f;
620
616
struct jffs2_sb_info *c;
···
762
756
return ret;
763
757
}
764
758
765
-
static int jffs2_rename (struct inode *old_dir_i, struct dentry *old_dentry,
759
+
static int jffs2_rename (struct user_namespace *mnt_userns,
760
+
struct inode *old_dir_i, struct dentry *old_dentry,
766
761
struct inode *new_dir_i, struct dentry *new_dentry,
767
762
unsigned int flags)
768
763
{
+4
-3
fs/jffs2/fs.c
+4
-3
fs/jffs2/fs.c
···
190
190
return 0;
191
191
}
192
192
193
-
int jffs2_setattr(struct dentry *dentry, struct iattr *iattr)
193
+
int jffs2_setattr(struct user_namespace *mnt_userns, struct dentry *dentry,
194
+
struct iattr *iattr)
194
195
{
195
196
struct inode *inode = d_inode(dentry);
196
197
int rc;
197
198
198
-
rc = setattr_prepare(dentry, iattr);
199
+
rc = setattr_prepare(&init_user_ns, dentry, iattr);
199
200
if (rc)
200
201
return rc;
201
202
202
203
rc = jffs2_do_setattr(inode, iattr);
203
204
if (!rc && (iattr->ia_valid & ATTR_MODE))
204
-
rc = posix_acl_chmod(inode, inode->i_mode);
205
+
rc = posix_acl_chmod(&init_user_ns, inode, inode->i_mode);
205
206
206
207
return rc;
207
208
}
+1
-1
fs/jffs2/os-linux.h
+1
-1
fs/jffs2/os-linux.h
···
164
164
extern const struct inode_operations jffs2_symlink_inode_operations;
165
165
166
166
/* fs.c */
167
-
int jffs2_setattr (struct dentry *, struct iattr *);
167
+
int jffs2_setattr (struct user_namespace *, struct dentry *, struct iattr *);
168
168
int jffs2_do_setattr (struct inode *, struct iattr *);
169
169
struct inode *jffs2_iget(struct super_block *, unsigned long);
170
170
void jffs2_evict_inode (struct inode *);
+1
fs/jffs2/security.c
+1
fs/jffs2/security.c
+1
fs/jffs2/xattr_trusted.c
+1
fs/jffs2/xattr_trusted.c
+1
fs/jffs2/xattr_user.c
+1
fs/jffs2/xattr_user.c
+3
-2
fs/jfs/acl.c
+3
-2
fs/jfs/acl.c
···
91
91
return rc;
92
92
}
93
93
94
-
int jfs_set_acl(struct inode *inode, struct posix_acl *acl, int type)
94
+
int jfs_set_acl(struct user_namespace *mnt_userns, struct inode *inode,
95
+
struct posix_acl *acl, int type)
95
96
{
96
97
int rc;
97
98
tid_t tid;
···
102
101
tid = txBegin(inode->i_sb, 0);
103
102
mutex_lock(&JFS_IP(inode)->commit_mutex);
104
103
if (type == ACL_TYPE_ACCESS && acl) {
105
-
rc = posix_acl_update_mode(inode, &mode, &acl);
104
+
rc = posix_acl_update_mode(&init_user_ns, inode, &mode, &acl);
106
105
if (rc)
107
106
goto end_tx;
108
107
if (mode != inode->i_mode)
+5
-4
fs/jfs/file.c
+5
-4
fs/jfs/file.c
···
85
85
return 0;
86
86
}
87
87
88
-
int jfs_setattr(struct dentry *dentry, struct iattr *iattr)
88
+
int jfs_setattr(struct user_namespace *mnt_userns, struct dentry *dentry,
89
+
struct iattr *iattr)
89
90
{
90
91
struct inode *inode = d_inode(dentry);
91
92
int rc;
92
93
93
-
rc = setattr_prepare(dentry, iattr);
94
+
rc = setattr_prepare(&init_user_ns, dentry, iattr);
94
95
if (rc)
95
96
return rc;
96
97
···
119
118
jfs_truncate(inode);
120
119
}
121
120
122
-
setattr_copy(inode, iattr);
121
+
setattr_copy(&init_user_ns, inode, iattr);
123
122
mark_inode_dirty(inode);
124
123
125
124
if (iattr->ia_valid & ATTR_MODE)
126
-
rc = posix_acl_chmod(inode, inode->i_mode);
125
+
rc = posix_acl_chmod(&init_user_ns, inode, inode->i_mode);
127
126
return rc;
128
127
}
129
128
+1
-1
fs/jfs/ioctl.c
+1
-1
fs/jfs/ioctl.c
+2
-1
fs/jfs/jfs_acl.h
+2
-1
fs/jfs/jfs_acl.h
···
8
8
#ifdef CONFIG_JFS_POSIX_ACL
9
9
10
10
struct posix_acl *jfs_get_acl(struct inode *inode, int type);
11
-
int jfs_set_acl(struct inode *inode, struct posix_acl *acl, int type);
11
+
int jfs_set_acl(struct user_namespace *mnt_userns, struct inode *inode,
12
+
struct posix_acl *acl, int type);
12
13
int jfs_init_acl(tid_t, struct inode *, struct inode *);
13
14
14
15
#else
+1
-1
fs/jfs/jfs_inode.c
+1
-1
fs/jfs/jfs_inode.c
+1
-1
fs/jfs/jfs_inode.h
+1
-1
fs/jfs/jfs_inode.h
···
26
26
int fh_len, int fh_type);
27
27
extern void jfs_set_inode_flags(struct inode *);
28
28
extern int jfs_get_block(struct inode *, sector_t, struct buffer_head *, int);
29
-
extern int jfs_setattr(struct dentry *, struct iattr *);
29
+
extern int jfs_setattr(struct user_namespace *, struct dentry *, struct iattr *);
30
30
31
31
extern const struct address_space_operations jfs_aops;
32
32
extern const struct inode_operations jfs_dir_inode_operations;
+11
-10
fs/jfs/namei.c
+11
-10
fs/jfs/namei.c
···
59
59
* RETURN: Errors from subroutines
60
60
*
61
61
*/
62
-
static int jfs_create(struct inode *dip, struct dentry *dentry, umode_t mode,
63
-
bool excl)
62
+
static int jfs_create(struct user_namespace *mnt_userns, struct inode *dip,
63
+
struct dentry *dentry, umode_t mode, bool excl)
64
64
{
65
65
int rc = 0;
66
66
tid_t tid; /* transaction id */
···
192
192
* note:
193
193
* EACCES: user needs search+write permission on the parent directory
194
194
*/
195
-
static int jfs_mkdir(struct inode *dip, struct dentry *dentry, umode_t mode)
195
+
static int jfs_mkdir(struct user_namespace *mnt_userns, struct inode *dip,
196
+
struct dentry *dentry, umode_t mode)
196
197
{
197
198
int rc = 0;
198
199
tid_t tid; /* transaction id */
···
869
868
* an intermediate result whose length exceeds PATH_MAX [XPG4.2]
870
869
*/
871
870
872
-
static int jfs_symlink(struct inode *dip, struct dentry *dentry,
873
-
const char *name)
871
+
static int jfs_symlink(struct user_namespace *mnt_userns, struct inode *dip,
872
+
struct dentry *dentry, const char *name)
874
873
{
875
874
int rc;
876
875
tid_t tid;
···
1059
1058
*
1060
1059
* FUNCTION: rename a file or directory
1061
1060
*/
1062
-
static int jfs_rename(struct inode *old_dir, struct dentry *old_dentry,
1063
-
struct inode *new_dir, struct dentry *new_dentry,
1064
-
unsigned int flags)
1061
+
static int jfs_rename(struct user_namespace *mnt_userns, struct inode *old_dir,
1062
+
struct dentry *old_dentry, struct inode *new_dir,
1063
+
struct dentry *new_dentry, unsigned int flags)
1065
1064
{
1066
1065
struct btstack btstack;
1067
1066
ino_t ino;
···
1345
1344
*
1346
1345
* FUNCTION: Create a special file (device)
1347
1346
*/
1348
-
static int jfs_mknod(struct inode *dir, struct dentry *dentry,
1349
-
umode_t mode, dev_t rdev)
1347
+
static int jfs_mknod(struct user_namespace *mnt_userns, struct inode *dir,
1348
+
struct dentry *dentry, umode_t mode, dev_t rdev)
1350
1349
{
1351
1350
struct jfs_inode_info *jfs_ip;
1352
1351
struct btstack btstack;
+2
fs/jfs/xattr.c
+2
fs/jfs/xattr.c
···
932
932
}
933
933
934
934
static int jfs_xattr_set(const struct xattr_handler *handler,
935
+
struct user_namespace *mnt_userns,
935
936
struct dentry *unused, struct inode *inode,
936
937
const char *name, const void *value,
937
938
size_t size, int flags)
···
951
950
}
952
951
953
952
static int jfs_xattr_set_os2(const struct xattr_handler *handler,
953
+
struct user_namespace *mnt_userns,
954
954
struct dentry *unused, struct inode *inode,
955
955
const char *name, const void *value,
956
956
size_t size, int flags)
+4
-2
fs/kernfs/dir.c
+4
-2
fs/kernfs/dir.c
···
1110
1110
return ret;
1111
1111
}
1112
1112
1113
-
static int kernfs_iop_mkdir(struct inode *dir, struct dentry *dentry,
1113
+
static int kernfs_iop_mkdir(struct user_namespace *mnt_userns,
1114
+
struct inode *dir, struct dentry *dentry,
1114
1115
umode_t mode)
1115
1116
{
1116
1117
struct kernfs_node *parent = dir->i_private;
···
1148
1147
return ret;
1149
1148
}
1150
1149
1151
-
static int kernfs_iop_rename(struct inode *old_dir, struct dentry *old_dentry,
1150
+
static int kernfs_iop_rename(struct user_namespace *mnt_userns,
1151
+
struct inode *old_dir, struct dentry *old_dentry,
1152
1152
struct inode *new_dir, struct dentry *new_dentry,
1153
1153
unsigned int flags)
1154
1154
{
+12
-7
fs/kernfs/inode.c
+12
-7
fs/kernfs/inode.c
···
112
112
return ret;
113
113
}
114
114
115
-
int kernfs_iop_setattr(struct dentry *dentry, struct iattr *iattr)
115
+
int kernfs_iop_setattr(struct user_namespace *mnt_userns, struct dentry *dentry,
116
+
struct iattr *iattr)
116
117
{
117
118
struct inode *inode = d_inode(dentry);
118
119
struct kernfs_node *kn = inode->i_private;
···
123
122
return -EINVAL;
124
123
125
124
mutex_lock(&kernfs_mutex);
126
-
error = setattr_prepare(dentry, iattr);
125
+
error = setattr_prepare(&init_user_ns, dentry, iattr);
127
126
if (error)
128
127
goto out;
129
128
···
132
131
goto out;
133
132
134
133
/* this ignores size changes */
135
-
setattr_copy(inode, iattr);
134
+
setattr_copy(&init_user_ns, inode, iattr);
136
135
137
136
out:
138
137
mutex_unlock(&kernfs_mutex);
···
184
183
set_nlink(inode, kn->dir.subdirs + 2);
185
184
}
186
185
187
-
int kernfs_iop_getattr(const struct path *path, struct kstat *stat,
186
+
int kernfs_iop_getattr(struct user_namespace *mnt_userns,
187
+
const struct path *path, struct kstat *stat,
188
188
u32 request_mask, unsigned int query_flags)
189
189
{
190
190
struct inode *inode = d_inode(path->dentry);
···
195
193
kernfs_refresh_inode(kn, inode);
196
194
mutex_unlock(&kernfs_mutex);
197
195
198
-
generic_fillattr(inode, stat);
196
+
generic_fillattr(&init_user_ns, inode, stat);
199
197
return 0;
200
198
}
201
199
···
274
272
kernfs_put(kn);
275
273
}
276
274
277
-
int kernfs_iop_permission(struct inode *inode, int mask)
275
+
int kernfs_iop_permission(struct user_namespace *mnt_userns,
276
+
struct inode *inode, int mask)
278
277
{
279
278
struct kernfs_node *kn;
280
279
···
288
285
kernfs_refresh_inode(kn, inode);
289
286
mutex_unlock(&kernfs_mutex);
290
287
291
-
return generic_permission(inode, mask);
288
+
return generic_permission(&init_user_ns, inode, mask);
292
289
}
293
290
294
291
int kernfs_xattr_get(struct kernfs_node *kn, const char *name,
···
322
319
}
323
320
324
321
static int kernfs_vfs_xattr_set(const struct xattr_handler *handler,
322
+
struct user_namespace *mnt_userns,
325
323
struct dentry *unused, struct inode *inode,
326
324
const char *suffix, const void *value,
327
325
size_t size, int flags)
···
389
385
}
390
386
391
387
static int kernfs_vfs_user_xattr_set(const struct xattr_handler *handler,
388
+
struct user_namespace *mnt_userns,
392
389
struct dentry *unused, struct inode *inode,
393
390
const char *suffix, const void *value,
394
391
size_t size, int flags)
+6
-3
fs/kernfs/kernfs-internal.h
+6
-3
fs/kernfs/kernfs-internal.h
···
89
89
*/
90
90
extern const struct xattr_handler *kernfs_xattr_handlers[];
91
91
void kernfs_evict_inode(struct inode *inode);
92
-
int kernfs_iop_permission(struct inode *inode, int mask);
93
-
int kernfs_iop_setattr(struct dentry *dentry, struct iattr *iattr);
94
-
int kernfs_iop_getattr(const struct path *path, struct kstat *stat,
92
+
int kernfs_iop_permission(struct user_namespace *mnt_userns,
93
+
struct inode *inode, int mask);
94
+
int kernfs_iop_setattr(struct user_namespace *mnt_userns, struct dentry *dentry,
95
+
struct iattr *iattr);
96
+
int kernfs_iop_getattr(struct user_namespace *mnt_userns,
97
+
const struct path *path, struct kstat *stat,
95
98
u32 request_mask, unsigned int query_flags);
96
99
ssize_t kernfs_iop_listxattr(struct dentry *dentry, char *buf, size_t size);
97
100
int __kernfs_setattr(struct kernfs_node *kn, const struct iattr *iattr);
+16
-12
fs/libfs.c
+16
-12
fs/libfs.c
···
27
27
28
28
#include "internal.h"
29
29
30
-
int simple_getattr(const struct path *path, struct kstat *stat,
31
-
u32 request_mask, unsigned int query_flags)
30
+
int simple_getattr(struct user_namespace *mnt_userns, const struct path *path,
31
+
struct kstat *stat, u32 request_mask,
32
+
unsigned int query_flags)
32
33
{
33
34
struct inode *inode = d_inode(path->dentry);
34
-
generic_fillattr(inode, stat);
35
+
generic_fillattr(&init_user_ns, inode, stat);
35
36
stat->blocks = inode->i_mapping->nrpages << (PAGE_SHIFT - 9);
36
37
return 0;
37
38
}
···
448
447
}
449
448
EXPORT_SYMBOL(simple_rmdir);
450
449
451
-
int simple_rename(struct inode *old_dir, struct dentry *old_dentry,
452
-
struct inode *new_dir, struct dentry *new_dentry,
453
-
unsigned int flags)
450
+
int simple_rename(struct user_namespace *mnt_userns, struct inode *old_dir,
451
+
struct dentry *old_dentry, struct inode *new_dir,
452
+
struct dentry *new_dentry, unsigned int flags)
454
453
{
455
454
struct inode *inode = d_inode(old_dentry);
456
455
int they_are_dirs = d_is_dir(old_dentry);
···
493
492
* on simple regular filesystems. Anything that needs to change on-disk
494
493
* or wire state on size changes needs its own setattr method.
495
494
*/
496
-
int simple_setattr(struct dentry *dentry, struct iattr *iattr)
495
+
int simple_setattr(struct user_namespace *mnt_userns, struct dentry *dentry,
496
+
struct iattr *iattr)
497
497
{
498
498
struct inode *inode = d_inode(dentry);
499
499
int error;
500
500
501
-
error = setattr_prepare(dentry, iattr);
501
+
error = setattr_prepare(mnt_userns, dentry, iattr);
502
502
if (error)
503
503
return error;
504
504
505
505
if (iattr->ia_valid & ATTR_SIZE)
506
506
truncate_setsize(inode, iattr->ia_size);
507
-
setattr_copy(inode, iattr);
507
+
setattr_copy(mnt_userns, inode, iattr);
508
508
mark_inode_dirty(inode);
509
509
return 0;
510
510
}
···
1297
1295
return ERR_PTR(-ENOENT);
1298
1296
}
1299
1297
1300
-
static int empty_dir_getattr(const struct path *path, struct kstat *stat,
1298
+
static int empty_dir_getattr(struct user_namespace *mnt_userns,
1299
+
const struct path *path, struct kstat *stat,
1301
1300
u32 request_mask, unsigned int query_flags)
1302
1301
{
1303
1302
struct inode *inode = d_inode(path->dentry);
1304
-
generic_fillattr(inode, stat);
1303
+
generic_fillattr(&init_user_ns, inode, stat);
1305
1304
return 0;
1306
1305
}
1307
1306
1308
-
static int empty_dir_setattr(struct dentry *dentry, struct iattr *attr)
1307
+
static int empty_dir_setattr(struct user_namespace *mnt_userns,
1308
+
struct dentry *dentry, struct iattr *attr)
1309
1309
{
1310
1310
return -EPERM;
1311
1311
}
+1
-1
fs/minix/bitmap.c
+1
-1
fs/minix/bitmap.c
+4
-3
fs/minix/file.c
+4
-3
fs/minix/file.c
···
22
22
.splice_read = generic_file_splice_read,
23
23
};
24
24
25
-
static int minix_setattr(struct dentry *dentry, struct iattr *attr)
25
+
static int minix_setattr(struct user_namespace *mnt_userns,
26
+
struct dentry *dentry, struct iattr *attr)
26
27
{
27
28
struct inode *inode = d_inode(dentry);
28
29
int error;
29
30
30
-
error = setattr_prepare(dentry, attr);
31
+
error = setattr_prepare(&init_user_ns, dentry, attr);
31
32
if (error)
32
33
return error;
33
34
···
42
41
minix_truncate(inode);
43
42
}
44
43
45
-
setattr_copy(inode, attr);
44
+
setattr_copy(&init_user_ns, inode, attr);
46
45
mark_inode_dirty(inode);
47
46
return 0;
48
47
}
+3
-3
fs/minix/inode.c
+3
-3
fs/minix/inode.c
···
652
652
return err;
653
653
}
654
654
655
-
int minix_getattr(const struct path *path, struct kstat *stat,
656
-
u32 request_mask, unsigned int flags)
655
+
int minix_getattr(struct user_namespace *mnt_userns, const struct path *path,
656
+
struct kstat *stat, u32 request_mask, unsigned int flags)
657
657
{
658
658
struct super_block *sb = path->dentry->d_sb;
659
659
struct inode *inode = d_inode(path->dentry);
660
660
661
-
generic_fillattr(inode, stat);
661
+
generic_fillattr(&init_user_ns, inode, stat);
662
662
if (INODE_VERSION(inode) == MINIX_V1)
663
663
stat->blocks = (BLOCK_SIZE / 512) * V1_minix_blocks(stat->size, sb);
664
664
else
+2
-1
fs/minix/minix.h
+2
-1
fs/minix/minix.h
···
51
51
extern int minix_new_block(struct inode * inode);
52
52
extern void minix_free_block(struct inode *inode, unsigned long block);
53
53
extern unsigned long minix_count_free_blocks(struct super_block *sb);
54
-
extern int minix_getattr(const struct path *, struct kstat *, u32, unsigned int);
54
+
extern int minix_getattr(struct user_namespace *, const struct path *,
55
+
struct kstat *, u32, unsigned int);
55
56
extern int minix_prepare_chunk(struct page *page, loff_t pos, unsigned len);
56
57
57
58
extern void V1_minix_truncate(struct inode *);
+14
-10
fs/minix/namei.c
+14
-10
fs/minix/namei.c
···
33
33
return d_splice_alias(inode, dentry);
34
34
}
35
35
36
-
static int minix_mknod(struct inode * dir, struct dentry *dentry, umode_t mode, dev_t rdev)
36
+
static int minix_mknod(struct user_namespace *mnt_userns, struct inode *dir,
37
+
struct dentry *dentry, umode_t mode, dev_t rdev)
37
38
{
38
39
int error;
39
40
struct inode *inode;
···
52
51
return error;
53
52
}
54
53
55
-
static int minix_tmpfile(struct inode *dir, struct dentry *dentry, umode_t mode)
54
+
static int minix_tmpfile(struct user_namespace *mnt_userns, struct inode *dir,
55
+
struct dentry *dentry, umode_t mode)
56
56
{
57
57
int error;
58
58
struct inode *inode = minix_new_inode(dir, mode, &error);
···
65
63
return error;
66
64
}
67
65
68
-
static int minix_create(struct inode *dir, struct dentry *dentry, umode_t mode,
69
-
bool excl)
66
+
static int minix_create(struct user_namespace *mnt_userns, struct inode *dir,
67
+
struct dentry *dentry, umode_t mode, bool excl)
70
68
{
71
-
return minix_mknod(dir, dentry, mode, 0);
69
+
return minix_mknod(mnt_userns, dir, dentry, mode, 0);
72
70
}
73
71
74
-
static int minix_symlink(struct inode * dir, struct dentry *dentry,
75
-
const char * symname)
72
+
static int minix_symlink(struct user_namespace *mnt_userns, struct inode *dir,
73
+
struct dentry *dentry, const char *symname)
76
74
{
77
75
int err = -ENAMETOOLONG;
78
76
int i = strlen(symname)+1;
···
111
109
return add_nondir(dentry, inode);
112
110
}
113
111
114
-
static int minix_mkdir(struct inode * dir, struct dentry *dentry, umode_t mode)
112
+
static int minix_mkdir(struct user_namespace *mnt_userns, struct inode *dir,
113
+
struct dentry *dentry, umode_t mode)
115
114
{
116
115
struct inode * inode;
117
116
int err;
···
184
181
return err;
185
182
}
186
183
187
-
static int minix_rename(struct inode * old_dir, struct dentry *old_dentry,
188
-
struct inode * new_dir, struct dentry *new_dentry,
184
+
static int minix_rename(struct user_namespace *mnt_userns,
185
+
struct inode *old_dir, struct dentry *old_dentry,
186
+
struct inode *new_dir, struct dentry *new_dentry,
189
187
unsigned int flags)
190
188
{
191
189
struct inode * old_inode = d_inode(old_dentry);
-10
fs/mount.h
-10
fs/mount.h
···
124
124
125
125
extern seqlock_t mount_lock;
126
126
127
-
static inline void lock_mount_hash(void)
128
-
{
129
-
write_seqlock(&mount_lock);
130
-
}
131
-
132
-
static inline void unlock_mount_hash(void)
133
-
{
134
-
write_sequnlock(&mount_lock);
135
-
}
136
-
137
127
struct proc_mounts {
138
128
struct mnt_namespace *ns;
139
129
struct path root;
+380
-131
fs/namei.c
+380
-131
fs/namei.c
···
259
259
__putname(name);
260
260
}
261
261
262
-
static int check_acl(struct inode *inode, int mask)
262
+
/**
263
+
* check_acl - perform ACL permission checking
264
+
* @mnt_userns: user namespace of the mount the inode was found from
265
+
* @inode: inode to check permissions on
266
+
* @mask: right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC ...)
267
+
*
268
+
* This function performs the ACL permission checking. Since this function
269
+
* retrieve POSIX acls it needs to know whether it is called from a blocking or
270
+
* non-blocking context and thus cares about the MAY_NOT_BLOCK bit.
271
+
*
272
+
* If the inode has been found through an idmapped mount the user namespace of
273
+
* the vfsmount must be passed through @mnt_userns. This function will then take
274
+
* care to map the inode according to @mnt_userns before checking permissions.
275
+
* On non-idmapped mounts or if permission checking is to be performed on the
276
+
* raw inode simply passs init_user_ns.
277
+
*/
278
+
static int check_acl(struct user_namespace *mnt_userns,
279
+
struct inode *inode, int mask)
263
280
{
264
281
#ifdef CONFIG_FS_POSIX_ACL
265
282
struct posix_acl *acl;
···
288
271
/* no ->get_acl() calls in RCU mode... */
289
272
if (is_uncached_acl(acl))
290
273
return -ECHILD;
291
-
return posix_acl_permission(inode, acl, mask);
274
+
return posix_acl_permission(mnt_userns, inode, acl, mask);
292
275
}
293
276
294
277
acl = get_acl(inode, ACL_TYPE_ACCESS);
295
278
if (IS_ERR(acl))
296
279
return PTR_ERR(acl);
297
280
if (acl) {
298
-
int error = posix_acl_permission(inode, acl, mask);
281
+
int error = posix_acl_permission(mnt_userns, inode, acl, mask);
299
282
posix_acl_release(acl);
300
283
return error;
301
284
}
···
304
287
return -EAGAIN;
305
288
}
306
289
307
-
/*
308
-
* This does the basic UNIX permission checking.
290
+
/**
291
+
* acl_permission_check - perform basic UNIX permission checking
292
+
* @mnt_userns: user namespace of the mount the inode was found from
293
+
* @inode: inode to check permissions on
294
+
* @mask: right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC ...)
309
295
*
310
-
* Note that the POSIX ACL check cares about the MAY_NOT_BLOCK bit,
311
-
* for RCU walking.
296
+
* This function performs the basic UNIX permission checking. Since this
297
+
* function may retrieve POSIX acls it needs to know whether it is called from a
298
+
* blocking or non-blocking context and thus cares about the MAY_NOT_BLOCK bit.
299
+
*
300
+
* If the inode has been found through an idmapped mount the user namespace of
301
+
* the vfsmount must be passed through @mnt_userns. This function will then take
302
+
* care to map the inode according to @mnt_userns before checking permissions.
303
+
* On non-idmapped mounts or if permission checking is to be performed on the
304
+
* raw inode simply passs init_user_ns.
312
305
*/
313
-
static int acl_permission_check(struct inode *inode, int mask)
306
+
static int acl_permission_check(struct user_namespace *mnt_userns,
307
+
struct inode *inode, int mask)
314
308
{
315
309
unsigned int mode = inode->i_mode;
310
+
kuid_t i_uid;
316
311
317
312
/* Are we the owner? If so, ACL's don't matter */
318
-
if (likely(uid_eq(current_fsuid(), inode->i_uid))) {
313
+
i_uid = i_uid_into_mnt(mnt_userns, inode);
314
+
if (likely(uid_eq(current_fsuid(), i_uid))) {
319
315
mask &= 7;
320
316
mode >>= 6;
321
317
return (mask & ~mode) ? -EACCES : 0;
···
336
306
337
307
/* Do we have ACL's? */
338
308
if (IS_POSIXACL(inode) && (mode & S_IRWXG)) {
339
-
int error = check_acl(inode, mask);
309
+
int error = check_acl(mnt_userns, inode, mask);
340
310
if (error != -EAGAIN)
341
311
return error;
342
312
}
···
350
320
* about? Need to check group ownership if so.
351
321
*/
352
322
if (mask & (mode ^ (mode >> 3))) {
353
-
if (in_group_p(inode->i_gid))
323
+
kgid_t kgid = i_gid_into_mnt(mnt_userns, inode);
324
+
if (in_group_p(kgid))
354
325
mode >>= 3;
355
326
}
356
327
···
361
330
362
331
/**
363
332
* generic_permission - check for access rights on a Posix-like filesystem
333
+
* @mnt_userns: user namespace of the mount the inode was found from
364
334
* @inode: inode to check access rights for
365
335
* @mask: right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC,
366
336
* %MAY_NOT_BLOCK ...)
···
374
342
* generic_permission is rcu-walk aware. It returns -ECHILD in case an rcu-walk
375
343
* request cannot be satisfied (eg. requires blocking or too much complexity).
376
344
* It would then be called again in ref-walk mode.
345
+
*
346
+
* If the inode has been found through an idmapped mount the user namespace of
347
+
* the vfsmount must be passed through @mnt_userns. This function will then take
348
+
* care to map the inode according to @mnt_userns before checking permissions.
349
+
* On non-idmapped mounts or if permission checking is to be performed on the
350
+
* raw inode simply passs init_user_ns.
377
351
*/
378
-
int generic_permission(struct inode *inode, int mask)
352
+
int generic_permission(struct user_namespace *mnt_userns, struct inode *inode,
353
+
int mask)
379
354
{
380
355
int ret;
381
356
382
357
/*
383
358
* Do the basic permission checks.
384
359
*/
385
-
ret = acl_permission_check(inode, mask);
360
+
ret = acl_permission_check(mnt_userns, inode, mask);
386
361
if (ret != -EACCES)
387
362
return ret;
388
363
389
364
if (S_ISDIR(inode->i_mode)) {
390
365
/* DACs are overridable for directories */
391
366
if (!(mask & MAY_WRITE))
392
-
if (capable_wrt_inode_uidgid(inode,
367
+
if (capable_wrt_inode_uidgid(mnt_userns, inode,
393
368
CAP_DAC_READ_SEARCH))
394
369
return 0;
395
-
if (capable_wrt_inode_uidgid(inode, CAP_DAC_OVERRIDE))
370
+
if (capable_wrt_inode_uidgid(mnt_userns, inode,
371
+
CAP_DAC_OVERRIDE))
396
372
return 0;
397
373
return -EACCES;
398
374
}
···
410
370
*/
411
371
mask &= MAY_READ | MAY_WRITE | MAY_EXEC;
412
372
if (mask == MAY_READ)
413
-
if (capable_wrt_inode_uidgid(inode, CAP_DAC_READ_SEARCH))
373
+
if (capable_wrt_inode_uidgid(mnt_userns, inode,
374
+
CAP_DAC_READ_SEARCH))
414
375
return 0;
415
376
/*
416
377
* Read/write DACs are always overridable.
···
419
378
* at least one exec bit set.
420
379
*/
421
380
if (!(mask & MAY_EXEC) || (inode->i_mode & S_IXUGO))
422
-
if (capable_wrt_inode_uidgid(inode, CAP_DAC_OVERRIDE))
381
+
if (capable_wrt_inode_uidgid(mnt_userns, inode,
382
+
CAP_DAC_OVERRIDE))
423
383
return 0;
424
384
425
385
return -EACCES;
426
386
}
427
387
EXPORT_SYMBOL(generic_permission);
428
388
429
-
/*
389
+
/**
390
+
* do_inode_permission - UNIX permission checking
391
+
* @mnt_userns: user namespace of the mount the inode was found from
392
+
* @inode: inode to check permissions on
393
+
* @mask: right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC ...)
394
+
*
430
395
* We _really_ want to just do "generic_permission()" without
431
396
* even looking at the inode->i_op values. So we keep a cache
432
397
* flag in inode->i_opflags, that says "this has not special
433
398
* permission function, use the fast case".
434
399
*/
435
-
static inline int do_inode_permission(struct inode *inode, int mask)
400
+
static inline int do_inode_permission(struct user_namespace *mnt_userns,
401
+
struct inode *inode, int mask)
436
402
{
437
403
if (unlikely(!(inode->i_opflags & IOP_FASTPERM))) {
438
404
if (likely(inode->i_op->permission))
439
-
return inode->i_op->permission(inode, mask);
405
+
return inode->i_op->permission(mnt_userns, inode, mask);
440
406
441
407
/* This gets set once for the inode lifetime */
442
408
spin_lock(&inode->i_lock);
443
409
inode->i_opflags |= IOP_FASTPERM;
444
410
spin_unlock(&inode->i_lock);
445
411
}
446
-
return generic_permission(inode, mask);
412
+
return generic_permission(mnt_userns, inode, mask);
447
413
}
448
414
449
415
/**
···
475
427
476
428
/**
477
429
* inode_permission - Check for access rights to a given inode
478
-
* @inode: Inode to check permission on
479
-
* @mask: Right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC)
430
+
* @mnt_userns: User namespace of the mount the inode was found from
431
+
* @inode: Inode to check permission on
432
+
* @mask: Right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC)
480
433
*
481
434
* Check for read/write/execute permissions on an inode. We use fs[ug]id for
482
435
* this, letting us set arbitrary permissions for filesystem access without
···
485
436
*
486
437
* When checking for MAY_APPEND, MAY_WRITE must also be set in @mask.
487
438
*/
488
-
int inode_permission(struct inode *inode, int mask)
439
+
int inode_permission(struct user_namespace *mnt_userns,
440
+
struct inode *inode, int mask)
489
441
{
490
442
int retval;
491
443
···
506
456
* written back improperly if their true value is unknown
507
457
* to the vfs.
508
458
*/
509
-
if (HAS_UNMAPPED_ID(inode))
459
+
if (HAS_UNMAPPED_ID(mnt_userns, inode))
510
460
return -EACCES;
511
461
}
512
462
513
-
retval = do_inode_permission(inode, mask);
463
+
retval = do_inode_permission(mnt_userns, inode, mask);
514
464
if (retval)
515
465
return retval;
516
466
···
1010
960
*/
1011
961
static inline int may_follow_link(struct nameidata *nd, const struct inode *inode)
1012
962
{
963
+
struct user_namespace *mnt_userns;
964
+
kuid_t i_uid;
965
+
1013
966
if (!sysctl_protected_symlinks)
1014
967
return 0;
1015
968
969
+
mnt_userns = mnt_user_ns(nd->path.mnt);
970
+
i_uid = i_uid_into_mnt(mnt_userns, inode);
1016
971
/* Allowed if owner and follower match. */
1017
-
if (uid_eq(current_cred()->fsuid, inode->i_uid))
972
+
if (uid_eq(current_cred()->fsuid, i_uid))
1018
973
return 0;
1019
974
1020
975
/* Allowed if parent directory not sticky and world-writable. */
···
1027
972
return 0;
1028
973
1029
974
/* Allowed if parent directory and link owner match. */
1030
-
if (uid_valid(nd->dir_uid) && uid_eq(nd->dir_uid, inode->i_uid))
975
+
if (uid_valid(nd->dir_uid) && uid_eq(nd->dir_uid, i_uid))
1031
976
return 0;
1032
977
1033
978
if (nd->flags & LOOKUP_RCU)
···
1040
985
1041
986
/**
1042
987
* safe_hardlink_source - Check for safe hardlink conditions
988
+
* @mnt_userns: user namespace of the mount the inode was found from
1043
989
* @inode: the source inode to hardlink from
1044
990
*
1045
991
* Return false if at least one of the following conditions:
···
1051
995
*
1052
996
* Otherwise returns true.
1053
997
*/
1054
-
static bool safe_hardlink_source(struct inode *inode)
998
+
static bool safe_hardlink_source(struct user_namespace *mnt_userns,
999
+
struct inode *inode)
1055
1000
{
1056
1001
umode_t mode = inode->i_mode;
1057
1002
···
1069
1012
return false;
1070
1013
1071
1014
/* Hardlinking to unreadable or unwritable sources is dangerous. */
1072
-
if (inode_permission(inode, MAY_READ | MAY_WRITE))
1015
+
if (inode_permission(mnt_userns, inode, MAY_READ | MAY_WRITE))
1073
1016
return false;
1074
1017
1075
1018
return true;
···
1077
1020
1078
1021
/**
1079
1022
* may_linkat - Check permissions for creating a hardlink
1023
+
* @mnt_userns: user namespace of the mount the inode was found from
1080
1024
* @link: the source to hardlink from
1081
1025
*
1082
1026
* Block hardlink when all of:
···
1086
1028
* - hardlink source is unsafe (see safe_hardlink_source() above)
1087
1029
* - not CAP_FOWNER in a namespace with the inode owner uid mapped
1088
1030
*
1031
+
* If the inode has been found through an idmapped mount the user namespace of
1032
+
* the vfsmount must be passed through @mnt_userns. This function will then take
1033
+
* care to map the inode according to @mnt_userns before checking permissions.
1034
+
* On non-idmapped mounts or if permission checking is to be performed on the
1035
+
* raw inode simply passs init_user_ns.
1036
+
*
1089
1037
* Returns 0 if successful, -ve on error.
1090
1038
*/
1091
-
int may_linkat(struct path *link)
1039
+
int may_linkat(struct user_namespace *mnt_userns, struct path *link)
1092
1040
{
1093
1041
struct inode *inode = link->dentry->d_inode;
1094
1042
1095
1043
/* Inode writeback is not safe when the uid or gid are invalid. */
1096
-
if (!uid_valid(inode->i_uid) || !gid_valid(inode->i_gid))
1044
+
if (!uid_valid(i_uid_into_mnt(mnt_userns, inode)) ||
1045
+
!gid_valid(i_gid_into_mnt(mnt_userns, inode)))
1097
1046
return -EOVERFLOW;
1098
1047
1099
1048
if (!sysctl_protected_hardlinks)
···
1109
1044
/* Source inode owner (or CAP_FOWNER) can hardlink all they like,
1110
1045
* otherwise, it must be a safe source.
1111
1046
*/
1112
-
if (safe_hardlink_source(inode) || inode_owner_or_capable(inode))
1047
+
if (safe_hardlink_source(mnt_userns, inode) ||
1048
+
inode_owner_or_capable(mnt_userns, inode))
1113
1049
return 0;
1114
1050
1115
1051
audit_log_path_denied(AUDIT_ANOM_LINK, "linkat");
···
1121
1055
* may_create_in_sticky - Check whether an O_CREAT open in a sticky directory
1122
1056
* should be allowed, or not, on files that already
1123
1057
* exist.
1058
+
* @mnt_userns: user namespace of the mount the inode was found from
1124
1059
* @dir_mode: mode bits of directory
1125
1060
* @dir_uid: owner of directory
1126
1061
* @inode: the inode of the file to open
···
1137
1070
* the directory doesn't have to be world writable: being group writable will
1138
1071
* be enough.
1139
1072
*
1073
+
* If the inode has been found through an idmapped mount the user namespace of
1074
+
* the vfsmount must be passed through @mnt_userns. This function will then take
1075
+
* care to map the inode according to @mnt_userns before checking permissions.
1076
+
* On non-idmapped mounts or if permission checking is to be performed on the
1077
+
* raw inode simply passs init_user_ns.
1078
+
*
1140
1079
* Returns 0 if the open is allowed, -ve on error.
1141
1080
*/
1142
-
static int may_create_in_sticky(umode_t dir_mode, kuid_t dir_uid,
1143
-
struct inode * const inode)
1081
+
static int may_create_in_sticky(struct user_namespace *mnt_userns,
1082
+
struct nameidata *nd, struct inode *const inode)
1144
1083
{
1084
+
umode_t dir_mode = nd->dir_mode;
1085
+
kuid_t dir_uid = nd->dir_uid;
1086
+
1145
1087
if ((!sysctl_protected_fifos && S_ISFIFO(inode->i_mode)) ||
1146
1088
(!sysctl_protected_regular && S_ISREG(inode->i_mode)) ||
1147
1089
likely(!(dir_mode & S_ISVTX)) ||
1148
-
uid_eq(inode->i_uid, dir_uid) ||
1149
-
uid_eq(current_fsuid(), inode->i_uid))
1090
+
uid_eq(i_uid_into_mnt(mnt_userns, inode), dir_uid) ||
1091
+
uid_eq(current_fsuid(), i_uid_into_mnt(mnt_userns, inode)))
1150
1092
return 0;
1151
1093
1152
1094
if (likely(dir_mode & 0002) ||
···
1645
1569
return res;
1646
1570
}
1647
1571
1648
-
static inline int may_lookup(struct nameidata *nd)
1572
+
static inline int may_lookup(struct user_namespace *mnt_userns,
1573
+
struct nameidata *nd)
1649
1574
{
1650
1575
if (nd->flags & LOOKUP_RCU) {
1651
-
int err = inode_permission(nd->inode, MAY_EXEC|MAY_NOT_BLOCK);
1576
+
int err = inode_permission(mnt_userns, nd->inode, MAY_EXEC|MAY_NOT_BLOCK);
1652
1577
if (err != -ECHILD || !try_to_unlazy(nd))
1653
1578
return err;
1654
1579
}
1655
-
return inode_permission(nd->inode, MAY_EXEC);
1580
+
return inode_permission(mnt_userns, nd->inode, MAY_EXEC);
1656
1581
}
1657
1582
1658
1583
static int reserve_stack(struct nameidata *nd, struct path *link, unsigned seq)
···
2199
2122
2200
2123
/* At this point we know we have a real path component. */
2201
2124
for(;;) {
2125
+
struct user_namespace *mnt_userns;
2202
2126
const char *link;
2203
2127
u64 hash_len;
2204
2128
int type;
2205
2129
2206
-
err = may_lookup(nd);
2130
+
mnt_userns = mnt_user_ns(nd->path.mnt);
2131
+
err = may_lookup(mnt_userns, nd);
2207
2132
if (err)
2208
2133
return err;
2209
2134
···
2253
2174
OK:
2254
2175
/* pathname or trailing symlink, done */
2255
2176
if (!depth) {
2256
-
nd->dir_uid = nd->inode->i_uid;
2177
+
nd->dir_uid = i_uid_into_mnt(mnt_userns, nd->inode);
2257
2178
nd->dir_mode = nd->inode->i_mode;
2258
2179
nd->flags &= ~LOOKUP_PARENT;
2259
2180
return 0;
···
2590
2511
return err;
2591
2512
}
2592
2513
2593
-
return inode_permission(base->d_inode, MAY_EXEC);
2514
+
return inode_permission(&init_user_ns, base->d_inode, MAY_EXEC);
2594
2515
}
2595
2516
2596
2517
/**
···
2735
2656
}
2736
2657
EXPORT_SYMBOL(user_path_at_empty);
2737
2658
2738
-
int __check_sticky(struct inode *dir, struct inode *inode)
2659
+
int __check_sticky(struct user_namespace *mnt_userns, struct inode *dir,
2660
+
struct inode *inode)
2739
2661
{
2740
2662
kuid_t fsuid = current_fsuid();
2741
2663
2742
-
if (uid_eq(inode->i_uid, fsuid))
2664
+
if (uid_eq(i_uid_into_mnt(mnt_userns, inode), fsuid))
2743
2665
return 0;
2744
-
if (uid_eq(dir->i_uid, fsuid))
2666
+
if (uid_eq(i_uid_into_mnt(mnt_userns, dir), fsuid))
2745
2667
return 0;
2746
-
return !capable_wrt_inode_uidgid(inode, CAP_FOWNER);
2668
+
return !capable_wrt_inode_uidgid(mnt_userns, inode, CAP_FOWNER);
2747
2669
}
2748
2670
EXPORT_SYMBOL(__check_sticky);
2749
2671
···
2768
2688
* 11. We don't allow removal of NFS sillyrenamed files; it's handled by
2769
2689
* nfs_async_unlink().
2770
2690
*/
2771
-
static int may_delete(struct inode *dir, struct dentry *victim, bool isdir)
2691
+
static int may_delete(struct user_namespace *mnt_userns, struct inode *dir,
2692
+
struct dentry *victim, bool isdir)
2772
2693
{
2773
2694
struct inode *inode = d_backing_inode(victim);
2774
2695
int error;
···
2781
2700
BUG_ON(victim->d_parent->d_inode != dir);
2782
2701
2783
2702
/* Inode writeback is not safe when the uid or gid are invalid. */
2784
-
if (!uid_valid(inode->i_uid) || !gid_valid(inode->i_gid))
2703
+
if (!uid_valid(i_uid_into_mnt(mnt_userns, inode)) ||
2704
+
!gid_valid(i_gid_into_mnt(mnt_userns, inode)))
2785
2705
return -EOVERFLOW;
2786
2706
2787
2707
audit_inode_child(dir, victim, AUDIT_TYPE_CHILD_DELETE);
2788
2708
2789
-
error = inode_permission(dir, MAY_WRITE | MAY_EXEC);
2709
+
error = inode_permission(mnt_userns, dir, MAY_WRITE | MAY_EXEC);
2790
2710
if (error)
2791
2711
return error;
2792
2712
if (IS_APPEND(dir))
2793
2713
return -EPERM;
2794
2714
2795
-
if (check_sticky(dir, inode) || IS_APPEND(inode) ||
2796
-
IS_IMMUTABLE(inode) || IS_SWAPFILE(inode) || HAS_UNMAPPED_ID(inode))
2715
+
if (check_sticky(mnt_userns, dir, inode) || IS_APPEND(inode) ||
2716
+
IS_IMMUTABLE(inode) || IS_SWAPFILE(inode) ||
2717
+
HAS_UNMAPPED_ID(mnt_userns, inode))
2797
2718
return -EPERM;
2798
2719
if (isdir) {
2799
2720
if (!d_is_dir(victim))
···
2820
2737
* 4. We should have write and exec permissions on dir
2821
2738
* 5. We can't do it if dir is immutable (done in permission())
2822
2739
*/
2823
-
static inline int may_create(struct inode *dir, struct dentry *child)
2740
+
static inline int may_create(struct user_namespace *mnt_userns,
2741
+
struct inode *dir, struct dentry *child)
2824
2742
{
2825
2743
struct user_namespace *s_user_ns;
2826
2744
audit_inode_child(dir, child, AUDIT_TYPE_CHILD_CREATE);
···
2830
2746
if (IS_DEADDIR(dir))
2831
2747
return -ENOENT;
2832
2748
s_user_ns = dir->i_sb->s_user_ns;
2833
-
if (!kuid_has_mapping(s_user_ns, current_fsuid()) ||
2834
-
!kgid_has_mapping(s_user_ns, current_fsgid()))
2749
+
if (!kuid_has_mapping(s_user_ns, fsuid_into_mnt(mnt_userns)) ||
2750
+
!kgid_has_mapping(s_user_ns, fsgid_into_mnt(mnt_userns)))
2835
2751
return -EOVERFLOW;
2836
-
return inode_permission(dir, MAY_WRITE | MAY_EXEC);
2752
+
return inode_permission(mnt_userns, dir, MAY_WRITE | MAY_EXEC);
2837
2753
}
2838
2754
2839
2755
/*
···
2880
2796
}
2881
2797
EXPORT_SYMBOL(unlock_rename);
2882
2798
2883
-
int vfs_create(struct inode *dir, struct dentry *dentry, umode_t mode,
2884
-
bool want_excl)
2799
+
/**
2800
+
* vfs_create - create new file
2801
+
* @mnt_userns: user namespace of the mount the inode was found from
2802
+
* @dir: inode of @dentry
2803
+
* @dentry: pointer to dentry of the base directory
2804
+
* @mode: mode of the new file
2805
+
* @want_excl: whether the file must not yet exist
2806
+
*
2807
+
* Create a new file.
2808
+
*
2809
+
* If the inode has been found through an idmapped mount the user namespace of
2810
+
* the vfsmount must be passed through @mnt_userns. This function will then take
2811
+
* care to map the inode according to @mnt_userns before checking permissions.
2812
+
* On non-idmapped mounts or if permission checking is to be performed on the
2813
+
* raw inode simply passs init_user_ns.
2814
+
*/
2815
+
int vfs_create(struct user_namespace *mnt_userns, struct inode *dir,
2816
+
struct dentry *dentry, umode_t mode, bool want_excl)
2885
2817
{
2886
-
int error = may_create(dir, dentry);
2818
+
int error = may_create(mnt_userns, dir, dentry);
2887
2819
if (error)
2888
2820
return error;
2889
2821
···
2910
2810
error = security_inode_create(dir, dentry, mode);
2911
2811
if (error)
2912
2812
return error;
2913
-
error = dir->i_op->create(dir, dentry, mode, want_excl);
2813
+
error = dir->i_op->create(mnt_userns, dir, dentry, mode, want_excl);
2914
2814
if (!error)
2915
2815
fsnotify_create(dir, dentry);
2916
2816
return error;
···
2922
2822
void *arg)
2923
2823
{
2924
2824
struct inode *dir = dentry->d_parent->d_inode;
2925
-
int error = may_create(dir, dentry);
2825
+
int error = may_create(&init_user_ns, dir, dentry);
2926
2826
if (error)
2927
2827
return error;
2928
2828
···
2944
2844
!(path->mnt->mnt_sb->s_iflags & SB_I_NODEV);
2945
2845
}
2946
2846
2947
-
static int may_open(const struct path *path, int acc_mode, int flag)
2847
+
static int may_open(struct user_namespace *mnt_userns, const struct path *path,
2848
+
int acc_mode, int flag)
2948
2849
{
2949
2850
struct dentry *dentry = path->dentry;
2950
2851
struct inode *inode = dentry->d_inode;
···
2980
2879
break;
2981
2880
}
2982
2881
2983
-
error = inode_permission(inode, MAY_OPEN | acc_mode);
2882
+
error = inode_permission(mnt_userns, inode, MAY_OPEN | acc_mode);
2984
2883
if (error)
2985
2884
return error;
2986
2885
···
2995
2894
}
2996
2895
2997
2896
/* O_NOATIME can only be set by the owner or superuser */
2998
-
if (flag & O_NOATIME && !inode_owner_or_capable(inode))
2897
+
if (flag & O_NOATIME && !inode_owner_or_capable(mnt_userns, inode))
2999
2898
return -EPERM;
3000
2899
3001
2900
return 0;
3002
2901
}
3003
2902
3004
-
static int handle_truncate(struct file *filp)
2903
+
static int handle_truncate(struct user_namespace *mnt_userns, struct file *filp)
3005
2904
{
3006
2905
const struct path *path = &filp->f_path;
3007
2906
struct inode *inode = path->dentry->d_inode;
···
3015
2914
if (!error)
3016
2915
error = security_path_truncate(path);
3017
2916
if (!error) {
3018
-
error = do_truncate(path->dentry, 0,
2917
+
error = do_truncate(mnt_userns, path->dentry, 0,
3019
2918
ATTR_MTIME|ATTR_CTIME|ATTR_OPEN,
3020
2919
filp);
3021
2920
}
···
3030
2929
return flag;
3031
2930
}
3032
2931
3033
-
static int may_o_create(const struct path *dir, struct dentry *dentry, umode_t mode)
2932
+
static int may_o_create(struct user_namespace *mnt_userns,
2933
+
const struct path *dir, struct dentry *dentry,
2934
+
umode_t mode)
3034
2935
{
3035
2936
struct user_namespace *s_user_ns;
3036
2937
int error = security_path_mknod(dir, dentry, mode, 0);
···
3040
2937
return error;
3041
2938
3042
2939
s_user_ns = dir->dentry->d_sb->s_user_ns;
3043
-
if (!kuid_has_mapping(s_user_ns, current_fsuid()) ||
3044
-
!kgid_has_mapping(s_user_ns, current_fsgid()))
2940
+
if (!kuid_has_mapping(s_user_ns, fsuid_into_mnt(mnt_userns)) ||
2941
+
!kgid_has_mapping(s_user_ns, fsgid_into_mnt(mnt_userns)))
3045
2942
return -EOVERFLOW;
3046
2943
3047
-
error = inode_permission(dir->dentry->d_inode, MAY_WRITE | MAY_EXEC);
2944
+
error = inode_permission(mnt_userns, dir->dentry->d_inode,
2945
+
MAY_WRITE | MAY_EXEC);
3048
2946
if (error)
3049
2947
return error;
3050
2948
···
3124
3020
const struct open_flags *op,
3125
3021
bool got_write)
3126
3022
{
3023
+
struct user_namespace *mnt_userns;
3127
3024
struct dentry *dir = nd->path.dentry;
3128
3025
struct inode *dir_inode = dir->d_inode;
3129
3026
int open_flag = op->open_flag;
···
3172
3067
*/
3173
3068
if (unlikely(!got_write))
3174
3069
open_flag &= ~O_TRUNC;
3070
+
mnt_userns = mnt_user_ns(nd->path.mnt);
3175
3071
if (open_flag & O_CREAT) {
3176
3072
if (open_flag & O_EXCL)
3177
3073
open_flag &= ~O_TRUNC;
3178
3074
if (!IS_POSIXACL(dir->d_inode))
3179
3075
mode &= ~current_umask();
3180
3076
if (likely(got_write))
3181
-
create_error = may_o_create(&nd->path, dentry, mode);
3077
+
create_error = may_o_create(mnt_userns, &nd->path,
3078
+
dentry, mode);
3182
3079
else
3183
3080
create_error = -EROFS;
3184
3081
}
···
3215
3108
error = -EACCES;
3216
3109
goto out_dput;
3217
3110
}
3218
-
error = dir_inode->i_op->create(dir_inode, dentry, mode,
3219
-
open_flag & O_EXCL);
3111
+
3112
+
error = dir_inode->i_op->create(mnt_userns, dir_inode, dentry,
3113
+
mode, open_flag & O_EXCL);
3220
3114
if (error)
3221
3115
goto out_dput;
3222
3116
}
···
3321
3213
static int do_open(struct nameidata *nd,
3322
3214
struct file *file, const struct open_flags *op)
3323
3215
{
3216
+
struct user_namespace *mnt_userns;
3324
3217
int open_flag = op->open_flag;
3325
3218
bool do_truncate;
3326
3219
int acc_mode;
···
3334
3225
}
3335
3226
if (!(file->f_mode & FMODE_CREATED))
3336
3227
audit_inode(nd->name, nd->path.dentry, 0);
3228
+
mnt_userns = mnt_user_ns(nd->path.mnt);
3337
3229
if (open_flag & O_CREAT) {
3338
3230
if ((open_flag & O_EXCL) && !(file->f_mode & FMODE_CREATED))
3339
3231
return -EEXIST;
3340
3232
if (d_is_dir(nd->path.dentry))
3341
3233
return -EISDIR;
3342
-
error = may_create_in_sticky(nd->dir_mode, nd->dir_uid,
3234
+
error = may_create_in_sticky(mnt_userns, nd,
3343
3235
d_backing_inode(nd->path.dentry));
3344
3236
if (unlikely(error))
3345
3237
return error;
···
3360
3250
return error;
3361
3251
do_truncate = true;
3362
3252
}
3363
-
error = may_open(&nd->path, acc_mode, open_flag);
3253
+
error = may_open(mnt_userns, &nd->path, acc_mode, open_flag);
3364
3254
if (!error && !(file->f_mode & FMODE_OPENED))
3365
3255
error = vfs_open(&nd->path, file);
3366
3256
if (!error)
3367
3257
error = ima_file_check(file, op->acc_mode);
3368
3258
if (!error && do_truncate)
3369
-
error = handle_truncate(file);
3259
+
error = handle_truncate(mnt_userns, file);
3370
3260
if (unlikely(error > 0)) {
3371
3261
WARN_ON(1);
3372
3262
error = -EINVAL;
···
3376
3266
return error;
3377
3267
}
3378
3268
3379
-
struct dentry *vfs_tmpfile(struct dentry *dentry, umode_t mode, int open_flag)
3269
+
/**
3270
+
* vfs_tmpfile - create tmpfile
3271
+
* @mnt_userns: user namespace of the mount the inode was found from
3272
+
* @dentry: pointer to dentry of the base directory
3273
+
* @mode: mode of the new tmpfile
3274
+
* @open_flags: flags
3275
+
*
3276
+
* Create a temporary file.
3277
+
*
3278
+
* If the inode has been found through an idmapped mount the user namespace of
3279
+
* the vfsmount must be passed through @mnt_userns. This function will then take
3280
+
* care to map the inode according to @mnt_userns before checking permissions.
3281
+
* On non-idmapped mounts or if permission checking is to be performed on the
3282
+
* raw inode simply passs init_user_ns.
3283
+
*/
3284
+
struct dentry *vfs_tmpfile(struct user_namespace *mnt_userns,
3285
+
struct dentry *dentry, umode_t mode, int open_flag)
3380
3286
{
3381
3287
struct dentry *child = NULL;
3382
3288
struct inode *dir = dentry->d_inode;
···
3400
3274
int error;
3401
3275
3402
3276
/* we want directory to be writable */
3403
-
error = inode_permission(dir, MAY_WRITE | MAY_EXEC);
3277
+
error = inode_permission(mnt_userns, dir, MAY_WRITE | MAY_EXEC);
3404
3278
if (error)
3405
3279
goto out_err;
3406
3280
error = -EOPNOTSUPP;
···
3410
3284
child = d_alloc(dentry, &slash_name);
3411
3285
if (unlikely(!child))
3412
3286
goto out_err;
3413
-
error = dir->i_op->tmpfile(dir, child, mode);
3287
+
error = dir->i_op->tmpfile(mnt_userns, dir, child, mode);
3414
3288
if (error)
3415
3289
goto out_err;
3416
3290
error = -ENOENT;
···
3422
3296
inode->i_state |= I_LINKABLE;
3423
3297
spin_unlock(&inode->i_lock);
3424
3298
}
3425
-
ima_post_create_tmpfile(inode);
3299
+
ima_post_create_tmpfile(mnt_userns, inode);
3426
3300
return child;
3427
3301
3428
3302
out_err:
···
3435
3309
const struct open_flags *op,
3436
3310
struct file *file)
3437
3311
{
3312
+
struct user_namespace *mnt_userns;
3438
3313
struct dentry *child;
3439
3314
struct path path;
3440
3315
int error = path_lookupat(nd, flags | LOOKUP_DIRECTORY, &path);
···
3444
3317
error = mnt_want_write(path.mnt);
3445
3318
if (unlikely(error))
3446
3319
goto out;
3447
-
child = vfs_tmpfile(path.dentry, op->mode, op->open_flag);
3320
+
mnt_userns = mnt_user_ns(path.mnt);
3321
+
child = vfs_tmpfile(mnt_userns, path.dentry, op->mode, op->open_flag);
3448
3322
error = PTR_ERR(child);
3449
3323
if (IS_ERR(child))
3450
3324
goto out2;
···
3453
3325
path.dentry = child;
3454
3326
audit_inode(nd->name, child, 0);
3455
3327
/* Don't check for other permissions, the inode was just created */
3456
-
error = may_open(&path, 0, op->open_flag);
3328
+
error = may_open(mnt_userns, &path, 0, op->open_flag);
3457
3329
if (!error)
3458
3330
error = vfs_open(&path, file);
3459
3331
out2:
···
3655
3527
}
3656
3528
EXPORT_SYMBOL(user_path_create);
3657
3529
3658
-
int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
3530
+
/**
3531
+
* vfs_mknod - create device node or file
3532
+
* @mnt_userns: user namespace of the mount the inode was found from
3533
+
* @dir: inode of @dentry
3534
+
* @dentry: pointer to dentry of the base directory
3535
+
* @mode: mode of the new device node or file
3536
+
* @dev: device number of device to create
3537
+
*
3538
+
* Create a device node or file.
3539
+
*
3540
+
* If the inode has been found through an idmapped mount the user namespace of
3541
+
* the vfsmount must be passed through @mnt_userns. This function will then take
3542
+
* care to map the inode according to @mnt_userns before checking permissions.
3543
+
* On non-idmapped mounts or if permission checking is to be performed on the
3544
+
* raw inode simply passs init_user_ns.
3545
+
*/
3546
+
int vfs_mknod(struct user_namespace *mnt_userns, struct inode *dir,
3547
+
struct dentry *dentry, umode_t mode, dev_t dev)
3659
3548
{
3660
3549
bool is_whiteout = S_ISCHR(mode) && dev == WHITEOUT_DEV;
3661
-
int error = may_create(dir, dentry);
3550
+
int error = may_create(mnt_userns, dir, dentry);
3662
3551
3663
3552
if (error)
3664
3553
return error;
···
3695
3550
if (error)
3696
3551
return error;
3697
3552
3698
-
error = dir->i_op->mknod(dir, dentry, mode, dev);
3553
+
error = dir->i_op->mknod(mnt_userns, dir, dentry, mode, dev);
3699
3554
if (!error)
3700
3555
fsnotify_create(dir, dentry);
3701
3556
return error;
···
3722
3577
static long do_mknodat(int dfd, const char __user *filename, umode_t mode,
3723
3578
unsigned int dev)
3724
3579
{
3580
+
struct user_namespace *mnt_userns;
3725
3581
struct dentry *dentry;
3726
3582
struct path path;
3727
3583
int error;
···
3741
3595
error = security_path_mknod(&path, dentry, mode, dev);
3742
3596
if (error)
3743
3597
goto out;
3598
+
3599
+
mnt_userns = mnt_user_ns(path.mnt);
3744
3600
switch (mode & S_IFMT) {
3745
3601
case 0: case S_IFREG:
3746
-
error = vfs_create(path.dentry->d_inode,dentry,mode,true);
3602
+
error = vfs_create(mnt_userns, path.dentry->d_inode,
3603
+
dentry, mode, true);
3747
3604
if (!error)
3748
-
ima_post_path_mknod(dentry);
3605
+
ima_post_path_mknod(mnt_userns, dentry);
3749
3606
break;
3750
3607
case S_IFCHR: case S_IFBLK:
3751
-
error = vfs_mknod(path.dentry->d_inode,dentry,mode,
3752
-
new_decode_dev(dev));
3608
+
error = vfs_mknod(mnt_userns, path.dentry->d_inode,
3609
+
dentry, mode, new_decode_dev(dev));
3753
3610
break;
3754
3611
case S_IFIFO: case S_IFSOCK:
3755
-
error = vfs_mknod(path.dentry->d_inode,dentry,mode,0);
3612
+
error = vfs_mknod(mnt_userns, path.dentry->d_inode,
3613
+
dentry, mode, 0);
3756
3614
break;
3757
3615
}
3758
3616
out:
···
3779
3629
return do_mknodat(AT_FDCWD, filename, mode, dev);
3780
3630
}
3781
3631
3782
-
int vfs_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
3632
+
/**
3633
+
* vfs_mkdir - create directory
3634
+
* @mnt_userns: user namespace of the mount the inode was found from
3635
+
* @dir: inode of @dentry
3636
+
* @dentry: pointer to dentry of the base directory
3637
+
* @mode: mode of the new directory
3638
+
*
3639
+
* Create a directory.
3640
+
*
3641
+
* If the inode has been found through an idmapped mount the user namespace of
3642
+
* the vfsmount must be passed through @mnt_userns. This function will then take
3643
+
* care to map the inode according to @mnt_userns before checking permissions.
3644
+
* On non-idmapped mounts or if permission checking is to be performed on the
3645
+
* raw inode simply passs init_user_ns.
3646
+
*/
3647
+
int vfs_mkdir(struct user_namespace *mnt_userns, struct inode *dir,
3648
+
struct dentry *dentry, umode_t mode)
3783
3649
{
3784
-
int error = may_create(dir, dentry);
3650
+
int error = may_create(mnt_userns, dir, dentry);
3785
3651
unsigned max_links = dir->i_sb->s_max_links;
3786
3652
3787
3653
if (error)
···
3814
3648
if (max_links && dir->i_nlink >= max_links)
3815
3649
return -EMLINK;
3816
3650
3817
-
error = dir->i_op->mkdir(dir, dentry, mode);
3651
+
error = dir->i_op->mkdir(mnt_userns, dir, dentry, mode);
3818
3652
if (!error)
3819
3653
fsnotify_mkdir(dir, dentry);
3820
3654
return error;
···
3836
3670
if (!IS_POSIXACL(path.dentry->d_inode))
3837
3671
mode &= ~current_umask();
3838
3672
error = security_path_mkdir(&path, dentry, mode);
3839
-
if (!error)
3840
-
error = vfs_mkdir(path.dentry->d_inode, dentry, mode);
3673
+
if (!error) {
3674
+
struct user_namespace *mnt_userns;
3675
+
mnt_userns = mnt_user_ns(path.mnt);
3676
+
error = vfs_mkdir(mnt_userns, path.dentry->d_inode, dentry,
3677
+
mode);
3678
+
}
3841
3679
done_path_create(&path, dentry);
3842
3680
if (retry_estale(error, lookup_flags)) {
3843
3681
lookup_flags |= LOOKUP_REVAL;
···
3860
3690
return do_mkdirat(AT_FDCWD, pathname, mode);
3861
3691
}
3862
3692
3863
-
int vfs_rmdir(struct inode *dir, struct dentry *dentry)
3693
+
/**
3694
+
* vfs_rmdir - remove directory
3695
+
* @mnt_userns: user namespace of the mount the inode was found from
3696
+
* @dir: inode of @dentry
3697
+
* @dentry: pointer to dentry of the base directory
3698
+
*
3699
+
* Remove a directory.
3700
+
*
3701
+
* If the inode has been found through an idmapped mount the user namespace of
3702
+
* the vfsmount must be passed through @mnt_userns. This function will then take
3703
+
* care to map the inode according to @mnt_userns before checking permissions.
3704
+
* On non-idmapped mounts or if permission checking is to be performed on the
3705
+
* raw inode simply passs init_user_ns.
3706
+
*/
3707
+
int vfs_rmdir(struct user_namespace *mnt_userns, struct inode *dir,
3708
+
struct dentry *dentry)
3864
3709
{
3865
-
int error = may_delete(dir, dentry, 1);
3710
+
int error = may_delete(mnt_userns, dir, dentry, 1);
3866
3711
3867
3712
if (error)
3868
3713
return error;
···
3917
3732
3918
3733
long do_rmdir(int dfd, struct filename *name)
3919
3734
{
3735
+
struct user_namespace *mnt_userns;
3920
3736
int error = 0;
3921
3737
struct dentry *dentry;
3922
3738
struct path path;
···
3958
3772
error = security_path_rmdir(&path, dentry);
3959
3773
if (error)
3960
3774
goto exit3;
3961
-
error = vfs_rmdir(path.dentry->d_inode, dentry);
3775
+
mnt_userns = mnt_user_ns(path.mnt);
3776
+
error = vfs_rmdir(mnt_userns, path.dentry->d_inode, dentry);
3962
3777
exit3:
3963
3778
dput(dentry);
3964
3779
exit2:
···
3982
3795
3983
3796
/**
3984
3797
* vfs_unlink - unlink a filesystem object
3798
+
* @mnt_userns: user namespace of the mount the inode was found from
3985
3799
* @dir: parent directory
3986
3800
* @dentry: victim
3987
3801
* @delegated_inode: returns victim inode, if the inode is delegated.
···
3998
3810
* Alternatively, a caller may pass NULL for delegated_inode. This may
3999
3811
* be appropriate for callers that expect the underlying filesystem not
4000
3812
* to be NFS exported.
3813
+
*
3814
+
* If the inode has been found through an idmapped mount the user namespace of
3815
+
* the vfsmount must be passed through @mnt_userns. This function will then take
3816
+
* care to map the inode according to @mnt_userns before checking permissions.
3817
+
* On non-idmapped mounts or if permission checking is to be performed on the
3818
+
* raw inode simply passs init_user_ns.
4001
3819
*/
4002
-
int vfs_unlink(struct inode *dir, struct dentry *dentry, struct inode **delegated_inode)
3820
+
int vfs_unlink(struct user_namespace *mnt_userns, struct inode *dir,
3821
+
struct dentry *dentry, struct inode **delegated_inode)
4003
3822
{
4004
3823
struct inode *target = dentry->d_inode;
4005
-
int error = may_delete(dir, dentry, 0);
3824
+
int error = may_delete(mnt_userns, dir, dentry, 0);
4006
3825
4007
3826
if (error)
4008
3827
return error;
···
4080
3885
dentry = __lookup_hash(&last, path.dentry, lookup_flags);
4081
3886
error = PTR_ERR(dentry);
4082
3887
if (!IS_ERR(dentry)) {
3888
+
struct user_namespace *mnt_userns;
3889
+
4083
3890
/* Why not before? Because we want correct error value */
4084
3891
if (last.name[last.len])
4085
3892
goto slashes;
···
4092
3895
error = security_path_unlink(&path, dentry);
4093
3896
if (error)
4094
3897
goto exit2;
4095
-
error = vfs_unlink(path.dentry->d_inode, dentry, &delegated_inode);
3898
+
mnt_userns = mnt_user_ns(path.mnt);
3899
+
error = vfs_unlink(mnt_userns, path.dentry->d_inode, dentry,
3900
+
&delegated_inode);
4096
3901
exit2:
4097
3902
dput(dentry);
4098
3903
}
···
4143
3944
return do_unlinkat(AT_FDCWD, getname(pathname));
4144
3945
}
4145
3946
4146
-
int vfs_symlink(struct inode *dir, struct dentry *dentry, const char *oldname)
3947
+
/**
3948
+
* vfs_symlink - create symlink
3949
+
* @mnt_userns: user namespace of the mount the inode was found from
3950
+
* @dir: inode of @dentry
3951
+
* @dentry: pointer to dentry of the base directory
3952
+
* @oldname: name of the file to link to
3953
+
*
3954
+
* Create a symlink.
3955
+
*
3956
+
* If the inode has been found through an idmapped mount the user namespace of
3957
+
* the vfsmount must be passed through @mnt_userns. This function will then take
3958
+
* care to map the inode according to @mnt_userns before checking permissions.
3959
+
* On non-idmapped mounts or if permission checking is to be performed on the
3960
+
* raw inode simply passs init_user_ns.
3961
+
*/
3962
+
int vfs_symlink(struct user_namespace *mnt_userns, struct inode *dir,
3963
+
struct dentry *dentry, const char *oldname)
4147
3964
{
4148
-
int error = may_create(dir, dentry);
3965
+
int error = may_create(mnt_userns, dir, dentry);
4149
3966
4150
3967
if (error)
4151
3968
return error;
···
4173
3958
if (error)
4174
3959
return error;
4175
3960
4176
-
error = dir->i_op->symlink(dir, dentry, oldname);
3961
+
error = dir->i_op->symlink(mnt_userns, dir, dentry, oldname);
4177
3962
if (!error)
4178
3963
fsnotify_create(dir, dentry);
4179
3964
return error;
···
4199
3984
goto out_putname;
4200
3985
4201
3986
error = security_path_symlink(&path, dentry, from->name);
4202
-
if (!error)
4203
-
error = vfs_symlink(path.dentry->d_inode, dentry, from->name);
3987
+
if (!error) {
3988
+
struct user_namespace *mnt_userns;
3989
+
3990
+
mnt_userns = mnt_user_ns(path.mnt);
3991
+
error = vfs_symlink(mnt_userns, path.dentry->d_inode, dentry,
3992
+
from->name);
3993
+
}
4204
3994
done_path_create(&path, dentry);
4205
3995
if (retry_estale(error, lookup_flags)) {
4206
3996
lookup_flags |= LOOKUP_REVAL;
···
4230
4010
/**
4231
4011
* vfs_link - create a new link
4232
4012
* @old_dentry: object to be linked
4013
+
* @mnt_userns: the user namespace of the mount
4233
4014
* @dir: new parent
4234
4015
* @new_dentry: where to create the new link
4235
4016
* @delegated_inode: returns inode needing a delegation break
···
4246
4025
* Alternatively, a caller may pass NULL for delegated_inode. This may
4247
4026
* be appropriate for callers that expect the underlying filesystem not
4248
4027
* to be NFS exported.
4028
+
*
4029
+
* If the inode has been found through an idmapped mount the user namespace of
4030
+
* the vfsmount must be passed through @mnt_userns. This function will then take
4031
+
* care to map the inode according to @mnt_userns before checking permissions.
4032
+
* On non-idmapped mounts or if permission checking is to be performed on the
4033
+
* raw inode simply passs init_user_ns.
4249
4034
*/
4250
-
int vfs_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry, struct inode **delegated_inode)
4035
+
int vfs_link(struct dentry *old_dentry, struct user_namespace *mnt_userns,
4036
+
struct inode *dir, struct dentry *new_dentry,
4037
+
struct inode **delegated_inode)
4251
4038
{
4252
4039
struct inode *inode = old_dentry->d_inode;
4253
4040
unsigned max_links = dir->i_sb->s_max_links;
···
4264
4035
if (!inode)
4265
4036
return -ENOENT;
4266
4037
4267
-
error = may_create(dir, new_dentry);
4038
+
error = may_create(mnt_userns, dir, new_dentry);
4268
4039
if (error)
4269
4040
return error;
4270
4041
···
4281
4052
* be writen back improperly if their true value is unknown to
4282
4053
* the vfs.
4283
4054
*/
4284
-
if (HAS_UNMAPPED_ID(inode))
4055
+
if (HAS_UNMAPPED_ID(mnt_userns, inode))
4285
4056
return -EPERM;
4286
4057
if (!dir->i_op->link)
4287
4058
return -EPERM;
···
4328
4099
static int do_linkat(int olddfd, const char __user *oldname, int newdfd,
4329
4100
const char __user *newname, int flags)
4330
4101
{
4102
+
struct user_namespace *mnt_userns;
4331
4103
struct dentry *new_dentry;
4332
4104
struct path old_path, new_path;
4333
4105
struct inode *delegated_inode = NULL;
···
4364
4134
error = -EXDEV;
4365
4135
if (old_path.mnt != new_path.mnt)
4366
4136
goto out_dput;
4367
-
error = may_linkat(&old_path);
4137
+
mnt_userns = mnt_user_ns(new_path.mnt);
4138
+
error = may_linkat(mnt_userns, &old_path);
4368
4139
if (unlikely(error))
4369
4140
goto out_dput;
4370
4141
error = security_path_link(old_path.dentry, &new_path, new_dentry);
4371
4142
if (error)
4372
4143
goto out_dput;
4373
-
error = vfs_link(old_path.dentry, new_path.dentry->d_inode, new_dentry, &delegated_inode);
4144
+
error = vfs_link(old_path.dentry, mnt_userns, new_path.dentry->d_inode,
4145
+
new_dentry, &delegated_inode);
4374
4146
out_dput:
4375
4147
done_path_create(&new_path, new_dentry);
4376
4148
if (delegated_inode) {
···
4406
4174
4407
4175
/**
4408
4176
* vfs_rename - rename a filesystem object
4409
-
* @old_dir: parent of source
4410
-
* @old_dentry: source
4411
-
* @new_dir: parent of destination
4412
-
* @new_dentry: destination
4413
-
* @delegated_inode: returns an inode needing a delegation break
4414
-
* @flags: rename flags
4177
+
* @old_mnt_userns: old user namespace of the mount the inode was found from
4178
+
* @old_dir: parent of source
4179
+
* @old_dentry: source
4180
+
* @new_mnt_userns: new user namespace of the mount the inode was found from
4181
+
* @new_dir: parent of destination
4182
+
* @new_dentry: destination
4183
+
* @delegated_inode: returns an inode needing a delegation break
4184
+
* @flags: rename flags
4415
4185
*
4416
4186
* The caller must hold multiple mutexes--see lock_rename()).
4417
4187
*
···
4456
4222
* ->i_mutex on parents, which works but leads to some truly excessive
4457
4223
* locking].
4458
4224
*/
4459
-
int vfs_rename(struct inode *old_dir, struct dentry *old_dentry,
4460
-
struct inode *new_dir, struct dentry *new_dentry,
4461
-
struct inode **delegated_inode, unsigned int flags)
4225
+
int vfs_rename(struct renamedata *rd)
4462
4226
{
4463
4227
int error;
4228
+
struct inode *old_dir = rd->old_dir, *new_dir = rd->new_dir;
4229
+
struct dentry *old_dentry = rd->old_dentry;
4230
+
struct dentry *new_dentry = rd->new_dentry;
4231
+
struct inode **delegated_inode = rd->delegated_inode;
4232
+
unsigned int flags = rd->flags;
4464
4233
bool is_dir = d_is_dir(old_dentry);
4465
4234
struct inode *source = old_dentry->d_inode;
4466
4235
struct inode *target = new_dentry->d_inode;
···
4474
4237
if (source == target)
4475
4238
return 0;
4476
4239
4477
-
error = may_delete(old_dir, old_dentry, is_dir);
4240
+
error = may_delete(rd->old_mnt_userns, old_dir, old_dentry, is_dir);
4478
4241
if (error)
4479
4242
return error;
4480
4243
4481
4244
if (!target) {
4482
-
error = may_create(new_dir, new_dentry);
4245
+
error = may_create(rd->new_mnt_userns, new_dir, new_dentry);
4483
4246
} else {
4484
4247
new_is_dir = d_is_dir(new_dentry);
4485
4248
4486
4249
if (!(flags & RENAME_EXCHANGE))
4487
-
error = may_delete(new_dir, new_dentry, is_dir);
4250
+
error = may_delete(rd->new_mnt_userns, new_dir,
4251
+
new_dentry, is_dir);
4488
4252
else
4489
-
error = may_delete(new_dir, new_dentry, new_is_dir);
4253
+
error = may_delete(rd->new_mnt_userns, new_dir,
4254
+
new_dentry, new_is_dir);
4490
4255
}
4491
4256
if (error)
4492
4257
return error;
···
4502
4263
*/
4503
4264
if (new_dir != old_dir) {
4504
4265
if (is_dir) {
4505
-
error = inode_permission(source, MAY_WRITE);
4266
+
error = inode_permission(rd->old_mnt_userns, source,
4267
+
MAY_WRITE);
4506
4268
if (error)
4507
4269
return error;
4508
4270
}
4509
4271
if ((flags & RENAME_EXCHANGE) && new_is_dir) {
4510
-
error = inode_permission(target, MAY_WRITE);
4272
+
error = inode_permission(rd->new_mnt_userns, target,
4273
+
MAY_WRITE);
4511
4274
if (error)
4512
4275
return error;
4513
4276
}
···
4549
4308
if (error)
4550
4309
goto out;
4551
4310
}
4552
-
error = old_dir->i_op->rename(old_dir, old_dentry,
4553
-
new_dir, new_dentry, flags);
4311
+
error = old_dir->i_op->rename(rd->new_mnt_userns, old_dir, old_dentry,
4312
+
new_dir, new_dentry, flags);
4554
4313
if (error)
4555
4314
goto out;
4556
4315
···
4591
4350
int do_renameat2(int olddfd, struct filename *from, int newdfd,
4592
4351
struct filename *to, unsigned int flags)
4593
4352
{
4353
+
struct renamedata rd;
4594
4354
struct dentry *old_dentry, *new_dentry;
4595
4355
struct dentry *trap;
4596
4356
struct path old_path, new_path;
···
4695
4453
&new_path, new_dentry, flags);
4696
4454
if (error)
4697
4455
goto exit5;
4698
-
error = vfs_rename(old_path.dentry->d_inode, old_dentry,
4699
-
new_path.dentry->d_inode, new_dentry,
4700
-
&delegated_inode, flags);
4456
+
4457
+
rd.old_dir = old_path.dentry->d_inode;
4458
+
rd.old_dentry = old_dentry;
4459
+
rd.old_mnt_userns = mnt_user_ns(old_path.mnt);
4460
+
rd.new_dir = new_path.dentry->d_inode;
4461
+
rd.new_dentry = new_dentry;
4462
+
rd.new_mnt_userns = mnt_user_ns(new_path.mnt);
4463
+
rd.delegated_inode = &delegated_inode;
4464
+
rd.flags = flags;
4465
+
error = vfs_rename(&rd);
4701
4466
exit5:
4702
4467
dput(new_dentry);
4703
4468
exit4:
+444
-40
fs/namespace.c
+444
-40
fs/namespace.c
···
25
25
#include <linux/proc_ns.h>
26
26
#include <linux/magic.h>
27
27
#include <linux/memblock.h>
28
+
#include <linux/proc_fs.h>
28
29
#include <linux/task_work.h>
29
30
#include <linux/sched/task.h>
30
31
#include <uapi/linux/mount.h>
···
74
73
static HLIST_HEAD(unmounted); /* protected by namespace_sem */
75
74
static LIST_HEAD(ex_mountpoints); /* protected by namespace_sem */
76
75
76
+
struct mount_kattr {
77
+
unsigned int attr_set;
78
+
unsigned int attr_clr;
79
+
unsigned int propagation;
80
+
unsigned int lookup_flags;
81
+
bool recurse;
82
+
struct user_namespace *mnt_userns;
83
+
};
84
+
77
85
/* /sys/fs */
78
86
struct kobject *fs_kobj;
79
87
EXPORT_SYMBOL_GPL(fs_kobj);
···
96
86
* tree or hash is modified or when a vfsmount structure is modified.
97
87
*/
98
88
__cacheline_aligned_in_smp DEFINE_SEQLOCK(mount_lock);
89
+
90
+
static inline void lock_mount_hash(void)
91
+
{
92
+
write_seqlock(&mount_lock);
93
+
}
94
+
95
+
static inline void unlock_mount_hash(void)
96
+
{
97
+
write_sequnlock(&mount_lock);
98
+
}
99
99
100
100
static inline struct hlist_head *m_hash(struct vfsmount *mnt, struct dentry *dentry)
101
101
{
···
230
210
INIT_HLIST_NODE(&mnt->mnt_mp_list);
231
211
INIT_LIST_HEAD(&mnt->mnt_umounting);
232
212
INIT_HLIST_HEAD(&mnt->mnt_stuck_children);
213
+
mnt->mnt.mnt_userns = &init_user_ns;
233
214
}
234
215
return mnt;
235
216
···
480
459
}
481
460
EXPORT_SYMBOL(mnt_drop_write_file);
482
461
483
-
static int mnt_make_readonly(struct mount *mnt)
462
+
static inline int mnt_hold_writers(struct mount *mnt)
484
463
{
485
-
int ret = 0;
486
-
487
-
lock_mount_hash();
488
464
mnt->mnt.mnt_flags |= MNT_WRITE_HOLD;
489
465
/*
490
466
* After storing MNT_WRITE_HOLD, we'll read the counters. This store
···
506
488
* we're counting up here.
507
489
*/
508
490
if (mnt_get_writers(mnt) > 0)
509
-
ret = -EBUSY;
510
-
else
511
-
mnt->mnt.mnt_flags |= MNT_READONLY;
491
+
return -EBUSY;
492
+
493
+
return 0;
494
+
}
495
+
496
+
static inline void mnt_unhold_writers(struct mount *mnt)
497
+
{
512
498
/*
513
499
* MNT_READONLY must become visible before ~MNT_WRITE_HOLD, so writers
514
500
* that become unheld will see MNT_READONLY.
515
501
*/
516
502
smp_wmb();
517
503
mnt->mnt.mnt_flags &= ~MNT_WRITE_HOLD;
518
-
unlock_mount_hash();
519
-
return ret;
520
504
}
521
505
522
-
static int __mnt_unmake_readonly(struct mount *mnt)
506
+
static int mnt_make_readonly(struct mount *mnt)
523
507
{
524
-
lock_mount_hash();
525
-
mnt->mnt.mnt_flags &= ~MNT_READONLY;
526
-
unlock_mount_hash();
527
-
return 0;
508
+
int ret;
509
+
510
+
ret = mnt_hold_writers(mnt);
511
+
if (!ret)
512
+
mnt->mnt.mnt_flags |= MNT_READONLY;
513
+
mnt_unhold_writers(mnt);
514
+
return ret;
528
515
}
529
516
530
517
int sb_prepare_remount_readonly(struct super_block *sb)
···
570
547
571
548
static void free_vfsmnt(struct mount *mnt)
572
549
{
550
+
struct user_namespace *mnt_userns;
551
+
552
+
mnt_userns = mnt_user_ns(&mnt->mnt);
553
+
if (mnt_userns != &init_user_ns)
554
+
put_user_ns(mnt_userns);
573
555
kfree_const(mnt->mnt_devname);
574
556
#ifdef CONFIG_SMP
575
557
free_percpu(mnt->mnt_pcp);
···
1083
1055
mnt->mnt.mnt_flags &= ~(MNT_WRITE_HOLD|MNT_MARKED|MNT_INTERNAL);
1084
1056
1085
1057
atomic_inc(&sb->s_active);
1058
+
mnt->mnt.mnt_userns = mnt_user_ns(&old->mnt);
1059
+
if (mnt->mnt.mnt_userns != &init_user_ns)
1060
+
mnt->mnt.mnt_userns = get_user_ns(mnt->mnt.mnt_userns);
1086
1061
mnt->mnt.mnt_sb = sb;
1087
1062
mnt->mnt.mnt_root = dget(root);
1088
1063
mnt->mnt_mountpoint = mnt->mnt.mnt_root;
···
2545
2514
if (readonly_request)
2546
2515
return mnt_make_readonly(mnt);
2547
2516
2548
-
return __mnt_unmake_readonly(mnt);
2517
+
mnt->mnt.mnt_flags &= ~MNT_READONLY;
2518
+
return 0;
2549
2519
}
2550
2520
2551
-
/*
2552
-
* Update the user-settable attributes on a mount. The caller must hold
2553
-
* sb->s_umount for writing.
2554
-
*/
2555
2521
static void set_mount_attributes(struct mount *mnt, unsigned int mnt_flags)
2556
2522
{
2557
-
lock_mount_hash();
2558
2523
mnt_flags |= mnt->mnt.mnt_flags & ~MNT_USER_SETTABLE_MASK;
2559
2524
mnt->mnt.mnt_flags = mnt_flags;
2560
2525
touch_mnt_namespace(mnt->mnt_ns);
2561
-
unlock_mount_hash();
2562
2526
}
2563
2527
2564
2528
static void mnt_warn_timestamp_expiry(struct path *mountpoint, struct vfsmount *mnt)
···
2598
2572
if (!can_change_locked_flags(mnt, mnt_flags))
2599
2573
return -EPERM;
2600
2574
2601
-
down_write(&sb->s_umount);
2575
+
/*
2576
+
* We're only checking whether the superblock is read-only not
2577
+
* changing it, so only take down_read(&sb->s_umount).
2578
+
*/
2579
+
down_read(&sb->s_umount);
2580
+
lock_mount_hash();
2602
2581
ret = change_mount_ro_state(mnt, mnt_flags);
2603
2582
if (ret == 0)
2604
2583
set_mount_attributes(mnt, mnt_flags);
2605
-
up_write(&sb->s_umount);
2584
+
unlock_mount_hash();
2585
+
up_read(&sb->s_umount);
2606
2586
2607
2587
mnt_warn_timestamp_expiry(path, &mnt->mnt);
2608
2588
···
2648
2616
err = -EPERM;
2649
2617
if (ns_capable(sb->s_user_ns, CAP_SYS_ADMIN)) {
2650
2618
err = reconfigure_super(fc);
2651
-
if (!err)
2619
+
if (!err) {
2620
+
lock_mount_hash();
2652
2621
set_mount_attributes(mnt, mnt_flags);
2622
+
unlock_mount_hash();
2623
+
}
2653
2624
}
2654
2625
up_write(&sb->s_umount);
2655
2626
}
···
3475
3440
return ret;
3476
3441
}
3477
3442
3443
+
#define FSMOUNT_VALID_FLAGS \
3444
+
(MOUNT_ATTR_RDONLY | MOUNT_ATTR_NOSUID | MOUNT_ATTR_NODEV | \
3445
+
MOUNT_ATTR_NOEXEC | MOUNT_ATTR__ATIME | MOUNT_ATTR_NODIRATIME)
3446
+
3447
+
#define MOUNT_SETATTR_VALID_FLAGS (FSMOUNT_VALID_FLAGS | MOUNT_ATTR_IDMAP)
3448
+
3449
+
#define MOUNT_SETATTR_PROPAGATION_FLAGS \
3450
+
(MS_UNBINDABLE | MS_PRIVATE | MS_SLAVE | MS_SHARED)
3451
+
3452
+
static unsigned int attr_flags_to_mnt_flags(u64 attr_flags)
3453
+
{
3454
+
unsigned int mnt_flags = 0;
3455
+
3456
+
if (attr_flags & MOUNT_ATTR_RDONLY)
3457
+
mnt_flags |= MNT_READONLY;
3458
+
if (attr_flags & MOUNT_ATTR_NOSUID)
3459
+
mnt_flags |= MNT_NOSUID;
3460
+
if (attr_flags & MOUNT_ATTR_NODEV)
3461
+
mnt_flags |= MNT_NODEV;
3462
+
if (attr_flags & MOUNT_ATTR_NOEXEC)
3463
+
mnt_flags |= MNT_NOEXEC;
3464
+
if (attr_flags & MOUNT_ATTR_NODIRATIME)
3465
+
mnt_flags |= MNT_NODIRATIME;
3466
+
3467
+
return mnt_flags;
3468
+
}
3469
+
3478
3470
/*
3479
3471
* Create a kernel mount representation for a new, prepared superblock
3480
3472
* (specified by fs_fd) and attach to an open_tree-like file descriptor.
···
3524
3462
if ((flags & ~(FSMOUNT_CLOEXEC)) != 0)
3525
3463
return -EINVAL;
3526
3464
3527
-
if (attr_flags & ~(MOUNT_ATTR_RDONLY |
3528
-
MOUNT_ATTR_NOSUID |
3529
-
MOUNT_ATTR_NODEV |
3530
-
MOUNT_ATTR_NOEXEC |
3531
-
MOUNT_ATTR__ATIME |
3532
-
MOUNT_ATTR_NODIRATIME))
3465
+
if (attr_flags & ~FSMOUNT_VALID_FLAGS)
3533
3466
return -EINVAL;
3534
3467
3535
-
if (attr_flags & MOUNT_ATTR_RDONLY)
3536
-
mnt_flags |= MNT_READONLY;
3537
-
if (attr_flags & MOUNT_ATTR_NOSUID)
3538
-
mnt_flags |= MNT_NOSUID;
3539
-
if (attr_flags & MOUNT_ATTR_NODEV)
3540
-
mnt_flags |= MNT_NODEV;
3541
-
if (attr_flags & MOUNT_ATTR_NOEXEC)
3542
-
mnt_flags |= MNT_NOEXEC;
3543
-
if (attr_flags & MOUNT_ATTR_NODIRATIME)
3544
-
mnt_flags |= MNT_NODIRATIME;
3468
+
mnt_flags = attr_flags_to_mnt_flags(attr_flags);
3545
3469
3546
3470
switch (attr_flags & MOUNT_ATTR__ATIME) {
3547
3471
case MOUNT_ATTR_STRICTATIME:
···
3833
3785
path_put(&new);
3834
3786
out0:
3835
3787
return error;
3788
+
}
3789
+
3790
+
static unsigned int recalc_flags(struct mount_kattr *kattr, struct mount *mnt)
3791
+
{
3792
+
unsigned int flags = mnt->mnt.mnt_flags;
3793
+
3794
+
/* flags to clear */
3795
+
flags &= ~kattr->attr_clr;
3796
+
/* flags to raise */
3797
+
flags |= kattr->attr_set;
3798
+
3799
+
return flags;
3800
+
}
3801
+
3802
+
static int can_idmap_mount(const struct mount_kattr *kattr, struct mount *mnt)
3803
+
{
3804
+
struct vfsmount *m = &mnt->mnt;
3805
+
3806
+
if (!kattr->mnt_userns)
3807
+
return 0;
3808
+
3809
+
/*
3810
+
* Once a mount has been idmapped we don't allow it to change its
3811
+
* mapping. It makes things simpler and callers can just create
3812
+
* another bind-mount they can idmap if they want to.
3813
+
*/
3814
+
if (mnt_user_ns(m) != &init_user_ns)
3815
+
return -EPERM;
3816
+
3817
+
/* The underlying filesystem doesn't support idmapped mounts yet. */
3818
+
if (!(m->mnt_sb->s_type->fs_flags & FS_ALLOW_IDMAP))
3819
+
return -EINVAL;
3820
+
3821
+
/* We're not controlling the superblock. */
3822
+
if (!ns_capable(m->mnt_sb->s_user_ns, CAP_SYS_ADMIN))
3823
+
return -EPERM;
3824
+
3825
+
/* Mount has already been visible in the filesystem hierarchy. */
3826
+
if (!is_anon_ns(mnt->mnt_ns))
3827
+
return -EINVAL;
3828
+
3829
+
return 0;
3830
+
}
3831
+
3832
+
static struct mount *mount_setattr_prepare(struct mount_kattr *kattr,
3833
+
struct mount *mnt, int *err)
3834
+
{
3835
+
struct mount *m = mnt, *last = NULL;
3836
+
3837
+
if (!is_mounted(&m->mnt)) {
3838
+
*err = -EINVAL;
3839
+
goto out;
3840
+
}
3841
+
3842
+
if (!(mnt_has_parent(m) ? check_mnt(m) : is_anon_ns(m->mnt_ns))) {
3843
+
*err = -EINVAL;
3844
+
goto out;
3845
+
}
3846
+
3847
+
do {
3848
+
unsigned int flags;
3849
+
3850
+
flags = recalc_flags(kattr, m);
3851
+
if (!can_change_locked_flags(m, flags)) {
3852
+
*err = -EPERM;
3853
+
goto out;
3854
+
}
3855
+
3856
+
*err = can_idmap_mount(kattr, m);
3857
+
if (*err)
3858
+
goto out;
3859
+
3860
+
last = m;
3861
+
3862
+
if ((kattr->attr_set & MNT_READONLY) &&
3863
+
!(m->mnt.mnt_flags & MNT_READONLY)) {
3864
+
*err = mnt_hold_writers(m);
3865
+
if (*err)
3866
+
goto out;
3867
+
}
3868
+
} while (kattr->recurse && (m = next_mnt(m, mnt)));
3869
+
3870
+
out:
3871
+
return last;
3872
+
}
3873
+
3874
+
static void do_idmap_mount(const struct mount_kattr *kattr, struct mount *mnt)
3875
+
{
3876
+
struct user_namespace *mnt_userns;
3877
+
3878
+
if (!kattr->mnt_userns)
3879
+
return;
3880
+
3881
+
mnt_userns = get_user_ns(kattr->mnt_userns);
3882
+
/* Pairs with smp_load_acquire() in mnt_user_ns(). */
3883
+
smp_store_release(&mnt->mnt.mnt_userns, mnt_userns);
3884
+
}
3885
+
3886
+
static void mount_setattr_commit(struct mount_kattr *kattr,
3887
+
struct mount *mnt, struct mount *last,
3888
+
int err)
3889
+
{
3890
+
struct mount *m = mnt;
3891
+
3892
+
do {
3893
+
if (!err) {
3894
+
unsigned int flags;
3895
+
3896
+
do_idmap_mount(kattr, m);
3897
+
flags = recalc_flags(kattr, m);
3898
+
WRITE_ONCE(m->mnt.mnt_flags, flags);
3899
+
}
3900
+
3901
+
/*
3902
+
* We either set MNT_READONLY above so make it visible
3903
+
* before ~MNT_WRITE_HOLD or we failed to recursively
3904
+
* apply mount options.
3905
+
*/
3906
+
if ((kattr->attr_set & MNT_READONLY) &&
3907
+
(m->mnt.mnt_flags & MNT_WRITE_HOLD))
3908
+
mnt_unhold_writers(m);
3909
+
3910
+
if (!err && kattr->propagation)
3911
+
change_mnt_propagation(m, kattr->propagation);
3912
+
3913
+
/*
3914
+
* On failure, only cleanup until we found the first mount
3915
+
* we failed to handle.
3916
+
*/
3917
+
if (err && m == last)
3918
+
break;
3919
+
} while (kattr->recurse && (m = next_mnt(m, mnt)));
3920
+
3921
+
if (!err)
3922
+
touch_mnt_namespace(mnt->mnt_ns);
3923
+
}
3924
+
3925
+
static int do_mount_setattr(struct path *path, struct mount_kattr *kattr)
3926
+
{
3927
+
struct mount *mnt = real_mount(path->mnt), *last = NULL;
3928
+
int err = 0;
3929
+
3930
+
if (path->dentry != mnt->mnt.mnt_root)
3931
+
return -EINVAL;
3932
+
3933
+
if (kattr->propagation) {
3934
+
/*
3935
+
* Only take namespace_lock() if we're actually changing
3936
+
* propagation.
3937
+
*/
3938
+
namespace_lock();
3939
+
if (kattr->propagation == MS_SHARED) {
3940
+
err = invent_group_ids(mnt, kattr->recurse);
3941
+
if (err) {
3942
+
namespace_unlock();
3943
+
return err;
3944
+
}
3945
+
}
3946
+
}
3947
+
3948
+
lock_mount_hash();
3949
+
3950
+
/*
3951
+
* Get the mount tree in a shape where we can change mount
3952
+
* properties without failure.
3953
+
*/
3954
+
last = mount_setattr_prepare(kattr, mnt, &err);
3955
+
if (last) /* Commit all changes or revert to the old state. */
3956
+
mount_setattr_commit(kattr, mnt, last, err);
3957
+
3958
+
unlock_mount_hash();
3959
+
3960
+
if (kattr->propagation) {
3961
+
namespace_unlock();
3962
+
if (err)
3963
+
cleanup_group_ids(mnt, NULL);
3964
+
}
3965
+
3966
+
return err;
3967
+
}
3968
+
3969
+
static int build_mount_idmapped(const struct mount_attr *attr, size_t usize,
3970
+
struct mount_kattr *kattr, unsigned int flags)
3971
+
{
3972
+
int err = 0;
3973
+
struct ns_common *ns;
3974
+
struct user_namespace *mnt_userns;
3975
+
struct file *file;
3976
+
3977
+
if (!((attr->attr_set | attr->attr_clr) & MOUNT_ATTR_IDMAP))
3978
+
return 0;
3979
+
3980
+
/*
3981
+
* We currently do not support clearing an idmapped mount. If this ever
3982
+
* is a use-case we can revisit this but for now let's keep it simple
3983
+
* and not allow it.
3984
+
*/
3985
+
if (attr->attr_clr & MOUNT_ATTR_IDMAP)
3986
+
return -EINVAL;
3987
+
3988
+
if (attr->userns_fd > INT_MAX)
3989
+
return -EINVAL;
3990
+
3991
+
file = fget(attr->userns_fd);
3992
+
if (!file)
3993
+
return -EBADF;
3994
+
3995
+
if (!proc_ns_file(file)) {
3996
+
err = -EINVAL;
3997
+
goto out_fput;
3998
+
}
3999
+
4000
+
ns = get_proc_ns(file_inode(file));
4001
+
if (ns->ops->type != CLONE_NEWUSER) {
4002
+
err = -EINVAL;
4003
+
goto out_fput;
4004
+
}
4005
+
4006
+
/*
4007
+
* The init_user_ns is used to indicate that a vfsmount is not idmapped.
4008
+
* This is simpler than just having to treat NULL as unmapped. Users
4009
+
* wanting to idmap a mount to init_user_ns can just use a namespace
4010
+
* with an identity mapping.
4011
+
*/
4012
+
mnt_userns = container_of(ns, struct user_namespace, ns);
4013
+
if (mnt_userns == &init_user_ns) {
4014
+
err = -EPERM;
4015
+
goto out_fput;
4016
+
}
4017
+
kattr->mnt_userns = get_user_ns(mnt_userns);
4018
+
4019
+
out_fput:
4020
+
fput(file);
4021
+
return err;
4022
+
}
4023
+
4024
+
static int build_mount_kattr(const struct mount_attr *attr, size_t usize,
4025
+
struct mount_kattr *kattr, unsigned int flags)
4026
+
{
4027
+
unsigned int lookup_flags = LOOKUP_AUTOMOUNT | LOOKUP_FOLLOW;
4028
+
4029
+
if (flags & AT_NO_AUTOMOUNT)
4030
+
lookup_flags &= ~LOOKUP_AUTOMOUNT;
4031
+
if (flags & AT_SYMLINK_NOFOLLOW)
4032
+
lookup_flags &= ~LOOKUP_FOLLOW;
4033
+
if (flags & AT_EMPTY_PATH)
4034
+
lookup_flags |= LOOKUP_EMPTY;
4035
+
4036
+
*kattr = (struct mount_kattr) {
4037
+
.lookup_flags = lookup_flags,
4038
+
.recurse = !!(flags & AT_RECURSIVE),
4039
+
};
4040
+
4041
+
if (attr->propagation & ~MOUNT_SETATTR_PROPAGATION_FLAGS)
4042
+
return -EINVAL;
4043
+
if (hweight32(attr->propagation & MOUNT_SETATTR_PROPAGATION_FLAGS) > 1)
4044
+
return -EINVAL;
4045
+
kattr->propagation = attr->propagation;
4046
+
4047
+
if ((attr->attr_set | attr->attr_clr) & ~MOUNT_SETATTR_VALID_FLAGS)
4048
+
return -EINVAL;
4049
+
4050
+
kattr->attr_set = attr_flags_to_mnt_flags(attr->attr_set);
4051
+
kattr->attr_clr = attr_flags_to_mnt_flags(attr->attr_clr);
4052
+
4053
+
/*
4054
+
* Since the MOUNT_ATTR_<atime> values are an enum, not a bitmap,
4055
+
* users wanting to transition to a different atime setting cannot
4056
+
* simply specify the atime setting in @attr_set, but must also
4057
+
* specify MOUNT_ATTR__ATIME in the @attr_clr field.
4058
+
* So ensure that MOUNT_ATTR__ATIME can't be partially set in
4059
+
* @attr_clr and that @attr_set can't have any atime bits set if
4060
+
* MOUNT_ATTR__ATIME isn't set in @attr_clr.
4061
+
*/
4062
+
if (attr->attr_clr & MOUNT_ATTR__ATIME) {
4063
+
if ((attr->attr_clr & MOUNT_ATTR__ATIME) != MOUNT_ATTR__ATIME)
4064
+
return -EINVAL;
4065
+
4066
+
/*
4067
+
* Clear all previous time settings as they are mutually
4068
+
* exclusive.
4069
+
*/
4070
+
kattr->attr_clr |= MNT_RELATIME | MNT_NOATIME;
4071
+
switch (attr->attr_set & MOUNT_ATTR__ATIME) {
4072
+
case MOUNT_ATTR_RELATIME:
4073
+
kattr->attr_set |= MNT_RELATIME;
4074
+
break;
4075
+
case MOUNT_ATTR_NOATIME:
4076
+
kattr->attr_set |= MNT_NOATIME;
4077
+
break;
4078
+
case MOUNT_ATTR_STRICTATIME:
4079
+
break;
4080
+
default:
4081
+
return -EINVAL;
4082
+
}
4083
+
} else {
4084
+
if (attr->attr_set & MOUNT_ATTR__ATIME)
4085
+
return -EINVAL;
4086
+
}
4087
+
4088
+
return build_mount_idmapped(attr, usize, kattr, flags);
4089
+
}
4090
+
4091
+
static void finish_mount_kattr(struct mount_kattr *kattr)
4092
+
{
4093
+
put_user_ns(kattr->mnt_userns);
4094
+
kattr->mnt_userns = NULL;
4095
+
}
4096
+
4097
+
SYSCALL_DEFINE5(mount_setattr, int, dfd, const char __user *, path,
4098
+
unsigned int, flags, struct mount_attr __user *, uattr,
4099
+
size_t, usize)
4100
+
{
4101
+
int err;
4102
+
struct path target;
4103
+
struct mount_attr attr;
4104
+
struct mount_kattr kattr;
4105
+
4106
+
BUILD_BUG_ON(sizeof(struct mount_attr) != MOUNT_ATTR_SIZE_VER0);
4107
+
4108
+
if (flags & ~(AT_EMPTY_PATH |
4109
+
AT_RECURSIVE |
4110
+
AT_SYMLINK_NOFOLLOW |
4111
+
AT_NO_AUTOMOUNT))
4112
+
return -EINVAL;
4113
+
4114
+
if (unlikely(usize > PAGE_SIZE))
4115
+
return -E2BIG;
4116
+
if (unlikely(usize < MOUNT_ATTR_SIZE_VER0))
4117
+
return -EINVAL;
4118
+
4119
+
if (!may_mount())
4120
+
return -EPERM;
4121
+
4122
+
err = copy_struct_from_user(&attr, sizeof(attr), uattr, usize);
4123
+
if (err)
4124
+
return err;
4125
+
4126
+
/* Don't bother walking through the mounts if this is a nop. */
4127
+
if (attr.attr_set == 0 &&
4128
+
attr.attr_clr == 0 &&
4129
+
attr.propagation == 0)
4130
+
return 0;
4131
+
4132
+
err = build_mount_kattr(&attr, usize, &kattr, flags);
4133
+
if (err)
4134
+
return err;
4135
+
4136
+
err = user_path_at(dfd, path, kattr.lookup_flags, &target);
4137
+
if (err)
4138
+
return err;
4139
+
4140
+
err = do_mount_setattr(&target, &kattr);
4141
+
finish_mount_kattr(&kattr);
4142
+
path_put(&target);
4143
+
return err;
3836
4144
}
3837
4145
3838
4146
static void __init init_mount_tree(void)
+15
-10
fs/nfs/dir.c
+15
-10
fs/nfs/dir.c
···
2095
2095
* that the operation succeeded on the server, but an error in the
2096
2096
* reply path made it appear to have failed.
2097
2097
*/
2098
-
int nfs_create(struct inode *dir, struct dentry *dentry,
2099
-
umode_t mode, bool excl)
2098
+
int nfs_create(struct user_namespace *mnt_userns, struct inode *dir,
2099
+
struct dentry *dentry, umode_t mode, bool excl)
2100
2100
{
2101
2101
struct iattr attr;
2102
2102
int open_flags = excl ? O_CREAT | O_EXCL : O_CREAT;
···
2124
2124
* See comments for nfs_proc_create regarding failed operations.
2125
2125
*/
2126
2126
int
2127
-
nfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t rdev)
2127
+
nfs_mknod(struct user_namespace *mnt_userns, struct inode *dir,
2128
+
struct dentry *dentry, umode_t mode, dev_t rdev)
2128
2129
{
2129
2130
struct iattr attr;
2130
2131
int status;
···
2151
2150
/*
2152
2151
* See comments for nfs_proc_create regarding failed operations.
2153
2152
*/
2154
-
int nfs_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
2153
+
int nfs_mkdir(struct user_namespace *mnt_userns, struct inode *dir,
2154
+
struct dentry *dentry, umode_t mode)
2155
2155
{
2156
2156
struct iattr attr;
2157
2157
int error;
···
2297
2295
* now have a new file handle and can instantiate an in-core NFS inode
2298
2296
* and move the raw page into its mapping.
2299
2297
*/
2300
-
int nfs_symlink(struct inode *dir, struct dentry *dentry, const char *symname)
2298
+
int nfs_symlink(struct user_namespace *mnt_userns, struct inode *dir,
2299
+
struct dentry *dentry, const char *symname)
2301
2300
{
2302
2301
struct page *page;
2303
2302
char *kaddr;
···
2401
2398
* If these conditions are met, we can drop the dentries before doing
2402
2399
* the rename.
2403
2400
*/
2404
-
int nfs_rename(struct inode *old_dir, struct dentry *old_dentry,
2405
-
struct inode *new_dir, struct dentry *new_dentry,
2406
-
unsigned int flags)
2401
+
int nfs_rename(struct user_namespace *mnt_userns, struct inode *old_dir,
2402
+
struct dentry *old_dentry, struct inode *new_dir,
2403
+
struct dentry *new_dentry, unsigned int flags)
2407
2404
{
2408
2405
struct inode *old_inode = d_inode(old_dentry);
2409
2406
struct inode *new_inode = d_inode(new_dentry);
···
2942
2939
return ret;
2943
2940
}
2944
2941
2945
-
int nfs_permission(struct inode *inode, int mask)
2942
+
int nfs_permission(struct user_namespace *mnt_userns,
2943
+
struct inode *inode,
2944
+
int mask)
2946
2945
{
2947
2946
const struct cred *cred = current_cred();
2948
2947
int res = 0;
···
2992
2987
2993
2988
res = nfs_revalidate_inode(NFS_SERVER(inode), inode);
2994
2989
if (res == 0)
2995
-
res = generic_permission(inode, mask);
2990
+
res = generic_permission(&init_user_ns, inode, mask);
2996
2991
goto out;
2997
2992
}
2998
2993
EXPORT_SYMBOL_GPL(nfs_permission);
+5
-4
fs/nfs/inode.c
+5
-4
fs/nfs/inode.c
···
594
594
#define NFS_VALID_ATTRS (ATTR_MODE|ATTR_UID|ATTR_GID|ATTR_SIZE|ATTR_ATIME|ATTR_ATIME_SET|ATTR_MTIME|ATTR_MTIME_SET|ATTR_FILE|ATTR_OPEN)
595
595
596
596
int
597
-
nfs_setattr(struct dentry *dentry, struct iattr *attr)
597
+
nfs_setattr(struct user_namespace *mnt_userns, struct dentry *dentry,
598
+
struct iattr *attr)
598
599
{
599
600
struct inode *inode = d_inode(dentry);
600
601
struct nfs_fattr *fattr;
···
788
787
return false;
789
788
}
790
789
791
-
int nfs_getattr(const struct path *path, struct kstat *stat,
792
-
u32 request_mask, unsigned int query_flags)
790
+
int nfs_getattr(struct user_namespace *mnt_userns, const struct path *path,
791
+
struct kstat *stat, u32 request_mask, unsigned int query_flags)
793
792
{
794
793
struct inode *inode = d_inode(path->dentry);
795
794
struct nfs_server *server = NFS_SERVER(inode);
···
858
857
/* Only return attributes that were revalidated. */
859
858
stat->result_mask &= request_mask;
860
859
out_no_update:
861
-
generic_fillattr(inode, stat);
860
+
generic_fillattr(&init_user_ns, inode, stat);
862
861
stat->ino = nfs_compat_user_ino64(NFS_FILEID(inode));
863
862
if (S_ISDIR(inode->i_mode))
864
863
stat->blksize = NFS_SERVER(inode)->dtsize;
+9
-5
fs/nfs/internal.h
+9
-5
fs/nfs/internal.h
···
378
378
extern unsigned long nfs_access_cache_scan(struct shrinker *shrink,
379
379
struct shrink_control *sc);
380
380
struct dentry *nfs_lookup(struct inode *, struct dentry *, unsigned int);
381
-
int nfs_create(struct inode *, struct dentry *, umode_t, bool);
382
-
int nfs_mkdir(struct inode *, struct dentry *, umode_t);
381
+
int nfs_create(struct user_namespace *, struct inode *, struct dentry *,
382
+
umode_t, bool);
383
+
int nfs_mkdir(struct user_namespace *, struct inode *, struct dentry *,
384
+
umode_t);
383
385
int nfs_rmdir(struct inode *, struct dentry *);
384
386
int nfs_unlink(struct inode *, struct dentry *);
385
-
int nfs_symlink(struct inode *, struct dentry *, const char *);
387
+
int nfs_symlink(struct user_namespace *, struct inode *, struct dentry *,
388
+
const char *);
386
389
int nfs_link(struct dentry *, struct inode *, struct dentry *);
387
-
int nfs_mknod(struct inode *, struct dentry *, umode_t, dev_t);
388
-
int nfs_rename(struct inode *, struct dentry *,
390
+
int nfs_mknod(struct user_namespace *, struct inode *, struct dentry *, umode_t,
391
+
dev_t);
392
+
int nfs_rename(struct user_namespace *, struct inode *, struct dentry *,
389
393
struct inode *, struct dentry *, unsigned int);
390
394
391
395
/* file.c */
+9
-6
fs/nfs/namespace.c
+9
-6
fs/nfs/namespace.c
···
208
208
}
209
209
210
210
static int
211
-
nfs_namespace_getattr(const struct path *path, struct kstat *stat,
212
-
u32 request_mask, unsigned int query_flags)
211
+
nfs_namespace_getattr(struct user_namespace *mnt_userns,
212
+
const struct path *path, struct kstat *stat,
213
+
u32 request_mask, unsigned int query_flags)
213
214
{
214
215
if (NFS_FH(d_inode(path->dentry))->size != 0)
215
-
return nfs_getattr(path, stat, request_mask, query_flags);
216
-
generic_fillattr(d_inode(path->dentry), stat);
216
+
return nfs_getattr(mnt_userns, path, stat, request_mask,
217
+
query_flags);
218
+
generic_fillattr(&init_user_ns, d_inode(path->dentry), stat);
217
219
return 0;
218
220
}
219
221
220
222
static int
221
-
nfs_namespace_setattr(struct dentry *dentry, struct iattr *attr)
223
+
nfs_namespace_setattr(struct user_namespace *mnt_userns, struct dentry *dentry,
224
+
struct iattr *attr)
222
225
{
223
226
if (NFS_FH(d_inode(dentry))->size != 0)
224
-
return nfs_setattr(dentry, attr);
227
+
return nfs_setattr(mnt_userns, dentry, attr);
225
228
return -EACCES;
226
229
}
227
230
+2
-1
fs/nfs/nfs3_fs.h
+2
-1
fs/nfs/nfs3_fs.h
···
12
12
*/
13
13
#ifdef CONFIG_NFS_V3_ACL
14
14
extern struct posix_acl *nfs3_get_acl(struct inode *inode, int type);
15
-
extern int nfs3_set_acl(struct inode *inode, struct posix_acl *acl, int type);
15
+
extern int nfs3_set_acl(struct user_namespace *mnt_userns, struct inode *inode,
16
+
struct posix_acl *acl, int type);
16
17
extern int nfs3_proc_setacls(struct inode *inode, struct posix_acl *acl,
17
18
struct posix_acl *dfacl);
18
19
extern ssize_t nfs3_listxattr(struct dentry *, char *, size_t);
+2
-1
fs/nfs/nfs3acl.c
+2
-1
fs/nfs/nfs3acl.c
···
251
251
252
252
}
253
253
254
-
int nfs3_set_acl(struct inode *inode, struct posix_acl *acl, int type)
254
+
int nfs3_set_acl(struct user_namespace *mnt_userns, struct inode *inode,
255
+
struct posix_acl *acl, int type)
255
256
{
256
257
struct posix_acl *orig = acl, *dfacl = NULL, *alloc;
257
258
int status;
+3
fs/nfs/nfs4proc.c
+3
fs/nfs/nfs4proc.c
···
7491
7491
#define XATTR_NAME_NFSV4_ACL "system.nfs4_acl"
7492
7492
7493
7493
static int nfs4_xattr_set_nfs4_acl(const struct xattr_handler *handler,
7494
+
struct user_namespace *mnt_userns,
7494
7495
struct dentry *unused, struct inode *inode,
7495
7496
const char *key, const void *buf,
7496
7497
size_t buflen, int flags)
···
7514
7513
#ifdef CONFIG_NFS_V4_SECURITY_LABEL
7515
7514
7516
7515
static int nfs4_xattr_set_nfs4_label(const struct xattr_handler *handler,
7516
+
struct user_namespace *mnt_userns,
7517
7517
struct dentry *unused, struct inode *inode,
7518
7518
const char *key, const void *buf,
7519
7519
size_t buflen, int flags)
···
7565
7563
7566
7564
#ifdef CONFIG_NFS_V4_2
7567
7565
static int nfs4_xattr_set_nfs4_user(const struct xattr_handler *handler,
7566
+
struct user_namespace *mnt_userns,
7568
7567
struct dentry *unused, struct inode *inode,
7569
7568
const char *key, const void *buf,
7570
7569
size_t buflen, int flags)
+9
-3
fs/nfsd/export.c
+9
-3
fs/nfsd/export.c
···
386
386
struct svc_export *old);
387
387
static struct svc_export *svc_export_lookup(struct svc_export *);
388
388
389
-
static int check_export(struct inode *inode, int *flags, unsigned char *uuid)
389
+
static int check_export(struct path *path, int *flags, unsigned char *uuid)
390
390
{
391
+
struct inode *inode = d_inode(path->dentry);
391
392
392
393
/*
393
394
* We currently export only dirs, regular files, and (for v4
···
412
411
* or an FSID number (so NFSEXP_FSID or ->uuid is needed).
413
412
* 2: We must be able to find an inode from a filehandle.
414
413
* This means that s_export_op must be set.
414
+
* 3: We must not currently be on an idmapped mount.
415
415
*/
416
416
if (!(inode->i_sb->s_type->fs_flags & FS_REQUIRES_DEV) &&
417
417
!(*flags & NFSEXP_FSID) &&
···
424
422
if (!inode->i_sb->s_export_op ||
425
423
!inode->i_sb->s_export_op->fh_to_dentry) {
426
424
dprintk("exp_export: export of invalid fs type.\n");
425
+
return -EINVAL;
426
+
}
427
+
428
+
if (mnt_user_ns(path->mnt) != &init_user_ns) {
429
+
dprintk("exp_export: export of idmapped mounts not yet supported.\n");
427
430
return -EINVAL;
428
431
}
429
432
···
660
653
goto out4;
661
654
}
662
655
663
-
err = check_export(d_inode(exp.ex_path.dentry), &exp.ex_flags,
664
-
exp.ex_uuid);
656
+
err = check_export(&exp.ex_path, &exp.ex_flags, exp.ex_uuid);
665
657
if (err)
666
658
goto out4;
667
659
/*
+4
-2
fs/nfsd/nfs2acl.c
+4
-2
fs/nfsd/nfs2acl.c
···
113
113
114
114
fh_lock(fh);
115
115
116
-
error = set_posix_acl(inode, ACL_TYPE_ACCESS, argp->acl_access);
116
+
error = set_posix_acl(&init_user_ns, inode, ACL_TYPE_ACCESS,
117
+
argp->acl_access);
117
118
if (error)
118
119
goto out_drop_lock;
119
-
error = set_posix_acl(inode, ACL_TYPE_DEFAULT, argp->acl_default);
120
+
error = set_posix_acl(&init_user_ns, inode, ACL_TYPE_DEFAULT,
121
+
argp->acl_default);
120
122
if (error)
121
123
goto out_drop_lock;
122
124
+4
-2
fs/nfsd/nfs3acl.c
+4
-2
fs/nfsd/nfs3acl.c
···
103
103
104
104
fh_lock(fh);
105
105
106
-
error = set_posix_acl(inode, ACL_TYPE_ACCESS, argp->acl_access);
106
+
error = set_posix_acl(&init_user_ns, inode, ACL_TYPE_ACCESS,
107
+
argp->acl_access);
107
108
if (error)
108
109
goto out_drop_lock;
109
-
error = set_posix_acl(inode, ACL_TYPE_DEFAULT, argp->acl_default);
110
+
error = set_posix_acl(&init_user_ns, inode, ACL_TYPE_DEFAULT,
111
+
argp->acl_default);
110
112
111
113
out_drop_lock:
112
114
fh_unlock(fh);
+3
-2
fs/nfsd/nfs4acl.c
+3
-2
fs/nfsd/nfs4acl.c
···
781
781
782
782
fh_lock(fhp);
783
783
784
-
host_error = set_posix_acl(inode, ACL_TYPE_ACCESS, pacl);
784
+
host_error = set_posix_acl(&init_user_ns, inode, ACL_TYPE_ACCESS, pacl);
785
785
if (host_error < 0)
786
786
goto out_drop_lock;
787
787
788
788
if (S_ISDIR(inode->i_mode)) {
789
-
host_error = set_posix_acl(inode, ACL_TYPE_DEFAULT, dpacl);
789
+
host_error = set_posix_acl(&init_user_ns, inode,
790
+
ACL_TYPE_DEFAULT, dpacl);
790
791
}
791
792
792
793
out_drop_lock:
+3
-3
fs/nfsd/nfs4recover.c
+3
-3
fs/nfsd/nfs4recover.c
···
233
233
* as well be forgiving and just succeed silently.
234
234
*/
235
235
goto out_put;
236
-
status = vfs_mkdir(d_inode(dir), dentry, S_IRWXU);
236
+
status = vfs_mkdir(&init_user_ns, d_inode(dir), dentry, S_IRWXU);
237
237
out_put:
238
238
dput(dentry);
239
239
out_unlock:
···
353
353
status = -ENOENT;
354
354
if (d_really_is_negative(dentry))
355
355
goto out;
356
-
status = vfs_rmdir(d_inode(dir), dentry);
356
+
status = vfs_rmdir(&init_user_ns, d_inode(dir), dentry);
357
357
out:
358
358
dput(dentry);
359
359
out_unlock:
···
443
443
if (nfs4_has_reclaimed_state(name, nn))
444
444
goto out_free;
445
445
446
-
status = vfs_rmdir(d_inode(parent), child);
446
+
status = vfs_rmdir(&init_user_ns, d_inode(parent), child);
447
447
if (status)
448
448
printk("failed to remove client recovery directory %pd\n",
449
449
child);
+2
-1
fs/nfsd/nfsfh.c
+2
-1
fs/nfsd/nfsfh.c
+1
-1
fs/nfsd/nfsproc.c
+1
-1
fs/nfsd/nfsproc.c
···
90
90
if (delta < 0)
91
91
delta = -delta;
92
92
if (delta < MAX_TOUCH_TIME_ERROR &&
93
-
setattr_prepare(fhp->fh_dentry, iap) != 0) {
93
+
setattr_prepare(&init_user_ns, fhp->fh_dentry, iap) != 0) {
94
94
/*
95
95
* Turn off ATTR_[AM]TIME_SET but leave ATTR_[AM]TIME.
96
96
* This will cause notify_change to set these times
+31
-19
fs/nfsd/vfs.c
+31
-19
fs/nfsd/vfs.c
···
448
448
.ia_size = iap->ia_size,
449
449
};
450
450
451
-
host_err = notify_change(dentry, &size_attr, NULL);
451
+
host_err = notify_change(&init_user_ns, dentry, &size_attr, NULL);
452
452
if (host_err)
453
453
goto out_unlock;
454
454
iap->ia_valid &= ~ATTR_SIZE;
···
463
463
}
464
464
465
465
iap->ia_valid |= ATTR_CTIME;
466
-
host_err = notify_change(dentry, iap, NULL);
466
+
host_err = notify_change(&init_user_ns, dentry, iap, NULL);
467
467
468
468
out_unlock:
469
469
fh_unlock(fhp);
···
499
499
return 0;
500
500
if (!(inode->i_mode & S_ISVTX))
501
501
return 0;
502
-
if (vfs_getxattr(dentry, NFSD_JUNCTION_XATTR_NAME, NULL, 0) <= 0)
502
+
if (vfs_getxattr(&init_user_ns, dentry, NFSD_JUNCTION_XATTR_NAME,
503
+
NULL, 0) <= 0)
503
504
return 0;
504
505
return 1;
505
506
}
···
1255
1254
host_err = 0;
1256
1255
switch (type) {
1257
1256
case S_IFREG:
1258
-
host_err = vfs_create(dirp, dchild, iap->ia_mode, true);
1257
+
host_err = vfs_create(&init_user_ns, dirp, dchild, iap->ia_mode, true);
1259
1258
if (!host_err)
1260
1259
nfsd_check_ignore_resizing(iap);
1261
1260
break;
1262
1261
case S_IFDIR:
1263
-
host_err = vfs_mkdir(dirp, dchild, iap->ia_mode);
1262
+
host_err = vfs_mkdir(&init_user_ns, dirp, dchild, iap->ia_mode);
1264
1263
if (!host_err && unlikely(d_unhashed(dchild))) {
1265
1264
struct dentry *d;
1266
1265
d = lookup_one_len(dchild->d_name.name,
···
1288
1287
case S_IFBLK:
1289
1288
case S_IFIFO:
1290
1289
case S_IFSOCK:
1291
-
host_err = vfs_mknod(dirp, dchild, iap->ia_mode, rdev);
1290
+
host_err = vfs_mknod(&init_user_ns, dirp, dchild,
1291
+
iap->ia_mode, rdev);
1292
1292
break;
1293
1293
default:
1294
1294
printk(KERN_WARNING "nfsd: bad file type %o in nfsd_create\n",
···
1487
1485
if (!IS_POSIXACL(dirp))
1488
1486
iap->ia_mode &= ~current_umask();
1489
1487
1490
-
host_err = vfs_create(dirp, dchild, iap->ia_mode, true);
1488
+
host_err = vfs_create(&init_user_ns, dirp, dchild, iap->ia_mode, true);
1491
1489
if (host_err < 0) {
1492
1490
fh_drop_write(fhp);
1493
1491
goto out_nfserr;
···
1611
1609
if (IS_ERR(dnew))
1612
1610
goto out_nfserr;
1613
1611
1614
-
host_err = vfs_symlink(d_inode(dentry), dnew, path);
1612
+
host_err = vfs_symlink(&init_user_ns, d_inode(dentry), dnew, path);
1615
1613
err = nfserrno(host_err);
1616
1614
if (!err)
1617
1615
err = nfserrno(commit_metadata(fhp));
···
1679
1677
err = nfserr_noent;
1680
1678
if (d_really_is_negative(dold))
1681
1679
goto out_dput;
1682
-
host_err = vfs_link(dold, dirp, dnew, NULL);
1680
+
host_err = vfs_link(dold, &init_user_ns, dirp, dnew, NULL);
1683
1681
if (!host_err) {
1684
1682
err = nfserrno(commit_metadata(ffhp));
1685
1683
if (!err)
···
1799
1797
close_cached = true;
1800
1798
goto out_dput_old;
1801
1799
} else {
1802
-
host_err = vfs_rename(fdir, odentry, tdir, ndentry, NULL, 0);
1800
+
struct renamedata rd = {
1801
+
.old_mnt_userns = &init_user_ns,
1802
+
.old_dir = fdir,
1803
+
.old_dentry = odentry,
1804
+
.new_mnt_userns = &init_user_ns,
1805
+
.new_dir = tdir,
1806
+
.new_dentry = ndentry,
1807
+
};
1808
+
host_err = vfs_rename(&rd);
1803
1809
if (!host_err) {
1804
1810
host_err = commit_metadata(tfhp);
1805
1811
if (!host_err)
···
1894
1884
if (type != S_IFDIR) {
1895
1885
if (rdentry->d_sb->s_export_op->flags & EXPORT_OP_CLOSE_BEFORE_UNLINK)
1896
1886
nfsd_close_cached_files(rdentry);
1897
-
host_err = vfs_unlink(dirp, rdentry, NULL);
1887
+
host_err = vfs_unlink(&init_user_ns, dirp, rdentry, NULL);
1898
1888
} else {
1899
-
host_err = vfs_rmdir(dirp, rdentry);
1889
+
host_err = vfs_rmdir(&init_user_ns, dirp, rdentry);
1900
1890
}
1901
1891
1902
1892
if (!host_err)
···
2159
2149
2160
2150
inode_lock_shared(inode);
2161
2151
2162
-
len = vfs_getxattr(dentry, name, NULL, 0);
2152
+
len = vfs_getxattr(&init_user_ns, dentry, name, NULL, 0);
2163
2153
2164
2154
/*
2165
2155
* Zero-length attribute, just return.
···
2186
2176
goto out;
2187
2177
}
2188
2178
2189
-
len = vfs_getxattr(dentry, name, buf, len);
2179
+
len = vfs_getxattr(&init_user_ns, dentry, name, buf, len);
2190
2180
if (len <= 0) {
2191
2181
kvfree(buf);
2192
2182
buf = NULL;
···
2293
2283
2294
2284
fh_lock(fhp);
2295
2285
2296
-
ret = __vfs_removexattr_locked(fhp->fh_dentry, name, NULL);
2286
+
ret = __vfs_removexattr_locked(&init_user_ns, fhp->fh_dentry,
2287
+
name, NULL);
2297
2288
2298
2289
fh_unlock(fhp);
2299
2290
fh_drop_write(fhp);
···
2318
2307
return nfserrno(ret);
2319
2308
fh_lock(fhp);
2320
2309
2321
-
ret = __vfs_setxattr_locked(fhp->fh_dentry, name, buf, len, flags,
2322
-
NULL);
2310
+
ret = __vfs_setxattr_locked(&init_user_ns, fhp->fh_dentry, name, buf,
2311
+
len, flags, NULL);
2323
2312
2324
2313
fh_unlock(fhp);
2325
2314
fh_drop_write(fhp);
···
2402
2391
return 0;
2403
2392
2404
2393
/* This assumes NFSD_MAY_{READ,WRITE,EXEC} == MAY_{READ,WRITE,EXEC} */
2405
-
err = inode_permission(inode, acc & (MAY_READ|MAY_WRITE|MAY_EXEC));
2394
+
err = inode_permission(&init_user_ns, inode,
2395
+
acc & (MAY_READ | MAY_WRITE | MAY_EXEC));
2406
2396
2407
2397
/* Allow read access to binaries even when mode 111 */
2408
2398
if (err == -EACCES && S_ISREG(inode->i_mode) &&
2409
2399
(acc == (NFSD_MAY_READ | NFSD_MAY_OWNER_OVERRIDE) ||
2410
2400
acc == (NFSD_MAY_READ | NFSD_MAY_READ_IF_EXEC)))
2411
-
err = inode_permission(inode, MAY_EXEC);
2401
+
err = inode_permission(&init_user_ns, inode, MAY_EXEC);
2412
2402
2413
2403
return err? nfserrno(err) : 0;
2414
2404
}
+8
-6
fs/nilfs2/inode.c
+8
-6
fs/nilfs2/inode.c
···
348
348
/* reference count of i_bh inherits from nilfs_mdt_read_block() */
349
349
350
350
atomic64_inc(&root->inodes_count);
351
-
inode_init_owner(inode, dir, mode);
351
+
inode_init_owner(&init_user_ns, inode, dir, mode);
352
352
inode->i_ino = ino;
353
353
inode->i_mtime = inode->i_atime = inode->i_ctime = current_time(inode);
354
354
···
805
805
*/
806
806
}
807
807
808
-
int nilfs_setattr(struct dentry *dentry, struct iattr *iattr)
808
+
int nilfs_setattr(struct user_namespace *mnt_userns, struct dentry *dentry,
809
+
struct iattr *iattr)
809
810
{
810
811
struct nilfs_transaction_info ti;
811
812
struct inode *inode = d_inode(dentry);
812
813
struct super_block *sb = inode->i_sb;
813
814
int err;
814
815
815
-
err = setattr_prepare(dentry, iattr);
816
+
err = setattr_prepare(&init_user_ns, dentry, iattr);
816
817
if (err)
817
818
return err;
818
819
···
828
827
nilfs_truncate(inode);
829
828
}
830
829
831
-
setattr_copy(inode, iattr);
830
+
setattr_copy(&init_user_ns, inode, iattr);
832
831
mark_inode_dirty(inode);
833
832
834
833
if (iattr->ia_valid & ATTR_MODE) {
···
844
843
return err;
845
844
}
846
845
847
-
int nilfs_permission(struct inode *inode, int mask)
846
+
int nilfs_permission(struct user_namespace *mnt_userns, struct inode *inode,
847
+
int mask)
848
848
{
849
849
struct nilfs_root *root = NILFS_I(inode)->i_root;
850
850
···
853
851
root->cno != NILFS_CPTREE_CURRENT_CNO)
854
852
return -EROFS; /* snapshot is not writable */
855
853
856
-
return generic_permission(inode, mask);
854
+
return generic_permission(&init_user_ns, inode, mask);
857
855
}
858
856
859
857
int nilfs_load_inode_block(struct inode *inode, struct buffer_head **pbh)
+1
-1
fs/nilfs2/ioctl.c
+1
-1
fs/nilfs2/ioctl.c
+11
-8
fs/nilfs2/namei.c
+11
-8
fs/nilfs2/namei.c
···
72
72
* If the create succeeds, we fill in the inode information
73
73
* with d_instantiate().
74
74
*/
75
-
static int nilfs_create(struct inode *dir, struct dentry *dentry, umode_t mode,
76
-
bool excl)
75
+
static int nilfs_create(struct user_namespace *mnt_userns, struct inode *dir,
76
+
struct dentry *dentry, umode_t mode, bool excl)
77
77
{
78
78
struct inode *inode;
79
79
struct nilfs_transaction_info ti;
···
100
100
}
101
101
102
102
static int
103
-
nilfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t rdev)
103
+
nilfs_mknod(struct user_namespace *mnt_userns, struct inode *dir,
104
+
struct dentry *dentry, umode_t mode, dev_t rdev)
104
105
{
105
106
struct inode *inode;
106
107
struct nilfs_transaction_info ti;
···
125
124
return err;
126
125
}
127
126
128
-
static int nilfs_symlink(struct inode *dir, struct dentry *dentry,
129
-
const char *symname)
127
+
static int nilfs_symlink(struct user_namespace *mnt_userns, struct inode *dir,
128
+
struct dentry *dentry, const char *symname)
130
129
{
131
130
struct nilfs_transaction_info ti;
132
131
struct super_block *sb = dir->i_sb;
···
202
201
return err;
203
202
}
204
203
205
-
static int nilfs_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
204
+
static int nilfs_mkdir(struct user_namespace *mnt_userns, struct inode *dir,
205
+
struct dentry *dentry, umode_t mode)
206
206
{
207
207
struct inode *inode;
208
208
struct nilfs_transaction_info ti;
···
340
338
return err;
341
339
}
342
340
343
-
static int nilfs_rename(struct inode *old_dir, struct dentry *old_dentry,
344
-
struct inode *new_dir, struct dentry *new_dentry,
341
+
static int nilfs_rename(struct user_namespace *mnt_userns,
342
+
struct inode *old_dir, struct dentry *old_dentry,
343
+
struct inode *new_dir, struct dentry *new_dentry,
345
344
unsigned int flags)
346
345
{
347
346
struct inode *old_inode = d_inode(old_dentry);
+4
-2
fs/nilfs2/nilfs.h
+4
-2
fs/nilfs2/nilfs.h
···
267
267
extern void nilfs_update_inode(struct inode *, struct buffer_head *, int);
268
268
extern void nilfs_truncate(struct inode *);
269
269
extern void nilfs_evict_inode(struct inode *);
270
-
extern int nilfs_setattr(struct dentry *, struct iattr *);
270
+
extern int nilfs_setattr(struct user_namespace *, struct dentry *,
271
+
struct iattr *);
271
272
extern void nilfs_write_failed(struct address_space *mapping, loff_t to);
272
-
int nilfs_permission(struct inode *inode, int mask);
273
+
int nilfs_permission(struct user_namespace *mnt_userns, struct inode *inode,
274
+
int mask);
273
275
int nilfs_load_inode_block(struct inode *inode, struct buffer_head **pbh);
274
276
extern int nilfs_inode_dirty(struct inode *);
275
277
int nilfs_set_file_dirty(struct inode *inode, unsigned int nr_dirty);
+1
-1
fs/notify/fanotify/fanotify_user.c
+1
-1
fs/notify/fanotify/fanotify_user.c
+1
-1
fs/notify/inotify/inotify_user.c
+1
-1
fs/notify/inotify/inotify_user.c
···
352
352
if (error)
353
353
return error;
354
354
/* you can only watch an inode if you have read permissions on it */
355
-
error = inode_permission(path->dentry->d_inode, MAY_READ);
355
+
error = path_permission(path, MAY_READ);
356
356
if (error) {
357
357
path_put(path);
358
358
return error;
+4
-2
fs/ntfs/inode.c
+4
-2
fs/ntfs/inode.c
···
2848
2848
2849
2849
/**
2850
2850
* ntfs_setattr - called from notify_change() when an attribute is being changed
2851
+
* @mnt_userns: user namespace of the mount the inode was found from
2851
2852
* @dentry: dentry whose attributes to change
2852
2853
* @attr: structure describing the attributes and the changes
2853
2854
*
···
2861
2860
*
2862
2861
* Called with ->i_mutex held.
2863
2862
*/
2864
-
int ntfs_setattr(struct dentry *dentry, struct iattr *attr)
2863
+
int ntfs_setattr(struct user_namespace *mnt_userns, struct dentry *dentry,
2864
+
struct iattr *attr)
2865
2865
{
2866
2866
struct inode *vi = d_inode(dentry);
2867
2867
int err;
2868
2868
unsigned int ia_valid = attr->ia_valid;
2869
2869
2870
-
err = setattr_prepare(dentry, attr);
2870
+
err = setattr_prepare(&init_user_ns, dentry, attr);
2871
2871
if (err)
2872
2872
goto out;
2873
2873
/* We do not support NTFS ACLs yet. */
+2
-1
fs/ntfs/inode.h
+2
-1
fs/ntfs/inode.h
···
289
289
extern int ntfs_truncate(struct inode *vi);
290
290
extern void ntfs_truncate_vfs(struct inode *vi);
291
291
292
-
extern int ntfs_setattr(struct dentry *dentry, struct iattr *attr);
292
+
extern int ntfs_setattr(struct user_namespace *mnt_userns,
293
+
struct dentry *dentry, struct iattr *attr);
293
294
294
295
extern int __ntfs_write_inode(struct inode *vi, int sync);
295
296
+4
-2
fs/ocfs2/acl.c
+4
-2
fs/ocfs2/acl.c
···
262
262
return ret;
263
263
}
264
264
265
-
int ocfs2_iop_set_acl(struct inode *inode, struct posix_acl *acl, int type)
265
+
int ocfs2_iop_set_acl(struct user_namespace *mnt_userns, struct inode *inode,
266
+
struct posix_acl *acl, int type)
266
267
{
267
268
struct buffer_head *bh = NULL;
268
269
int status, had_lock;
···
275
274
if (type == ACL_TYPE_ACCESS && acl) {
276
275
umode_t mode;
277
276
278
-
status = posix_acl_update_mode(inode, &mode, &acl);
277
+
status = posix_acl_update_mode(&init_user_ns, inode, &mode,
278
+
&acl);
279
279
if (status)
280
280
goto unlock;
281
281
+2
-1
fs/ocfs2/acl.h
+2
-1
fs/ocfs2/acl.h
···
19
19
};
20
20
21
21
struct posix_acl *ocfs2_iop_get_acl(struct inode *inode, int type);
22
-
int ocfs2_iop_set_acl(struct inode *inode, struct posix_acl *acl, int type);
22
+
int ocfs2_iop_set_acl(struct user_namespace *mnt_userns, struct inode *inode,
23
+
struct posix_acl *acl, int type);
23
24
extern int ocfs2_acl_chmod(struct inode *, struct buffer_head *);
24
25
extern int ocfs2_init_acl(handle_t *, struct inode *, struct inode *,
25
26
struct buffer_head *, struct buffer_head *,
+10
-7
fs/ocfs2/dlmfs/dlmfs.c
+10
-7
fs/ocfs2/dlmfs/dlmfs.c
···
190
190
* We do ->setattr() just to override size changes. Our size is the size
191
191
* of the LVB and nothing else.
192
192
*/
193
-
static int dlmfs_file_setattr(struct dentry *dentry, struct iattr *attr)
193
+
static int dlmfs_file_setattr(struct user_namespace *mnt_userns,
194
+
struct dentry *dentry, struct iattr *attr)
194
195
{
195
196
int error;
196
197
struct inode *inode = d_inode(dentry);
197
198
198
199
attr->ia_valid &= ~ATTR_SIZE;
199
-
error = setattr_prepare(dentry, attr);
200
+
error = setattr_prepare(&init_user_ns, dentry, attr);
200
201
if (error)
201
202
return error;
202
203
203
-
setattr_copy(inode, attr);
204
+
setattr_copy(&init_user_ns, inode, attr);
204
205
mark_inode_dirty(inode);
205
206
return 0;
206
207
}
···
330
329
331
330
if (inode) {
332
331
inode->i_ino = get_next_ino();
333
-
inode_init_owner(inode, NULL, mode);
332
+
inode_init_owner(&init_user_ns, inode, NULL, mode);
334
333
inode->i_atime = inode->i_mtime = inode->i_ctime = current_time(inode);
335
334
inc_nlink(inode);
336
335
···
353
352
return NULL;
354
353
355
354
inode->i_ino = get_next_ino();
356
-
inode_init_owner(inode, parent, mode);
355
+
inode_init_owner(&init_user_ns, inode, parent, mode);
357
356
inode->i_atime = inode->i_mtime = inode->i_ctime = current_time(inode);
358
357
359
358
ip = DLMFS_I(inode);
···
396
395
* File creation. Allocate an inode, and we're done..
397
396
*/
398
397
/* SMP-safe */
399
-
static int dlmfs_mkdir(struct inode * dir,
398
+
static int dlmfs_mkdir(struct user_namespace * mnt_userns,
399
+
struct inode * dir,
400
400
struct dentry * dentry,
401
401
umode_t mode)
402
402
{
···
445
443
return status;
446
444
}
447
445
448
-
static int dlmfs_create(struct inode *dir,
446
+
static int dlmfs_create(struct user_namespace *mnt_userns,
447
+
struct inode *dir,
449
448
struct dentry *dentry,
450
449
umode_t mode,
451
450
bool excl)
+10
-8
fs/ocfs2/file.c
+10
-8
fs/ocfs2/file.c
···
1112
1112
return ret;
1113
1113
}
1114
1114
1115
-
int ocfs2_setattr(struct dentry *dentry, struct iattr *attr)
1115
+
int ocfs2_setattr(struct user_namespace *mnt_userns, struct dentry *dentry,
1116
+
struct iattr *attr)
1116
1117
{
1117
1118
int status = 0, size_change;
1118
1119
int inode_locked = 0;
···
1143
1142
if (!(attr->ia_valid & OCFS2_VALID_ATTRS))
1144
1143
return 0;
1145
1144
1146
-
status = setattr_prepare(dentry, attr);
1145
+
status = setattr_prepare(&init_user_ns, dentry, attr);
1147
1146
if (status)
1148
1147
return status;
1149
1148
···
1264
1263
}
1265
1264
}
1266
1265
1267
-
setattr_copy(inode, attr);
1266
+
setattr_copy(&init_user_ns, inode, attr);
1268
1267
mark_inode_dirty(inode);
1269
1268
1270
1269
status = ocfs2_mark_inode_dirty(handle, inode, bh);
···
1299
1298
return status;
1300
1299
}
1301
1300
1302
-
int ocfs2_getattr(const struct path *path, struct kstat *stat,
1303
-
u32 request_mask, unsigned int flags)
1301
+
int ocfs2_getattr(struct user_namespace *mnt_userns, const struct path *path,
1302
+
struct kstat *stat, u32 request_mask, unsigned int flags)
1304
1303
{
1305
1304
struct inode *inode = d_inode(path->dentry);
1306
1305
struct super_block *sb = path->dentry->d_sb;
···
1314
1313
goto bail;
1315
1314
}
1316
1315
1317
-
generic_fillattr(inode, stat);
1316
+
generic_fillattr(&init_user_ns, inode, stat);
1318
1317
/*
1319
1318
* If there is inline data in the inode, the inode will normally not
1320
1319
* have data blocks allocated (it may have an external xattr block).
···
1331
1330
return err;
1332
1331
}
1333
1332
1334
-
int ocfs2_permission(struct inode *inode, int mask)
1333
+
int ocfs2_permission(struct user_namespace *mnt_userns, struct inode *inode,
1334
+
int mask)
1335
1335
{
1336
1336
int ret, had_lock;
1337
1337
struct ocfs2_lock_holder oh;
···
1357
1355
dump_stack();
1358
1356
}
1359
1357
1360
-
ret = generic_permission(inode, mask);
1358
+
ret = generic_permission(&init_user_ns, inode, mask);
1361
1359
1362
1360
ocfs2_inode_unlock_tracker(inode, 0, &oh, had_lock);
1363
1361
out:
+7
-4
fs/ocfs2/file.h
+7
-4
fs/ocfs2/file.h
···
51
51
u64 new_i_size, u64 zero_to);
52
52
int ocfs2_zero_extend(struct inode *inode, struct buffer_head *di_bh,
53
53
loff_t zero_to);
54
-
int ocfs2_setattr(struct dentry *dentry, struct iattr *attr);
55
-
int ocfs2_getattr(const struct path *path, struct kstat *stat,
56
-
u32 request_mask, unsigned int flags);
57
-
int ocfs2_permission(struct inode *inode, int mask);
54
+
int ocfs2_setattr(struct user_namespace *mnt_userns, struct dentry *dentry,
55
+
struct iattr *attr);
56
+
int ocfs2_getattr(struct user_namespace *mnt_userns, const struct path *path,
57
+
struct kstat *stat, u32 request_mask, unsigned int flags);
58
+
int ocfs2_permission(struct user_namespace *mnt_userns,
59
+
struct inode *inode,
60
+
int mask);
58
61
59
62
int ocfs2_should_update_atime(struct inode *inode,
60
63
struct vfsmount *vfsmnt);
+1
-1
fs/ocfs2/ioctl.c
+1
-1
fs/ocfs2/ioctl.c
+13
-8
fs/ocfs2/namei.c
+13
-8
fs/ocfs2/namei.c
···
198
198
* callers. */
199
199
if (S_ISDIR(mode))
200
200
set_nlink(inode, 2);
201
-
inode_init_owner(inode, dir, mode);
201
+
inode_init_owner(&init_user_ns, inode, dir, mode);
202
202
status = dquot_initialize(inode);
203
203
if (status)
204
204
return ERR_PTR(status);
···
221
221
iput(inode);
222
222
}
223
223
224
-
static int ocfs2_mknod(struct inode *dir,
224
+
static int ocfs2_mknod(struct user_namespace *mnt_userns,
225
+
struct inode *dir,
225
226
struct dentry *dentry,
226
227
umode_t mode,
227
228
dev_t dev)
···
646
645
return status;
647
646
}
648
647
649
-
static int ocfs2_mkdir(struct inode *dir,
648
+
static int ocfs2_mkdir(struct user_namespace *mnt_userns,
649
+
struct inode *dir,
650
650
struct dentry *dentry,
651
651
umode_t mode)
652
652
{
···
655
653
656
654
trace_ocfs2_mkdir(dir, dentry, dentry->d_name.len, dentry->d_name.name,
657
655
OCFS2_I(dir)->ip_blkno, mode);
658
-
ret = ocfs2_mknod(dir, dentry, mode | S_IFDIR, 0);
656
+
ret = ocfs2_mknod(&init_user_ns, dir, dentry, mode | S_IFDIR, 0);
659
657
if (ret)
660
658
mlog_errno(ret);
661
659
662
660
return ret;
663
661
}
664
662
665
-
static int ocfs2_create(struct inode *dir,
663
+
static int ocfs2_create(struct user_namespace *mnt_userns,
664
+
struct inode *dir,
666
665
struct dentry *dentry,
667
666
umode_t mode,
668
667
bool excl)
···
672
669
673
670
trace_ocfs2_create(dir, dentry, dentry->d_name.len, dentry->d_name.name,
674
671
(unsigned long long)OCFS2_I(dir)->ip_blkno, mode);
675
-
ret = ocfs2_mknod(dir, dentry, mode | S_IFREG, 0);
672
+
ret = ocfs2_mknod(&init_user_ns, dir, dentry, mode | S_IFREG, 0);
676
673
if (ret)
677
674
mlog_errno(ret);
678
675
···
1198
1195
ocfs2_inode_unlock(inode2, 1);
1199
1196
}
1200
1197
1201
-
static int ocfs2_rename(struct inode *old_dir,
1198
+
static int ocfs2_rename(struct user_namespace *mnt_userns,
1199
+
struct inode *old_dir,
1202
1200
struct dentry *old_dentry,
1203
1201
struct inode *new_dir,
1204
1202
struct dentry *new_dentry,
···
1788
1784
return status;
1789
1785
}
1790
1786
1791
-
static int ocfs2_symlink(struct inode *dir,
1787
+
static int ocfs2_symlink(struct user_namespace *mnt_userns,
1788
+
struct inode *dir,
1792
1789
struct dentry *dentry,
1793
1790
const char *symname)
1794
1791
{
+2
-2
fs/ocfs2/refcounttree.c
+2
-2
fs/ocfs2/refcounttree.c
···
4346
4346
return -EEXIST;
4347
4347
if (IS_DEADDIR(dir))
4348
4348
return -ENOENT;
4349
-
return inode_permission(dir, MAY_WRITE | MAY_EXEC);
4349
+
return inode_permission(&init_user_ns, dir, MAY_WRITE | MAY_EXEC);
4350
4350
}
4351
4351
4352
4352
/**
···
4400
4400
* file.
4401
4401
*/
4402
4402
if (!preserve) {
4403
-
error = inode_permission(inode, MAY_READ);
4403
+
error = inode_permission(&init_user_ns, inode, MAY_READ);
4404
4404
if (error)
4405
4405
return error;
4406
4406
}
+3
fs/ocfs2/xattr.c
+3
fs/ocfs2/xattr.c
···
7249
7249
}
7250
7250
7251
7251
static int ocfs2_xattr_security_set(const struct xattr_handler *handler,
7252
+
struct user_namespace *mnt_userns,
7252
7253
struct dentry *unused, struct inode *inode,
7253
7254
const char *name, const void *value,
7254
7255
size_t size, int flags)
···
7322
7321
}
7323
7322
7324
7323
static int ocfs2_xattr_trusted_set(const struct xattr_handler *handler,
7324
+
struct user_namespace *mnt_userns,
7325
7325
struct dentry *unused, struct inode *inode,
7326
7326
const char *name, const void *value,
7327
7327
size_t size, int flags)
···
7353
7351
}
7354
7352
7355
7353
static int ocfs2_xattr_user_set(const struct xattr_handler *handler,
7354
+
struct user_namespace *mnt_userns,
7356
7355
struct dentry *unused, struct inode *inode,
7357
7356
const char *name, const void *value,
7358
7357
size_t size, int flags)
+7
-6
fs/omfs/dir.c
+7
-6
fs/omfs/dir.c
···
279
279
return err;
280
280
}
281
281
282
-
static int omfs_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
282
+
static int omfs_mkdir(struct user_namespace *mnt_userns, struct inode *dir,
283
+
struct dentry *dentry, umode_t mode)
283
284
{
284
285
return omfs_add_node(dir, dentry, mode | S_IFDIR);
285
286
}
286
287
287
-
static int omfs_create(struct inode *dir, struct dentry *dentry, umode_t mode,
288
-
bool excl)
288
+
static int omfs_create(struct user_namespace *mnt_userns, struct inode *dir,
289
+
struct dentry *dentry, umode_t mode, bool excl)
289
290
{
290
291
return omfs_add_node(dir, dentry, mode | S_IFREG);
291
292
}
···
370
369
return true;
371
370
}
372
371
373
-
static int omfs_rename(struct inode *old_dir, struct dentry *old_dentry,
374
-
struct inode *new_dir, struct dentry *new_dentry,
375
-
unsigned int flags)
372
+
static int omfs_rename(struct user_namespace *mnt_userns, struct inode *old_dir,
373
+
struct dentry *old_dentry, struct inode *new_dir,
374
+
struct dentry *new_dentry, unsigned int flags)
376
375
{
377
376
struct inode *new_inode = d_inode(new_dentry);
378
377
struct inode *old_inode = d_inode(old_dentry);
+4
-3
fs/omfs/file.c
+4
-3
fs/omfs/file.c
···
343
343
.splice_read = generic_file_splice_read,
344
344
};
345
345
346
-
static int omfs_setattr(struct dentry *dentry, struct iattr *attr)
346
+
static int omfs_setattr(struct user_namespace *mnt_userns,
347
+
struct dentry *dentry, struct iattr *attr)
347
348
{
348
349
struct inode *inode = d_inode(dentry);
349
350
int error;
350
351
351
-
error = setattr_prepare(dentry, attr);
352
+
error = setattr_prepare(&init_user_ns, dentry, attr);
352
353
if (error)
353
354
return error;
354
355
···
362
361
omfs_truncate(inode);
363
362
}
364
363
365
-
setattr_copy(inode, attr);
364
+
setattr_copy(&init_user_ns, inode, attr);
366
365
mark_inode_dirty(inode);
367
366
return 0;
368
367
}
+1
-1
fs/omfs/inode.c
+1
-1
fs/omfs/inode.c
+22
-13
fs/open.c
+22
-13
fs/open.c
···
35
35
36
36
#include "internal.h"
37
37
38
-
int do_truncate(struct dentry *dentry, loff_t length, unsigned int time_attrs,
39
-
struct file *filp)
38
+
int do_truncate(struct user_namespace *mnt_userns, struct dentry *dentry,
39
+
loff_t length, unsigned int time_attrs, struct file *filp)
40
40
{
41
41
int ret;
42
42
struct iattr newattrs;
···
61
61
62
62
inode_lock(dentry->d_inode);
63
63
/* Note any delegations or leases have already been broken: */
64
-
ret = notify_change(dentry, &newattrs, NULL);
64
+
ret = notify_change(mnt_userns, dentry, &newattrs, NULL);
65
65
inode_unlock(dentry->d_inode);
66
66
return ret;
67
67
}
68
68
69
69
long vfs_truncate(const struct path *path, loff_t length)
70
70
{
71
+
struct user_namespace *mnt_userns;
71
72
struct inode *inode;
72
73
long error;
73
74
···
84
83
if (error)
85
84
goto out;
86
85
87
-
error = inode_permission(inode, MAY_WRITE);
86
+
mnt_userns = mnt_user_ns(path->mnt);
87
+
error = inode_permission(mnt_userns, inode, MAY_WRITE);
88
88
if (error)
89
89
goto mnt_drop_write_and_out;
90
90
···
109
107
if (!error)
110
108
error = security_path_truncate(path);
111
109
if (!error)
112
-
error = do_truncate(path->dentry, length, 0, NULL);
110
+
error = do_truncate(mnt_userns, path->dentry, length, 0, NULL);
113
111
114
112
put_write_and_out:
115
113
put_write_access(inode);
···
188
186
/* Check IS_APPEND on real upper inode */
189
187
if (IS_APPEND(file_inode(f.file)))
190
188
goto out_putf;
191
-
192
189
sb_start_write(inode->i_sb);
193
190
error = locks_verify_truncate(inode, f.file, length);
194
191
if (!error)
195
192
error = security_path_truncate(&f.file->f_path);
196
193
if (!error)
197
-
error = do_truncate(dentry, length, ATTR_MTIME|ATTR_CTIME, f.file);
194
+
error = do_truncate(file_mnt_user_ns(f.file), dentry, length,
195
+
ATTR_MTIME | ATTR_CTIME, f.file);
198
196
sb_end_write(inode->i_sb);
199
197
out_putf:
200
198
fdput(f);
···
438
436
goto out_path_release;
439
437
}
440
438
441
-
res = inode_permission(inode, mode | MAY_ACCESS);
439
+
res = inode_permission(mnt_user_ns(path.mnt), inode, mode | MAY_ACCESS);
442
440
/* SuS v2 requires we report a read only fs too */
443
441
if (res || !(mode & S_IWOTH) || special_file(inode->i_mode))
444
442
goto out_path_release;
···
494
492
if (error)
495
493
goto out;
496
494
497
-
error = inode_permission(path.dentry->d_inode, MAY_EXEC | MAY_CHDIR);
495
+
error = path_permission(&path, MAY_EXEC | MAY_CHDIR);
498
496
if (error)
499
497
goto dput_and_out;
500
498
···
523
521
if (!d_can_lookup(f.file->f_path.dentry))
524
522
goto out_putf;
525
523
526
-
error = inode_permission(file_inode(f.file), MAY_EXEC | MAY_CHDIR);
524
+
error = file_permission(f.file, MAY_EXEC | MAY_CHDIR);
527
525
if (!error)
528
526
set_fs_pwd(current->fs, &f.file->f_path);
529
527
out_putf:
···
542
540
if (error)
543
541
goto out;
544
542
545
-
error = inode_permission(path.dentry->d_inode, MAY_EXEC | MAY_CHDIR);
543
+
error = path_permission(&path, MAY_EXEC | MAY_CHDIR);
546
544
if (error)
547
545
goto dput_and_out;
548
546
···
582
580
goto out_unlock;
583
581
newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO);
584
582
newattrs.ia_valid = ATTR_MODE | ATTR_CTIME;
585
-
error = notify_change(path->dentry, &newattrs, &delegated_inode);
583
+
error = notify_change(mnt_user_ns(path->mnt), path->dentry,
584
+
&newattrs, &delegated_inode);
586
585
out_unlock:
587
586
inode_unlock(inode);
588
587
if (delegated_inode) {
···
644
641
645
642
int chown_common(const struct path *path, uid_t user, gid_t group)
646
643
{
644
+
struct user_namespace *mnt_userns;
647
645
struct inode *inode = path->dentry->d_inode;
648
646
struct inode *delegated_inode = NULL;
649
647
int error;
···
654
650
655
651
uid = make_kuid(current_user_ns(), user);
656
652
gid = make_kgid(current_user_ns(), group);
653
+
654
+
mnt_userns = mnt_user_ns(path->mnt);
655
+
uid = kuid_from_mnt(mnt_userns, uid);
656
+
gid = kgid_from_mnt(mnt_userns, gid);
657
657
658
658
retry_deleg:
659
659
newattrs.ia_valid = ATTR_CTIME;
···
679
671
inode_lock(inode);
680
672
error = security_path_chown(path, uid, gid);
681
673
if (!error)
682
-
error = notify_change(path->dentry, &newattrs, &delegated_inode);
674
+
error = notify_change(mnt_userns, path->dentry, &newattrs,
675
+
&delegated_inode);
683
676
inode_unlock(inode);
684
677
if (delegated_inode) {
685
678
error = break_deleg_wait(&delegated_inode);
+4
-2
fs/orangefs/acl.c
+4
-2
fs/orangefs/acl.c
···
116
116
return error;
117
117
}
118
118
119
-
int orangefs_set_acl(struct inode *inode, struct posix_acl *acl, int type)
119
+
int orangefs_set_acl(struct user_namespace *mnt_userns, struct inode *inode,
120
+
struct posix_acl *acl, int type)
120
121
{
121
122
int error;
122
123
struct iattr iattr;
···
133
132
* and "mode" to the new desired value. It is up to
134
133
* us to propagate the new mode back to the server...
135
134
*/
136
-
error = posix_acl_update_mode(inode, &iattr.ia_mode, &acl);
135
+
error = posix_acl_update_mode(&init_user_ns, inode,
136
+
&iattr.ia_mode, &acl);
137
137
if (error) {
138
138
gossip_err("%s: posix_acl_update_mode err: %d\n",
139
139
__func__,
+11
-9
fs/orangefs/inode.c
+11
-9
fs/orangefs/inode.c
···
855
855
ORANGEFS_I(inode)->attr_uid = current_fsuid();
856
856
ORANGEFS_I(inode)->attr_gid = current_fsgid();
857
857
}
858
-
setattr_copy(inode, iattr);
858
+
setattr_copy(&init_user_ns, inode, iattr);
859
859
spin_unlock(&inode->i_lock);
860
860
mark_inode_dirty(inode);
861
861
862
862
if (iattr->ia_valid & ATTR_MODE)
863
863
/* change mod on a file that has ACLs */
864
-
ret = posix_acl_chmod(inode, inode->i_mode);
864
+
ret = posix_acl_chmod(&init_user_ns, inode, inode->i_mode);
865
865
866
866
ret = 0;
867
867
out:
···
871
871
/*
872
872
* Change attributes of an object referenced by dentry.
873
873
*/
874
-
int orangefs_setattr(struct dentry *dentry, struct iattr *iattr)
874
+
int orangefs_setattr(struct user_namespace *mnt_userns, struct dentry *dentry,
875
+
struct iattr *iattr)
875
876
{
876
877
int ret;
877
878
gossip_debug(GOSSIP_INODE_DEBUG, "__orangefs_setattr: called on %pd\n",
878
879
dentry);
879
-
ret = setattr_prepare(dentry, iattr);
880
+
ret = setattr_prepare(&init_user_ns, dentry, iattr);
880
881
if (ret)
881
882
goto out;
882
883
ret = __orangefs_setattr(d_inode(dentry), iattr);
···
891
890
/*
892
891
* Obtain attributes of an object given a dentry
893
892
*/
894
-
int orangefs_getattr(const struct path *path, struct kstat *stat,
895
-
u32 request_mask, unsigned int flags)
893
+
int orangefs_getattr(struct user_namespace *mnt_userns, const struct path *path,
894
+
struct kstat *stat, u32 request_mask, unsigned int flags)
896
895
{
897
896
int ret;
898
897
struct inode *inode = path->dentry->d_inode;
···
904
903
ret = orangefs_inode_getattr(inode,
905
904
request_mask & STATX_SIZE ? ORANGEFS_GETATTR_SIZE : 0);
906
905
if (ret == 0) {
907
-
generic_fillattr(inode, stat);
906
+
generic_fillattr(&init_user_ns, inode, stat);
908
907
909
908
/* override block size reported to stat */
910
909
if (!(request_mask & STATX_SIZE))
···
920
919
return ret;
921
920
}
922
921
923
-
int orangefs_permission(struct inode *inode, int mask)
922
+
int orangefs_permission(struct user_namespace *mnt_userns,
923
+
struct inode *inode, int mask)
924
924
{
925
925
int ret;
926
926
···
935
933
if (ret < 0)
936
934
return ret;
937
935
938
-
return generic_permission(inode, mask);
936
+
return generic_permission(&init_user_ns, inode, mask);
939
937
}
940
938
941
939
int orangefs_update_time(struct inode *inode, struct timespec64 *time, int flags)
+8
-4
fs/orangefs/namei.c
+8
-4
fs/orangefs/namei.c
···
15
15
/*
16
16
* Get a newly allocated inode to go with a negative dentry.
17
17
*/
18
-
static int orangefs_create(struct inode *dir,
18
+
static int orangefs_create(struct user_namespace *mnt_userns,
19
+
struct inode *dir,
19
20
struct dentry *dentry,
20
21
umode_t mode,
21
22
bool exclusive)
···
216
215
return ret;
217
216
}
218
217
219
-
static int orangefs_symlink(struct inode *dir,
218
+
static int orangefs_symlink(struct user_namespace *mnt_userns,
219
+
struct inode *dir,
220
220
struct dentry *dentry,
221
221
const char *symname)
222
222
{
···
305
303
return ret;
306
304
}
307
305
308
-
static int orangefs_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
306
+
static int orangefs_mkdir(struct user_namespace *mnt_userns, struct inode *dir,
307
+
struct dentry *dentry, umode_t mode)
309
308
{
310
309
struct orangefs_inode_s *parent = ORANGEFS_I(dir);
311
310
struct orangefs_kernel_op_s *new_op;
···
375
372
return ret;
376
373
}
377
374
378
-
static int orangefs_rename(struct inode *old_dir,
375
+
static int orangefs_rename(struct user_namespace *mnt_userns,
376
+
struct inode *old_dir,
379
377
struct dentry *old_dentry,
380
378
struct inode *new_dir,
381
379
struct dentry *new_dentry,
+8
-5
fs/orangefs/orangefs-kernel.h
+8
-5
fs/orangefs/orangefs-kernel.h
···
107
107
extern const struct xattr_handler *orangefs_xattr_handlers[];
108
108
109
109
extern struct posix_acl *orangefs_get_acl(struct inode *inode, int type);
110
-
extern int orangefs_set_acl(struct inode *inode, struct posix_acl *acl, int type);
110
+
extern int orangefs_set_acl(struct user_namespace *mnt_userns,
111
+
struct inode *inode, struct posix_acl *acl,
112
+
int type);
111
113
112
114
/*
113
115
* orangefs data structures
···
361
359
struct orangefs_object_kref *ref);
362
360
363
361
int __orangefs_setattr(struct inode *, struct iattr *);
364
-
int orangefs_setattr(struct dentry *, struct iattr *);
362
+
int orangefs_setattr(struct user_namespace *, struct dentry *, struct iattr *);
365
363
366
-
int orangefs_getattr(const struct path *path, struct kstat *stat,
367
-
u32 request_mask, unsigned int flags);
364
+
int orangefs_getattr(struct user_namespace *mnt_userns, const struct path *path,
365
+
struct kstat *stat, u32 request_mask, unsigned int flags);
368
366
369
-
int orangefs_permission(struct inode *inode, int mask);
367
+
int orangefs_permission(struct user_namespace *mnt_userns,
368
+
struct inode *inode, int mask);
370
369
371
370
int orangefs_update_time(struct inode *, struct timespec64 *, int);
372
371
+1
fs/orangefs/xattr.c
+1
fs/orangefs/xattr.c
+11
-11
fs/overlayfs/copy_up.c
+11
-11
fs/overlayfs/copy_up.c
···
93
93
continue; /* Discard */
94
94
}
95
95
retry:
96
-
size = vfs_getxattr(old, name, value, value_size);
96
+
size = vfs_getxattr(&init_user_ns, old, name, value, value_size);
97
97
if (size == -ERANGE)
98
-
size = vfs_getxattr(old, name, NULL, 0);
98
+
size = vfs_getxattr(&init_user_ns, old, name, NULL, 0);
99
99
100
100
if (size < 0) {
101
101
error = size;
···
115
115
goto retry;
116
116
}
117
117
118
-
error = vfs_setxattr(new, name, value, size, 0);
118
+
error = vfs_setxattr(&init_user_ns, new, name, value, size, 0);
119
119
if (error) {
120
120
if (error != -EOPNOTSUPP || ovl_must_copy_xattr(name))
121
121
break;
···
236
236
.ia_size = stat->size,
237
237
};
238
238
239
-
return notify_change(upperdentry, &attr, NULL);
239
+
return notify_change(&init_user_ns, upperdentry, &attr, NULL);
240
240
}
241
241
242
242
static int ovl_set_timestamps(struct dentry *upperdentry, struct kstat *stat)
···
248
248
.ia_mtime = stat->mtime,
249
249
};
250
250
251
-
return notify_change(upperdentry, &attr, NULL);
251
+
return notify_change(&init_user_ns, upperdentry, &attr, NULL);
252
252
}
253
253
254
254
int ovl_set_attr(struct dentry *upperdentry, struct kstat *stat)
···
260
260
.ia_valid = ATTR_MODE,
261
261
.ia_mode = stat->mode,
262
262
};
263
-
err = notify_change(upperdentry, &attr, NULL);
263
+
err = notify_change(&init_user_ns, upperdentry, &attr, NULL);
264
264
}
265
265
if (!err) {
266
266
struct iattr attr = {
···
268
268
.ia_uid = stat->uid,
269
269
.ia_gid = stat->gid,
270
270
};
271
-
err = notify_change(upperdentry, &attr, NULL);
271
+
err = notify_change(&init_user_ns, upperdentry, &attr, NULL);
272
272
}
273
273
if (!err)
274
274
ovl_set_timestamps(upperdentry, stat);
···
796
796
ssize_t res;
797
797
char *buf;
798
798
799
-
res = vfs_getxattr(dentry, name, NULL, 0);
799
+
res = vfs_getxattr(&init_user_ns, dentry, name, NULL, 0);
800
800
if (res == -ENODATA || res == -EOPNOTSUPP)
801
801
res = 0;
802
802
···
805
805
if (!buf)
806
806
return -ENOMEM;
807
807
808
-
res = vfs_getxattr(dentry, name, buf, res);
808
+
res = vfs_getxattr(&init_user_ns, dentry, name, buf, res);
809
809
if (res < 0)
810
810
kfree(buf);
811
811
else
···
847
847
* don't want that to happen for normal copy-up operation.
848
848
*/
849
849
if (capability) {
850
-
err = vfs_setxattr(upperpath.dentry, XATTR_NAME_CAPS,
851
-
capability, cap_size, 0);
850
+
err = vfs_setxattr(&init_user_ns, upperpath.dentry,
851
+
XATTR_NAME_CAPS, capability, cap_size, 0);
852
852
if (err)
853
853
goto out_free;
854
854
}
+16
-15
fs/overlayfs/dir.c
+16
-15
fs/overlayfs/dir.c
···
449
449
if (err < 0)
450
450
goto out_free;
451
451
452
-
err = vfs_setxattr(upperdentry, name, buffer, size, XATTR_CREATE);
452
+
err = vfs_setxattr(&init_user_ns, upperdentry, name, buffer, size, XATTR_CREATE);
453
453
out_free:
454
454
kfree(buffer);
455
455
return err;
···
508
508
.ia_mode = cattr->mode,
509
509
};
510
510
inode_lock(newdentry->d_inode);
511
-
err = notify_change(newdentry, &attr, NULL);
511
+
err = notify_change(&init_user_ns, newdentry, &attr, NULL);
512
512
inode_unlock(newdentry->d_inode);
513
513
if (err)
514
514
goto out_cleanup;
···
636
636
inode->i_state |= I_CREATING;
637
637
spin_unlock(&inode->i_lock);
638
638
639
-
inode_init_owner(inode, dentry->d_parent->d_inode, mode);
639
+
inode_init_owner(&init_user_ns, inode, dentry->d_parent->d_inode, mode);
640
640
attr.mode = inode->i_mode;
641
641
642
642
err = ovl_create_or_link(dentry, inode, &attr, false);
···
650
650
return err;
651
651
}
652
652
653
-
static int ovl_create(struct inode *dir, struct dentry *dentry, umode_t mode,
654
-
bool excl)
653
+
static int ovl_create(struct user_namespace *mnt_userns, struct inode *dir,
654
+
struct dentry *dentry, umode_t mode, bool excl)
655
655
{
656
656
return ovl_create_object(dentry, (mode & 07777) | S_IFREG, 0, NULL);
657
657
}
658
658
659
-
static int ovl_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
659
+
static int ovl_mkdir(struct user_namespace *mnt_userns, struct inode *dir,
660
+
struct dentry *dentry, umode_t mode)
660
661
{
661
662
return ovl_create_object(dentry, (mode & 07777) | S_IFDIR, 0, NULL);
662
663
}
663
664
664
-
static int ovl_mknod(struct inode *dir, struct dentry *dentry, umode_t mode,
665
-
dev_t rdev)
665
+
static int ovl_mknod(struct user_namespace *mnt_userns, struct inode *dir,
666
+
struct dentry *dentry, umode_t mode, dev_t rdev)
666
667
{
667
668
/* Don't allow creation of "whiteout" on overlay */
668
669
if (S_ISCHR(mode) && rdev == WHITEOUT_DEV)
···
672
671
return ovl_create_object(dentry, mode, rdev, NULL);
673
672
}
674
673
675
-
static int ovl_symlink(struct inode *dir, struct dentry *dentry,
676
-
const char *link)
674
+
static int ovl_symlink(struct user_namespace *mnt_userns, struct inode *dir,
675
+
struct dentry *dentry, const char *link)
677
676
{
678
677
return ovl_create_object(dentry, S_IFLNK, 0, link);
679
678
}
···
822
821
goto out_dput_upper;
823
822
824
823
if (is_dir)
825
-
err = vfs_rmdir(dir, upper);
824
+
err = vfs_rmdir(&init_user_ns, dir, upper);
826
825
else
827
-
err = vfs_unlink(dir, upper, NULL);
826
+
err = vfs_unlink(&init_user_ns, dir, upper, NULL);
828
827
ovl_dir_modified(dentry->d_parent, ovl_type_origin(dentry));
829
828
830
829
/*
···
1070
1069
return err;
1071
1070
}
1072
1071
1073
-
static int ovl_rename(struct inode *olddir, struct dentry *old,
1074
-
struct inode *newdir, struct dentry *new,
1075
-
unsigned int flags)
1072
+
static int ovl_rename(struct user_namespace *mnt_userns, struct inode *olddir,
1073
+
struct dentry *old, struct inode *newdir,
1074
+
struct dentry *new, unsigned int flags)
1076
1075
{
1077
1076
int err;
1078
1077
struct dentry *old_upperdir;
+3
-3
fs/overlayfs/file.c
+3
-3
fs/overlayfs/file.c
···
50
50
acc_mode |= MAY_APPEND;
51
51
52
52
old_cred = ovl_override_creds(inode->i_sb);
53
-
err = inode_permission(realinode, MAY_OPEN | acc_mode);
53
+
err = inode_permission(&init_user_ns, realinode, MAY_OPEN | acc_mode);
54
54
if (err) {
55
55
realfile = ERR_PTR(err);
56
56
} else {
57
-
if (!inode_owner_or_capable(realinode))
57
+
if (!inode_owner_or_capable(&init_user_ns, realinode))
58
58
flags &= ~O_NOATIME;
59
59
60
60
realfile = open_with_fake_path(&file->f_path, flags, realinode,
···
521
521
long ret;
522
522
struct inode *inode = file_inode(file);
523
523
524
-
if (!inode_owner_or_capable(inode))
524
+
if (!inode_owner_or_capable(&init_user_ns, inode))
525
525
return -EACCES;
526
526
527
527
ret = mnt_want_write_file(file);
+15
-12
fs/overlayfs/inode.c
+15
-12
fs/overlayfs/inode.c
···
14
14
#include "overlayfs.h"
15
15
16
16
17
-
int ovl_setattr(struct dentry *dentry, struct iattr *attr)
17
+
int ovl_setattr(struct user_namespace *mnt_userns, struct dentry *dentry,
18
+
struct iattr *attr)
18
19
{
19
20
int err;
20
21
bool full_copy_up = false;
21
22
struct dentry *upperdentry;
22
23
const struct cred *old_cred;
23
24
24
-
err = setattr_prepare(dentry, attr);
25
+
err = setattr_prepare(&init_user_ns, dentry, attr);
25
26
if (err)
26
27
return err;
27
28
···
80
79
81
80
inode_lock(upperdentry->d_inode);
82
81
old_cred = ovl_override_creds(dentry->d_sb);
83
-
err = notify_change(upperdentry, attr, NULL);
82
+
err = notify_change(&init_user_ns, upperdentry, attr, NULL);
84
83
revert_creds(old_cred);
85
84
if (!err)
86
85
ovl_copyattr(upperdentry->d_inode, dentry->d_inode);
···
155
154
return 0;
156
155
}
157
156
158
-
int ovl_getattr(const struct path *path, struct kstat *stat,
159
-
u32 request_mask, unsigned int flags)
157
+
int ovl_getattr(struct user_namespace *mnt_userns, const struct path *path,
158
+
struct kstat *stat, u32 request_mask, unsigned int flags)
160
159
{
161
160
struct dentry *dentry = path->dentry;
162
161
enum ovl_path_type type;
···
278
277
return err;
279
278
}
280
279
281
-
int ovl_permission(struct inode *inode, int mask)
280
+
int ovl_permission(struct user_namespace *mnt_userns,
281
+
struct inode *inode, int mask)
282
282
{
283
283
struct inode *upperinode = ovl_inode_upper(inode);
284
284
struct inode *realinode = upperinode ?: ovl_inode_lower(inode);
···
296
294
* Check overlay inode with the creds of task and underlying inode
297
295
* with creds of mounter
298
296
*/
299
-
err = generic_permission(inode, mask);
297
+
err = generic_permission(&init_user_ns, inode, mask);
300
298
if (err)
301
299
return err;
302
300
···
307
305
/* Make sure mounter can read file for copy up later */
308
306
mask |= MAY_READ;
309
307
}
310
-
err = inode_permission(realinode, mask);
308
+
err = inode_permission(&init_user_ns, realinode, mask);
311
309
revert_creds(old_cred);
312
310
313
311
return err;
···
355
353
356
354
if (!value && !upperdentry) {
357
355
old_cred = ovl_override_creds(dentry->d_sb);
358
-
err = vfs_getxattr(realdentry, name, NULL, 0);
356
+
err = vfs_getxattr(&init_user_ns, realdentry, name, NULL, 0);
359
357
revert_creds(old_cred);
360
358
if (err < 0)
361
359
goto out_drop_write;
···
371
369
372
370
old_cred = ovl_override_creds(dentry->d_sb);
373
371
if (value)
374
-
err = vfs_setxattr(realdentry, name, value, size, flags);
372
+
err = vfs_setxattr(&init_user_ns, realdentry, name, value, size,
373
+
flags);
375
374
else {
376
375
WARN_ON(flags != XATTR_REPLACE);
377
-
err = vfs_removexattr(realdentry, name);
376
+
err = vfs_removexattr(&init_user_ns, realdentry, name);
378
377
}
379
378
revert_creds(old_cred);
380
379
···
397
394
ovl_i_dentry_upper(inode) ?: ovl_dentry_lower(dentry);
398
395
399
396
old_cred = ovl_override_creds(dentry->d_sb);
400
-
res = vfs_getxattr(realdentry, name, value, size);
397
+
res = vfs_getxattr(&init_user_ns, realdentry, name, value, size);
401
398
revert_creds(old_cred);
402
399
return res;
403
400
}
+28
-17
fs/overlayfs/overlayfs.h
+28
-17
fs/overlayfs/overlayfs.h
···
123
123
124
124
static inline int ovl_do_rmdir(struct inode *dir, struct dentry *dentry)
125
125
{
126
-
int err = vfs_rmdir(dir, dentry);
126
+
int err = vfs_rmdir(&init_user_ns, dir, dentry);
127
127
128
128
pr_debug("rmdir(%pd2) = %i\n", dentry, err);
129
129
return err;
···
131
131
132
132
static inline int ovl_do_unlink(struct inode *dir, struct dentry *dentry)
133
133
{
134
-
int err = vfs_unlink(dir, dentry, NULL);
134
+
int err = vfs_unlink(&init_user_ns, dir, dentry, NULL);
135
135
136
136
pr_debug("unlink(%pd2) = %i\n", dentry, err);
137
137
return err;
···
140
140
static inline int ovl_do_link(struct dentry *old_dentry, struct inode *dir,
141
141
struct dentry *new_dentry)
142
142
{
143
-
int err = vfs_link(old_dentry, dir, new_dentry, NULL);
143
+
int err = vfs_link(old_dentry, &init_user_ns, dir, new_dentry, NULL);
144
144
145
145
pr_debug("link(%pd2, %pd2) = %i\n", old_dentry, new_dentry, err);
146
146
return err;
···
149
149
static inline int ovl_do_create(struct inode *dir, struct dentry *dentry,
150
150
umode_t mode)
151
151
{
152
-
int err = vfs_create(dir, dentry, mode, true);
152
+
int err = vfs_create(&init_user_ns, dir, dentry, mode, true);
153
153
154
154
pr_debug("create(%pd2, 0%o) = %i\n", dentry, mode, err);
155
155
return err;
···
158
158
static inline int ovl_do_mkdir(struct inode *dir, struct dentry *dentry,
159
159
umode_t mode)
160
160
{
161
-
int err = vfs_mkdir(dir, dentry, mode);
161
+
int err = vfs_mkdir(&init_user_ns, dir, dentry, mode);
162
162
pr_debug("mkdir(%pd2, 0%o) = %i\n", dentry, mode, err);
163
163
return err;
164
164
}
···
166
166
static inline int ovl_do_mknod(struct inode *dir, struct dentry *dentry,
167
167
umode_t mode, dev_t dev)
168
168
{
169
-
int err = vfs_mknod(dir, dentry, mode, dev);
169
+
int err = vfs_mknod(&init_user_ns, dir, dentry, mode, dev);
170
170
171
171
pr_debug("mknod(%pd2, 0%o, 0%o) = %i\n", dentry, mode, dev, err);
172
172
return err;
···
175
175
static inline int ovl_do_symlink(struct inode *dir, struct dentry *dentry,
176
176
const char *oldname)
177
177
{
178
-
int err = vfs_symlink(dir, dentry, oldname);
178
+
int err = vfs_symlink(&init_user_ns, dir, dentry, oldname);
179
179
180
180
pr_debug("symlink(\"%s\", %pd2) = %i\n", oldname, dentry, err);
181
181
return err;
···
186
186
size_t size)
187
187
{
188
188
const char *name = ovl_xattr(ofs, ox);
189
-
return vfs_getxattr(dentry, name, value, size);
189
+
return vfs_getxattr(&init_user_ns, dentry, name, value, size);
190
190
}
191
191
192
192
static inline int ovl_do_setxattr(struct ovl_fs *ofs, struct dentry *dentry,
···
194
194
size_t size)
195
195
{
196
196
const char *name = ovl_xattr(ofs, ox);
197
-
int err = vfs_setxattr(dentry, name, value, size, 0);
197
+
int err = vfs_setxattr(&init_user_ns, dentry, name, value, size, 0);
198
198
pr_debug("setxattr(%pd2, \"%s\", \"%*pE\", %zu, 0) = %i\n",
199
199
dentry, name, min((int)size, 48), value, size, err);
200
200
return err;
···
204
204
enum ovl_xattr ox)
205
205
{
206
206
const char *name = ovl_xattr(ofs, ox);
207
-
int err = vfs_removexattr(dentry, name);
207
+
int err = vfs_removexattr(&init_user_ns, dentry, name);
208
208
pr_debug("removexattr(%pd2, \"%s\") = %i\n", dentry, name, err);
209
209
return err;
210
210
}
···
214
214
unsigned int flags)
215
215
{
216
216
int err;
217
+
struct renamedata rd = {
218
+
.old_mnt_userns = &init_user_ns,
219
+
.old_dir = olddir,
220
+
.old_dentry = olddentry,
221
+
.new_mnt_userns = &init_user_ns,
222
+
.new_dir = newdir,
223
+
.new_dentry = newdentry,
224
+
.flags = flags,
225
+
};
217
226
218
227
pr_debug("rename(%pd2, %pd2, 0x%x)\n", olddentry, newdentry, flags);
219
-
err = vfs_rename(olddir, olddentry, newdir, newdentry, NULL, flags);
228
+
err = vfs_rename(&rd);
220
229
if (err) {
221
230
pr_debug("...rename(%pd2, %pd2, ...) = %i\n",
222
231
olddentry, newdentry, err);
···
235
226
236
227
static inline int ovl_do_whiteout(struct inode *dir, struct dentry *dentry)
237
228
{
238
-
int err = vfs_whiteout(dir, dentry);
229
+
int err = vfs_whiteout(&init_user_ns, dir, dentry);
239
230
pr_debug("whiteout(%pd2) = %i\n", dentry, err);
240
231
return err;
241
232
}
242
233
243
234
static inline struct dentry *ovl_do_tmpfile(struct dentry *dentry, umode_t mode)
244
235
{
245
-
struct dentry *ret = vfs_tmpfile(dentry, mode, 0);
236
+
struct dentry *ret = vfs_tmpfile(&init_user_ns, dentry, mode, 0);
246
237
int err = PTR_ERR_OR_ZERO(ret);
247
238
248
239
pr_debug("tmpfile(%pd2, 0%o) = %i\n", dentry, mode, err);
···
445
436
unsigned int ovl_get_nlink(struct ovl_fs *ofs, struct dentry *lowerdentry,
446
437
struct dentry *upperdentry,
447
438
unsigned int fallback);
448
-
int ovl_setattr(struct dentry *dentry, struct iattr *attr);
449
-
int ovl_getattr(const struct path *path, struct kstat *stat,
450
-
u32 request_mask, unsigned int flags);
451
-
int ovl_permission(struct inode *inode, int mask);
439
+
int ovl_setattr(struct user_namespace *mnt_userns, struct dentry *dentry,
440
+
struct iattr *attr);
441
+
int ovl_getattr(struct user_namespace *mnt_userns, const struct path *path,
442
+
struct kstat *stat, u32 request_mask, unsigned int flags);
443
+
int ovl_permission(struct user_namespace *mnt_userns, struct inode *inode,
444
+
int mask);
452
445
int ovl_xattr_set(struct dentry *dentry, struct inode *inode, const char *name,
453
446
const void *value, size_t size, int flags);
454
447
int ovl_xattr_get(struct dentry *dentry, struct inode *inode, const char *name,
+15
-6
fs/overlayfs/super.c
+15
-6
fs/overlayfs/super.c
···
803
803
* allowed as upper are limited to "normal" ones, where checking
804
804
* for the above two errors is sufficient.
805
805
*/
806
-
err = vfs_removexattr(work, XATTR_NAME_POSIX_ACL_DEFAULT);
806
+
err = vfs_removexattr(&init_user_ns, work,
807
+
XATTR_NAME_POSIX_ACL_DEFAULT);
807
808
if (err && err != -ENODATA && err != -EOPNOTSUPP)
808
809
goto out_dput;
809
810
810
-
err = vfs_removexattr(work, XATTR_NAME_POSIX_ACL_ACCESS);
811
+
err = vfs_removexattr(&init_user_ns, work,
812
+
XATTR_NAME_POSIX_ACL_ACCESS);
811
813
if (err && err != -ENODATA && err != -EOPNOTSUPP)
812
814
goto out_dput;
813
815
814
816
/* Clear any inherited mode bits */
815
817
inode_lock(work->d_inode);
816
-
err = notify_change(work, &attr, NULL);
818
+
err = notify_change(&init_user_ns, work, &attr, NULL);
817
819
inode_unlock(work->d_inode);
818
820
if (err)
819
821
goto out_dput;
···
865
863
err = -EINVAL;
866
864
if (ovl_dentry_weird(path->dentry)) {
867
865
pr_err("filesystem on '%s' not supported\n", name);
866
+
goto out_put;
867
+
}
868
+
if (mnt_user_ns(path->mnt) != &init_user_ns) {
869
+
pr_err("idmapped layers are currently not supported\n");
868
870
goto out_put;
869
871
}
870
872
if (!d_is_dir(path->dentry)) {
···
995
989
996
990
static int __maybe_unused
997
991
ovl_posix_acl_xattr_set(const struct xattr_handler *handler,
992
+
struct user_namespace *mnt_userns,
998
993
struct dentry *dentry, struct inode *inode,
999
994
const char *name, const void *value,
1000
995
size_t size, int flags)
···
1021
1014
goto out_acl_release;
1022
1015
}
1023
1016
err = -EPERM;
1024
-
if (!inode_owner_or_capable(inode))
1017
+
if (!inode_owner_or_capable(&init_user_ns, inode))
1025
1018
goto out_acl_release;
1026
1019
1027
1020
posix_acl_release(acl);
···
1033
1026
if (unlikely(inode->i_mode & S_ISGID) &&
1034
1027
handler->flags == ACL_TYPE_ACCESS &&
1035
1028
!in_group_p(inode->i_gid) &&
1036
-
!capable_wrt_inode_uidgid(inode, CAP_FSETID)) {
1029
+
!capable_wrt_inode_uidgid(&init_user_ns, inode, CAP_FSETID)) {
1037
1030
struct iattr iattr = { .ia_valid = ATTR_KILL_SGID };
1038
1031
1039
-
err = ovl_setattr(dentry, &iattr);
1032
+
err = ovl_setattr(&init_user_ns, dentry, &iattr);
1040
1033
if (err)
1041
1034
return err;
1042
1035
}
···
1060
1053
}
1061
1054
1062
1055
static int ovl_own_xattr_set(const struct xattr_handler *handler,
1056
+
struct user_namespace *mnt_userns,
1063
1057
struct dentry *dentry, struct inode *inode,
1064
1058
const char *name, const void *value,
1065
1059
size_t size, int flags)
···
1076
1068
}
1077
1069
1078
1070
static int ovl_other_xattr_set(const struct xattr_handler *handler,
1071
+
struct user_namespace *mnt_userns,
1079
1072
struct dentry *dentry, struct inode *inode,
1080
1073
const char *name, const void *value,
1081
1074
size_t size, int flags)
+2
-2
fs/overlayfs/util.c
+2
-2
fs/overlayfs/util.c
···
479
479
BUG();
480
480
}
481
481
482
-
err = inode_permission(inode, acc_mode | MAY_OPEN);
482
+
err = inode_permission(&init_user_ns, inode, acc_mode | MAY_OPEN);
483
483
if (err)
484
484
return ERR_PTR(err);
485
485
486
486
/* O_NOATIME is an optimization, don't fail if not permitted */
487
-
if (inode_owner_or_capable(inode))
487
+
if (inode_owner_or_capable(&init_user_ns, inode))
488
488
flags |= O_NOATIME;
489
489
490
490
return dentry_open(path, flags, current_cred());
+74
-29
fs/posix_acl.c
+74
-29
fs/posix_acl.c
···
345
345
* by the acl. Returns -E... otherwise.
346
346
*/
347
347
int
348
-
posix_acl_permission(struct inode *inode, const struct posix_acl *acl, int want)
348
+
posix_acl_permission(struct user_namespace *mnt_userns, struct inode *inode,
349
+
const struct posix_acl *acl, int want)
349
350
{
350
351
const struct posix_acl_entry *pa, *pe, *mask_obj;
351
352
int found = 0;
353
+
kuid_t uid;
354
+
kgid_t gid;
352
355
353
356
want &= MAY_READ | MAY_WRITE | MAY_EXEC;
354
357
···
359
356
switch(pa->e_tag) {
360
357
case ACL_USER_OBJ:
361
358
/* (May have been checked already) */
362
-
if (uid_eq(inode->i_uid, current_fsuid()))
359
+
uid = i_uid_into_mnt(mnt_userns, inode);
360
+
if (uid_eq(uid, current_fsuid()))
363
361
goto check_perm;
364
362
break;
365
363
case ACL_USER:
366
-
if (uid_eq(pa->e_uid, current_fsuid()))
364
+
uid = kuid_into_mnt(mnt_userns, pa->e_uid);
365
+
if (uid_eq(uid, current_fsuid()))
367
366
goto mask;
368
367
break;
369
368
case ACL_GROUP_OBJ:
370
-
if (in_group_p(inode->i_gid)) {
369
+
gid = i_gid_into_mnt(mnt_userns, inode);
370
+
if (in_group_p(gid)) {
371
371
found = 1;
372
372
if ((pa->e_perm & want) == want)
373
373
goto mask;
374
374
}
375
375
break;
376
376
case ACL_GROUP:
377
-
if (in_group_p(pa->e_gid)) {
377
+
gid = kgid_into_mnt(mnt_userns, pa->e_gid);
378
+
if (in_group_p(gid)) {
378
379
found = 1;
379
380
if ((pa->e_perm & want) == want)
380
381
goto mask;
···
558
551
}
559
552
EXPORT_SYMBOL(__posix_acl_chmod);
560
553
554
+
/**
555
+
* posix_acl_chmod - chmod a posix acl
556
+
*
557
+
* @mnt_userns: user namespace of the mount @inode was found from
558
+
* @inode: inode to check permissions on
559
+
* @mode: the new mode of @inode
560
+
*
561
+
* If the inode has been found through an idmapped mount the user namespace of
562
+
* the vfsmount must be passed through @mnt_userns. This function will then
563
+
* take care to map the inode according to @mnt_userns before checking
564
+
* permissions. On non-idmapped mounts or if permission checking is to be
565
+
* performed on the raw inode simply passs init_user_ns.
566
+
*/
561
567
int
562
-
posix_acl_chmod(struct inode *inode, umode_t mode)
568
+
posix_acl_chmod(struct user_namespace *mnt_userns, struct inode *inode,
569
+
umode_t mode)
563
570
{
564
571
struct posix_acl *acl;
565
572
int ret = 0;
···
593
572
ret = __posix_acl_chmod(&acl, GFP_KERNEL, mode);
594
573
if (ret)
595
574
return ret;
596
-
ret = inode->i_op->set_acl(inode, acl, ACL_TYPE_ACCESS);
575
+
ret = inode->i_op->set_acl(mnt_userns, inode, acl, ACL_TYPE_ACCESS);
597
576
posix_acl_release(acl);
598
577
return ret;
599
578
}
···
652
631
653
632
/**
654
633
* posix_acl_update_mode - update mode in set_acl
655
-
* @inode: target inode
656
-
* @mode_p: mode (pointer) for update
657
-
* @acl: acl pointer
634
+
* @mnt_userns: user namespace of the mount @inode was found from
635
+
* @inode: target inode
636
+
* @mode_p: mode (pointer) for update
637
+
* @acl: acl pointer
658
638
*
659
639
* Update the file mode when setting an ACL: compute the new file permission
660
640
* bits based on the ACL. In addition, if the ACL is equivalent to the new
···
664
642
* As with chmod, clear the setgid bit if the caller is not in the owning group
665
643
* or capable of CAP_FSETID (see inode_change_ok).
666
644
*
645
+
* If the inode has been found through an idmapped mount the user namespace of
646
+
* the vfsmount must be passed through @mnt_userns. This function will then
647
+
* take care to map the inode according to @mnt_userns before checking
648
+
* permissions. On non-idmapped mounts or if permission checking is to be
649
+
* performed on the raw inode simply passs init_user_ns.
650
+
*
667
651
* Called from set_acl inode operations.
668
652
*/
669
-
int posix_acl_update_mode(struct inode *inode, umode_t *mode_p,
653
+
int posix_acl_update_mode(struct user_namespace *mnt_userns,
654
+
struct inode *inode, umode_t *mode_p,
670
655
struct posix_acl **acl)
671
656
{
672
657
umode_t mode = inode->i_mode;
···
684
655
return error;
685
656
if (error == 0)
686
657
*acl = NULL;
687
-
if (!in_group_p(inode->i_gid) &&
688
-
!capable_wrt_inode_uidgid(inode, CAP_FSETID))
658
+
if (!in_group_p(i_gid_into_mnt(mnt_userns, inode)) &&
659
+
!capable_wrt_inode_uidgid(mnt_userns, inode, CAP_FSETID))
689
660
mode &= ~S_ISGID;
690
661
*mode_p = mode;
691
662
return 0;
···
697
668
*/
698
669
static void posix_acl_fix_xattr_userns(
699
670
struct user_namespace *to, struct user_namespace *from,
700
-
void *value, size_t size)
671
+
struct user_namespace *mnt_userns,
672
+
void *value, size_t size, bool from_user)
701
673
{
702
674
struct posix_acl_xattr_header *header = value;
703
675
struct posix_acl_xattr_entry *entry = (void *)(header + 1), *end;
···
723
693
switch(le16_to_cpu(entry->e_tag)) {
724
694
case ACL_USER:
725
695
uid = make_kuid(from, le32_to_cpu(entry->e_id));
696
+
if (from_user)
697
+
uid = kuid_from_mnt(mnt_userns, uid);
698
+
else
699
+
uid = kuid_into_mnt(mnt_userns, uid);
726
700
entry->e_id = cpu_to_le32(from_kuid(to, uid));
727
701
break;
728
702
case ACL_GROUP:
729
703
gid = make_kgid(from, le32_to_cpu(entry->e_id));
704
+
if (from_user)
705
+
gid = kgid_from_mnt(mnt_userns, gid);
706
+
else
707
+
gid = kgid_into_mnt(mnt_userns, gid);
730
708
entry->e_id = cpu_to_le32(from_kgid(to, gid));
731
709
break;
732
710
default:
···
743
705
}
744
706
}
745
707
746
-
void posix_acl_fix_xattr_from_user(void *value, size_t size)
708
+
void posix_acl_fix_xattr_from_user(struct user_namespace *mnt_userns,
709
+
void *value, size_t size)
747
710
{
748
711
struct user_namespace *user_ns = current_user_ns();
749
-
if (user_ns == &init_user_ns)
712
+
if ((user_ns == &init_user_ns) && (mnt_userns == &init_user_ns))
750
713
return;
751
-
posix_acl_fix_xattr_userns(&init_user_ns, user_ns, value, size);
714
+
posix_acl_fix_xattr_userns(&init_user_ns, user_ns, mnt_userns, value,
715
+
size, true);
752
716
}
753
717
754
-
void posix_acl_fix_xattr_to_user(void *value, size_t size)
718
+
void posix_acl_fix_xattr_to_user(struct user_namespace *mnt_userns,
719
+
void *value, size_t size)
755
720
{
756
721
struct user_namespace *user_ns = current_user_ns();
757
-
if (user_ns == &init_user_ns)
722
+
if ((user_ns == &init_user_ns) && (mnt_userns == &init_user_ns))
758
723
return;
759
-
posix_acl_fix_xattr_userns(user_ns, &init_user_ns, value, size);
724
+
posix_acl_fix_xattr_userns(user_ns, &init_user_ns, mnt_userns, value,
725
+
size, false);
760
726
}
761
727
762
728
/*
···
900
858
}
901
859
902
860
int
903
-
set_posix_acl(struct inode *inode, int type, struct posix_acl *acl)
861
+
set_posix_acl(struct user_namespace *mnt_userns, struct inode *inode,
862
+
int type, struct posix_acl *acl)
904
863
{
905
864
if (!IS_POSIXACL(inode))
906
865
return -EOPNOTSUPP;
···
910
867
911
868
if (type == ACL_TYPE_DEFAULT && !S_ISDIR(inode->i_mode))
912
869
return acl ? -EACCES : 0;
913
-
if (!inode_owner_or_capable(inode))
870
+
if (!inode_owner_or_capable(mnt_userns, inode))
914
871
return -EPERM;
915
872
916
873
if (acl) {
···
918
875
if (ret)
919
876
return ret;
920
877
}
921
-
return inode->i_op->set_acl(inode, acl, type);
878
+
return inode->i_op->set_acl(mnt_userns, inode, acl, type);
922
879
}
923
880
EXPORT_SYMBOL(set_posix_acl);
924
881
925
882
static int
926
883
posix_acl_xattr_set(const struct xattr_handler *handler,
927
-
struct dentry *unused, struct inode *inode,
928
-
const char *name, const void *value,
929
-
size_t size, int flags)
884
+
struct user_namespace *mnt_userns,
885
+
struct dentry *unused, struct inode *inode,
886
+
const char *name, const void *value, size_t size,
887
+
int flags)
930
888
{
931
889
struct posix_acl *acl = NULL;
932
890
int ret;
···
937
893
if (IS_ERR(acl))
938
894
return PTR_ERR(acl);
939
895
}
940
-
ret = set_posix_acl(inode, handler->flags, acl);
896
+
ret = set_posix_acl(mnt_userns, inode, handler->flags, acl);
941
897
posix_acl_release(acl);
942
898
return ret;
943
899
}
···
966
922
};
967
923
EXPORT_SYMBOL_GPL(posix_acl_default_xattr_handler);
968
924
969
-
int simple_set_acl(struct inode *inode, struct posix_acl *acl, int type)
925
+
int simple_set_acl(struct user_namespace *mnt_userns, struct inode *inode,
926
+
struct posix_acl *acl, int type)
970
927
{
971
928
int error;
972
929
973
930
if (type == ACL_TYPE_ACCESS) {
974
-
error = posix_acl_update_mode(inode,
931
+
error = posix_acl_update_mode(mnt_userns, inode,
975
932
&inode->i_mode, &acl);
976
933
if (error)
977
934
return error;
+16
-12
fs/proc/base.c
+16
-12
fs/proc/base.c
···
685
685
return allowed;
686
686
}
687
687
688
-
int proc_setattr(struct dentry *dentry, struct iattr *attr)
688
+
int proc_setattr(struct user_namespace *mnt_userns, struct dentry *dentry,
689
+
struct iattr *attr)
689
690
{
690
691
int error;
691
692
struct inode *inode = d_inode(dentry);
···
694
693
if (attr->ia_valid & ATTR_MODE)
695
694
return -EPERM;
696
695
697
-
error = setattr_prepare(dentry, attr);
696
+
error = setattr_prepare(&init_user_ns, dentry, attr);
698
697
if (error)
699
698
return error;
700
699
701
-
setattr_copy(inode, attr);
700
+
setattr_copy(&init_user_ns, inode, attr);
702
701
mark_inode_dirty(inode);
703
702
return 0;
704
703
}
···
727
726
}
728
727
729
728
730
-
static int proc_pid_permission(struct inode *inode, int mask)
729
+
static int proc_pid_permission(struct user_namespace *mnt_userns,
730
+
struct inode *inode, int mask)
731
731
{
732
732
struct proc_fs_info *fs_info = proc_sb_info(inode->i_sb);
733
733
struct task_struct *task;
···
753
751
754
752
return -EPERM;
755
753
}
756
-
return generic_permission(inode, mask);
754
+
return generic_permission(&init_user_ns, inode, mask);
757
755
}
758
756
759
757
···
1929
1927
return NULL;
1930
1928
}
1931
1929
1932
-
int pid_getattr(const struct path *path, struct kstat *stat,
1933
-
u32 request_mask, unsigned int query_flags)
1930
+
int pid_getattr(struct user_namespace *mnt_userns, const struct path *path,
1931
+
struct kstat *stat, u32 request_mask, unsigned int query_flags)
1934
1932
{
1935
1933
struct inode *inode = d_inode(path->dentry);
1936
1934
struct proc_fs_info *fs_info = proc_sb_info(inode->i_sb);
1937
1935
struct task_struct *task;
1938
1936
1939
-
generic_fillattr(inode, stat);
1937
+
generic_fillattr(&init_user_ns, inode, stat);
1940
1938
1941
1939
stat->uid = GLOBAL_ROOT_UID;
1942
1940
stat->gid = GLOBAL_ROOT_GID;
···
3475
3473
* This function makes sure that the node is always accessible for members of
3476
3474
* same thread group.
3477
3475
*/
3478
-
static int proc_tid_comm_permission(struct inode *inode, int mask)
3476
+
static int proc_tid_comm_permission(struct user_namespace *mnt_userns,
3477
+
struct inode *inode, int mask)
3479
3478
{
3480
3479
bool is_same_tgroup;
3481
3480
struct task_struct *task;
···
3495
3492
return 0;
3496
3493
}
3497
3494
3498
-
return generic_permission(inode, mask);
3495
+
return generic_permission(&init_user_ns, inode, mask);
3499
3496
}
3500
3497
3501
3498
static const struct inode_operations proc_tid_comm_inode_operations = {
···
3801
3798
return 0;
3802
3799
}
3803
3800
3804
-
static int proc_task_getattr(const struct path *path, struct kstat *stat,
3801
+
static int proc_task_getattr(struct user_namespace *mnt_userns,
3802
+
const struct path *path, struct kstat *stat,
3805
3803
u32 request_mask, unsigned int query_flags)
3806
3804
{
3807
3805
struct inode *inode = d_inode(path->dentry);
3808
3806
struct task_struct *p = get_proc_task(inode);
3809
-
generic_fillattr(inode, stat);
3807
+
generic_fillattr(&init_user_ns, inode, stat);
3810
3808
3811
3809
if (p) {
3812
3810
stat->nlink += get_nr_threads(p);
+3
-2
fs/proc/fd.c
+3
-2
fs/proc/fd.c
···
276
276
* /proc/pid/fd needs a special permission handler so that a process can still
277
277
* access /proc/self/fd after it has executed a setuid().
278
278
*/
279
-
int proc_fd_permission(struct inode *inode, int mask)
279
+
int proc_fd_permission(struct user_namespace *mnt_userns,
280
+
struct inode *inode, int mask)
280
281
{
281
282
struct task_struct *p;
282
283
int rv;
283
284
284
-
rv = generic_permission(inode, mask);
285
+
rv = generic_permission(&init_user_ns, inode, mask);
285
286
if (rv == 0)
286
287
return rv;
287
288
+2
-1
fs/proc/fd.h
+2
-1
fs/proc/fd.h
···
10
10
extern const struct file_operations proc_fdinfo_operations;
11
11
extern const struct inode_operations proc_fdinfo_inode_operations;
12
12
13
-
extern int proc_fd_permission(struct inode *inode, int mask);
13
+
extern int proc_fd_permission(struct user_namespace *mnt_userns,
14
+
struct inode *inode, int mask);
14
15
15
16
static inline unsigned int proc_fd(struct inode *inode)
16
17
{
+7
-5
fs/proc/generic.c
+7
-5
fs/proc/generic.c
···
115
115
return true;
116
116
}
117
117
118
-
static int proc_notify_change(struct dentry *dentry, struct iattr *iattr)
118
+
static int proc_notify_change(struct user_namespace *mnt_userns,
119
+
struct dentry *dentry, struct iattr *iattr)
119
120
{
120
121
struct inode *inode = d_inode(dentry);
121
122
struct proc_dir_entry *de = PDE(inode);
122
123
int error;
123
124
124
-
error = setattr_prepare(dentry, iattr);
125
+
error = setattr_prepare(&init_user_ns, dentry, iattr);
125
126
if (error)
126
127
return error;
127
128
128
-
setattr_copy(inode, iattr);
129
+
setattr_copy(&init_user_ns, inode, iattr);
129
130
mark_inode_dirty(inode);
130
131
131
132
proc_set_user(de, inode->i_uid, inode->i_gid);
···
134
133
return 0;
135
134
}
136
135
137
-
static int proc_getattr(const struct path *path, struct kstat *stat,
136
+
static int proc_getattr(struct user_namespace *mnt_userns,
137
+
const struct path *path, struct kstat *stat,
138
138
u32 request_mask, unsigned int query_flags)
139
139
{
140
140
struct inode *inode = d_inode(path->dentry);
···
147
145
}
148
146
}
149
147
150
-
generic_fillattr(inode, stat);
148
+
generic_fillattr(&init_user_ns, inode, stat);
151
149
return 0;
152
150
}
153
151
+4
-2
fs/proc/internal.h
+4
-2
fs/proc/internal.h
···
162
162
* base.c
163
163
*/
164
164
extern const struct dentry_operations pid_dentry_operations;
165
-
extern int pid_getattr(const struct path *, struct kstat *, u32, unsigned int);
166
-
extern int proc_setattr(struct dentry *, struct iattr *);
165
+
extern int pid_getattr(struct user_namespace *, const struct path *,
166
+
struct kstat *, u32, unsigned int);
167
+
extern int proc_setattr(struct user_namespace *, struct dentry *,
168
+
struct iattr *);
167
169
extern void proc_pid_evict_inode(struct proc_inode *);
168
170
extern struct inode *proc_pid_make_inode(struct super_block *, struct task_struct *, umode_t);
169
171
extern void pid_update_inode(struct task_struct *, struct inode *);
+3
-2
fs/proc/proc_net.c
+3
-2
fs/proc/proc_net.c
···
289
289
return de;
290
290
}
291
291
292
-
static int proc_tgid_net_getattr(const struct path *path, struct kstat *stat,
292
+
static int proc_tgid_net_getattr(struct user_namespace *mnt_userns,
293
+
const struct path *path, struct kstat *stat,
293
294
u32 request_mask, unsigned int query_flags)
294
295
{
295
296
struct inode *inode = d_inode(path->dentry);
···
298
297
299
298
net = get_proc_task_net(inode);
300
299
301
-
generic_fillattr(inode, stat);
300
+
generic_fillattr(&init_user_ns, inode, stat);
302
301
303
302
if (net != NULL) {
304
303
stat->nlink = net->proc_net->nlink;
+9
-6
fs/proc/proc_sysctl.c
+9
-6
fs/proc/proc_sysctl.c
···
785
785
return 0;
786
786
}
787
787
788
-
static int proc_sys_permission(struct inode *inode, int mask)
788
+
static int proc_sys_permission(struct user_namespace *mnt_userns,
789
+
struct inode *inode, int mask)
789
790
{
790
791
/*
791
792
* sysctl entries that are not writeable,
···
814
813
return error;
815
814
}
816
815
817
-
static int proc_sys_setattr(struct dentry *dentry, struct iattr *attr)
816
+
static int proc_sys_setattr(struct user_namespace *mnt_userns,
817
+
struct dentry *dentry, struct iattr *attr)
818
818
{
819
819
struct inode *inode = d_inode(dentry);
820
820
int error;
···
823
821
if (attr->ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID))
824
822
return -EPERM;
825
823
826
-
error = setattr_prepare(dentry, attr);
824
+
error = setattr_prepare(&init_user_ns, dentry, attr);
827
825
if (error)
828
826
return error;
829
827
830
-
setattr_copy(inode, attr);
828
+
setattr_copy(&init_user_ns, inode, attr);
831
829
mark_inode_dirty(inode);
832
830
return 0;
833
831
}
834
832
835
-
static int proc_sys_getattr(const struct path *path, struct kstat *stat,
833
+
static int proc_sys_getattr(struct user_namespace *mnt_userns,
834
+
const struct path *path, struct kstat *stat,
836
835
u32 request_mask, unsigned int query_flags)
837
836
{
838
837
struct inode *inode = d_inode(path->dentry);
···
843
840
if (IS_ERR(head))
844
841
return PTR_ERR(head);
845
842
846
-
generic_fillattr(inode, stat);
843
+
generic_fillattr(&init_user_ns, inode, stat);
847
844
if (table)
848
845
stat->mode = (stat->mode & S_IFMT) | table->mode;
849
846
+3
-2
fs/proc/root.c
+3
-2
fs/proc/root.c
···
308
308
register_filesystem(&proc_fs_type);
309
309
}
310
310
311
-
static int proc_root_getattr(const struct path *path, struct kstat *stat,
311
+
static int proc_root_getattr(struct user_namespace *mnt_userns,
312
+
const struct path *path, struct kstat *stat,
312
313
u32 request_mask, unsigned int query_flags)
313
314
{
314
-
generic_fillattr(d_inode(path->dentry), stat);
315
+
generic_fillattr(&init_user_ns, d_inode(path->dentry), stat);
315
316
stat->nlink = proc_root.nlink + nr_processes();
316
317
return 0;
317
318
}
+3
fs/proc_namespace.c
+3
fs/proc_namespace.c
+5
-4
fs/ramfs/file-nommu.c
+5
-4
fs/ramfs/file-nommu.c
···
22
22
#include <linux/uaccess.h>
23
23
#include "internal.h"
24
24
25
-
static int ramfs_nommu_setattr(struct dentry *, struct iattr *);
25
+
static int ramfs_nommu_setattr(struct user_namespace *, struct dentry *, struct iattr *);
26
26
static unsigned long ramfs_nommu_get_unmapped_area(struct file *file,
27
27
unsigned long addr,
28
28
unsigned long len,
···
158
158
* handle a change of attributes
159
159
* - we're specifically interested in a change of size
160
160
*/
161
-
static int ramfs_nommu_setattr(struct dentry *dentry, struct iattr *ia)
161
+
static int ramfs_nommu_setattr(struct user_namespace *mnt_userns,
162
+
struct dentry *dentry, struct iattr *ia)
162
163
{
163
164
struct inode *inode = d_inode(dentry);
164
165
unsigned int old_ia_valid = ia->ia_valid;
165
166
int ret = 0;
166
167
167
168
/* POSIX UID/GID verification for setting inode attributes */
168
-
ret = setattr_prepare(dentry, ia);
169
+
ret = setattr_prepare(&init_user_ns, dentry, ia);
169
170
if (ret)
170
171
return ret;
171
172
···
186
185
}
187
186
}
188
187
189
-
setattr_copy(inode, ia);
188
+
setattr_copy(&init_user_ns, inode, ia);
190
189
out:
191
190
ia->ia_valid = old_ia_valid;
192
191
return ret;
+11
-7
fs/ramfs/inode.c
+11
-7
fs/ramfs/inode.c
···
67
67
68
68
if (inode) {
69
69
inode->i_ino = get_next_ino();
70
-
inode_init_owner(inode, dir, mode);
70
+
inode_init_owner(&init_user_ns, inode, dir, mode);
71
71
inode->i_mapping->a_ops = &ramfs_aops;
72
72
mapping_set_gfp_mask(inode->i_mapping, GFP_HIGHUSER);
73
73
mapping_set_unevictable(inode->i_mapping);
···
101
101
*/
102
102
/* SMP-safe */
103
103
static int
104
-
ramfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
104
+
ramfs_mknod(struct user_namespace *mnt_userns, struct inode *dir,
105
+
struct dentry *dentry, umode_t mode, dev_t dev)
105
106
{
106
107
struct inode * inode = ramfs_get_inode(dir->i_sb, dir, mode, dev);
107
108
int error = -ENOSPC;
···
116
115
return error;
117
116
}
118
117
119
-
static int ramfs_mkdir(struct inode * dir, struct dentry * dentry, umode_t mode)
118
+
static int ramfs_mkdir(struct user_namespace *mnt_userns, struct inode *dir,
119
+
struct dentry *dentry, umode_t mode)
120
120
{
121
-
int retval = ramfs_mknod(dir, dentry, mode | S_IFDIR, 0);
121
+
int retval = ramfs_mknod(&init_user_ns, dir, dentry, mode | S_IFDIR, 0);
122
122
if (!retval)
123
123
inc_nlink(dir);
124
124
return retval;
125
125
}
126
126
127
-
static int ramfs_create(struct inode *dir, struct dentry *dentry, umode_t mode, bool excl)
127
+
static int ramfs_create(struct user_namespace *mnt_userns, struct inode *dir,
128
+
struct dentry *dentry, umode_t mode, bool excl)
128
129
{
129
-
return ramfs_mknod(dir, dentry, mode | S_IFREG, 0);
130
+
return ramfs_mknod(&init_user_ns, dir, dentry, mode | S_IFREG, 0);
130
131
}
131
132
132
-
static int ramfs_symlink(struct inode * dir, struct dentry *dentry, const char * symname)
133
+
static int ramfs_symlink(struct user_namespace *mnt_userns, struct inode *dir,
134
+
struct dentry *dentry, const char *symname)
133
135
{
134
136
struct inode *inode;
135
137
int error = -ENOSPC;
+2
-1
fs/reiserfs/acl.h
+2
-1
fs/reiserfs/acl.h
···
49
49
50
50
#ifdef CONFIG_REISERFS_FS_POSIX_ACL
51
51
struct posix_acl *reiserfs_get_acl(struct inode *inode, int type);
52
-
int reiserfs_set_acl(struct inode *inode, struct posix_acl *acl, int type);
52
+
int reiserfs_set_acl(struct user_namespace *mnt_userns, struct inode *inode,
53
+
struct posix_acl *acl, int type);
53
54
int reiserfs_acl_chmod(struct inode *inode);
54
55
int reiserfs_inherit_default_acl(struct reiserfs_transaction_handle *th,
55
56
struct inode *dir, struct dentry *dentry,
+4
-3
fs/reiserfs/inode.c
+4
-3
fs/reiserfs/inode.c
···
3282
3282
return ret;
3283
3283
}
3284
3284
3285
-
int reiserfs_setattr(struct dentry *dentry, struct iattr *attr)
3285
+
int reiserfs_setattr(struct user_namespace *mnt_userns, struct dentry *dentry,
3286
+
struct iattr *attr)
3286
3287
{
3287
3288
struct inode *inode = d_inode(dentry);
3288
3289
unsigned int ia_valid;
3289
3290
int error;
3290
3291
3291
-
error = setattr_prepare(dentry, attr);
3292
+
error = setattr_prepare(&init_user_ns, dentry, attr);
3292
3293
if (error)
3293
3294
return error;
3294
3295
···
3414
3413
}
3415
3414
3416
3415
if (!error) {
3417
-
setattr_copy(inode, attr);
3416
+
setattr_copy(&init_user_ns, inode, attr);
3418
3417
mark_inode_dirty(inode);
3419
3418
}
3420
3419
+2
-2
fs/reiserfs/ioctl.c
+2
-2
fs/reiserfs/ioctl.c
···
59
59
if (err)
60
60
break;
61
61
62
-
if (!inode_owner_or_capable(inode)) {
62
+
if (!inode_owner_or_capable(&init_user_ns, inode)) {
63
63
err = -EPERM;
64
64
goto setflags_out;
65
65
}
···
101
101
err = put_user(inode->i_generation, (int __user *)arg);
102
102
break;
103
103
case REISERFS_IOC_SETVERSION:
104
-
if (!inode_owner_or_capable(inode)) {
104
+
if (!inode_owner_or_capable(&init_user_ns, inode)) {
105
105
err = -EPERM;
106
106
break;
107
107
}
+12
-9
fs/reiserfs/namei.c
+12
-9
fs/reiserfs/namei.c
···
615
615
* the quota init calls have to know who to charge the quota to, so
616
616
* we have to set uid and gid here
617
617
*/
618
-
inode_init_owner(inode, dir, mode);
618
+
inode_init_owner(&init_user_ns, inode, dir, mode);
619
619
return dquot_initialize(inode);
620
620
}
621
621
622
-
static int reiserfs_create(struct inode *dir, struct dentry *dentry, umode_t mode,
623
-
bool excl)
622
+
static int reiserfs_create(struct user_namespace *mnt_userns, struct inode *dir,
623
+
struct dentry *dentry, umode_t mode, bool excl)
624
624
{
625
625
int retval;
626
626
struct inode *inode;
···
698
698
return retval;
699
699
}
700
700
701
-
static int reiserfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode,
702
-
dev_t rdev)
701
+
static int reiserfs_mknod(struct user_namespace *mnt_userns, struct inode *dir,
702
+
struct dentry *dentry, umode_t mode, dev_t rdev)
703
703
{
704
704
int retval;
705
705
struct inode *inode;
···
781
781
return retval;
782
782
}
783
783
784
-
static int reiserfs_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
784
+
static int reiserfs_mkdir(struct user_namespace *mnt_userns, struct inode *dir,
785
+
struct dentry *dentry, umode_t mode)
785
786
{
786
787
int retval;
787
788
struct inode *inode;
···
1095
1094
return retval;
1096
1095
}
1097
1096
1098
-
static int reiserfs_symlink(struct inode *parent_dir,
1099
-
struct dentry *dentry, const char *symname)
1097
+
static int reiserfs_symlink(struct user_namespace *mnt_userns,
1098
+
struct inode *parent_dir, struct dentry *dentry,
1099
+
const char *symname)
1100
1100
{
1101
1101
int retval;
1102
1102
struct inode *inode;
···
1306
1304
* one path. If it holds 2 or more, it can get into endless waiting in
1307
1305
* get_empty_nodes or its clones
1308
1306
*/
1309
-
static int reiserfs_rename(struct inode *old_dir, struct dentry *old_dentry,
1307
+
static int reiserfs_rename(struct user_namespace *mnt_userns,
1308
+
struct inode *old_dir, struct dentry *old_dentry,
1310
1309
struct inode *new_dir, struct dentry *new_dentry,
1311
1310
unsigned int flags)
1312
1311
{
+2
-1
fs/reiserfs/reiserfs.h
+2
-1
fs/reiserfs/reiserfs.h
···
3102
3102
}
3103
3103
3104
3104
void sd_attrs_to_i_attrs(__u16 sd_attrs, struct inode *inode);
3105
-
int reiserfs_setattr(struct dentry *dentry, struct iattr *attr);
3105
+
int reiserfs_setattr(struct user_namespace *mnt_userns, struct dentry *dentry,
3106
+
struct iattr *attr);
3106
3107
3107
3108
int __reiserfs_write_begin(struct page *page, unsigned from, unsigned len);
3108
3109
+7
-6
fs/reiserfs/xattr.c
+7
-6
fs/reiserfs/xattr.c
···
66
66
static int xattr_create(struct inode *dir, struct dentry *dentry, int mode)
67
67
{
68
68
BUG_ON(!inode_is_locked(dir));
69
-
return dir->i_op->create(dir, dentry, mode, true);
69
+
return dir->i_op->create(&init_user_ns, dir, dentry, mode, true);
70
70
}
71
71
#endif
72
72
73
73
static int xattr_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
74
74
{
75
75
BUG_ON(!inode_is_locked(dir));
76
-
return dir->i_op->mkdir(dir, dentry, mode);
76
+
return dir->i_op->mkdir(&init_user_ns, dir, dentry, mode);
77
77
}
78
78
79
79
/*
···
352
352
* ATTR_MODE is set.
353
353
*/
354
354
attrs->ia_valid &= (ATTR_UID|ATTR_GID);
355
-
err = reiserfs_setattr(dentry, attrs);
355
+
err = reiserfs_setattr(&init_user_ns, dentry, attrs);
356
356
attrs->ia_valid = ia_valid;
357
357
358
358
return err;
···
604
604
inode_lock_nested(d_inode(dentry), I_MUTEX_XATTR);
605
605
inode_dio_wait(d_inode(dentry));
606
606
607
-
err = reiserfs_setattr(dentry, &newattrs);
607
+
err = reiserfs_setattr(&init_user_ns, dentry, &newattrs);
608
608
inode_unlock(d_inode(dentry));
609
609
} else
610
610
update_ctime(inode);
···
948
948
return 0;
949
949
}
950
950
951
-
int reiserfs_permission(struct inode *inode, int mask)
951
+
int reiserfs_permission(struct user_namespace *mnt_userns, struct inode *inode,
952
+
int mask)
952
953
{
953
954
/*
954
955
* We don't do permission checks on the internal objects.
···
958
957
if (IS_PRIVATE(inode))
959
958
return 0;
960
959
961
-
return generic_permission(inode, mask);
960
+
return generic_permission(&init_user_ns, inode, mask);
962
961
}
963
962
964
963
static int xattr_hide_revalidate(struct dentry *dentry, unsigned int flags)
+2
-1
fs/reiserfs/xattr.h
+2
-1
fs/reiserfs/xattr.h
···
16
16
int reiserfs_lookup_privroot(struct super_block *sb);
17
17
int reiserfs_delete_xattrs(struct inode *inode);
18
18
int reiserfs_chown_xattrs(struct inode *inode, struct iattr *attrs);
19
-
int reiserfs_permission(struct inode *inode, int mask);
19
+
int reiserfs_permission(struct user_namespace *mnt_userns,
20
+
struct inode *inode, int mask);
20
21
21
22
#ifdef CONFIG_REISERFS_FS_XATTR
22
23
#define has_xattr_dir(inode) (REISERFS_I(inode)->i_flags & i_has_xattr_dir)
+5
-3
fs/reiserfs/xattr_acl.c
+5
-3
fs/reiserfs/xattr_acl.c
···
18
18
19
19
20
20
int
21
-
reiserfs_set_acl(struct inode *inode, struct posix_acl *acl, int type)
21
+
reiserfs_set_acl(struct user_namespace *mnt_userns, struct inode *inode,
22
+
struct posix_acl *acl, int type)
22
23
{
23
24
int error, error2;
24
25
struct reiserfs_transaction_handle th;
···
41
40
reiserfs_write_unlock(inode->i_sb);
42
41
if (error == 0) {
43
42
if (type == ACL_TYPE_ACCESS && acl) {
44
-
error = posix_acl_update_mode(inode, &mode, &acl);
43
+
error = posix_acl_update_mode(&init_user_ns, inode,
44
+
&mode, &acl);
45
45
if (error)
46
46
goto unlock;
47
47
update_mode = 1;
···
401
399
!reiserfs_posixacl(inode->i_sb))
402
400
return 0;
403
401
404
-
return posix_acl_chmod(inode, inode->i_mode);
402
+
return posix_acl_chmod(&init_user_ns, inode, inode->i_mode);
405
403
}
+2
-1
fs/reiserfs/xattr_security.c
+2
-1
fs/reiserfs/xattr_security.c
···
21
21
}
22
22
23
23
static int
24
-
security_set(const struct xattr_handler *handler, struct dentry *unused,
24
+
security_set(const struct xattr_handler *handler,
25
+
struct user_namespace *mnt_userns, struct dentry *unused,
25
26
struct inode *inode, const char *name, const void *buffer,
26
27
size_t size, int flags)
27
28
{
+2
-1
fs/reiserfs/xattr_trusted.c
+2
-1
fs/reiserfs/xattr_trusted.c
···
20
20
}
21
21
22
22
static int
23
-
trusted_set(const struct xattr_handler *handler, struct dentry *unused,
23
+
trusted_set(const struct xattr_handler *handler,
24
+
struct user_namespace *mnt_userns, struct dentry *unused,
24
25
struct inode *inode, const char *name, const void *buffer,
25
26
size_t size, int flags)
26
27
{
+2
-1
fs/reiserfs/xattr_user.c
+2
-1
fs/reiserfs/xattr_user.c
···
18
18
}
19
19
20
20
static int
21
-
user_set(const struct xattr_handler *handler, struct dentry *unused,
21
+
user_set(const struct xattr_handler *handler, struct user_namespace *mnt_userns,
22
+
struct dentry *unused,
22
23
struct inode *inode, const char *name, const void *buffer,
23
24
size_t size, int flags)
24
25
{
+5
-2
fs/remap_range.c
+5
-2
fs/remap_range.c
···
432
432
/* Check whether we are allowed to dedupe the destination file */
433
433
static bool allow_file_dedupe(struct file *file)
434
434
{
435
+
struct user_namespace *mnt_userns = file_mnt_user_ns(file);
436
+
struct inode *inode = file_inode(file);
437
+
435
438
if (capable(CAP_SYS_ADMIN))
436
439
return true;
437
440
if (file->f_mode & FMODE_WRITE)
438
441
return true;
439
-
if (uid_eq(current_fsuid(), file_inode(file)->i_uid))
442
+
if (uid_eq(current_fsuid(), i_uid_into_mnt(mnt_userns, inode)))
440
443
return true;
441
-
if (!inode_permission(file_inode(file), MAY_WRITE))
444
+
if (!inode_permission(mnt_userns, inode, MAY_WRITE))
442
445
return true;
443
446
return false;
444
447
}
+18
-8
fs/stat.c
+18
-8
fs/stat.c
···
26
26
27
27
/**
28
28
* generic_fillattr - Fill in the basic attributes from the inode struct
29
-
* @inode: Inode to use as the source
30
-
* @stat: Where to fill in the attributes
29
+
* @mnt_userns: user namespace of the mount the inode was found from
30
+
* @inode: Inode to use as the source
31
+
* @stat: Where to fill in the attributes
31
32
*
32
33
* Fill in the basic attributes in the kstat structure from data that's to be
33
34
* found on the VFS inode structure. This is the default if no getattr inode
34
35
* operation is supplied.
36
+
*
37
+
* If the inode has been found through an idmapped mount the user namespace of
38
+
* the vfsmount must be passed through @mnt_userns. This function will then
39
+
* take care to map the inode according to @mnt_userns before filling in the
40
+
* uid and gid filds. On non-idmapped mounts or if permission checking is to be
41
+
* performed on the raw inode simply passs init_user_ns.
35
42
*/
36
-
void generic_fillattr(struct inode *inode, struct kstat *stat)
43
+
void generic_fillattr(struct user_namespace *mnt_userns, struct inode *inode,
44
+
struct kstat *stat)
37
45
{
38
46
stat->dev = inode->i_sb->s_dev;
39
47
stat->ino = inode->i_ino;
40
48
stat->mode = inode->i_mode;
41
49
stat->nlink = inode->i_nlink;
42
-
stat->uid = inode->i_uid;
43
-
stat->gid = inode->i_gid;
50
+
stat->uid = i_uid_into_mnt(mnt_userns, inode);
51
+
stat->gid = i_gid_into_mnt(mnt_userns, inode);
44
52
stat->rdev = inode->i_rdev;
45
53
stat->size = i_size_read(inode);
46
54
stat->atime = inode->i_atime;
···
75
67
int vfs_getattr_nosec(const struct path *path, struct kstat *stat,
76
68
u32 request_mask, unsigned int query_flags)
77
69
{
70
+
struct user_namespace *mnt_userns;
78
71
struct inode *inode = d_backing_inode(path->dentry);
79
72
80
73
memset(stat, 0, sizeof(*stat));
···
92
83
if (IS_DAX(inode))
93
84
stat->attributes |= STATX_ATTR_DAX;
94
85
86
+
mnt_userns = mnt_user_ns(path->mnt);
95
87
if (inode->i_op->getattr)
96
-
return inode->i_op->getattr(path, stat, request_mask,
97
-
query_flags);
88
+
return inode->i_op->getattr(mnt_userns, path, stat,
89
+
request_mask, query_flags);
98
90
99
-
generic_fillattr(inode, stat);
91
+
generic_fillattr(mnt_userns, inode, stat);
100
92
return 0;
101
93
}
102
94
EXPORT_SYMBOL(vfs_getattr_nosec);
+4
-3
fs/sysv/file.c
+4
-3
fs/sysv/file.c
···
29
29
.splice_read = generic_file_splice_read,
30
30
};
31
31
32
-
static int sysv_setattr(struct dentry *dentry, struct iattr *attr)
32
+
static int sysv_setattr(struct user_namespace *mnt_userns,
33
+
struct dentry *dentry, struct iattr *attr)
33
34
{
34
35
struct inode *inode = d_inode(dentry);
35
36
int error;
36
37
37
-
error = setattr_prepare(dentry, attr);
38
+
error = setattr_prepare(&init_user_ns, dentry, attr);
38
39
if (error)
39
40
return error;
40
41
···
48
47
sysv_truncate(inode);
49
48
}
50
49
51
-
setattr_copy(inode, attr);
50
+
setattr_copy(&init_user_ns, inode, attr);
52
51
mark_inode_dirty(inode);
53
52
return 0;
54
53
}
+1
-1
fs/sysv/ialloc.c
+1
-1
fs/sysv/ialloc.c
···
163
163
*sbi->s_sb_fic_count = cpu_to_fs16(sbi, count);
164
164
fs16_add(sbi, sbi->s_sb_total_free_inodes, -1);
165
165
dirty_sb(sb);
166
-
inode_init_owner(inode, dir, mode);
166
+
inode_init_owner(&init_user_ns, inode, dir, mode);
167
167
inode->i_ino = fs16_to_cpu(sbi, ino);
168
168
inode->i_mtime = inode->i_atime = inode->i_ctime = current_time(inode);
169
169
inode->i_blocks = 0;
+3
-3
fs/sysv/itree.c
+3
-3
fs/sysv/itree.c
···
441
441
return blocks;
442
442
}
443
443
444
-
int sysv_getattr(const struct path *path, struct kstat *stat,
445
-
u32 request_mask, unsigned int flags)
444
+
int sysv_getattr(struct user_namespace *mnt_userns, const struct path *path,
445
+
struct kstat *stat, u32 request_mask, unsigned int flags)
446
446
{
447
447
struct super_block *s = path->dentry->d_sb;
448
-
generic_fillattr(d_inode(path->dentry), stat);
448
+
generic_fillattr(&init_user_ns, d_inode(path->dentry), stat);
449
449
stat->blocks = (s->s_blocksize / 512) * sysv_nblocks(s, stat->size);
450
450
stat->blksize = s->s_blocksize;
451
451
return 0;
+12
-9
fs/sysv/namei.c
+12
-9
fs/sysv/namei.c
···
41
41
return d_splice_alias(inode, dentry);
42
42
}
43
43
44
-
static int sysv_mknod(struct inode * dir, struct dentry * dentry, umode_t mode, dev_t rdev)
44
+
static int sysv_mknod(struct user_namespace *mnt_userns, struct inode *dir,
45
+
struct dentry *dentry, umode_t mode, dev_t rdev)
45
46
{
46
47
struct inode * inode;
47
48
int err;
···
61
60
return err;
62
61
}
63
62
64
-
static int sysv_create(struct inode * dir, struct dentry * dentry, umode_t mode, bool excl)
63
+
static int sysv_create(struct user_namespace *mnt_userns, struct inode *dir,
64
+
struct dentry *dentry, umode_t mode, bool excl)
65
65
{
66
-
return sysv_mknod(dir, dentry, mode, 0);
66
+
return sysv_mknod(&init_user_ns, dir, dentry, mode, 0);
67
67
}
68
68
69
-
static int sysv_symlink(struct inode * dir, struct dentry * dentry,
70
-
const char * symname)
69
+
static int sysv_symlink(struct user_namespace *mnt_userns, struct inode *dir,
70
+
struct dentry *dentry, const char *symname)
71
71
{
72
72
int err = -ENAMETOOLONG;
73
73
int l = strlen(symname)+1;
···
110
108
return add_nondir(dentry, inode);
111
109
}
112
110
113
-
static int sysv_mkdir(struct inode * dir, struct dentry *dentry, umode_t mode)
111
+
static int sysv_mkdir(struct user_namespace *mnt_userns, struct inode *dir,
112
+
struct dentry *dentry, umode_t mode)
114
113
{
115
114
struct inode * inode;
116
115
int err;
···
189
186
* Anybody can rename anything with this: the permission checks are left to the
190
187
* higher-level routines.
191
188
*/
192
-
static int sysv_rename(struct inode * old_dir, struct dentry * old_dentry,
193
-
struct inode * new_dir, struct dentry * new_dentry,
194
-
unsigned int flags)
189
+
static int sysv_rename(struct user_namespace *mnt_userns, struct inode *old_dir,
190
+
struct dentry *old_dentry, struct inode *new_dir,
191
+
struct dentry *new_dentry, unsigned int flags)
195
192
{
196
193
struct inode * old_inode = d_inode(old_dentry);
197
194
struct inode * new_inode = d_inode(new_dentry);
+2
-1
fs/sysv/sysv.h
+2
-1
fs/sysv/sysv.h
···
141
141
extern int sysv_write_inode(struct inode *, struct writeback_control *wbc);
142
142
extern int sysv_sync_inode(struct inode *);
143
143
extern void sysv_set_inode(struct inode *, dev_t);
144
-
extern int sysv_getattr(const struct path *, struct kstat *, u32, unsigned int);
144
+
extern int sysv_getattr(struct user_namespace *, const struct path *,
145
+
struct kstat *, u32, unsigned int);
145
146
extern int sysv_init_icache(void);
146
147
extern void sysv_destroy_icache(void);
147
148
+3
-1
fs/tracefs/inode.c
+3
-1
fs/tracefs/inode.c
···
67
67
return name;
68
68
}
69
69
70
-
static int tracefs_syscall_mkdir(struct inode *inode, struct dentry *dentry, umode_t mode)
70
+
static int tracefs_syscall_mkdir(struct user_namespace *mnt_userns,
71
+
struct inode *inode, struct dentry *dentry,
72
+
umode_t mode)
71
73
{
72
74
char *name;
73
75
int ret;
+16
-14
fs/ubifs/dir.c
+16
-14
fs/ubifs/dir.c
···
94
94
*/
95
95
inode->i_flags |= S_NOCMTIME;
96
96
97
-
inode_init_owner(inode, dir, mode);
97
+
inode_init_owner(&init_user_ns, inode, dir, mode);
98
98
inode->i_mtime = inode->i_atime = inode->i_ctime =
99
99
current_time(inode);
100
100
inode->i_mapping->nrpages = 0;
···
280
280
return fscrypt_setup_filename(dir, &dentry->d_name, 0, nm);
281
281
}
282
282
283
-
static int ubifs_create(struct inode *dir, struct dentry *dentry, umode_t mode,
284
-
bool excl)
283
+
static int ubifs_create(struct user_namespace *mnt_userns, struct inode *dir,
284
+
struct dentry *dentry, umode_t mode, bool excl)
285
285
{
286
286
struct inode *inode;
287
287
struct ubifs_info *c = dir->i_sb->s_fs_info;
···
441
441
return err;
442
442
}
443
443
444
-
static int ubifs_tmpfile(struct inode *dir, struct dentry *dentry,
445
-
umode_t mode)
444
+
static int ubifs_tmpfile(struct user_namespace *mnt_userns, struct inode *dir,
445
+
struct dentry *dentry, umode_t mode)
446
446
{
447
447
return do_tmpfile(dir, dentry, mode, NULL);
448
448
}
···
942
942
return err;
943
943
}
944
944
945
-
static int ubifs_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
945
+
static int ubifs_mkdir(struct user_namespace *mnt_userns, struct inode *dir,
946
+
struct dentry *dentry, umode_t mode)
946
947
{
947
948
struct inode *inode;
948
949
struct ubifs_inode *dir_ui = ubifs_inode(dir);
···
1014
1013
return err;
1015
1014
}
1016
1015
1017
-
static int ubifs_mknod(struct inode *dir, struct dentry *dentry,
1018
-
umode_t mode, dev_t rdev)
1016
+
static int ubifs_mknod(struct user_namespace *mnt_userns, struct inode *dir,
1017
+
struct dentry *dentry, umode_t mode, dev_t rdev)
1019
1018
{
1020
1019
struct inode *inode;
1021
1020
struct ubifs_inode *ui;
···
1103
1102
return err;
1104
1103
}
1105
1104
1106
-
static int ubifs_symlink(struct inode *dir, struct dentry *dentry,
1107
-
const char *symname)
1105
+
static int ubifs_symlink(struct user_namespace *mnt_userns, struct inode *dir,
1106
+
struct dentry *dentry, const char *symname)
1108
1107
{
1109
1108
struct inode *inode;
1110
1109
struct ubifs_inode *ui;
···
1543
1542
return err;
1544
1543
}
1545
1544
1546
-
static int ubifs_rename(struct inode *old_dir, struct dentry *old_dentry,
1545
+
static int ubifs_rename(struct user_namespace *mnt_userns,
1546
+
struct inode *old_dir, struct dentry *old_dentry,
1547
1547
struct inode *new_dir, struct dentry *new_dentry,
1548
1548
unsigned int flags)
1549
1549
{
···
1568
1566
return do_rename(old_dir, old_dentry, new_dir, new_dentry, flags);
1569
1567
}
1570
1568
1571
-
int ubifs_getattr(const struct path *path, struct kstat *stat,
1572
-
u32 request_mask, unsigned int flags)
1569
+
int ubifs_getattr(struct user_namespace *mnt_userns, const struct path *path,
1570
+
struct kstat *stat, u32 request_mask, unsigned int flags)
1573
1571
{
1574
1572
loff_t size;
1575
1573
struct inode *inode = d_inode(path->dentry);
···
1591
1589
STATX_ATTR_ENCRYPTED |
1592
1590
STATX_ATTR_IMMUTABLE);
1593
1591
1594
-
generic_fillattr(inode, stat);
1592
+
generic_fillattr(&init_user_ns, inode, stat);
1595
1593
stat->blksize = UBIFS_BLOCK_SIZE;
1596
1594
stat->size = ui->ui_size;
1597
1595
+3
-2
fs/ubifs/file.c
+3
-2
fs/ubifs/file.c
···
1257
1257
return err;
1258
1258
}
1259
1259
1260
-
int ubifs_setattr(struct dentry *dentry, struct iattr *attr)
1260
+
int ubifs_setattr(struct user_namespace *mnt_userns, struct dentry *dentry,
1261
+
struct iattr *attr)
1261
1262
{
1262
1263
int err;
1263
1264
struct inode *inode = d_inode(dentry);
···
1266
1265
1267
1266
dbg_gen("ino %lu, mode %#x, ia_valid %#x",
1268
1267
inode->i_ino, inode->i_mode, attr->ia_valid);
1269
-
err = setattr_prepare(dentry, attr);
1268
+
err = setattr_prepare(&init_user_ns, dentry, attr);
1270
1269
if (err)
1271
1270
return err;
1272
1271
+1
-1
fs/ubifs/ioctl.c
+1
-1
fs/ubifs/ioctl.c
+3
-2
fs/ubifs/ubifs.h
+3
-2
fs/ubifs/ubifs.h
···
1989
1989
1990
1990
/* file.c */
1991
1991
int ubifs_fsync(struct file *file, loff_t start, loff_t end, int datasync);
1992
-
int ubifs_setattr(struct dentry *dentry, struct iattr *attr);
1992
+
int ubifs_setattr(struct user_namespace *mnt_userns, struct dentry *dentry,
1993
+
struct iattr *attr);
1993
1994
int ubifs_update_time(struct inode *inode, struct timespec64 *time, int flags);
1994
1995
1995
1996
/* dir.c */
1996
1997
struct inode *ubifs_new_inode(struct ubifs_info *c, struct inode *dir,
1997
1998
umode_t mode);
1998
-
int ubifs_getattr(const struct path *path, struct kstat *stat,
1999
+
int ubifs_getattr(struct user_namespace *mnt_userns, const struct path *path, struct kstat *stat,
1999
2000
u32 request_mask, unsigned int flags);
2000
2001
int ubifs_check_dir_empty(struct inode *dir);
2001
2002
+1
fs/ubifs/xattr.c
+1
fs/ubifs/xattr.c
+5
-4
fs/udf/file.c
+5
-4
fs/udf/file.c
···
183
183
long old_block, new_block;
184
184
int result;
185
185
186
-
if (inode_permission(inode, MAY_READ) != 0) {
186
+
if (file_permission(filp, MAY_READ) != 0) {
187
187
udf_debug("no permission to access inode %lu\n", inode->i_ino);
188
188
return -EPERM;
189
189
}
···
253
253
.llseek = generic_file_llseek,
254
254
};
255
255
256
-
static int udf_setattr(struct dentry *dentry, struct iattr *attr)
256
+
static int udf_setattr(struct user_namespace *mnt_userns, struct dentry *dentry,
257
+
struct iattr *attr)
257
258
{
258
259
struct inode *inode = d_inode(dentry);
259
260
struct super_block *sb = inode->i_sb;
260
261
int error;
261
262
262
-
error = setattr_prepare(dentry, attr);
263
+
error = setattr_prepare(&init_user_ns, dentry, attr);
263
264
if (error)
264
265
return error;
265
266
···
283
282
if (attr->ia_valid & ATTR_MODE)
284
283
udf_update_extra_perms(inode, attr->ia_mode);
285
284
286
-
setattr_copy(inode, attr);
285
+
setattr_copy(&init_user_ns, inode, attr);
287
286
mark_inode_dirty(inode);
288
287
return 0;
289
288
}
+1
-1
fs/udf/ialloc.c
+1
-1
fs/udf/ialloc.c
+13
-11
fs/udf/namei.c
+13
-11
fs/udf/namei.c
···
604
604
return 0;
605
605
}
606
606
607
-
static int udf_create(struct inode *dir, struct dentry *dentry, umode_t mode,
608
-
bool excl)
607
+
static int udf_create(struct user_namespace *mnt_userns, struct inode *dir,
608
+
struct dentry *dentry, umode_t mode, bool excl)
609
609
{
610
610
struct inode *inode = udf_new_inode(dir, mode);
611
611
···
623
623
return udf_add_nondir(dentry, inode);
624
624
}
625
625
626
-
static int udf_tmpfile(struct inode *dir, struct dentry *dentry, umode_t mode)
626
+
static int udf_tmpfile(struct user_namespace *mnt_userns, struct inode *dir,
627
+
struct dentry *dentry, umode_t mode)
627
628
{
628
629
struct inode *inode = udf_new_inode(dir, mode);
629
630
···
643
642
return 0;
644
643
}
645
644
646
-
static int udf_mknod(struct inode *dir, struct dentry *dentry, umode_t mode,
647
-
dev_t rdev)
645
+
static int udf_mknod(struct user_namespace *mnt_userns, struct inode *dir,
646
+
struct dentry *dentry, umode_t mode, dev_t rdev)
648
647
{
649
648
struct inode *inode;
650
649
···
659
658
return udf_add_nondir(dentry, inode);
660
659
}
661
660
662
-
static int udf_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
661
+
static int udf_mkdir(struct user_namespace *mnt_userns, struct inode *dir,
662
+
struct dentry *dentry, umode_t mode)
663
663
{
664
664
struct inode *inode;
665
665
struct udf_fileident_bh fibh;
···
879
877
return retval;
880
878
}
881
879
882
-
static int udf_symlink(struct inode *dir, struct dentry *dentry,
883
-
const char *symname)
880
+
static int udf_symlink(struct user_namespace *mnt_userns, struct inode *dir,
881
+
struct dentry *dentry, const char *symname)
884
882
{
885
883
struct inode *inode = udf_new_inode(dir, S_IFLNK | 0777);
886
884
struct pathComponent *pc;
···
1067
1065
/* Anybody can rename anything with this: the permission checks are left to the
1068
1066
* higher-level routines.
1069
1067
*/
1070
-
static int udf_rename(struct inode *old_dir, struct dentry *old_dentry,
1071
-
struct inode *new_dir, struct dentry *new_dentry,
1072
-
unsigned int flags)
1068
+
static int udf_rename(struct user_namespace *mnt_userns, struct inode *old_dir,
1069
+
struct dentry *old_dentry, struct inode *new_dir,
1070
+
struct dentry *new_dentry, unsigned int flags)
1073
1071
{
1074
1072
struct inode *old_inode = d_inode(old_dentry);
1075
1073
struct inode *new_inode = d_inode(new_dentry);
+4
-3
fs/udf/symlink.c
+4
-3
fs/udf/symlink.c
···
152
152
return err;
153
153
}
154
154
155
-
static int udf_symlink_getattr(const struct path *path, struct kstat *stat,
156
-
u32 request_mask, unsigned int flags)
155
+
static int udf_symlink_getattr(struct user_namespace *mnt_userns,
156
+
const struct path *path, struct kstat *stat,
157
+
u32 request_mask, unsigned int flags)
157
158
{
158
159
struct dentry *dentry = path->dentry;
159
160
struct inode *inode = d_backing_inode(dentry);
160
161
struct page *page;
161
162
162
-
generic_fillattr(inode, stat);
163
+
generic_fillattr(&init_user_ns, inode, stat);
163
164
page = read_mapping_page(inode->i_mapping, 0, NULL);
164
165
if (IS_ERR(page))
165
166
return PTR_ERR(page);
+1
-1
fs/ufs/ialloc.c
+1
-1
fs/ufs/ialloc.c
···
289
289
ufs_mark_sb_dirty(sb);
290
290
291
291
inode->i_ino = cg * uspi->s_ipg + bit;
292
-
inode_init_owner(inode, dir, mode);
292
+
inode_init_owner(&init_user_ns, inode, dir, mode);
293
293
inode->i_blocks = 0;
294
294
inode->i_generation = 0;
295
295
inode->i_mtime = inode->i_atime = inode->i_ctime = current_time(inode);
+4
-3
fs/ufs/inode.c
+4
-3
fs/ufs/inode.c
···
1211
1211
return err;
1212
1212
}
1213
1213
1214
-
int ufs_setattr(struct dentry *dentry, struct iattr *attr)
1214
+
int ufs_setattr(struct user_namespace *mnt_userns, struct dentry *dentry,
1215
+
struct iattr *attr)
1215
1216
{
1216
1217
struct inode *inode = d_inode(dentry);
1217
1218
unsigned int ia_valid = attr->ia_valid;
1218
1219
int error;
1219
1220
1220
-
error = setattr_prepare(dentry, attr);
1221
+
error = setattr_prepare(&init_user_ns, dentry, attr);
1221
1222
if (error)
1222
1223
return error;
1223
1224
···
1228
1227
return error;
1229
1228
}
1230
1229
1231
-
setattr_copy(inode, attr);
1230
+
setattr_copy(&init_user_ns, inode, attr);
1232
1231
mark_inode_dirty(inode);
1233
1232
return 0;
1234
1233
}
+11
-8
fs/ufs/namei.c
+11
-8
fs/ufs/namei.c
···
69
69
* If the create succeeds, we fill in the inode information
70
70
* with d_instantiate().
71
71
*/
72
-
static int ufs_create (struct inode * dir, struct dentry * dentry, umode_t mode,
72
+
static int ufs_create (struct user_namespace * mnt_userns,
73
+
struct inode * dir, struct dentry * dentry, umode_t mode,
73
74
bool excl)
74
75
{
75
76
struct inode *inode;
···
86
85
return ufs_add_nondir(dentry, inode);
87
86
}
88
87
89
-
static int ufs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t rdev)
88
+
static int ufs_mknod(struct user_namespace *mnt_userns, struct inode *dir,
89
+
struct dentry *dentry, umode_t mode, dev_t rdev)
90
90
{
91
91
struct inode *inode;
92
92
int err;
···
106
104
return err;
107
105
}
108
106
109
-
static int ufs_symlink (struct inode * dir, struct dentry * dentry,
110
-
const char * symname)
107
+
static int ufs_symlink (struct user_namespace * mnt_userns, struct inode * dir,
108
+
struct dentry * dentry, const char * symname)
111
109
{
112
110
struct super_block * sb = dir->i_sb;
113
111
int err;
···
166
164
return error;
167
165
}
168
166
169
-
static int ufs_mkdir(struct inode * dir, struct dentry * dentry, umode_t mode)
167
+
static int ufs_mkdir(struct user_namespace * mnt_userns, struct inode * dir,
168
+
struct dentry * dentry, umode_t mode)
170
169
{
171
170
struct inode * inode;
172
171
int err;
···
243
240
return err;
244
241
}
245
242
246
-
static int ufs_rename(struct inode *old_dir, struct dentry *old_dentry,
247
-
struct inode *new_dir, struct dentry *new_dentry,
248
-
unsigned int flags)
243
+
static int ufs_rename(struct user_namespace *mnt_userns, struct inode *old_dir,
244
+
struct dentry *old_dentry, struct inode *new_dir,
245
+
struct dentry *new_dentry, unsigned int flags)
249
246
{
250
247
struct inode *old_inode = d_inode(old_dentry);
251
248
struct inode *new_inode = d_inode(new_dentry);
+2
-1
fs/ufs/ufs.h
+2
-1
fs/ufs/ufs.h
···
123
123
extern int ufs_write_inode (struct inode *, struct writeback_control *);
124
124
extern int ufs_sync_inode (struct inode *);
125
125
extern void ufs_evict_inode (struct inode *);
126
-
extern int ufs_setattr(struct dentry *dentry, struct iattr *attr);
126
+
extern int ufs_setattr(struct user_namespace *mnt_userns, struct dentry *dentry,
127
+
struct iattr *attr);
127
128
128
129
/* namei.c */
129
130
extern const struct file_operations ufs_dir_operations;
+2
-1
fs/utimes.c
+2
-1
fs/utimes.c
···
62
62
}
63
63
retry_deleg:
64
64
inode_lock(inode);
65
-
error = notify_change(path->dentry, &newattrs, &delegated_inode);
65
+
error = notify_change(mnt_user_ns(path->mnt), path->dentry, &newattrs,
66
+
&delegated_inode);
66
67
inode_unlock(inode);
67
68
if (delegated_inode) {
68
69
error = break_deleg_wait(&delegated_inode);
+8
-4
fs/vboxsf/dir.c
+8
-4
fs/vboxsf/dir.c
···
288
288
return 0;
289
289
}
290
290
291
-
static int vboxsf_dir_mkfile(struct inode *parent, struct dentry *dentry,
291
+
static int vboxsf_dir_mkfile(struct user_namespace *mnt_userns,
292
+
struct inode *parent, struct dentry *dentry,
292
293
umode_t mode, bool excl)
293
294
{
294
295
return vboxsf_dir_create(parent, dentry, mode, 0);
295
296
}
296
297
297
-
static int vboxsf_dir_mkdir(struct inode *parent, struct dentry *dentry,
298
+
static int vboxsf_dir_mkdir(struct user_namespace *mnt_userns,
299
+
struct inode *parent, struct dentry *dentry,
298
300
umode_t mode)
299
301
{
300
302
return vboxsf_dir_create(parent, dentry, mode, 1);
···
334
332
return 0;
335
333
}
336
334
337
-
static int vboxsf_dir_rename(struct inode *old_parent,
335
+
static int vboxsf_dir_rename(struct user_namespace *mnt_userns,
336
+
struct inode *old_parent,
338
337
struct dentry *old_dentry,
339
338
struct inode *new_parent,
340
339
struct dentry *new_dentry,
···
377
374
return err;
378
375
}
379
376
380
-
static int vboxsf_dir_symlink(struct inode *parent, struct dentry *dentry,
377
+
static int vboxsf_dir_symlink(struct user_namespace *mnt_userns,
378
+
struct inode *parent, struct dentry *dentry,
381
379
const char *symname)
382
380
{
383
381
struct vboxsf_inode *sf_parent_i = VBOXSF_I(parent);
+5
-4
fs/vboxsf/utils.c
+5
-4
fs/vboxsf/utils.c
···
212
212
return 0;
213
213
}
214
214
215
-
int vboxsf_getattr(const struct path *path, struct kstat *kstat,
216
-
u32 request_mask, unsigned int flags)
215
+
int vboxsf_getattr(struct user_namespace *mnt_userns, const struct path *path,
216
+
struct kstat *kstat, u32 request_mask, unsigned int flags)
217
217
{
218
218
int err;
219
219
struct dentry *dentry = path->dentry;
···
233
233
if (err)
234
234
return err;
235
235
236
-
generic_fillattr(d_inode(dentry), kstat);
236
+
generic_fillattr(&init_user_ns, d_inode(dentry), kstat);
237
237
return 0;
238
238
}
239
239
240
-
int vboxsf_setattr(struct dentry *dentry, struct iattr *iattr)
240
+
int vboxsf_setattr(struct user_namespace *mnt_userns, struct dentry *dentry,
241
+
struct iattr *iattr)
241
242
{
242
243
struct vboxsf_inode *sf_i = VBOXSF_I(d_inode(dentry));
243
244
struct vboxsf_sbi *sbi = VBOXSF_SBI(dentry->d_sb);
+5
-3
fs/vboxsf/vfsmod.h
+5
-3
fs/vboxsf/vfsmod.h
···
90
90
struct shfl_fsobjinfo *info);
91
91
int vboxsf_stat_dentry(struct dentry *dentry, struct shfl_fsobjinfo *info);
92
92
int vboxsf_inode_revalidate(struct dentry *dentry);
93
-
int vboxsf_getattr(const struct path *path, struct kstat *kstat,
94
-
u32 request_mask, unsigned int query_flags);
95
-
int vboxsf_setattr(struct dentry *dentry, struct iattr *iattr);
93
+
int vboxsf_getattr(struct user_namespace *mnt_userns, const struct path *path,
94
+
struct kstat *kstat, u32 request_mask,
95
+
unsigned int query_flags);
96
+
int vboxsf_setattr(struct user_namespace *mnt_userns, struct dentry *dentry,
97
+
struct iattr *iattr);
96
98
struct shfl_string *vboxsf_path_from_dentry(struct vboxsf_sbi *sbi,
97
99
struct dentry *dentry);
98
100
int vboxsf_nlscpy(struct vboxsf_sbi *sbi, char *name, size_t name_bound_len,
+1
-1
fs/verity/enable.c
+1
-1
fs/verity/enable.c
+83
-56
fs/xattr.c
+83
-56
fs/xattr.c
···
83
83
* because different namespaces have very different rules.
84
84
*/
85
85
static int
86
-
xattr_permission(struct inode *inode, const char *name, int mask)
86
+
xattr_permission(struct user_namespace *mnt_userns, struct inode *inode,
87
+
const char *name, int mask)
87
88
{
88
89
/*
89
90
* We can never set or remove an extended attribute on a read-only
···
98
97
* to be writen back improperly if their true value is
99
98
* unknown to the vfs.
100
99
*/
101
-
if (HAS_UNMAPPED_ID(inode))
100
+
if (HAS_UNMAPPED_ID(mnt_userns, inode))
102
101
return -EPERM;
103
102
}
104
103
···
128
127
if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode))
129
128
return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
130
129
if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) &&
131
-
(mask & MAY_WRITE) && !inode_owner_or_capable(inode))
130
+
(mask & MAY_WRITE) &&
131
+
!inode_owner_or_capable(mnt_userns, inode))
132
132
return -EPERM;
133
133
}
134
134
135
-
return inode_permission(inode, mask);
135
+
return inode_permission(mnt_userns, inode, mask);
136
136
}
137
137
138
138
/*
···
164
162
EXPORT_SYMBOL(xattr_supported_namespace);
165
163
166
164
int
167
-
__vfs_setxattr(struct dentry *dentry, struct inode *inode, const char *name,
168
-
const void *value, size_t size, int flags)
165
+
__vfs_setxattr(struct user_namespace *mnt_userns, struct dentry *dentry,
166
+
struct inode *inode, const char *name, const void *value,
167
+
size_t size, int flags)
169
168
{
170
169
const struct xattr_handler *handler;
171
170
···
177
174
return -EOPNOTSUPP;
178
175
if (size == 0)
179
176
value = ""; /* empty EA, do not remove */
180
-
return handler->set(handler, dentry, inode, name, value, size, flags);
177
+
return handler->set(handler, mnt_userns, dentry, inode, name, value,
178
+
size, flags);
181
179
}
182
180
EXPORT_SYMBOL(__vfs_setxattr);
183
181
···
186
182
* __vfs_setxattr_noperm - perform setxattr operation without performing
187
183
* permission checks.
188
184
*
185
+
* @mnt_userns - user namespace of the mount the inode was found from
189
186
* @dentry - object to perform setxattr on
190
187
* @name - xattr name to set
191
188
* @value - value to set @name to
···
199
194
* is executed. It also assumes that the caller will make the appropriate
200
195
* permission checks.
201
196
*/
202
-
int __vfs_setxattr_noperm(struct dentry *dentry, const char *name,
203
-
const void *value, size_t size, int flags)
197
+
int __vfs_setxattr_noperm(struct user_namespace *mnt_userns,
198
+
struct dentry *dentry, const char *name,
199
+
const void *value, size_t size, int flags)
204
200
{
205
201
struct inode *inode = dentry->d_inode;
206
202
int error = -EAGAIN;
···
211
205
if (issec)
212
206
inode->i_flags &= ~S_NOSEC;
213
207
if (inode->i_opflags & IOP_XATTR) {
214
-
error = __vfs_setxattr(dentry, inode, name, value, size, flags);
208
+
error = __vfs_setxattr(mnt_userns, dentry, inode, name, value,
209
+
size, flags);
215
210
if (!error) {
216
211
fsnotify_xattr(dentry);
217
212
security_inode_post_setxattr(dentry, name, value,
···
251
244
* a delegation was broken on, NULL if none.
252
245
*/
253
246
int
254
-
__vfs_setxattr_locked(struct dentry *dentry, const char *name,
255
-
const void *value, size_t size, int flags,
256
-
struct inode **delegated_inode)
247
+
__vfs_setxattr_locked(struct user_namespace *mnt_userns, struct dentry *dentry,
248
+
const char *name, const void *value, size_t size,
249
+
int flags, struct inode **delegated_inode)
257
250
{
258
251
struct inode *inode = dentry->d_inode;
259
252
int error;
260
253
261
-
error = xattr_permission(inode, name, MAY_WRITE);
254
+
error = xattr_permission(mnt_userns, inode, name, MAY_WRITE);
262
255
if (error)
263
256
return error;
264
257
265
-
error = security_inode_setxattr(dentry, name, value, size, flags);
258
+
error = security_inode_setxattr(mnt_userns, dentry, name, value, size,
259
+
flags);
266
260
if (error)
267
261
goto out;
268
262
···
271
263
if (error)
272
264
goto out;
273
265
274
-
error = __vfs_setxattr_noperm(dentry, name, value, size, flags);
266
+
error = __vfs_setxattr_noperm(mnt_userns, dentry, name, value,
267
+
size, flags);
275
268
276
269
out:
277
270
return error;
···
280
271
EXPORT_SYMBOL_GPL(__vfs_setxattr_locked);
281
272
282
273
int
283
-
vfs_setxattr(struct dentry *dentry, const char *name, const void *value,
284
-
size_t size, int flags)
274
+
vfs_setxattr(struct user_namespace *mnt_userns, struct dentry *dentry,
275
+
const char *name, const void *value, size_t size, int flags)
285
276
{
286
277
struct inode *inode = dentry->d_inode;
287
278
struct inode *delegated_inode = NULL;
···
289
280
int error;
290
281
291
282
if (size && strcmp(name, XATTR_NAME_CAPS) == 0) {
292
-
error = cap_convert_nscap(dentry, &value, size);
283
+
error = cap_convert_nscap(mnt_userns, dentry, &value, size);
293
284
if (error < 0)
294
285
return error;
295
286
size = error;
···
297
288
298
289
retry_deleg:
299
290
inode_lock(inode);
300
-
error = __vfs_setxattr_locked(dentry, name, value, size, flags,
301
-
&delegated_inode);
291
+
error = __vfs_setxattr_locked(mnt_userns, dentry, name, value, size,
292
+
flags, &delegated_inode);
302
293
inode_unlock(inode);
303
294
304
295
if (delegated_inode) {
···
314
305
EXPORT_SYMBOL_GPL(vfs_setxattr);
315
306
316
307
static ssize_t
317
-
xattr_getsecurity(struct inode *inode, const char *name, void *value,
318
-
size_t size)
308
+
xattr_getsecurity(struct user_namespace *mnt_userns, struct inode *inode,
309
+
const char *name, void *value, size_t size)
319
310
{
320
311
void *buffer = NULL;
321
312
ssize_t len;
322
313
323
314
if (!value || !size) {
324
-
len = security_inode_getsecurity(inode, name, &buffer, false);
315
+
len = security_inode_getsecurity(mnt_userns, inode, name,
316
+
&buffer, false);
325
317
goto out_noalloc;
326
318
}
327
319
328
-
len = security_inode_getsecurity(inode, name, &buffer, true);
320
+
len = security_inode_getsecurity(mnt_userns, inode, name, &buffer,
321
+
true);
329
322
if (len < 0)
330
323
return len;
331
324
if (size < len) {
···
350
339
* Returns the result of alloc, if failed, or the getxattr operation.
351
340
*/
352
341
ssize_t
353
-
vfs_getxattr_alloc(struct dentry *dentry, const char *name, char **xattr_value,
354
-
size_t xattr_size, gfp_t flags)
342
+
vfs_getxattr_alloc(struct user_namespace *mnt_userns, struct dentry *dentry,
343
+
const char *name, char **xattr_value, size_t xattr_size,
344
+
gfp_t flags)
355
345
{
356
346
const struct xattr_handler *handler;
357
347
struct inode *inode = dentry->d_inode;
358
348
char *value = *xattr_value;
359
349
int error;
360
350
361
-
error = xattr_permission(inode, name, MAY_READ);
351
+
error = xattr_permission(mnt_userns, inode, name, MAY_READ);
362
352
if (error)
363
353
return error;
364
354
···
400
388
EXPORT_SYMBOL(__vfs_getxattr);
401
389
402
390
ssize_t
403
-
vfs_getxattr(struct dentry *dentry, const char *name, void *value, size_t size)
391
+
vfs_getxattr(struct user_namespace *mnt_userns, struct dentry *dentry,
392
+
const char *name, void *value, size_t size)
404
393
{
405
394
struct inode *inode = dentry->d_inode;
406
395
int error;
407
396
408
-
error = xattr_permission(inode, name, MAY_READ);
397
+
error = xattr_permission(mnt_userns, inode, name, MAY_READ);
409
398
if (error)
410
399
return error;
411
400
···
417
404
if (!strncmp(name, XATTR_SECURITY_PREFIX,
418
405
XATTR_SECURITY_PREFIX_LEN)) {
419
406
const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
420
-
int ret = xattr_getsecurity(inode, suffix, value, size);
407
+
int ret = xattr_getsecurity(mnt_userns, inode, suffix, value,
408
+
size);
421
409
/*
422
410
* Only overwrite the return value if a security module
423
411
* is actually active.
···
453
439
EXPORT_SYMBOL_GPL(vfs_listxattr);
454
440
455
441
int
456
-
__vfs_removexattr(struct dentry *dentry, const char *name)
442
+
__vfs_removexattr(struct user_namespace *mnt_userns, struct dentry *dentry,
443
+
const char *name)
457
444
{
458
445
struct inode *inode = d_inode(dentry);
459
446
const struct xattr_handler *handler;
···
464
449
return PTR_ERR(handler);
465
450
if (!handler->set)
466
451
return -EOPNOTSUPP;
467
-
return handler->set(handler, dentry, inode, name, NULL, 0, XATTR_REPLACE);
452
+
return handler->set(handler, mnt_userns, dentry, inode, name, NULL, 0,
453
+
XATTR_REPLACE);
468
454
}
469
455
EXPORT_SYMBOL(__vfs_removexattr);
470
456
···
479
463
* a delegation was broken on, NULL if none.
480
464
*/
481
465
int
482
-
__vfs_removexattr_locked(struct dentry *dentry, const char *name,
483
-
struct inode **delegated_inode)
466
+
__vfs_removexattr_locked(struct user_namespace *mnt_userns,
467
+
struct dentry *dentry, const char *name,
468
+
struct inode **delegated_inode)
484
469
{
485
470
struct inode *inode = dentry->d_inode;
486
471
int error;
487
472
488
-
error = xattr_permission(inode, name, MAY_WRITE);
473
+
error = xattr_permission(mnt_userns, inode, name, MAY_WRITE);
489
474
if (error)
490
475
return error;
491
476
492
-
error = security_inode_removexattr(dentry, name);
477
+
error = security_inode_removexattr(mnt_userns, dentry, name);
493
478
if (error)
494
479
goto out;
495
480
···
498
481
if (error)
499
482
goto out;
500
483
501
-
error = __vfs_removexattr(dentry, name);
484
+
error = __vfs_removexattr(mnt_userns, dentry, name);
502
485
503
486
if (!error) {
504
487
fsnotify_xattr(dentry);
···
511
494
EXPORT_SYMBOL_GPL(__vfs_removexattr_locked);
512
495
513
496
int
514
-
vfs_removexattr(struct dentry *dentry, const char *name)
497
+
vfs_removexattr(struct user_namespace *mnt_userns, struct dentry *dentry,
498
+
const char *name)
515
499
{
516
500
struct inode *inode = dentry->d_inode;
517
501
struct inode *delegated_inode = NULL;
···
520
502
521
503
retry_deleg:
522
504
inode_lock(inode);
523
-
error = __vfs_removexattr_locked(dentry, name, &delegated_inode);
505
+
error = __vfs_removexattr_locked(mnt_userns, dentry,
506
+
name, &delegated_inode);
524
507
inode_unlock(inode);
525
508
526
509
if (delegated_inode) {
···
538
519
* Extended attribute SET operations
539
520
*/
540
521
static long
541
-
setxattr(struct dentry *d, const char __user *name, const void __user *value,
542
-
size_t size, int flags)
522
+
setxattr(struct user_namespace *mnt_userns, struct dentry *d,
523
+
const char __user *name, const void __user *value, size_t size,
524
+
int flags)
543
525
{
544
526
int error;
545
527
void *kvalue = NULL;
···
567
547
}
568
548
if ((strcmp(kname, XATTR_NAME_POSIX_ACL_ACCESS) == 0) ||
569
549
(strcmp(kname, XATTR_NAME_POSIX_ACL_DEFAULT) == 0))
570
-
posix_acl_fix_xattr_from_user(kvalue, size);
550
+
posix_acl_fix_xattr_from_user(mnt_userns, kvalue, size);
571
551
}
572
552
573
-
error = vfs_setxattr(d, kname, kvalue, size, flags);
553
+
error = vfs_setxattr(mnt_userns, d, kname, kvalue, size, flags);
574
554
out:
575
555
kvfree(kvalue);
576
556
···
583
563
{
584
564
struct path path;
585
565
int error;
566
+
586
567
retry:
587
568
error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
588
569
if (error)
589
570
return error;
590
571
error = mnt_want_write(path.mnt);
591
572
if (!error) {
592
-
error = setxattr(path.dentry, name, value, size, flags);
573
+
error = setxattr(mnt_user_ns(path.mnt), path.dentry, name,
574
+
value, size, flags);
593
575
mnt_drop_write(path.mnt);
594
576
}
595
577
path_put(&path);
···
627
605
audit_file(f.file);
628
606
error = mnt_want_write_file(f.file);
629
607
if (!error) {
630
-
error = setxattr(f.file->f_path.dentry, name, value, size, flags);
608
+
error = setxattr(file_mnt_user_ns(f.file),
609
+
f.file->f_path.dentry, name,
610
+
value, size, flags);
631
611
mnt_drop_write_file(f.file);
632
612
}
633
613
fdput(f);
···
640
616
* Extended attribute GET operations
641
617
*/
642
618
static ssize_t
643
-
getxattr(struct dentry *d, const char __user *name, void __user *value,
644
-
size_t size)
619
+
getxattr(struct user_namespace *mnt_userns, struct dentry *d,
620
+
const char __user *name, void __user *value, size_t size)
645
621
{
646
622
ssize_t error;
647
623
void *kvalue = NULL;
···
661
637
return -ENOMEM;
662
638
}
663
639
664
-
error = vfs_getxattr(d, kname, kvalue, size);
640
+
error = vfs_getxattr(mnt_userns, d, kname, kvalue, size);
665
641
if (error > 0) {
666
642
if ((strcmp(kname, XATTR_NAME_POSIX_ACL_ACCESS) == 0) ||
667
643
(strcmp(kname, XATTR_NAME_POSIX_ACL_DEFAULT) == 0))
668
-
posix_acl_fix_xattr_to_user(kvalue, error);
644
+
posix_acl_fix_xattr_to_user(mnt_userns, kvalue, error);
669
645
if (size && copy_to_user(value, kvalue, error))
670
646
error = -EFAULT;
671
647
} else if (error == -ERANGE && size >= XATTR_SIZE_MAX) {
···
689
665
error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
690
666
if (error)
691
667
return error;
692
-
error = getxattr(path.dentry, name, value, size);
668
+
error = getxattr(mnt_user_ns(path.mnt), path.dentry, name, value, size);
693
669
path_put(&path);
694
670
if (retry_estale(error, lookup_flags)) {
695
671
lookup_flags |= LOOKUP_REVAL;
···
719
695
if (!f.file)
720
696
return error;
721
697
audit_file(f.file);
722
-
error = getxattr(f.file->f_path.dentry, name, value, size);
698
+
error = getxattr(file_mnt_user_ns(f.file), f.file->f_path.dentry,
699
+
name, value, size);
723
700
fdput(f);
724
701
return error;
725
702
}
···
804
779
* Extended attribute REMOVE operations
805
780
*/
806
781
static long
807
-
removexattr(struct dentry *d, const char __user *name)
782
+
removexattr(struct user_namespace *mnt_userns, struct dentry *d,
783
+
const char __user *name)
808
784
{
809
785
int error;
810
786
char kname[XATTR_NAME_MAX + 1];
···
816
790
if (error < 0)
817
791
return error;
818
792
819
-
return vfs_removexattr(d, kname);
793
+
return vfs_removexattr(mnt_userns, d, kname);
820
794
}
821
795
822
796
static int path_removexattr(const char __user *pathname,
···
830
804
return error;
831
805
error = mnt_want_write(path.mnt);
832
806
if (!error) {
833
-
error = removexattr(path.dentry, name);
807
+
error = removexattr(mnt_user_ns(path.mnt), path.dentry, name);
834
808
mnt_drop_write(path.mnt);
835
809
}
836
810
path_put(&path);
···
863
837
audit_file(f.file);
864
838
error = mnt_want_write_file(f.file);
865
839
if (!error) {
866
-
error = removexattr(f.file->f_path.dentry, name);
840
+
error = removexattr(file_mnt_user_ns(f.file),
841
+
f.file->f_path.dentry, name);
867
842
mnt_drop_write_file(f.file);
868
843
}
869
844
fdput(f);
+3
-2
fs/xfs/xfs_acl.c
+3
-2
fs/xfs/xfs_acl.c
···
238
238
}
239
239
240
240
int
241
-
xfs_set_acl(struct inode *inode, struct posix_acl *acl, int type)
241
+
xfs_set_acl(struct user_namespace *mnt_userns, struct inode *inode,
242
+
struct posix_acl *acl, int type)
242
243
{
243
244
umode_t mode;
244
245
bool set_mode = false;
···
253
252
return error;
254
253
255
254
if (type == ACL_TYPE_ACCESS) {
256
-
error = posix_acl_update_mode(inode, &mode, &acl);
255
+
error = posix_acl_update_mode(mnt_userns, inode, &mode, &acl);
257
256
if (error)
258
257
return error;
259
258
set_mode = true;
+2
-1
fs/xfs/xfs_acl.h
+2
-1
fs/xfs/xfs_acl.h
···
11
11
12
12
#ifdef CONFIG_XFS_POSIX_ACL
13
13
extern struct posix_acl *xfs_get_acl(struct inode *inode, int type);
14
-
extern int xfs_set_acl(struct inode *inode, struct posix_acl *acl, int type);
14
+
extern int xfs_set_acl(struct user_namespace *mnt_userns, struct inode *inode,
15
+
struct posix_acl *acl, int type);
15
16
extern int __xfs_set_acl(struct inode *inode, struct posix_acl *acl, int type);
16
17
void xfs_forget_acl(struct inode *inode, const char *name);
17
18
#else
+3
-1
fs/xfs/xfs_file.c
+3
-1
fs/xfs/xfs_file.c
···
29
29
#include <linux/backing-dev.h>
30
30
#include <linux/mman.h>
31
31
#include <linux/fadvise.h>
32
+
#include <linux/mount.h>
32
33
33
34
static const struct vm_operations_struct xfs_file_vm_ops;
34
35
···
1052
1051
1053
1052
iattr.ia_valid = ATTR_SIZE;
1054
1053
iattr.ia_size = new_size;
1055
-
error = xfs_vn_setattr_size(file_dentry(file), &iattr);
1054
+
error = xfs_vn_setattr_size(file_mnt_user_ns(file),
1055
+
file_dentry(file), &iattr);
1056
1056
if (error)
1057
1057
goto out_unlock;
1058
1058
}
+18
-8
fs/xfs/xfs_inode.c
+18
-8
fs/xfs/xfs_inode.c
···
766
766
*/
767
767
static int
768
768
xfs_init_new_inode(
769
+
struct user_namespace *mnt_userns,
769
770
struct xfs_trans *tp,
770
771
struct xfs_inode *pip,
771
772
xfs_ino_t ino,
···
812
811
813
812
if (dir && !(dir->i_mode & S_ISGID) &&
814
813
(mp->m_flags & XFS_MOUNT_GRPID)) {
815
-
inode->i_uid = current_fsuid();
814
+
inode->i_uid = fsuid_into_mnt(mnt_userns);
816
815
inode->i_gid = dir->i_gid;
817
816
inode->i_mode = mode;
818
817
} else {
819
-
inode_init_owner(inode, dir, mode);
818
+
inode_init_owner(mnt_userns, inode, dir, mode);
820
819
}
821
820
822
821
/*
···
825
824
* (and only if the irix_sgid_inherit compatibility variable is set).
826
825
*/
827
826
if (irix_sgid_inherit &&
828
-
(inode->i_mode & S_ISGID) && !in_group_p(inode->i_gid))
827
+
(inode->i_mode & S_ISGID) &&
828
+
!in_group_p(i_gid_into_mnt(mnt_userns, inode)))
829
829
inode->i_mode &= ~S_ISGID;
830
830
831
831
ip->i_d.di_size = 0;
···
903
901
*/
904
902
int
905
903
xfs_dir_ialloc(
904
+
struct user_namespace *mnt_userns,
906
905
struct xfs_trans **tpp,
907
906
struct xfs_inode *dp,
908
907
umode_t mode,
···
936
933
return error;
937
934
ASSERT(ino != NULLFSINO);
938
935
939
-
return xfs_init_new_inode(*tpp, dp, ino, mode, nlink, rdev, prid, ipp);
936
+
return xfs_init_new_inode(mnt_userns, *tpp, dp, ino, mode, nlink, rdev,
937
+
prid, ipp);
940
938
}
941
939
942
940
/*
···
977
973
978
974
int
979
975
xfs_create(
976
+
struct user_namespace *mnt_userns,
980
977
xfs_inode_t *dp,
981
978
struct xfs_name *name,
982
979
umode_t mode,
···
1051
1046
* entry pointing to them, but a directory also the "." entry
1052
1047
* pointing to itself.
1053
1048
*/
1054
-
error = xfs_dir_ialloc(&tp, dp, mode, is_dir ? 2 : 1, rdev, prid, &ip);
1049
+
error = xfs_dir_ialloc(mnt_userns, &tp, dp, mode, is_dir ? 2 : 1, rdev,
1050
+
prid, &ip);
1055
1051
if (error)
1056
1052
goto out_trans_cancel;
1057
1053
···
1133
1127
1134
1128
int
1135
1129
xfs_create_tmpfile(
1130
+
struct user_namespace *mnt_userns,
1136
1131
struct xfs_inode *dp,
1137
1132
umode_t mode,
1138
1133
struct xfs_inode **ipp)
···
1171
1164
if (error)
1172
1165
goto out_release_dquots;
1173
1166
1174
-
error = xfs_dir_ialloc(&tp, dp, mode, 0, 0, prid, &ip);
1167
+
error = xfs_dir_ialloc(mnt_userns, &tp, dp, mode, 0, 0, prid, &ip);
1175
1168
if (error)
1176
1169
goto out_trans_cancel;
1177
1170
···
2984
2977
*/
2985
2978
static int
2986
2979
xfs_rename_alloc_whiteout(
2980
+
struct user_namespace *mnt_userns,
2987
2981
struct xfs_inode *dp,
2988
2982
struct xfs_inode **wip)
2989
2983
{
2990
2984
struct xfs_inode *tmpfile;
2991
2985
int error;
2992
2986
2993
-
error = xfs_create_tmpfile(dp, S_IFCHR | WHITEOUT_MODE, &tmpfile);
2987
+
error = xfs_create_tmpfile(mnt_userns, dp, S_IFCHR | WHITEOUT_MODE,
2988
+
&tmpfile);
2994
2989
if (error)
2995
2990
return error;
2996
2991
···
3014
3005
*/
3015
3006
int
3016
3007
xfs_rename(
3008
+
struct user_namespace *mnt_userns,
3017
3009
struct xfs_inode *src_dp,
3018
3010
struct xfs_name *src_name,
3019
3011
struct xfs_inode *src_ip,
···
3046
3036
*/
3047
3037
if (flags & RENAME_WHITEOUT) {
3048
3038
ASSERT(!(flags & (RENAME_NOREPLACE | RENAME_EXCHANGE)));
3049
-
error = xfs_rename_alloc_whiteout(target_dp, &wip);
3039
+
error = xfs_rename_alloc_whiteout(mnt_userns, target_dp, &wip);
3050
3040
if (error)
3051
3041
return error;
3052
3042
+10
-6
fs/xfs/xfs_inode.h
+10
-6
fs/xfs/xfs_inode.h
···
369
369
void xfs_inactive(struct xfs_inode *ip);
370
370
int xfs_lookup(struct xfs_inode *dp, struct xfs_name *name,
371
371
struct xfs_inode **ipp, struct xfs_name *ci_name);
372
-
int xfs_create(struct xfs_inode *dp, struct xfs_name *name,
372
+
int xfs_create(struct user_namespace *mnt_userns,
373
+
struct xfs_inode *dp, struct xfs_name *name,
373
374
umode_t mode, dev_t rdev, struct xfs_inode **ipp);
374
-
int xfs_create_tmpfile(struct xfs_inode *dp, umode_t mode,
375
+
int xfs_create_tmpfile(struct user_namespace *mnt_userns,
376
+
struct xfs_inode *dp, umode_t mode,
375
377
struct xfs_inode **ipp);
376
378
int xfs_remove(struct xfs_inode *dp, struct xfs_name *name,
377
379
struct xfs_inode *ip);
378
380
int xfs_link(struct xfs_inode *tdp, struct xfs_inode *sip,
379
381
struct xfs_name *target_name);
380
-
int xfs_rename(struct xfs_inode *src_dp, struct xfs_name *src_name,
382
+
int xfs_rename(struct user_namespace *mnt_userns,
383
+
struct xfs_inode *src_dp, struct xfs_name *src_name,
381
384
struct xfs_inode *src_ip, struct xfs_inode *target_dp,
382
385
struct xfs_name *target_name,
383
386
struct xfs_inode *target_ip, unsigned int flags);
···
410
407
xfs_extlen_t xfs_get_extsz_hint(struct xfs_inode *ip);
411
408
xfs_extlen_t xfs_get_cowextsz_hint(struct xfs_inode *ip);
412
409
413
-
int xfs_dir_ialloc(struct xfs_trans **tpp, struct xfs_inode *dp, umode_t mode,
414
-
xfs_nlink_t nlink, dev_t dev, prid_t prid,
415
-
struct xfs_inode **ipp);
410
+
int xfs_dir_ialloc(struct user_namespace *mnt_userns,
411
+
struct xfs_trans **tpp, struct xfs_inode *dp,
412
+
umode_t mode, xfs_nlink_t nlink, dev_t dev,
413
+
prid_t prid, struct xfs_inode **ipp);
416
414
417
415
static inline int
418
416
xfs_itruncate_extents(
+21
-14
fs/xfs/xfs_ioctl.c
+21
-14
fs/xfs/xfs_ioctl.c
···
693
693
694
694
iattr.ia_valid = ATTR_SIZE;
695
695
iattr.ia_size = bf->l_start;
696
-
error = xfs_vn_setattr_size(file_dentry(filp), &iattr);
696
+
error = xfs_vn_setattr_size(file_mnt_user_ns(filp), file_dentry(filp),
697
+
&iattr);
697
698
if (error)
698
699
goto out_unlock;
699
700
···
735
734
736
735
STATIC int
737
736
xfs_ioc_fsbulkstat(
738
-
xfs_mount_t *mp,
737
+
struct file *file,
739
738
unsigned int cmd,
740
739
void __user *arg)
741
740
{
741
+
struct xfs_mount *mp = XFS_I(file_inode(file))->i_mount;
742
742
struct xfs_fsop_bulkreq bulkreq;
743
743
struct xfs_ibulk breq = {
744
744
.mp = mp,
745
+
.mnt_userns = file_mnt_user_ns(file),
745
746
.ocount = 0,
746
747
};
747
748
xfs_ino_t lastino;
···
911
908
/* Handle the v5 bulkstat ioctl. */
912
909
STATIC int
913
910
xfs_ioc_bulkstat(
914
-
struct xfs_mount *mp,
911
+
struct file *file,
915
912
unsigned int cmd,
916
913
struct xfs_bulkstat_req __user *arg)
917
914
{
915
+
struct xfs_mount *mp = XFS_I(file_inode(file))->i_mount;
918
916
struct xfs_bulk_ireq hdr;
919
917
struct xfs_ibulk breq = {
920
918
.mp = mp,
919
+
.mnt_userns = file_mnt_user_ns(file),
921
920
};
922
921
int error;
923
922
···
1280
1275
*/
1281
1276
static struct xfs_trans *
1282
1277
xfs_ioctl_setattr_get_trans(
1283
-
struct xfs_inode *ip,
1278
+
struct file *file,
1284
1279
struct xfs_dquot *pdqp)
1285
1280
{
1281
+
struct xfs_inode *ip = XFS_I(file_inode(file));
1286
1282
struct xfs_mount *mp = ip->i_mount;
1287
1283
struct xfs_trans *tp;
1288
1284
int error = -EROFS;
···
1305
1299
* The user ID of the calling process must be equal to the file owner
1306
1300
* ID, except in cases where the CAP_FSETID capability is applicable.
1307
1301
*/
1308
-
if (!inode_owner_or_capable(VFS_I(ip))) {
1302
+
if (!inode_owner_or_capable(file_mnt_user_ns(file), VFS_I(ip))) {
1309
1303
error = -EPERM;
1310
1304
goto out_cancel;
1311
1305
}
···
1433
1427
1434
1428
STATIC int
1435
1429
xfs_ioctl_setattr(
1436
-
xfs_inode_t *ip,
1430
+
struct file *file,
1437
1431
struct fsxattr *fa)
1438
1432
{
1433
+
struct user_namespace *mnt_userns = file_mnt_user_ns(file);
1434
+
struct xfs_inode *ip = XFS_I(file_inode(file));
1439
1435
struct fsxattr old_fa;
1440
1436
struct xfs_mount *mp = ip->i_mount;
1441
1437
struct xfs_trans *tp;
···
1469
1461
1470
1462
xfs_ioctl_setattr_prepare_dax(ip, fa);
1471
1463
1472
-
tp = xfs_ioctl_setattr_get_trans(ip, pdqp);
1464
+
tp = xfs_ioctl_setattr_get_trans(file, pdqp);
1473
1465
if (IS_ERR(tp)) {
1474
1466
error = PTR_ERR(tp);
1475
1467
goto error_free_dquots;
···
1501
1493
*/
1502
1494
1503
1495
if ((VFS_I(ip)->i_mode & (S_ISUID|S_ISGID)) &&
1504
-
!capable_wrt_inode_uidgid(VFS_I(ip), CAP_FSETID))
1496
+
!capable_wrt_inode_uidgid(mnt_userns, VFS_I(ip), CAP_FSETID))
1505
1497
VFS_I(ip)->i_mode &= ~(S_ISUID|S_ISGID);
1506
1498
1507
1499
/* Change the ownerships and register project quota modifications */
···
1548
1540
1549
1541
STATIC int
1550
1542
xfs_ioc_fssetxattr(
1551
-
xfs_inode_t *ip,
1552
1543
struct file *filp,
1553
1544
void __user *arg)
1554
1545
{
···
1560
1553
error = mnt_want_write_file(filp);
1561
1554
if (error)
1562
1555
return error;
1563
-
error = xfs_ioctl_setattr(ip, &fa);
1556
+
error = xfs_ioctl_setattr(filp, &fa);
1564
1557
mnt_drop_write_file(filp);
1565
1558
return error;
1566
1559
}
···
1606
1599
1607
1600
xfs_ioctl_setattr_prepare_dax(ip, &fa);
1608
1601
1609
-
tp = xfs_ioctl_setattr_get_trans(ip, NULL);
1602
+
tp = xfs_ioctl_setattr_get_trans(filp, NULL);
1610
1603
if (IS_ERR(tp)) {
1611
1604
error = PTR_ERR(tp);
1612
1605
goto out_drop_write;
···
2117
2110
case XFS_IOC_FSBULKSTAT_SINGLE:
2118
2111
case XFS_IOC_FSBULKSTAT:
2119
2112
case XFS_IOC_FSINUMBERS:
2120
-
return xfs_ioc_fsbulkstat(mp, cmd, arg);
2113
+
return xfs_ioc_fsbulkstat(filp, cmd, arg);
2121
2114
2122
2115
case XFS_IOC_BULKSTAT:
2123
-
return xfs_ioc_bulkstat(mp, cmd, arg);
2116
+
return xfs_ioc_bulkstat(filp, cmd, arg);
2124
2117
case XFS_IOC_INUMBERS:
2125
2118
return xfs_ioc_inumbers(mp, cmd, arg);
2126
2119
···
2142
2135
case XFS_IOC_FSGETXATTRA:
2143
2136
return xfs_ioc_fsgetxattr(ip, 1, arg);
2144
2137
case XFS_IOC_FSSETXATTR:
2145
-
return xfs_ioc_fssetxattr(ip, filp, arg);
2138
+
return xfs_ioc_fssetxattr(filp, arg);
2146
2139
case XFS_IOC_GETXFLAGS:
2147
2140
return xfs_ioc_getxflags(ip, arg);
2148
2141
case XFS_IOC_SETXFLAGS:
+7
-6
fs/xfs/xfs_ioctl32.c
+7
-6
fs/xfs/xfs_ioctl32.c
···
209
209
/* copied from xfs_ioctl.c */
210
210
STATIC int
211
211
xfs_compat_ioc_fsbulkstat(
212
-
xfs_mount_t *mp,
212
+
struct file *file,
213
213
unsigned int cmd,
214
214
struct compat_xfs_fsop_bulkreq __user *p32)
215
215
{
216
+
struct xfs_mount *mp = XFS_I(file_inode(file))->i_mount;
216
217
u32 addr;
217
218
struct xfs_fsop_bulkreq bulkreq;
218
219
struct xfs_ibulk breq = {
219
220
.mp = mp,
221
+
.mnt_userns = file_mnt_user_ns(file),
220
222
.ocount = 0,
221
223
};
222
224
xfs_ino_t lastino;
···
438
436
{
439
437
struct inode *inode = file_inode(filp);
440
438
struct xfs_inode *ip = XFS_I(inode);
441
-
struct xfs_mount *mp = ip->i_mount;
442
439
void __user *arg = compat_ptr(p);
443
440
int error;
444
441
···
457
456
return xfs_ioc_space(filp, &bf);
458
457
}
459
458
case XFS_IOC_FSGEOMETRY_V1_32:
460
-
return xfs_compat_ioc_fsgeometry_v1(mp, arg);
459
+
return xfs_compat_ioc_fsgeometry_v1(ip->i_mount, arg);
461
460
case XFS_IOC_FSGROWFSDATA_32: {
462
461
struct xfs_growfs_data in;
463
462
···
466
465
error = mnt_want_write_file(filp);
467
466
if (error)
468
467
return error;
469
-
error = xfs_growfs_data(mp, &in);
468
+
error = xfs_growfs_data(ip->i_mount, &in);
470
469
mnt_drop_write_file(filp);
471
470
return error;
472
471
}
···
478
477
error = mnt_want_write_file(filp);
479
478
if (error)
480
479
return error;
481
-
error = xfs_growfs_rt(mp, &in);
480
+
error = xfs_growfs_rt(ip->i_mount, &in);
482
481
mnt_drop_write_file(filp);
483
482
return error;
484
483
}
···
508
507
case XFS_IOC_FSBULKSTAT_32:
509
508
case XFS_IOC_FSBULKSTAT_SINGLE_32:
510
509
case XFS_IOC_FSINUMBERS_32:
511
-
return xfs_compat_ioc_fsbulkstat(mp, cmd, arg);
510
+
return xfs_compat_ioc_fsbulkstat(filp, cmd, arg);
512
511
case XFS_IOC_FD_TO_HANDLE_32:
513
512
case XFS_IOC_PATH_TO_HANDLE_32:
514
513
case XFS_IOC_PATH_TO_FSHANDLE_32: {
+58
-43
fs/xfs/xfs_iops.c
+58
-43
fs/xfs/xfs_iops.c
···
128
128
129
129
STATIC int
130
130
xfs_generic_create(
131
+
struct user_namespace *mnt_userns,
131
132
struct inode *dir,
132
133
struct dentry *dentry,
133
134
umode_t mode,
···
162
161
goto out_free_acl;
163
162
164
163
if (!tmpfile) {
165
-
error = xfs_create(XFS_I(dir), &name, mode, rdev, &ip);
164
+
error = xfs_create(mnt_userns, XFS_I(dir), &name, mode, rdev,
165
+
&ip);
166
166
} else {
167
-
error = xfs_create_tmpfile(XFS_I(dir), mode, &ip);
167
+
error = xfs_create_tmpfile(mnt_userns, XFS_I(dir), mode, &ip);
168
168
}
169
169
if (unlikely(error))
170
170
goto out_free_acl;
···
222
220
223
221
STATIC int
224
222
xfs_vn_mknod(
225
-
struct inode *dir,
226
-
struct dentry *dentry,
227
-
umode_t mode,
228
-
dev_t rdev)
223
+
struct user_namespace *mnt_userns,
224
+
struct inode *dir,
225
+
struct dentry *dentry,
226
+
umode_t mode,
227
+
dev_t rdev)
229
228
{
230
-
return xfs_generic_create(dir, dentry, mode, rdev, false);
229
+
return xfs_generic_create(mnt_userns, dir, dentry, mode, rdev, false);
231
230
}
232
231
233
232
STATIC int
234
233
xfs_vn_create(
235
-
struct inode *dir,
236
-
struct dentry *dentry,
237
-
umode_t mode,
238
-
bool flags)
234
+
struct user_namespace *mnt_userns,
235
+
struct inode *dir,
236
+
struct dentry *dentry,
237
+
umode_t mode,
238
+
bool flags)
239
239
{
240
-
return xfs_generic_create(dir, dentry, mode, 0, false);
240
+
return xfs_generic_create(mnt_userns, dir, dentry, mode, 0, false);
241
241
}
242
242
243
243
STATIC int
244
244
xfs_vn_mkdir(
245
-
struct inode *dir,
246
-
struct dentry *dentry,
247
-
umode_t mode)
245
+
struct user_namespace *mnt_userns,
246
+
struct inode *dir,
247
+
struct dentry *dentry,
248
+
umode_t mode)
248
249
{
249
-
return xfs_generic_create(dir, dentry, mode | S_IFDIR, 0, false);
250
+
return xfs_generic_create(mnt_userns, dir, dentry, mode | S_IFDIR, 0,
251
+
false);
250
252
}
251
253
252
254
STATIC struct dentry *
···
367
361
368
362
STATIC int
369
363
xfs_vn_symlink(
370
-
struct inode *dir,
371
-
struct dentry *dentry,
372
-
const char *symname)
364
+
struct user_namespace *mnt_userns,
365
+
struct inode *dir,
366
+
struct dentry *dentry,
367
+
const char *symname)
373
368
{
374
369
struct inode *inode;
375
370
struct xfs_inode *cip = NULL;
···
384
377
if (unlikely(error))
385
378
goto out;
386
379
387
-
error = xfs_symlink(XFS_I(dir), &name, symname, mode, &cip);
380
+
error = xfs_symlink(mnt_userns, XFS_I(dir), &name, symname, mode, &cip);
388
381
if (unlikely(error))
389
382
goto out;
390
383
···
410
403
411
404
STATIC int
412
405
xfs_vn_rename(
413
-
struct inode *odir,
414
-
struct dentry *odentry,
415
-
struct inode *ndir,
416
-
struct dentry *ndentry,
417
-
unsigned int flags)
406
+
struct user_namespace *mnt_userns,
407
+
struct inode *odir,
408
+
struct dentry *odentry,
409
+
struct inode *ndir,
410
+
struct dentry *ndentry,
411
+
unsigned int flags)
418
412
{
419
413
struct inode *new_inode = d_inode(ndentry);
420
414
int omode = 0;
···
439
431
if (unlikely(error))
440
432
return error;
441
433
442
-
return xfs_rename(XFS_I(odir), &oname, XFS_I(d_inode(odentry)),
443
-
XFS_I(ndir), &nname,
434
+
return xfs_rename(mnt_userns, XFS_I(odir), &oname,
435
+
XFS_I(d_inode(odentry)), XFS_I(ndir), &nname,
444
436
new_inode ? XFS_I(new_inode) : NULL, flags);
445
437
}
446
438
···
537
529
538
530
STATIC int
539
531
xfs_vn_getattr(
532
+
struct user_namespace *mnt_userns,
540
533
const struct path *path,
541
534
struct kstat *stat,
542
535
u32 request_mask,
···
556
547
stat->dev = inode->i_sb->s_dev;
557
548
stat->mode = inode->i_mode;
558
549
stat->nlink = inode->i_nlink;
559
-
stat->uid = inode->i_uid;
560
-
stat->gid = inode->i_gid;
550
+
stat->uid = i_uid_into_mnt(mnt_userns, inode);
551
+
stat->gid = i_gid_into_mnt(mnt_userns, inode);
561
552
stat->ino = ip->i_ino;
562
553
stat->atime = inode->i_atime;
563
554
stat->mtime = inode->i_mtime;
···
635
626
636
627
static int
637
628
xfs_vn_change_ok(
638
-
struct dentry *dentry,
639
-
struct iattr *iattr)
629
+
struct user_namespace *mnt_userns,
630
+
struct dentry *dentry,
631
+
struct iattr *iattr)
640
632
{
641
633
struct xfs_mount *mp = XFS_I(d_inode(dentry))->i_mount;
642
634
···
647
637
if (XFS_FORCED_SHUTDOWN(mp))
648
638
return -EIO;
649
639
650
-
return setattr_prepare(dentry, iattr);
640
+
return setattr_prepare(mnt_userns, dentry, iattr);
651
641
}
652
642
653
643
/*
···
658
648
*/
659
649
static int
660
650
xfs_setattr_nonsize(
651
+
struct user_namespace *mnt_userns,
661
652
struct xfs_inode *ip,
662
653
struct iattr *iattr)
663
654
{
···
799
788
* Posix ACL code seems to care about this issue either.
800
789
*/
801
790
if (mask & ATTR_MODE) {
802
-
error = posix_acl_chmod(inode, inode->i_mode);
791
+
error = posix_acl_chmod(mnt_userns, inode, inode->i_mode);
803
792
if (error)
804
793
return error;
805
794
}
···
820
809
*/
821
810
STATIC int
822
811
xfs_setattr_size(
812
+
struct user_namespace *mnt_userns,
823
813
struct xfs_inode *ip,
824
814
struct iattr *iattr)
825
815
{
···
852
840
* Use the regular setattr path to update the timestamps.
853
841
*/
854
842
iattr->ia_valid &= ~ATTR_SIZE;
855
-
return xfs_setattr_nonsize(ip, iattr);
843
+
return xfs_setattr_nonsize(mnt_userns, ip, iattr);
856
844
}
857
845
858
846
/*
···
1021
1009
1022
1010
int
1023
1011
xfs_vn_setattr_size(
1012
+
struct user_namespace *mnt_userns,
1024
1013
struct dentry *dentry,
1025
1014
struct iattr *iattr)
1026
1015
{
···
1030
1017
1031
1018
trace_xfs_setattr(ip);
1032
1019
1033
-
error = xfs_vn_change_ok(dentry, iattr);
1020
+
error = xfs_vn_change_ok(mnt_userns, dentry, iattr);
1034
1021
if (error)
1035
1022
return error;
1036
-
return xfs_setattr_size(ip, iattr);
1023
+
return xfs_setattr_size(mnt_userns, ip, iattr);
1037
1024
}
1038
1025
1039
1026
STATIC int
1040
1027
xfs_vn_setattr(
1028
+
struct user_namespace *mnt_userns,
1041
1029
struct dentry *dentry,
1042
1030
struct iattr *iattr)
1043
1031
{
···
1058
1044
return error;
1059
1045
}
1060
1046
1061
-
error = xfs_vn_setattr_size(dentry, iattr);
1047
+
error = xfs_vn_setattr_size(mnt_userns, dentry, iattr);
1062
1048
xfs_iunlock(ip, XFS_MMAPLOCK_EXCL);
1063
1049
} else {
1064
1050
trace_xfs_setattr(ip);
1065
1051
1066
-
error = xfs_vn_change_ok(dentry, iattr);
1052
+
error = xfs_vn_change_ok(mnt_userns, dentry, iattr);
1067
1053
if (!error)
1068
-
error = xfs_setattr_nonsize(ip, iattr);
1054
+
error = xfs_setattr_nonsize(mnt_userns, ip, iattr);
1069
1055
}
1070
1056
1071
1057
return error;
···
1136
1122
1137
1123
STATIC int
1138
1124
xfs_vn_tmpfile(
1139
-
struct inode *dir,
1140
-
struct dentry *dentry,
1141
-
umode_t mode)
1125
+
struct user_namespace *mnt_userns,
1126
+
struct inode *dir,
1127
+
struct dentry *dentry,
1128
+
umode_t mode)
1142
1129
{
1143
-
return xfs_generic_create(dir, dentry, mode, 0, true);
1130
+
return xfs_generic_create(mnt_userns, dir, dentry, mode, 0, true);
1144
1131
}
1145
1132
1146
1133
static const struct inode_operations xfs_inode_operations = {
+2
-1
fs/xfs/xfs_iops.h
+2
-1
fs/xfs/xfs_iops.h
···
14
14
extern ssize_t xfs_vn_listxattr(struct dentry *, char *data, size_t size);
15
15
16
16
extern void xfs_setattr_time(struct xfs_inode *ip, struct iattr *iattr);
17
-
extern int xfs_vn_setattr_size(struct dentry *dentry, struct iattr *vap);
17
+
int xfs_vn_setattr_size(struct user_namespace *mnt_userns,
18
+
struct dentry *dentry, struct iattr *vap);
18
19
19
20
#endif /* __XFS_IOPS_H__ */
+13
-4
fs/xfs/xfs_itable.c
+13
-4
fs/xfs/xfs_itable.c
···
54
54
STATIC int
55
55
xfs_bulkstat_one_int(
56
56
struct xfs_mount *mp,
57
+
struct user_namespace *mnt_userns,
57
58
struct xfs_trans *tp,
58
59
xfs_ino_t ino,
59
60
struct xfs_bstat_chunk *bc)
60
61
{
62
+
struct user_namespace *sb_userns = mp->m_super->s_user_ns;
61
63
struct xfs_icdinode *dic; /* dinode core info pointer */
62
64
struct xfs_inode *ip; /* incore inode pointer */
63
65
struct inode *inode;
···
88
86
*/
89
87
buf->bs_projectid = ip->i_d.di_projid;
90
88
buf->bs_ino = ino;
91
-
buf->bs_uid = i_uid_read(inode);
92
-
buf->bs_gid = i_gid_read(inode);
89
+
buf->bs_uid = from_kuid(sb_userns, i_uid_into_mnt(mnt_userns, inode));
90
+
buf->bs_gid = from_kgid(sb_userns, i_gid_into_mnt(mnt_userns, inode));
93
91
buf->bs_size = dic->di_size;
94
92
95
93
buf->bs_nlink = inode->i_nlink;
···
175
173
if (!bc.buf)
176
174
return -ENOMEM;
177
175
178
-
error = xfs_bulkstat_one_int(breq->mp, NULL, breq->startino, &bc);
176
+
error = xfs_bulkstat_one_int(breq->mp, breq->mnt_userns, NULL,
177
+
breq->startino, &bc);
179
178
180
179
kmem_free(bc.buf);
181
180
···
197
194
xfs_ino_t ino,
198
195
void *data)
199
196
{
197
+
struct xfs_bstat_chunk *bc = data;
200
198
int error;
201
199
202
-
error = xfs_bulkstat_one_int(mp, tp, ino, data);
200
+
error = xfs_bulkstat_one_int(mp, bc->breq->mnt_userns, tp, ino, data);
203
201
/* bulkstat just skips over missing inodes */
204
202
if (error == -ENOENT || error == -EINVAL)
205
203
return 0;
···
243
239
};
244
240
int error;
245
241
242
+
if (breq->mnt_userns != &init_user_ns) {
243
+
xfs_warn_ratelimited(breq->mp,
244
+
"bulkstat not supported inside of idmapped mounts.");
245
+
return -EINVAL;
246
+
}
246
247
if (xfs_bulkstat_already_done(breq->mp, breq->startino))
247
248
return 0;
248
249
+1
fs/xfs/xfs_itable.h
+1
fs/xfs/xfs_itable.h
···
8
8
/* In-memory representation of a userspace request for batch inode data. */
9
9
struct xfs_ibulk {
10
10
struct xfs_mount *mp;
11
+
struct user_namespace *mnt_userns;
11
12
void __user *ubuffer; /* user output buffer */
12
13
xfs_ino_t startino; /* start with this inode */
13
14
unsigned int icount; /* number of elements in ubuffer */
+2
-1
fs/xfs/xfs_qm.c
+2
-1
fs/xfs/xfs_qm.c
+1
-1
fs/xfs/xfs_super.c
+1
-1
fs/xfs/xfs_super.c
+3
-2
fs/xfs/xfs_symlink.c
+3
-2
fs/xfs/xfs_symlink.c
···
134
134
135
135
int
136
136
xfs_symlink(
137
+
struct user_namespace *mnt_userns,
137
138
struct xfs_inode *dp,
138
139
struct xfs_name *link_name,
139
140
const char *target_path,
···
222
221
/*
223
222
* Allocate an inode for the symlink.
224
223
*/
225
-
error = xfs_dir_ialloc(&tp, dp, S_IFLNK | (mode & ~S_IFMT), 1, 0,
226
-
prid, &ip);
224
+
error = xfs_dir_ialloc(mnt_userns, &tp, dp, S_IFLNK | (mode & ~S_IFMT),
225
+
1, 0, prid, &ip);
227
226
if (error)
228
227
goto out_trans_cancel;
229
228
+3
-2
fs/xfs/xfs_symlink.h
+3
-2
fs/xfs/xfs_symlink.h
···
7
7
8
8
/* Kernel only symlink definitions */
9
9
10
-
int xfs_symlink(struct xfs_inode *dp, struct xfs_name *link_name,
11
-
const char *target_path, umode_t mode, struct xfs_inode **ipp);
10
+
int xfs_symlink(struct user_namespace *mnt_userns, struct xfs_inode *dp,
11
+
struct xfs_name *link_name, const char *target_path,
12
+
umode_t mode, struct xfs_inode **ipp);
12
13
int xfs_readlink_bmap_ilocked(struct xfs_inode *ip, char *link);
13
14
int xfs_readlink(struct xfs_inode *ip, char *link);
14
15
int xfs_inactive_symlink(struct xfs_inode *ip);
+4
-3
fs/xfs/xfs_xattr.c
+4
-3
fs/xfs/xfs_xattr.c
···
38
38
}
39
39
40
40
static int
41
-
xfs_xattr_set(const struct xattr_handler *handler, struct dentry *unused,
42
-
struct inode *inode, const char *name, const void *value,
43
-
size_t size, int flags)
41
+
xfs_xattr_set(const struct xattr_handler *handler,
42
+
struct user_namespace *mnt_userns, struct dentry *unused,
43
+
struct inode *inode, const char *name, const void *value,
44
+
size_t size, int flags)
44
45
{
45
46
struct xfs_da_args args = {
46
47
.dp = XFS_I(inode),
+5
-4
fs/zonefs/super.c
+5
-4
fs/zonefs/super.c
···
489
489
return ret;
490
490
}
491
491
492
-
static int zonefs_inode_setattr(struct dentry *dentry, struct iattr *iattr)
492
+
static int zonefs_inode_setattr(struct user_namespace *mnt_userns,
493
+
struct dentry *dentry, struct iattr *iattr)
493
494
{
494
495
struct inode *inode = d_inode(dentry);
495
496
int ret;
···
498
497
if (unlikely(IS_IMMUTABLE(inode)))
499
498
return -EPERM;
500
499
501
-
ret = setattr_prepare(dentry, iattr);
500
+
ret = setattr_prepare(&init_user_ns, dentry, iattr);
502
501
if (ret)
503
502
return ret;
504
503
···
526
525
return ret;
527
526
}
528
527
529
-
setattr_copy(inode, iattr);
528
+
setattr_copy(&init_user_ns, inode, iattr);
530
529
531
530
return 0;
532
531
}
···
1234
1233
struct super_block *sb = parent->i_sb;
1235
1234
1236
1235
inode->i_ino = blkdev_nr_zones(sb->s_bdev->bd_disk) + type + 1;
1237
-
inode_init_owner(inode, parent, S_IFDIR | 0555);
1236
+
inode_init_owner(&init_user_ns, inode, parent, S_IFDIR | 0555);
1238
1237
inode->i_op = &zonefs_dir_inode_operations;
1239
1238
inode->i_fop = &simple_dir_operations;
1240
1239
set_nlink(inode, 2);
+10
-4
include/linux/capability.h
+10
-4
include/linux/capability.h
···
247
247
return true;
248
248
}
249
249
#endif /* CONFIG_MULTIUSER */
250
-
extern bool privileged_wrt_inode_uidgid(struct user_namespace *ns, const struct inode *inode);
251
-
extern bool capable_wrt_inode_uidgid(const struct inode *inode, int cap);
250
+
bool privileged_wrt_inode_uidgid(struct user_namespace *ns,
251
+
struct user_namespace *mnt_userns,
252
+
const struct inode *inode);
253
+
bool capable_wrt_inode_uidgid(struct user_namespace *mnt_userns,
254
+
const struct inode *inode, int cap);
252
255
extern bool file_ns_capable(const struct file *file, struct user_namespace *ns, int cap);
253
256
extern bool ptracer_capable(struct task_struct *tsk, struct user_namespace *ns);
254
257
static inline bool perfmon_capable(void)
···
271
268
}
272
269
273
270
/* audit system wants to get cap info from files as well */
274
-
extern int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps);
271
+
int get_vfs_caps_from_disk(struct user_namespace *mnt_userns,
272
+
const struct dentry *dentry,
273
+
struct cpu_vfs_cap_data *cpu_caps);
275
274
276
-
extern int cap_convert_nscap(struct dentry *dentry, const void **ivalue, size_t size);
275
+
int cap_convert_nscap(struct user_namespace *mnt_userns, struct dentry *dentry,
276
+
const void **ivalue, size_t size);
277
277
278
278
#endif /* !_LINUX_CAPABILITY_H */
+143
-43
include/linux/fs.h
+143
-43
include/linux/fs.h
···
39
39
#include <linux/fs_types.h>
40
40
#include <linux/build_bug.h>
41
41
#include <linux/stddef.h>
42
+
#include <linux/mount.h>
43
+
#include <linux/cred.h>
42
44
43
45
#include <asm/byteorder.h>
44
46
#include <uapi/linux/fs.h>
···
1574
1572
inode->i_gid = make_kgid(inode->i_sb->s_user_ns, gid);
1575
1573
}
1576
1574
1575
+
static inline kuid_t kuid_into_mnt(struct user_namespace *mnt_userns,
1576
+
kuid_t kuid)
1577
+
{
1578
+
return make_kuid(mnt_userns, __kuid_val(kuid));
1579
+
}
1580
+
1581
+
static inline kgid_t kgid_into_mnt(struct user_namespace *mnt_userns,
1582
+
kgid_t kgid)
1583
+
{
1584
+
return make_kgid(mnt_userns, __kgid_val(kgid));
1585
+
}
1586
+
1587
+
static inline kuid_t i_uid_into_mnt(struct user_namespace *mnt_userns,
1588
+
const struct inode *inode)
1589
+
{
1590
+
return kuid_into_mnt(mnt_userns, inode->i_uid);
1591
+
}
1592
+
1593
+
static inline kgid_t i_gid_into_mnt(struct user_namespace *mnt_userns,
1594
+
const struct inode *inode)
1595
+
{
1596
+
return kgid_into_mnt(mnt_userns, inode->i_gid);
1597
+
}
1598
+
1599
+
static inline kuid_t kuid_from_mnt(struct user_namespace *mnt_userns,
1600
+
kuid_t kuid)
1601
+
{
1602
+
return KUIDT_INIT(from_kuid(mnt_userns, kuid));
1603
+
}
1604
+
1605
+
static inline kgid_t kgid_from_mnt(struct user_namespace *mnt_userns,
1606
+
kgid_t kgid)
1607
+
{
1608
+
return KGIDT_INIT(from_kgid(mnt_userns, kgid));
1609
+
}
1610
+
1611
+
static inline kuid_t fsuid_into_mnt(struct user_namespace *mnt_userns)
1612
+
{
1613
+
return kuid_from_mnt(mnt_userns, current_fsuid());
1614
+
}
1615
+
1616
+
static inline kgid_t fsgid_into_mnt(struct user_namespace *mnt_userns)
1617
+
{
1618
+
return kgid_from_mnt(mnt_userns, current_fsgid());
1619
+
}
1620
+
1577
1621
extern struct timespec64 current_time(struct inode *inode);
1578
1622
1579
1623
/*
···
1762
1714
return __sb_start_write_trylock(sb, SB_FREEZE_FS);
1763
1715
}
1764
1716
1765
-
1766
-
extern bool inode_owner_or_capable(const struct inode *inode);
1717
+
bool inode_owner_or_capable(struct user_namespace *mnt_userns,
1718
+
const struct inode *inode);
1767
1719
1768
1720
/*
1769
1721
* VFS helper functions..
1770
1722
*/
1771
-
extern int vfs_create(struct inode *, struct dentry *, umode_t, bool);
1772
-
extern int vfs_mkdir(struct inode *, struct dentry *, umode_t);
1773
-
extern int vfs_mknod(struct inode *, struct dentry *, umode_t, dev_t);
1774
-
extern int vfs_symlink(struct inode *, struct dentry *, const char *);
1775
-
extern int vfs_link(struct dentry *, struct inode *, struct dentry *, struct inode **);
1776
-
extern int vfs_rmdir(struct inode *, struct dentry *);
1777
-
extern int vfs_unlink(struct inode *, struct dentry *, struct inode **);
1778
-
extern int vfs_rename(struct inode *, struct dentry *, struct inode *, struct dentry *, struct inode **, unsigned int);
1723
+
int vfs_create(struct user_namespace *, struct inode *,
1724
+
struct dentry *, umode_t, bool);
1725
+
int vfs_mkdir(struct user_namespace *, struct inode *,
1726
+
struct dentry *, umode_t);
1727
+
int vfs_mknod(struct user_namespace *, struct inode *, struct dentry *,
1728
+
umode_t, dev_t);
1729
+
int vfs_symlink(struct user_namespace *, struct inode *,
1730
+
struct dentry *, const char *);
1731
+
int vfs_link(struct dentry *, struct user_namespace *, struct inode *,
1732
+
struct dentry *, struct inode **);
1733
+
int vfs_rmdir(struct user_namespace *, struct inode *, struct dentry *);
1734
+
int vfs_unlink(struct user_namespace *, struct inode *, struct dentry *,
1735
+
struct inode **);
1779
1736
1780
-
static inline int vfs_whiteout(struct inode *dir, struct dentry *dentry)
1737
+
struct renamedata {
1738
+
struct user_namespace *old_mnt_userns;
1739
+
struct inode *old_dir;
1740
+
struct dentry *old_dentry;
1741
+
struct user_namespace *new_mnt_userns;
1742
+
struct inode *new_dir;
1743
+
struct dentry *new_dentry;
1744
+
struct inode **delegated_inode;
1745
+
unsigned int flags;
1746
+
} __randomize_layout;
1747
+
1748
+
int vfs_rename(struct renamedata *);
1749
+
1750
+
static inline int vfs_whiteout(struct user_namespace *mnt_userns,
1751
+
struct inode *dir, struct dentry *dentry)
1781
1752
{
1782
-
return vfs_mknod(dir, dentry, S_IFCHR | WHITEOUT_MODE, WHITEOUT_DEV);
1753
+
return vfs_mknod(mnt_userns, dir, dentry, S_IFCHR | WHITEOUT_MODE,
1754
+
WHITEOUT_DEV);
1783
1755
}
1784
1756
1785
-
extern struct dentry *vfs_tmpfile(struct dentry *dentry, umode_t mode,
1786
-
int open_flag);
1757
+
struct dentry *vfs_tmpfile(struct user_namespace *mnt_userns,
1758
+
struct dentry *dentry, umode_t mode, int open_flag);
1787
1759
1788
1760
int vfs_mkobj(struct dentry *, umode_t,
1789
1761
int (*f)(struct dentry *, umode_t, void *),
···
1825
1757
/*
1826
1758
* VFS file helper functions.
1827
1759
*/
1828
-
extern void inode_init_owner(struct inode *inode, const struct inode *dir,
1829
-
umode_t mode);
1760
+
void inode_init_owner(struct user_namespace *mnt_userns, struct inode *inode,
1761
+
const struct inode *dir, umode_t mode);
1830
1762
extern bool may_open_dev(const struct path *path);
1831
1763
1832
1764
/*
···
1930
1862
struct inode_operations {
1931
1863
struct dentry * (*lookup) (struct inode *,struct dentry *, unsigned int);
1932
1864
const char * (*get_link) (struct dentry *, struct inode *, struct delayed_call *);
1933
-
int (*permission) (struct inode *, int);
1865
+
int (*permission) (struct user_namespace *, struct inode *, int);
1934
1866
struct posix_acl * (*get_acl)(struct inode *, int);
1935
1867
1936
1868
int (*readlink) (struct dentry *, char __user *,int);
1937
1869
1938
-
int (*create) (struct inode *,struct dentry *, umode_t, bool);
1870
+
int (*create) (struct user_namespace *, struct inode *,struct dentry *,
1871
+
umode_t, bool);
1939
1872
int (*link) (struct dentry *,struct inode *,struct dentry *);
1940
1873
int (*unlink) (struct inode *,struct dentry *);
1941
-
int (*symlink) (struct inode *,struct dentry *,const char *);
1942
-
int (*mkdir) (struct inode *,struct dentry *,umode_t);
1874
+
int (*symlink) (struct user_namespace *, struct inode *,struct dentry *,
1875
+
const char *);
1876
+
int (*mkdir) (struct user_namespace *, struct inode *,struct dentry *,
1877
+
umode_t);
1943
1878
int (*rmdir) (struct inode *,struct dentry *);
1944
-
int (*mknod) (struct inode *,struct dentry *,umode_t,dev_t);
1945
-
int (*rename) (struct inode *, struct dentry *,
1879
+
int (*mknod) (struct user_namespace *, struct inode *,struct dentry *,
1880
+
umode_t,dev_t);
1881
+
int (*rename) (struct user_namespace *, struct inode *, struct dentry *,
1946
1882
struct inode *, struct dentry *, unsigned int);
1947
-
int (*setattr) (struct dentry *, struct iattr *);
1948
-
int (*getattr) (const struct path *, struct kstat *, u32, unsigned int);
1883
+
int (*setattr) (struct user_namespace *, struct dentry *,
1884
+
struct iattr *);
1885
+
int (*getattr) (struct user_namespace *, const struct path *,
1886
+
struct kstat *, u32, unsigned int);
1949
1887
ssize_t (*listxattr) (struct dentry *, char *, size_t);
1950
1888
int (*fiemap)(struct inode *, struct fiemap_extent_info *, u64 start,
1951
1889
u64 len);
···
1959
1885
int (*atomic_open)(struct inode *, struct dentry *,
1960
1886
struct file *, unsigned open_flag,
1961
1887
umode_t create_mode);
1962
-
int (*tmpfile) (struct inode *, struct dentry *, umode_t);
1963
-
int (*set_acl)(struct inode *, struct posix_acl *, int);
1888
+
int (*tmpfile) (struct user_namespace *, struct inode *,
1889
+
struct dentry *, umode_t);
1890
+
int (*set_acl)(struct user_namespace *, struct inode *,
1891
+
struct posix_acl *, int);
1964
1892
} ____cacheline_aligned;
1965
1893
1966
1894
static inline ssize_t call_read_iter(struct file *file, struct kiocb *kio,
···
2111
2035
#define IS_WHITEOUT(inode) (S_ISCHR(inode->i_mode) && \
2112
2036
(inode)->i_rdev == WHITEOUT_DEV)
2113
2037
2114
-
static inline bool HAS_UNMAPPED_ID(struct inode *inode)
2038
+
static inline bool HAS_UNMAPPED_ID(struct user_namespace *mnt_userns,
2039
+
struct inode *inode)
2115
2040
{
2116
-
return !uid_valid(inode->i_uid) || !gid_valid(inode->i_gid);
2041
+
return !uid_valid(i_uid_into_mnt(mnt_userns, inode)) ||
2042
+
!gid_valid(i_gid_into_mnt(mnt_userns, inode));
2117
2043
}
2118
2044
2119
2045
static inline enum rw_hint file_write_hint(struct file *file)
···
2332
2254
#define FS_HAS_SUBTYPE 4
2333
2255
#define FS_USERNS_MOUNT 8 /* Can be mounted by userns root */
2334
2256
#define FS_DISALLOW_NOTIFY_PERM 16 /* Disable fanotify permission events */
2257
+
#define FS_ALLOW_IDMAP 32 /* FS has been updated to handle vfs idmappings. */
2335
2258
#define FS_THP_SUPPORT 8192 /* Remove once all fs converted */
2336
2259
#define FS_RENAME_DOES_D_MOVE 32768 /* FS will handle d_move() during rename() internally. */
2337
2260
int (*init_fs_context)(struct fs_context *);
···
2619
2540
};
2620
2541
static_assert(offsetof(struct filename, iname) % sizeof(long) == 0);
2621
2542
2543
+
static inline struct user_namespace *file_mnt_user_ns(struct file *file)
2544
+
{
2545
+
return mnt_user_ns(file->f_path.mnt);
2546
+
}
2622
2547
extern long vfs_truncate(const struct path *, loff_t);
2623
-
extern int do_truncate(struct dentry *, loff_t start, unsigned int time_attrs,
2624
-
struct file *filp);
2548
+
int do_truncate(struct user_namespace *, struct dentry *, loff_t start,
2549
+
unsigned int time_attrs, struct file *filp);
2625
2550
extern int vfs_fallocate(struct file *file, int mode, loff_t offset,
2626
2551
loff_t len);
2627
2552
extern long do_sys_open(int dfd, const char __user *filename, int flags,
···
2862
2779
}
2863
2780
#endif
2864
2781
2865
-
extern int notify_change(struct dentry *, struct iattr *, struct inode **);
2866
-
extern int inode_permission(struct inode *, int);
2867
-
extern int generic_permission(struct inode *, int);
2868
-
extern int __check_sticky(struct inode *dir, struct inode *inode);
2782
+
int notify_change(struct user_namespace *, struct dentry *,
2783
+
struct iattr *, struct inode **);
2784
+
int inode_permission(struct user_namespace *, struct inode *, int);
2785
+
int generic_permission(struct user_namespace *, struct inode *, int);
2786
+
static inline int file_permission(struct file *file, int mask)
2787
+
{
2788
+
return inode_permission(file_mnt_user_ns(file),
2789
+
file_inode(file), mask);
2790
+
}
2791
+
static inline int path_permission(const struct path *path, int mask)
2792
+
{
2793
+
return inode_permission(mnt_user_ns(path->mnt),
2794
+
d_inode(path->dentry), mask);
2795
+
}
2796
+
int __check_sticky(struct user_namespace *mnt_userns, struct inode *dir,
2797
+
struct inode *inode);
2869
2798
2870
2799
static inline bool execute_ok(struct inode *inode)
2871
2800
{
···
3208
3113
extern int page_symlink(struct inode *inode, const char *symname, int len);
3209
3114
extern const struct inode_operations page_symlink_inode_operations;
3210
3115
extern void kfree_link(void *);
3211
-
extern void generic_fillattr(struct inode *, struct kstat *);
3116
+
void generic_fillattr(struct user_namespace *, struct inode *, struct kstat *);
3212
3117
extern int vfs_getattr_nosec(const struct path *, struct kstat *, u32, unsigned int);
3213
3118
extern int vfs_getattr(const struct path *, struct kstat *, u32, unsigned int);
3214
3119
void __inode_add_bytes(struct inode *inode, loff_t bytes);
···
3258
3163
extern int dcache_dir_close(struct inode *, struct file *);
3259
3164
extern loff_t dcache_dir_lseek(struct file *, loff_t, int);
3260
3165
extern int dcache_readdir(struct file *, struct dir_context *);
3261
-
extern int simple_setattr(struct dentry *, struct iattr *);
3262
-
extern int simple_getattr(const struct path *, struct kstat *, u32, unsigned int);
3166
+
extern int simple_setattr(struct user_namespace *, struct dentry *,
3167
+
struct iattr *);
3168
+
extern int simple_getattr(struct user_namespace *, const struct path *,
3169
+
struct kstat *, u32, unsigned int);
3263
3170
extern int simple_statfs(struct dentry *, struct kstatfs *);
3264
3171
extern int simple_open(struct inode *inode, struct file *file);
3265
3172
extern int simple_link(struct dentry *, struct inode *, struct dentry *);
3266
3173
extern int simple_unlink(struct inode *, struct dentry *);
3267
3174
extern int simple_rmdir(struct inode *, struct dentry *);
3268
-
extern int simple_rename(struct inode *, struct dentry *,
3269
-
struct inode *, struct dentry *, unsigned int);
3175
+
extern int simple_rename(struct user_namespace *, struct inode *,
3176
+
struct dentry *, struct inode *, struct dentry *,
3177
+
unsigned int);
3270
3178
extern void simple_recursive_removal(struct dentry *,
3271
3179
void (*callback)(struct dentry *));
3272
3180
extern int noop_fsync(struct file *, loff_t, loff_t, int);
···
3327
3229
#define buffer_migrate_page_norefs NULL
3328
3230
#endif
3329
3231
3330
-
extern int setattr_prepare(struct dentry *, struct iattr *);
3232
+
int setattr_prepare(struct user_namespace *, struct dentry *, struct iattr *);
3331
3233
extern int inode_newsize_ok(const struct inode *, loff_t offset);
3332
-
extern void setattr_copy(struct inode *inode, const struct iattr *attr);
3234
+
void setattr_copy(struct user_namespace *, struct inode *inode,
3235
+
const struct iattr *attr);
3333
3236
3334
3237
extern int file_update_time(struct file *file);
3335
3238
···
3494
3395
return (mode & S_ISUID) || ((mode & S_ISGID) && (mode & S_IXGRP));
3495
3396
}
3496
3397
3497
-
static inline int check_sticky(struct inode *dir, struct inode *inode)
3398
+
static inline int check_sticky(struct user_namespace *mnt_userns,
3399
+
struct inode *dir, struct inode *inode)
3498
3400
{
3499
3401
if (!(dir->i_mode & S_ISVTX))
3500
3402
return 0;
3501
3403
3502
-
return __check_sticky(dir, inode);
3404
+
return __check_sticky(mnt_userns, dir, inode);
3503
3405
}
3504
3406
3505
3407
static inline void inode_has_no_xattr(struct inode *inode)
+12
-6
include/linux/ima.h
+12
-6
include/linux/ima.h
···
16
16
#ifdef CONFIG_IMA
17
17
extern int ima_bprm_check(struct linux_binprm *bprm);
18
18
extern int ima_file_check(struct file *file, int mask);
19
-
extern void ima_post_create_tmpfile(struct inode *inode);
19
+
extern void ima_post_create_tmpfile(struct user_namespace *mnt_userns,
20
+
struct inode *inode);
20
21
extern void ima_file_free(struct file *file);
21
22
extern int ima_file_mmap(struct file *file, unsigned long prot);
22
23
extern int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot);
···
28
27
bool contents);
29
28
extern int ima_post_read_file(struct file *file, void *buf, loff_t size,
30
29
enum kernel_read_file_id id);
31
-
extern void ima_post_path_mknod(struct dentry *dentry);
30
+
extern void ima_post_path_mknod(struct user_namespace *mnt_userns,
31
+
struct dentry *dentry);
32
32
extern int ima_file_hash(struct file *file, char *buf, size_t buf_size);
33
33
extern int ima_inode_hash(struct inode *inode, char *buf, size_t buf_size);
34
34
extern void ima_kexec_cmdline(int kernel_fd, const void *buf, int size);
···
74
72
return 0;
75
73
}
76
74
77
-
static inline void ima_post_create_tmpfile(struct inode *inode)
75
+
static inline void ima_post_create_tmpfile(struct user_namespace *mnt_userns,
76
+
struct inode *inode)
78
77
{
79
78
}
80
79
···
119
116
return 0;
120
117
}
121
118
122
-
static inline void ima_post_path_mknod(struct dentry *dentry)
119
+
static inline void ima_post_path_mknod(struct user_namespace *mnt_userns,
120
+
struct dentry *dentry)
123
121
{
124
122
return;
125
123
}
···
167
163
168
164
#ifdef CONFIG_IMA_APPRAISE
169
165
extern bool is_ima_appraise_enabled(void);
170
-
extern void ima_inode_post_setattr(struct dentry *dentry);
166
+
extern void ima_inode_post_setattr(struct user_namespace *mnt_userns,
167
+
struct dentry *dentry);
171
168
extern int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name,
172
169
const void *xattr_value, size_t xattr_value_len);
173
170
extern int ima_inode_removexattr(struct dentry *dentry, const char *xattr_name);
···
178
173
return 0;
179
174
}
180
175
181
-
static inline void ima_inode_post_setattr(struct dentry *dentry)
176
+
static inline void ima_inode_post_setattr(struct user_namespace *mnt_userns,
177
+
struct dentry *dentry)
182
178
{
183
179
return;
184
180
}
+9
-6
include/linux/lsm_hook_defs.h
+9
-6
include/linux/lsm_hook_defs.h
···
135
135
LSM_HOOK(int, 0, inode_permission, struct inode *inode, int mask)
136
136
LSM_HOOK(int, 0, inode_setattr, struct dentry *dentry, struct iattr *attr)
137
137
LSM_HOOK(int, 0, inode_getattr, const struct path *path)
138
-
LSM_HOOK(int, 0, inode_setxattr, struct dentry *dentry, const char *name,
139
-
const void *value, size_t size, int flags)
138
+
LSM_HOOK(int, 0, inode_setxattr, struct user_namespace *mnt_userns,
139
+
struct dentry *dentry, const char *name, const void *value,
140
+
size_t size, int flags)
140
141
LSM_HOOK(void, LSM_RET_VOID, inode_post_setxattr, struct dentry *dentry,
141
142
const char *name, const void *value, size_t size, int flags)
142
143
LSM_HOOK(int, 0, inode_getxattr, struct dentry *dentry, const char *name)
143
144
LSM_HOOK(int, 0, inode_listxattr, struct dentry *dentry)
144
-
LSM_HOOK(int, 0, inode_removexattr, struct dentry *dentry, const char *name)
145
+
LSM_HOOK(int, 0, inode_removexattr, struct user_namespace *mnt_userns,
146
+
struct dentry *dentry, const char *name)
145
147
LSM_HOOK(int, 0, inode_need_killpriv, struct dentry *dentry)
146
-
LSM_HOOK(int, 0, inode_killpriv, struct dentry *dentry)
147
-
LSM_HOOK(int, -EOPNOTSUPP, inode_getsecurity, struct inode *inode,
148
-
const char *name, void **buffer, bool alloc)
148
+
LSM_HOOK(int, 0, inode_killpriv, struct user_namespace *mnt_userns,
149
+
struct dentry *dentry)
150
+
LSM_HOOK(int, -EOPNOTSUPP, inode_getsecurity, struct user_namespace *mnt_userns,
151
+
struct inode *inode, const char *name, void **buffer, bool alloc)
149
152
LSM_HOOK(int, -EOPNOTSUPP, inode_setsecurity, struct inode *inode,
150
153
const char *name, const void *value, size_t size, int flags)
151
154
LSM_HOOK(int, 0, inode_listsecurity, struct inode *inode, char *buffer,
+1
include/linux/lsm_hooks.h
+1
include/linux/lsm_hooks.h
···
453
453
* @inode_killpriv:
454
454
* The setuid bit is being removed. Remove similar security labels.
455
455
* Called with the dentry->d_inode->i_mutex held.
456
+
* @mnt_userns: user namespace of the mount
456
457
* @dentry is the dentry being changed.
457
458
* Return 0 on success. If error is returned, then the operation
458
459
* causing setuid bit removal is failed.
+7
include/linux/mount.h
+7
include/linux/mount.h
···
72
72
struct dentry *mnt_root; /* root of the mounted tree */
73
73
struct super_block *mnt_sb; /* pointer to superblock */
74
74
int mnt_flags;
75
+
struct user_namespace *mnt_userns;
75
76
} __randomize_layout;
77
+
78
+
static inline struct user_namespace *mnt_user_ns(const struct vfsmount *mnt)
79
+
{
80
+
/* Pairs with smp_store_release() in do_idmap_mount(). */
81
+
return smp_load_acquire(&mnt->mnt_userns);
82
+
}
76
83
77
84
struct file; /* forward dec */
78
85
struct path;
+4
-3
include/linux/nfs_fs.h
+4
-3
include/linux/nfs_fs.h
···
379
379
extern int nfs_post_op_update_inode(struct inode *inode, struct nfs_fattr *fattr);
380
380
extern int nfs_post_op_update_inode_force_wcc(struct inode *inode, struct nfs_fattr *fattr);
381
381
extern int nfs_post_op_update_inode_force_wcc_locked(struct inode *inode, struct nfs_fattr *fattr);
382
-
extern int nfs_getattr(const struct path *, struct kstat *, u32, unsigned int);
382
+
extern int nfs_getattr(struct user_namespace *, const struct path *,
383
+
struct kstat *, u32, unsigned int);
383
384
extern void nfs_access_add_cache(struct inode *, struct nfs_access_entry *);
384
385
extern void nfs_access_set_mask(struct nfs_access_entry *, u32);
385
-
extern int nfs_permission(struct inode *, int);
386
+
extern int nfs_permission(struct user_namespace *, struct inode *, int);
386
387
extern int nfs_open(struct inode *, struct file *);
387
388
extern int nfs_attribute_cache_expired(struct inode *inode);
388
389
extern int nfs_revalidate_inode(struct nfs_server *server, struct inode *inode);
···
391
390
extern bool nfs_mapping_need_revalidate_inode(struct inode *inode);
392
391
extern int nfs_revalidate_mapping(struct inode *inode, struct address_space *mapping);
393
392
extern int nfs_revalidate_mapping_rcu(struct inode *inode);
394
-
extern int nfs_setattr(struct dentry *, struct iattr *);
393
+
extern int nfs_setattr(struct user_namespace *, struct dentry *, struct iattr *);
395
394
extern void nfs_setattr_update_inode(struct inode *inode, struct iattr *attr, struct nfs_fattr *);
396
395
extern void nfs_setsecurity(struct inode *inode, struct nfs_fattr *fattr,
397
396
struct nfs4_label *label);
+14
-7
include/linux/posix_acl.h
+14
-7
include/linux/posix_acl.h
···
15
15
#include <linux/refcount.h>
16
16
#include <uapi/linux/posix_acl.h>
17
17
18
+
struct user_namespace;
19
+
18
20
struct posix_acl_entry {
19
21
short e_tag;
20
22
unsigned short e_perm;
···
63
61
64
62
extern void posix_acl_init(struct posix_acl *, int);
65
63
extern struct posix_acl *posix_acl_alloc(int, gfp_t);
66
-
extern int posix_acl_valid(struct user_namespace *, const struct posix_acl *);
67
-
extern int posix_acl_permission(struct inode *, const struct posix_acl *, int);
68
64
extern struct posix_acl *posix_acl_from_mode(umode_t, gfp_t);
69
65
extern int posix_acl_equiv_mode(const struct posix_acl *, umode_t *);
70
66
extern int __posix_acl_create(struct posix_acl **, gfp_t, umode_t *);
71
67
extern int __posix_acl_chmod(struct posix_acl **, gfp_t, umode_t);
72
68
73
69
extern struct posix_acl *get_posix_acl(struct inode *, int);
74
-
extern int set_posix_acl(struct inode *, int, struct posix_acl *);
70
+
extern int set_posix_acl(struct user_namespace *, struct inode *, int,
71
+
struct posix_acl *);
75
72
76
73
#ifdef CONFIG_FS_POSIX_ACL
77
-
extern int posix_acl_chmod(struct inode *, umode_t);
74
+
int posix_acl_chmod(struct user_namespace *, struct inode *, umode_t);
78
75
extern int posix_acl_create(struct inode *, umode_t *, struct posix_acl **,
79
76
struct posix_acl **);
80
-
extern int posix_acl_update_mode(struct inode *, umode_t *, struct posix_acl **);
77
+
int posix_acl_update_mode(struct user_namespace *, struct inode *, umode_t *,
78
+
struct posix_acl **);
81
79
82
-
extern int simple_set_acl(struct inode *, struct posix_acl *, int);
80
+
extern int simple_set_acl(struct user_namespace *, struct inode *,
81
+
struct posix_acl *, int);
83
82
extern int simple_acl_create(struct inode *, struct inode *);
84
83
85
84
struct posix_acl *get_cached_acl(struct inode *inode, int type);
···
88
85
void set_cached_acl(struct inode *inode, int type, struct posix_acl *acl);
89
86
void forget_cached_acl(struct inode *inode, int type);
90
87
void forget_all_cached_acls(struct inode *inode);
88
+
int posix_acl_valid(struct user_namespace *, const struct posix_acl *);
89
+
int posix_acl_permission(struct user_namespace *, struct inode *,
90
+
const struct posix_acl *, int);
91
91
92
92
static inline void cache_no_acl(struct inode *inode)
93
93
{
···
98
92
inode->i_default_acl = NULL;
99
93
}
100
94
#else
101
-
static inline int posix_acl_chmod(struct inode *inode, umode_t mode)
95
+
static inline int posix_acl_chmod(struct user_namespace *mnt_userns,
96
+
struct inode *inode, umode_t mode)
102
97
{
103
98
return 0;
104
99
}
+8
-4
include/linux/posix_acl_xattr.h
+8
-4
include/linux/posix_acl_xattr.h
···
33
33
}
34
34
35
35
#ifdef CONFIG_FS_POSIX_ACL
36
-
void posix_acl_fix_xattr_from_user(void *value, size_t size);
37
-
void posix_acl_fix_xattr_to_user(void *value, size_t size);
36
+
void posix_acl_fix_xattr_from_user(struct user_namespace *mnt_userns,
37
+
void *value, size_t size);
38
+
void posix_acl_fix_xattr_to_user(struct user_namespace *mnt_userns,
39
+
void *value, size_t size);
38
40
#else
39
-
static inline void posix_acl_fix_xattr_from_user(void *value, size_t size)
41
+
static inline void posix_acl_fix_xattr_from_user(struct user_namespace *mnt_userns,
42
+
void *value, size_t size)
40
43
{
41
44
}
42
-
static inline void posix_acl_fix_xattr_to_user(void *value, size_t size)
45
+
static inline void posix_acl_fix_xattr_to_user(struct user_namespace *mnt_userns,
46
+
void *value, size_t size)
43
47
{
44
48
}
45
49
#endif
+34
-20
include/linux/security.h
+34
-20
include/linux/security.h
···
145
145
const kernel_cap_t *inheritable,
146
146
const kernel_cap_t *permitted);
147
147
extern int cap_bprm_creds_from_file(struct linux_binprm *bprm, struct file *file);
148
-
extern int cap_inode_setxattr(struct dentry *dentry, const char *name,
149
-
const void *value, size_t size, int flags);
150
-
extern int cap_inode_removexattr(struct dentry *dentry, const char *name);
151
-
extern int cap_inode_need_killpriv(struct dentry *dentry);
152
-
extern int cap_inode_killpriv(struct dentry *dentry);
153
-
extern int cap_inode_getsecurity(struct inode *inode, const char *name,
154
-
void **buffer, bool alloc);
148
+
int cap_inode_setxattr(struct dentry *dentry, const char *name,
149
+
const void *value, size_t size, int flags);
150
+
int cap_inode_removexattr(struct user_namespace *mnt_userns,
151
+
struct dentry *dentry, const char *name);
152
+
int cap_inode_need_killpriv(struct dentry *dentry);
153
+
int cap_inode_killpriv(struct user_namespace *mnt_userns,
154
+
struct dentry *dentry);
155
+
int cap_inode_getsecurity(struct user_namespace *mnt_userns,
156
+
struct inode *inode, const char *name, void **buffer,
157
+
bool alloc);
155
158
extern int cap_mmap_addr(unsigned long addr);
156
159
extern int cap_mmap_file(struct file *file, unsigned long reqprot,
157
160
unsigned long prot, unsigned long flags);
···
351
348
int security_inode_permission(struct inode *inode, int mask);
352
349
int security_inode_setattr(struct dentry *dentry, struct iattr *attr);
353
350
int security_inode_getattr(const struct path *path);
354
-
int security_inode_setxattr(struct dentry *dentry, const char *name,
351
+
int security_inode_setxattr(struct user_namespace *mnt_userns,
352
+
struct dentry *dentry, const char *name,
355
353
const void *value, size_t size, int flags);
356
354
void security_inode_post_setxattr(struct dentry *dentry, const char *name,
357
355
const void *value, size_t size, int flags);
358
356
int security_inode_getxattr(struct dentry *dentry, const char *name);
359
357
int security_inode_listxattr(struct dentry *dentry);
360
-
int security_inode_removexattr(struct dentry *dentry, const char *name);
358
+
int security_inode_removexattr(struct user_namespace *mnt_userns,
359
+
struct dentry *dentry, const char *name);
361
360
int security_inode_need_killpriv(struct dentry *dentry);
362
-
int security_inode_killpriv(struct dentry *dentry);
363
-
int security_inode_getsecurity(struct inode *inode, const char *name, void **buffer, bool alloc);
361
+
int security_inode_killpriv(struct user_namespace *mnt_userns,
362
+
struct dentry *dentry);
363
+
int security_inode_getsecurity(struct user_namespace *mnt_userns,
364
+
struct inode *inode, const char *name,
365
+
void **buffer, bool alloc);
364
366
int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags);
365
367
int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size);
366
368
void security_inode_getsecid(struct inode *inode, u32 *secid);
···
849
841
return 0;
850
842
}
851
843
852
-
static inline int security_inode_setxattr(struct dentry *dentry,
853
-
const char *name, const void *value, size_t size, int flags)
844
+
static inline int security_inode_setxattr(struct user_namespace *mnt_userns,
845
+
struct dentry *dentry, const char *name, const void *value,
846
+
size_t size, int flags)
854
847
{
855
848
return cap_inode_setxattr(dentry, name, value, size, flags);
856
849
}
···
871
862
return 0;
872
863
}
873
864
874
-
static inline int security_inode_removexattr(struct dentry *dentry,
875
-
const char *name)
865
+
static inline int security_inode_removexattr(struct user_namespace *mnt_userns,
866
+
struct dentry *dentry,
867
+
const char *name)
876
868
{
877
-
return cap_inode_removexattr(dentry, name);
869
+
return cap_inode_removexattr(mnt_userns, dentry, name);
878
870
}
879
871
880
872
static inline int security_inode_need_killpriv(struct dentry *dentry)
···
883
873
return cap_inode_need_killpriv(dentry);
884
874
}
885
875
886
-
static inline int security_inode_killpriv(struct dentry *dentry)
876
+
static inline int security_inode_killpriv(struct user_namespace *mnt_userns,
877
+
struct dentry *dentry)
887
878
{
888
-
return cap_inode_killpriv(dentry);
879
+
return cap_inode_killpriv(mnt_userns, dentry);
889
880
}
890
881
891
-
static inline int security_inode_getsecurity(struct inode *inode, const char *name, void **buffer, bool alloc)
882
+
static inline int security_inode_getsecurity(struct user_namespace *mnt_userns,
883
+
struct inode *inode,
884
+
const char *name, void **buffer,
885
+
bool alloc)
892
886
{
893
-
return cap_inode_getsecurity(inode, name, buffer, alloc);
887
+
return cap_inode_getsecurity(mnt_userns, inode, name, buffer, alloc);
894
888
}
895
889
896
890
static inline int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags)
+4
include/linux/syscalls.h
+4
include/linux/syscalls.h
···
68
68
struct io_uring_params;
69
69
struct clone_args;
70
70
struct open_how;
71
+
struct mount_attr;
71
72
72
73
#include <linux/types.h>
73
74
#include <linux/aio_abi.h>
···
1029
1028
asmlinkage long sys_move_mount(int from_dfd, const char __user *from_path,
1030
1029
int to_dfd, const char __user *to_path,
1031
1030
unsigned int ms_flags);
1031
+
asmlinkage long sys_mount_setattr(int dfd, const char __user *path,
1032
+
unsigned int flags,
1033
+
struct mount_attr __user *uattr, size_t usize);
1032
1034
asmlinkage long sys_fsopen(const char __user *fs_name, unsigned int flags);
1033
1035
asmlinkage long sys_fsconfig(int fs_fd, unsigned int cmd, const char __user *key,
1034
1036
const void __user *value, int aux);
+20
-10
include/linux/xattr.h
+20
-10
include/linux/xattr.h
···
16
16
#include <linux/types.h>
17
17
#include <linux/spinlock.h>
18
18
#include <linux/mm.h>
19
+
#include <linux/user_namespace.h>
19
20
#include <uapi/linux/xattr.h>
20
21
21
22
struct inode;
···
35
34
int (*get)(const struct xattr_handler *, struct dentry *dentry,
36
35
struct inode *inode, const char *name, void *buffer,
37
36
size_t size);
38
-
int (*set)(const struct xattr_handler *, struct dentry *dentry,
37
+
int (*set)(const struct xattr_handler *,
38
+
struct user_namespace *mnt_userns, struct dentry *dentry,
39
39
struct inode *inode, const char *name, const void *buffer,
40
40
size_t size, int flags);
41
41
};
···
50
48
};
51
49
52
50
ssize_t __vfs_getxattr(struct dentry *, struct inode *, const char *, void *, size_t);
53
-
ssize_t vfs_getxattr(struct dentry *, const char *, void *, size_t);
51
+
ssize_t vfs_getxattr(struct user_namespace *, struct dentry *, const char *,
52
+
void *, size_t);
54
53
ssize_t vfs_listxattr(struct dentry *d, char *list, size_t size);
55
-
int __vfs_setxattr(struct dentry *, struct inode *, const char *, const void *, size_t, int);
56
-
int __vfs_setxattr_noperm(struct dentry *, const char *, const void *, size_t, int);
57
-
int __vfs_setxattr_locked(struct dentry *, const char *, const void *, size_t, int, struct inode **);
58
-
int vfs_setxattr(struct dentry *, const char *, const void *, size_t, int);
59
-
int __vfs_removexattr(struct dentry *, const char *);
60
-
int __vfs_removexattr_locked(struct dentry *, const char *, struct inode **);
61
-
int vfs_removexattr(struct dentry *, const char *);
54
+
int __vfs_setxattr(struct user_namespace *, struct dentry *, struct inode *,
55
+
const char *, const void *, size_t, int);
56
+
int __vfs_setxattr_noperm(struct user_namespace *, struct dentry *,
57
+
const char *, const void *, size_t, int);
58
+
int __vfs_setxattr_locked(struct user_namespace *, struct dentry *,
59
+
const char *, const void *, size_t, int,
60
+
struct inode **);
61
+
int vfs_setxattr(struct user_namespace *, struct dentry *, const char *,
62
+
const void *, size_t, int);
63
+
int __vfs_removexattr(struct user_namespace *, struct dentry *, const char *);
64
+
int __vfs_removexattr_locked(struct user_namespace *, struct dentry *,
65
+
const char *, struct inode **);
66
+
int vfs_removexattr(struct user_namespace *, struct dentry *, const char *);
62
67
63
68
ssize_t generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size);
64
-
ssize_t vfs_getxattr_alloc(struct dentry *dentry, const char *name,
69
+
ssize_t vfs_getxattr_alloc(struct user_namespace *mnt_userns,
70
+
struct dentry *dentry, const char *name,
65
71
char **xattr_value, size_t size, gfp_t flags);
66
72
67
73
int xattr_supported_namespace(struct inode *inode, const char *prefix);
+3
-1
include/uapi/asm-generic/unistd.h
+3
-1
include/uapi/asm-generic/unistd.h
···
861
861
__SYSCALL(__NR_process_madvise, sys_process_madvise)
862
862
#define __NR_epoll_pwait2 441
863
863
__SC_COMP(__NR_epoll_pwait2, sys_epoll_pwait2, compat_sys_epoll_pwait2)
864
+
#define __NR_mount_setattr 442
865
+
__SYSCALL(__NR_mount_setattr, sys_mount_setattr)
864
866
865
867
#undef __NR_syscalls
866
-
#define __NR_syscalls 442
868
+
#define __NR_syscalls 443
867
869
868
870
/*
869
871
* 32 bit systems traditionally used different
+16
include/uapi/linux/mount.h
+16
include/uapi/linux/mount.h
···
1
1
#ifndef _UAPI_LINUX_MOUNT_H
2
2
#define _UAPI_LINUX_MOUNT_H
3
3
4
+
#include <linux/types.h>
5
+
4
6
/*
5
7
* These are the fs-independent mount-flags: up to 32 flags are supported
6
8
*
···
119
117
#define MOUNT_ATTR_NOATIME 0x00000010 /* - Do not update access times. */
120
118
#define MOUNT_ATTR_STRICTATIME 0x00000020 /* - Always perform atime updates */
121
119
#define MOUNT_ATTR_NODIRATIME 0x00000080 /* Do not update directory access times */
120
+
#define MOUNT_ATTR_IDMAP 0x00100000 /* Idmap mount to @userns_fd in struct mount_attr. */
121
+
122
+
/*
123
+
* mount_setattr()
124
+
*/
125
+
struct mount_attr {
126
+
__u64 attr_set;
127
+
__u64 attr_clr;
128
+
__u64 propagation;
129
+
__u64 userns_fd;
130
+
};
131
+
132
+
/* List of all mount_attr versions. */
133
+
#define MOUNT_ATTR_SIZE_VER0 32 /* sizeof first published struct */
122
134
123
135
#endif /* _UAPI_LINUX_MOUNT_H */
+5
-4
ipc/mqueue.c
+5
-4
ipc/mqueue.c
···
594
594
return error;
595
595
}
596
596
597
-
static int mqueue_create(struct inode *dir, struct dentry *dentry,
598
-
umode_t mode, bool excl)
597
+
static int mqueue_create(struct user_namespace *mnt_userns, struct inode *dir,
598
+
struct dentry *dentry, umode_t mode, bool excl)
599
599
{
600
600
return mqueue_create_attr(dentry, mode, NULL);
601
601
}
···
873
873
if ((oflag & O_ACCMODE) == (O_RDWR | O_WRONLY))
874
874
return -EINVAL;
875
875
acc = oflag2acc[oflag & O_ACCMODE];
876
-
return inode_permission(d_inode(dentry), acc);
876
+
return inode_permission(&init_user_ns, d_inode(dentry), acc);
877
877
}
878
878
879
879
static int do_mq_open(const char __user *u_name, int oflag, umode_t mode,
···
965
965
err = -ENOENT;
966
966
} else {
967
967
ihold(inode);
968
-
err = vfs_unlink(d_inode(dentry->d_parent), dentry, NULL);
968
+
err = vfs_unlink(&init_user_ns, d_inode(dentry->d_parent),
969
+
dentry, NULL);
969
970
}
970
971
dput(dentry);
971
972
+3
-2
kernel/auditsc.c
+3
-2
kernel/auditsc.c
···
1930
1930
if (!dentry)
1931
1931
return 0;
1932
1932
1933
-
rc = get_vfs_caps_from_disk(dentry, &caps);
1933
+
rc = get_vfs_caps_from_disk(&init_user_ns, dentry, &caps);
1934
1934
if (rc)
1935
1935
return rc;
1936
1936
···
2481
2481
ax->d.next = context->aux;
2482
2482
context->aux = (void *)ax;
2483
2483
2484
-
get_vfs_caps_from_disk(bprm->file->f_path.dentry, &vcaps);
2484
+
get_vfs_caps_from_disk(&init_user_ns,
2485
+
bprm->file->f_path.dentry, &vcaps);
2485
2486
2486
2487
ax->fcap.permitted = vcaps.permitted;
2487
2488
ax->fcap.inheritable = vcaps.inheritable;
+7
-6
kernel/bpf/inode.c
+7
-6
kernel/bpf/inode.c
···
122
122
inode->i_mtime = inode->i_atime;
123
123
inode->i_ctime = inode->i_atime;
124
124
125
-
inode_init_owner(inode, dir, mode);
125
+
inode_init_owner(&init_user_ns, inode, dir, mode);
126
126
127
127
return inode;
128
128
}
···
152
152
dir->i_ctime = dir->i_mtime;
153
153
}
154
154
155
-
static int bpf_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
155
+
static int bpf_mkdir(struct user_namespace *mnt_userns, struct inode *dir,
156
+
struct dentry *dentry, umode_t mode)
156
157
{
157
158
struct inode *inode;
158
159
···
382
381
return simple_lookup(dir, dentry, flags);
383
382
}
384
383
385
-
static int bpf_symlink(struct inode *dir, struct dentry *dentry,
386
-
const char *target)
384
+
static int bpf_symlink(struct user_namespace *mnt_userns, struct inode *dir,
385
+
struct dentry *dentry, const char *target)
387
386
{
388
387
char *link = kstrdup(target, GFP_USER | __GFP_NOWARN);
389
388
struct inode *inode;
···
508
507
return ERR_PTR(ret);
509
508
510
509
inode = d_backing_inode(path.dentry);
511
-
ret = inode_permission(inode, ACC_MODE(flags));
510
+
ret = path_permission(&path, ACC_MODE(flags));
512
511
if (ret)
513
512
goto out;
514
513
···
559
558
static struct bpf_prog *__get_prog_inode(struct inode *inode, enum bpf_prog_type type)
560
559
{
561
560
struct bpf_prog *prog;
562
-
int ret = inode_permission(inode, MAY_READ);
561
+
int ret = inode_permission(&init_user_ns, inode, MAY_READ);
563
562
if (ret)
564
563
return ERR_PTR(ret);
565
564
+9
-5
kernel/capability.c
+9
-5
kernel/capability.c
···
484
484
*
485
485
* Return true if the inode uid and gid are within the namespace.
486
486
*/
487
-
bool privileged_wrt_inode_uidgid(struct user_namespace *ns, const struct inode *inode)
487
+
bool privileged_wrt_inode_uidgid(struct user_namespace *ns,
488
+
struct user_namespace *mnt_userns,
489
+
const struct inode *inode)
488
490
{
489
-
return kuid_has_mapping(ns, inode->i_uid) &&
490
-
kgid_has_mapping(ns, inode->i_gid);
491
+
return kuid_has_mapping(ns, i_uid_into_mnt(mnt_userns, inode)) &&
492
+
kgid_has_mapping(ns, i_gid_into_mnt(mnt_userns, inode));
491
493
}
492
494
493
495
/**
···
501
499
* its own user namespace and that the given inode's uid and gid are
502
500
* mapped into the current user namespace.
503
501
*/
504
-
bool capable_wrt_inode_uidgid(const struct inode *inode, int cap)
502
+
bool capable_wrt_inode_uidgid(struct user_namespace *mnt_userns,
503
+
const struct inode *inode, int cap)
505
504
{
506
505
struct user_namespace *ns = current_user_ns();
507
506
508
-
return ns_capable(ns, cap) && privileged_wrt_inode_uidgid(ns, inode);
507
+
return ns_capable(ns, cap) &&
508
+
privileged_wrt_inode_uidgid(ns, mnt_userns, inode);
509
509
}
510
510
EXPORT_SYMBOL(capable_wrt_inode_uidgid);
511
511
+1
-1
kernel/cgroup/cgroup.c
+1
-1
kernel/cgroup/cgroup.c
+1
-1
kernel/sys.c
+1
-1
kernel/sys.c
+3
-2
mm/madvise.c
+3
-2
mm/madvise.c
···
539
539
* otherwise we'd be including shared non-exclusive mappings, which
540
540
* opens a side channel.
541
541
*/
542
-
return inode_owner_or_capable(file_inode(vma->vm_file)) ||
543
-
inode_permission(file_inode(vma->vm_file), MAY_WRITE) == 0;
542
+
return inode_owner_or_capable(&init_user_ns,
543
+
file_inode(vma->vm_file)) ||
544
+
file_permission(vma->vm_file, MAY_WRITE) == 0;
544
545
}
545
546
546
547
static long madvise_pageout(struct vm_area_struct *vma,
+1
-1
mm/memcontrol.c
+1
-1
mm/memcontrol.c
···
4897
4897
4898
4898
/* the process need read permission on control file */
4899
4899
/* AV: shouldn't we check that it's been opened for read instead? */
4900
-
ret = inode_permission(file_inode(cfile.file), MAY_READ);
4900
+
ret = file_permission(cfile.file, MAY_READ);
4901
4901
if (ret < 0)
4902
4902
goto out_put_cfile;
4903
4903
+3
-2
mm/mincore.c
+3
-2
mm/mincore.c
···
166
166
* for writing; otherwise we'd be including shared non-exclusive
167
167
* mappings, which opens a side channel.
168
168
*/
169
-
return inode_owner_or_capable(file_inode(vma->vm_file)) ||
170
-
inode_permission(file_inode(vma->vm_file), MAY_WRITE) == 0;
169
+
return inode_owner_or_capable(&init_user_ns,
170
+
file_inode(vma->vm_file)) ||
171
+
file_permission(vma->vm_file, MAY_WRITE) == 0;
171
172
}
172
173
173
174
static const struct mm_walk_ops mincore_walk_ops = {
+31
-19
mm/shmem.c
+31
-19
mm/shmem.c
···
1060
1060
}
1061
1061
EXPORT_SYMBOL_GPL(shmem_truncate_range);
1062
1062
1063
-
static int shmem_getattr(const struct path *path, struct kstat *stat,
1063
+
static int shmem_getattr(struct user_namespace *mnt_userns,
1064
+
const struct path *path, struct kstat *stat,
1064
1065
u32 request_mask, unsigned int query_flags)
1065
1066
{
1066
1067
struct inode *inode = path->dentry->d_inode;
···
1073
1072
shmem_recalc_inode(inode);
1074
1073
spin_unlock_irq(&info->lock);
1075
1074
}
1076
-
generic_fillattr(inode, stat);
1075
+
generic_fillattr(&init_user_ns, inode, stat);
1077
1076
1078
1077
if (is_huge_enabled(sb_info))
1079
1078
stat->blksize = HPAGE_PMD_SIZE;
···
1081
1080
return 0;
1082
1081
}
1083
1082
1084
-
static int shmem_setattr(struct dentry *dentry, struct iattr *attr)
1083
+
static int shmem_setattr(struct user_namespace *mnt_userns,
1084
+
struct dentry *dentry, struct iattr *attr)
1085
1085
{
1086
1086
struct inode *inode = d_inode(dentry);
1087
1087
struct shmem_inode_info *info = SHMEM_I(inode);
1088
1088
struct shmem_sb_info *sbinfo = SHMEM_SB(inode->i_sb);
1089
1089
int error;
1090
1090
1091
-
error = setattr_prepare(dentry, attr);
1091
+
error = setattr_prepare(&init_user_ns, dentry, attr);
1092
1092
if (error)
1093
1093
return error;
1094
1094
···
1143
1141
}
1144
1142
}
1145
1143
1146
-
setattr_copy(inode, attr);
1144
+
setattr_copy(&init_user_ns, inode, attr);
1147
1145
if (attr->ia_valid & ATTR_MODE)
1148
-
error = posix_acl_chmod(inode, inode->i_mode);
1146
+
error = posix_acl_chmod(&init_user_ns, inode, inode->i_mode);
1149
1147
return error;
1150
1148
}
1151
1149
···
2305
2303
inode = new_inode(sb);
2306
2304
if (inode) {
2307
2305
inode->i_ino = ino;
2308
-
inode_init_owner(inode, dir, mode);
2306
+
inode_init_owner(&init_user_ns, inode, dir, mode);
2309
2307
inode->i_blocks = 0;
2310
2308
inode->i_atime = inode->i_mtime = inode->i_ctime = current_time(inode);
2311
2309
inode->i_generation = prandom_u32();
···
2919
2917
* File creation. Allocate an inode, and we're done..
2920
2918
*/
2921
2919
static int
2922
-
shmem_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
2920
+
shmem_mknod(struct user_namespace *mnt_userns, struct inode *dir,
2921
+
struct dentry *dentry, umode_t mode, dev_t dev)
2923
2922
{
2924
2923
struct inode *inode;
2925
2924
int error = -ENOSPC;
···
2949
2946
}
2950
2947
2951
2948
static int
2952
-
shmem_tmpfile(struct inode *dir, struct dentry *dentry, umode_t mode)
2949
+
shmem_tmpfile(struct user_namespace *mnt_userns, struct inode *dir,
2950
+
struct dentry *dentry, umode_t mode)
2953
2951
{
2954
2952
struct inode *inode;
2955
2953
int error = -ENOSPC;
···
2973
2969
return error;
2974
2970
}
2975
2971
2976
-
static int shmem_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
2972
+
static int shmem_mkdir(struct user_namespace *mnt_userns, struct inode *dir,
2973
+
struct dentry *dentry, umode_t mode)
2977
2974
{
2978
2975
int error;
2979
2976
2980
-
if ((error = shmem_mknod(dir, dentry, mode | S_IFDIR, 0)))
2977
+
if ((error = shmem_mknod(&init_user_ns, dir, dentry,
2978
+
mode | S_IFDIR, 0)))
2981
2979
return error;
2982
2980
inc_nlink(dir);
2983
2981
return 0;
2984
2982
}
2985
2983
2986
-
static int shmem_create(struct inode *dir, struct dentry *dentry, umode_t mode,
2987
-
bool excl)
2984
+
static int shmem_create(struct user_namespace *mnt_userns, struct inode *dir,
2985
+
struct dentry *dentry, umode_t mode, bool excl)
2988
2986
{
2989
-
return shmem_mknod(dir, dentry, mode | S_IFREG, 0);
2987
+
return shmem_mknod(&init_user_ns, dir, dentry, mode | S_IFREG, 0);
2990
2988
}
2991
2989
2992
2990
/*
···
3068
3062
return 0;
3069
3063
}
3070
3064
3071
-
static int shmem_whiteout(struct inode *old_dir, struct dentry *old_dentry)
3065
+
static int shmem_whiteout(struct user_namespace *mnt_userns,
3066
+
struct inode *old_dir, struct dentry *old_dentry)
3072
3067
{
3073
3068
struct dentry *whiteout;
3074
3069
int error;
···
3078
3071
if (!whiteout)
3079
3072
return -ENOMEM;
3080
3073
3081
-
error = shmem_mknod(old_dir, whiteout,
3074
+
error = shmem_mknod(&init_user_ns, old_dir, whiteout,
3082
3075
S_IFCHR | WHITEOUT_MODE, WHITEOUT_DEV);
3083
3076
dput(whiteout);
3084
3077
if (error)
···
3101
3094
* it exists so that the VFS layer correctly free's it when it
3102
3095
* gets overwritten.
3103
3096
*/
3104
-
static int shmem_rename2(struct inode *old_dir, struct dentry *old_dentry, struct inode *new_dir, struct dentry *new_dentry, unsigned int flags)
3097
+
static int shmem_rename2(struct user_namespace *mnt_userns,
3098
+
struct inode *old_dir, struct dentry *old_dentry,
3099
+
struct inode *new_dir, struct dentry *new_dentry,
3100
+
unsigned int flags)
3105
3101
{
3106
3102
struct inode *inode = d_inode(old_dentry);
3107
3103
int they_are_dirs = S_ISDIR(inode->i_mode);
···
3121
3111
if (flags & RENAME_WHITEOUT) {
3122
3112
int error;
3123
3113
3124
-
error = shmem_whiteout(old_dir, old_dentry);
3114
+
error = shmem_whiteout(&init_user_ns, old_dir, old_dentry);
3125
3115
if (error)
3126
3116
return error;
3127
3117
}
···
3145
3135
return 0;
3146
3136
}
3147
3137
3148
-
static int shmem_symlink(struct inode *dir, struct dentry *dentry, const char *symname)
3138
+
static int shmem_symlink(struct user_namespace *mnt_userns, struct inode *dir,
3139
+
struct dentry *dentry, const char *symname)
3149
3140
{
3150
3141
int error;
3151
3142
int len;
···
3284
3273
}
3285
3274
3286
3275
static int shmem_xattr_handler_set(const struct xattr_handler *handler,
3276
+
struct user_namespace *mnt_userns,
3287
3277
struct dentry *unused, struct inode *inode,
3288
3278
const char *name, const void *value,
3289
3279
size_t size, int flags)
+4
-2
net/socket.c
+4
-2
net/socket.c
···
334
334
};
335
335
336
336
static int sockfs_security_xattr_set(const struct xattr_handler *handler,
337
+
struct user_namespace *mnt_userns,
337
338
struct dentry *dentry, struct inode *inode,
338
339
const char *suffix, const void *value,
339
340
size_t size, int flags)
···
538
537
return used;
539
538
}
540
539
541
-
static int sockfs_setattr(struct dentry *dentry, struct iattr *iattr)
540
+
static int sockfs_setattr(struct user_namespace *mnt_userns,
541
+
struct dentry *dentry, struct iattr *iattr)
542
542
{
543
-
int err = simple_setattr(dentry, iattr);
543
+
int err = simple_setattr(&init_user_ns, dentry, iattr);
544
544
545
545
if (!err && (iattr->ia_valid & ATTR_UID)) {
546
546
struct socket *sock = SOCKET_I(d_inode(dentry));
+3
-2
net/unix/af_unix.c
+3
-2
net/unix/af_unix.c
···
936
936
if (err)
937
937
goto fail;
938
938
inode = d_backing_inode(path.dentry);
939
-
err = inode_permission(inode, MAY_WRITE);
939
+
err = path_permission(&path, MAY_WRITE);
940
940
if (err)
941
941
goto put_fail;
942
942
···
996
996
*/
997
997
err = security_path_mknod(&path, dentry, mode, 0);
998
998
if (!err) {
999
-
err = vfs_mknod(d_inode(path.dentry), dentry, mode, 0);
999
+
err = vfs_mknod(mnt_user_ns(path.mnt), d_inode(path.dentry),
1000
+
dentry, mode, 0);
1000
1001
if (!err) {
1001
1002
res->mnt = mntget(path.mnt);
1002
1003
res->dentry = dget(dentry);
+2
-1
security/apparmor/apparmorfs.c
+2
-1
security/apparmor/apparmorfs.c
···
1773
1773
return error;
1774
1774
}
1775
1775
1776
-
static int ns_mkdir_op(struct inode *dir, struct dentry *dentry, umode_t mode)
1776
+
static int ns_mkdir_op(struct user_namespace *mnt_userns, struct inode *dir,
1777
+
struct dentry *dentry, umode_t mode)
1777
1778
{
1778
1779
struct aa_ns *ns, *parent;
1779
1780
/* TODO: improve permission check */
+8
-5
security/apparmor/domain.c
+8
-5
security/apparmor/domain.c
···
10
10
11
11
#include <linux/errno.h>
12
12
#include <linux/fdtable.h>
13
+
#include <linux/fs.h>
13
14
#include <linux/file.h>
14
15
#include <linux/mount.h>
15
16
#include <linux/syscalls.h>
16
17
#include <linux/tracehook.h>
17
18
#include <linux/personality.h>
18
19
#include <linux/xattr.h>
20
+
#include <linux/user_namespace.h>
19
21
20
22
#include "include/audit.h"
21
23
#include "include/apparmorfs.h"
···
326
324
d = bprm->file->f_path.dentry;
327
325
328
326
for (i = 0; i < profile->xattr_count; i++) {
329
-
size = vfs_getxattr_alloc(d, profile->xattrs[i], &value,
330
-
value_size, GFP_KERNEL);
327
+
size = vfs_getxattr_alloc(&init_user_ns, d, profile->xattrs[i],
328
+
&value, value_size, GFP_KERNEL);
331
329
if (size >= 0) {
332
330
u32 perm;
333
331
···
860
858
const char *info = NULL;
861
859
int error = 0;
862
860
bool unsafe = false;
861
+
kuid_t i_uid = i_uid_into_mnt(file_mnt_user_ns(bprm->file),
862
+
file_inode(bprm->file));
863
863
struct path_cond cond = {
864
-
file_inode(bprm->file)->i_uid,
864
+
i_uid,
865
865
file_inode(bprm->file)->i_mode
866
866
};
867
867
···
971
967
error = fn_for_each(label, profile,
972
968
aa_audit_file(profile, &nullperms, OP_EXEC, MAY_EXEC,
973
969
bprm->filename, NULL, new,
974
-
file_inode(bprm->file)->i_uid, info,
975
-
error));
970
+
i_uid, info, error));
976
971
aa_put_label(new);
977
972
goto done;
978
973
}
+3
-1
security/apparmor/file.c
+3
-1
security/apparmor/file.c
···
11
11
#include <linux/tty.h>
12
12
#include <linux/fdtable.h>
13
13
#include <linux/file.h>
14
+
#include <linux/fs.h>
15
+
#include <linux/mount.h>
14
16
15
17
#include "include/apparmor.h"
16
18
#include "include/audit.h"
···
511
509
struct aa_profile *profile;
512
510
struct aa_perms perms = {};
513
511
struct path_cond cond = {
514
-
.uid = file_inode(file)->i_uid,
512
+
.uid = i_uid_into_mnt(file_mnt_user_ns(file), file_inode(file)),
515
513
.mode = file_inode(file)->i_mode
516
514
};
517
515
char *buffer;
+15
-6
security/apparmor/lsm.c
+15
-6
security/apparmor/lsm.c
···
224
224
*/
225
225
static int common_perm_cond(const char *op, const struct path *path, u32 mask)
226
226
{
227
-
struct path_cond cond = { d_backing_inode(path->dentry)->i_uid,
228
-
d_backing_inode(path->dentry)->i_mode
227
+
struct user_namespace *mnt_userns = mnt_user_ns(path->mnt);
228
+
struct path_cond cond = {
229
+
i_uid_into_mnt(mnt_userns, d_backing_inode(path->dentry)),
230
+
d_backing_inode(path->dentry)->i_mode
229
231
};
230
232
231
233
if (!path_mediated_fs(path->dentry))
···
268
266
struct dentry *dentry, u32 mask)
269
267
{
270
268
struct inode *inode = d_backing_inode(dentry);
269
+
struct user_namespace *mnt_userns = mnt_user_ns(dir->mnt);
271
270
struct path_cond cond = { };
272
271
273
272
if (!inode || !path_mediated_fs(dentry))
274
273
return 0;
275
274
276
-
cond.uid = inode->i_uid;
275
+
cond.uid = i_uid_into_mnt(mnt_userns, inode);
277
276
cond.mode = inode->i_mode;
278
277
279
278
return common_perm_dir_dentry(op, dir, dentry, mask, &cond);
···
364
361
365
362
label = begin_current_label_crit_section();
366
363
if (!unconfined(label)) {
364
+
struct user_namespace *mnt_userns = mnt_user_ns(old_dir->mnt);
367
365
struct path old_path = { .mnt = old_dir->mnt,
368
366
.dentry = old_dentry };
369
367
struct path new_path = { .mnt = new_dir->mnt,
370
368
.dentry = new_dentry };
371
-
struct path_cond cond = { d_backing_inode(old_dentry)->i_uid,
372
-
d_backing_inode(old_dentry)->i_mode
369
+
struct path_cond cond = {
370
+
i_uid_into_mnt(mnt_userns, d_backing_inode(old_dentry)),
371
+
d_backing_inode(old_dentry)->i_mode
373
372
};
374
373
375
374
error = aa_path_perm(OP_RENAME_SRC, label, &old_path, 0,
···
425
420
426
421
label = aa_get_newest_cred_label(file->f_cred);
427
422
if (!unconfined(label)) {
423
+
struct user_namespace *mnt_userns = file_mnt_user_ns(file);
428
424
struct inode *inode = file_inode(file);
429
-
struct path_cond cond = { inode->i_uid, inode->i_mode };
425
+
struct path_cond cond = {
426
+
i_uid_into_mnt(mnt_userns, inode),
427
+
inode->i_mode
428
+
};
430
429
431
430
error = aa_path_perm(OP_OPEN, label, &file->f_path, 0,
432
431
aa_map_file_to_perms(file), &cond);
+88
-20
security/commoncap.c
+88
-20
security/commoncap.c
···
303
303
304
304
/**
305
305
* cap_inode_killpriv - Erase the security markings on an inode
306
-
* @dentry: The inode/dentry to alter
306
+
*
307
+
* @mnt_userns: user namespace of the mount the inode was found from
308
+
* @dentry: The inode/dentry to alter
307
309
*
308
310
* Erase the privilege-enhancing security markings on an inode.
309
311
*
312
+
* If the inode has been found through an idmapped mount the user namespace of
313
+
* the vfsmount must be passed through @mnt_userns. This function will then
314
+
* take care to map the inode according to @mnt_userns before checking
315
+
* permissions. On non-idmapped mounts or if permission checking is to be
316
+
* performed on the raw inode simply passs init_user_ns.
317
+
*
310
318
* Returns 0 if successful, -ve on error.
311
319
*/
312
-
int cap_inode_killpriv(struct dentry *dentry)
320
+
int cap_inode_killpriv(struct user_namespace *mnt_userns, struct dentry *dentry)
313
321
{
314
322
int error;
315
323
316
-
error = __vfs_removexattr(dentry, XATTR_NAME_CAPS);
324
+
error = __vfs_removexattr(mnt_userns, dentry, XATTR_NAME_CAPS);
317
325
if (error == -EOPNOTSUPP)
318
326
error = 0;
319
327
return error;
···
374
366
* by the integrity subsystem, which really wants the unconverted values -
375
367
* so that's good.
376
368
*/
377
-
int cap_inode_getsecurity(struct inode *inode, const char *name, void **buffer,
369
+
int cap_inode_getsecurity(struct user_namespace *mnt_userns,
370
+
struct inode *inode, const char *name, void **buffer,
378
371
bool alloc)
379
372
{
380
373
int size, ret;
···
396
387
return -EINVAL;
397
388
398
389
size = sizeof(struct vfs_ns_cap_data);
399
-
ret = (int) vfs_getxattr_alloc(dentry, XATTR_NAME_CAPS,
400
-
&tmpbuf, size, GFP_NOFS);
390
+
ret = (int)vfs_getxattr_alloc(mnt_userns, dentry, XATTR_NAME_CAPS,
391
+
&tmpbuf, size, GFP_NOFS);
401
392
dput(dentry);
402
393
403
394
if (ret < 0)
···
416
407
}
417
408
418
409
kroot = make_kuid(fs_ns, root);
410
+
411
+
/* If this is an idmapped mount shift the kuid. */
412
+
kroot = kuid_into_mnt(mnt_userns, kroot);
419
413
420
414
/* If the root kuid maps to a valid uid in current ns, then return
421
415
* this as a nscap. */
···
481
469
return size;
482
470
}
483
471
472
+
/**
473
+
* rootid_from_xattr - translate root uid of vfs caps
474
+
*
475
+
* @value: vfs caps value which may be modified by this function
476
+
* @size: size of @ivalue
477
+
* @task_ns: user namespace of the caller
478
+
* @mnt_userns: user namespace of the mount the inode was found from
479
+
*
480
+
* If the inode has been found through an idmapped mount the user namespace of
481
+
* the vfsmount must be passed through @mnt_userns. This function will then
482
+
* take care to map the inode according to @mnt_userns before checking
483
+
* permissions. On non-idmapped mounts or if permission checking is to be
484
+
* performed on the raw inode simply passs init_user_ns.
485
+
*/
484
486
static kuid_t rootid_from_xattr(const void *value, size_t size,
485
-
struct user_namespace *task_ns)
487
+
struct user_namespace *task_ns,
488
+
struct user_namespace *mnt_userns)
486
489
{
487
490
const struct vfs_ns_cap_data *nscap = value;
491
+
kuid_t rootkid;
488
492
uid_t rootid = 0;
489
493
490
494
if (size == XATTR_CAPS_SZ_3)
491
495
rootid = le32_to_cpu(nscap->rootid);
492
496
493
-
return make_kuid(task_ns, rootid);
497
+
rootkid = make_kuid(task_ns, rootid);
498
+
return kuid_from_mnt(mnt_userns, rootkid);
494
499
}
495
500
496
501
static bool validheader(size_t size, const struct vfs_cap_data *cap)
···
515
486
return is_v2header(size, cap) || is_v3header(size, cap);
516
487
}
517
488
518
-
/*
489
+
/**
490
+
* cap_convert_nscap - check vfs caps
491
+
*
492
+
* @mnt_userns: user namespace of the mount the inode was found from
493
+
* @dentry: used to retrieve inode to check permissions on
494
+
* @ivalue: vfs caps value which may be modified by this function
495
+
* @size: size of @ivalue
496
+
*
519
497
* User requested a write of security.capability. If needed, update the
520
498
* xattr to change from v2 to v3, or to fixup the v3 rootid.
521
499
*
500
+
* If the inode has been found through an idmapped mount the user namespace of
501
+
* the vfsmount must be passed through @mnt_userns. This function will then
502
+
* take care to map the inode according to @mnt_userns before checking
503
+
* permissions. On non-idmapped mounts or if permission checking is to be
504
+
* performed on the raw inode simply passs init_user_ns.
505
+
*
522
506
* If all is ok, we return the new size, on error return < 0.
523
507
*/
524
-
int cap_convert_nscap(struct dentry *dentry, const void **ivalue, size_t size)
508
+
int cap_convert_nscap(struct user_namespace *mnt_userns, struct dentry *dentry,
509
+
const void **ivalue, size_t size)
525
510
{
526
511
struct vfs_ns_cap_data *nscap;
527
512
uid_t nsrootid;
···
552
509
return -EINVAL;
553
510
if (!validheader(size, cap))
554
511
return -EINVAL;
555
-
if (!capable_wrt_inode_uidgid(inode, CAP_SETFCAP))
512
+
if (!capable_wrt_inode_uidgid(mnt_userns, inode, CAP_SETFCAP))
556
513
return -EPERM;
557
-
if (size == XATTR_CAPS_SZ_2)
514
+
if (size == XATTR_CAPS_SZ_2 && (mnt_userns == &init_user_ns))
558
515
if (ns_capable(inode->i_sb->s_user_ns, CAP_SETFCAP))
559
516
/* user is privileged, just write the v2 */
560
517
return size;
561
518
562
-
rootid = rootid_from_xattr(*ivalue, size, task_ns);
519
+
rootid = rootid_from_xattr(*ivalue, size, task_ns, mnt_userns);
563
520
if (!uid_valid(rootid))
564
521
return -EINVAL;
565
522
···
636
593
return *effective ? ret : 0;
637
594
}
638
595
639
-
/*
596
+
/**
597
+
* get_vfs_caps_from_disk - retrieve vfs caps from disk
598
+
*
599
+
* @mnt_userns: user namespace of the mount the inode was found from
600
+
* @dentry: dentry from which @inode is retrieved
601
+
* @cpu_caps: vfs capabilities
602
+
*
640
603
* Extract the on-exec-apply capability sets for an executable file.
604
+
*
605
+
* If the inode has been found through an idmapped mount the user namespace of
606
+
* the vfsmount must be passed through @mnt_userns. This function will then
607
+
* take care to map the inode according to @mnt_userns before checking
608
+
* permissions. On non-idmapped mounts or if permission checking is to be
609
+
* performed on the raw inode simply passs init_user_ns.
641
610
*/
642
-
int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps)
611
+
int get_vfs_caps_from_disk(struct user_namespace *mnt_userns,
612
+
const struct dentry *dentry,
613
+
struct cpu_vfs_cap_data *cpu_caps)
643
614
{
644
615
struct inode *inode = d_backing_inode(dentry);
645
616
__u32 magic_etc;
···
709
652
/* Limit the caps to the mounter of the filesystem
710
653
* or the more limited uid specified in the xattr.
711
654
*/
655
+
rootkuid = kuid_into_mnt(mnt_userns, rootkuid);
712
656
if (!rootid_owns_currentns(rootkuid))
713
657
return -ENODATA;
714
658
···
755
697
if (!current_in_userns(file->f_path.mnt->mnt_sb->s_user_ns))
756
698
return 0;
757
699
758
-
rc = get_vfs_caps_from_disk(file->f_path.dentry, &vcaps);
700
+
rc = get_vfs_caps_from_disk(file_mnt_user_ns(file),
701
+
file->f_path.dentry, &vcaps);
759
702
if (rc < 0) {
760
703
if (rc == -EINVAL)
761
704
printk(KERN_NOTICE "Invalid argument reading file caps for %s\n",
···
1021
962
1022
963
/**
1023
964
* cap_inode_removexattr - Determine whether an xattr may be removed
1024
-
* @dentry: The inode/dentry being altered
1025
-
* @name: The name of the xattr to be changed
965
+
*
966
+
* @mnt_userns: User namespace of the mount the inode was found from
967
+
* @dentry: The inode/dentry being altered
968
+
* @name: The name of the xattr to be changed
1026
969
*
1027
970
* Determine whether an xattr may be removed from an inode, returning 0 if
1028
971
* permission is granted, -ve if denied.
1029
972
*
973
+
* If the inode has been found through an idmapped mount the user namespace of
974
+
* the vfsmount must be passed through @mnt_userns. This function will then
975
+
* take care to map the inode according to @mnt_userns before checking
976
+
* permissions. On non-idmapped mounts or if permission checking is to be
977
+
* performed on the raw inode simply passs init_user_ns.
978
+
*
1030
979
* This is used to make sure security xattrs don't get removed by those who
1031
980
* aren't privileged to remove them.
1032
981
*/
1033
-
int cap_inode_removexattr(struct dentry *dentry, const char *name)
982
+
int cap_inode_removexattr(struct user_namespace *mnt_userns,
983
+
struct dentry *dentry, const char *name)
1034
984
{
1035
985
struct user_namespace *user_ns = dentry->d_sb->s_user_ns;
1036
986
···
1053
985
struct inode *inode = d_backing_inode(dentry);
1054
986
if (!inode)
1055
987
return -EINVAL;
1056
-
if (!capable_wrt_inode_uidgid(inode, CAP_SETFCAP))
988
+
if (!capable_wrt_inode_uidgid(mnt_userns, inode, CAP_SETFCAP))
1057
989
return -EPERM;
1058
990
return 0;
1059
991
}
+6
-5
security/integrity/evm/evm_crypto.c
+6
-5
security/integrity/evm/evm_crypto.c
···
225
225
ima_present = true;
226
226
continue;
227
227
}
228
-
size = vfs_getxattr_alloc(dentry, xattr->name,
228
+
size = vfs_getxattr_alloc(&init_user_ns, dentry, xattr->name,
229
229
&xattr_value, xattr_size, GFP_NOFS);
230
230
if (size == -ENOMEM) {
231
231
error = -ENOMEM;
···
278
278
return 1;
279
279
280
280
/* Do this the hard way */
281
-
rc = vfs_getxattr_alloc(dentry, XATTR_NAME_EVM, (char **)&xattr_data, 0,
282
-
GFP_NOFS);
281
+
rc = vfs_getxattr_alloc(&init_user_ns, dentry, XATTR_NAME_EVM,
282
+
(char **)&xattr_data, 0, GFP_NOFS);
283
283
if (rc <= 0) {
284
284
if (rc == -ENODATA)
285
285
return 0;
···
322
322
xattr_value_len, &data);
323
323
if (rc == 0) {
324
324
data.hdr.xattr.sha1.type = EVM_XATTR_HMAC;
325
-
rc = __vfs_setxattr_noperm(dentry, XATTR_NAME_EVM,
325
+
rc = __vfs_setxattr_noperm(&init_user_ns, dentry,
326
+
XATTR_NAME_EVM,
326
327
&data.hdr.xattr.data[1],
327
328
SHA1_DIGEST_SIZE + 1, 0);
328
329
} else if (rc == -ENODATA && (inode->i_opflags & IOP_XATTR)) {
329
-
rc = __vfs_removexattr(dentry, XATTR_NAME_EVM);
330
+
rc = __vfs_removexattr(&init_user_ns, dentry, XATTR_NAME_EVM);
330
331
}
331
332
return rc;
332
333
}
+2
-2
security/integrity/evm/evm_main.c
+2
-2
security/integrity/evm/evm_main.c
···
146
146
/* if status is not PASS, try to check again - against -ENOMEM */
147
147
148
148
/* first need to know the sig type */
149
-
rc = vfs_getxattr_alloc(dentry, XATTR_NAME_EVM, (char **)&xattr_data, 0,
150
-
GFP_NOFS);
149
+
rc = vfs_getxattr_alloc(&init_user_ns, dentry, XATTR_NAME_EVM,
150
+
(char **)&xattr_data, 0, GFP_NOFS);
151
151
if (rc <= 0) {
152
152
evm_status = INTEGRITY_FAIL;
153
153
if (rc == -ENODATA) {
+1
-1
security/integrity/evm/evm_secfs.c
+1
-1
security/integrity/evm/evm_secfs.c
+12
-7
security/integrity/ima/ima.h
+12
-7
security/integrity/ima/ima.h
···
254
254
#endif /* CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS */
255
255
256
256
/* LIM API function definitions */
257
-
int ima_get_action(struct inode *inode, const struct cred *cred, u32 secid,
258
-
int mask, enum ima_hooks func, int *pcr,
257
+
int ima_get_action(struct user_namespace *mnt_userns, struct inode *inode,
258
+
const struct cred *cred, u32 secid, int mask,
259
+
enum ima_hooks func, int *pcr,
259
260
struct ima_template_desc **template_desc,
260
261
const char *func_data);
261
262
int ima_must_measure(struct inode *inode, int mask, enum ima_hooks func);
···
268
267
struct evm_ima_xattr_data *xattr_value,
269
268
int xattr_len, const struct modsig *modsig, int pcr,
270
269
struct ima_template_desc *template_desc);
271
-
void process_buffer_measurement(struct inode *inode, const void *buf, int size,
270
+
void process_buffer_measurement(struct user_namespace *mnt_userns,
271
+
struct inode *inode, const void *buf, int size,
272
272
const char *eventname, enum ima_hooks func,
273
273
int pcr, const char *func_data,
274
274
bool buf_hash);
···
285
283
const char *ima_d_path(const struct path *path, char **pathbuf, char *filename);
286
284
287
285
/* IMA policy related functions */
288
-
int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid,
289
-
enum ima_hooks func, int mask, int flags, int *pcr,
286
+
int ima_match_policy(struct user_namespace *mnt_userns, struct inode *inode,
287
+
const struct cred *cred, u32 secid, enum ima_hooks func,
288
+
int mask, int flags, int *pcr,
290
289
struct ima_template_desc **template_desc,
291
290
const char *func_data);
292
291
void ima_init_policy(void);
···
318
315
struct file *file, const unsigned char *filename,
319
316
struct evm_ima_xattr_data *xattr_value,
320
317
int xattr_len, const struct modsig *modsig);
321
-
int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func);
318
+
int ima_must_appraise(struct user_namespace *mnt_userns, struct inode *inode,
319
+
int mask, enum ima_hooks func);
322
320
void ima_update_xattr(struct integrity_iint_cache *iint, struct file *file);
323
321
enum integrity_status ima_get_cache_status(struct integrity_iint_cache *iint,
324
322
enum ima_hooks func);
···
346
342
return INTEGRITY_UNKNOWN;
347
343
}
348
344
349
-
static inline int ima_must_appraise(struct inode *inode, int mask,
345
+
static inline int ima_must_appraise(struct user_namespace *mnt_userns,
346
+
struct inode *inode, int mask,
350
347
enum ima_hooks func)
351
348
{
352
349
return 0;
+6
-4
security/integrity/ima/ima_api.c
+6
-4
security/integrity/ima/ima_api.c
···
162
162
163
163
/**
164
164
* ima_get_action - appraise & measure decision based on policy.
165
+
* @mnt_userns: user namespace of the mount the inode was found from
165
166
* @inode: pointer to the inode associated with the object being validated
166
167
* @cred: pointer to credentials structure to validate
167
168
* @secid: secid of the task being validated
···
184
183
* Returns IMA_MEASURE, IMA_APPRAISE mask.
185
184
*
186
185
*/
187
-
int ima_get_action(struct inode *inode, const struct cred *cred, u32 secid,
188
-
int mask, enum ima_hooks func, int *pcr,
186
+
int ima_get_action(struct user_namespace *mnt_userns, struct inode *inode,
187
+
const struct cred *cred, u32 secid, int mask,
188
+
enum ima_hooks func, int *pcr,
189
189
struct ima_template_desc **template_desc,
190
190
const char *func_data)
191
191
{
···
194
192
195
193
flags &= ima_policy_flag;
196
194
197
-
return ima_match_policy(inode, cred, secid, func, mask, flags, pcr,
198
-
template_desc, func_data);
195
+
return ima_match_policy(mnt_userns, inode, cred, secid, func, mask,
196
+
flags, pcr, template_desc, func_data);
199
197
}
200
198
201
199
/*
+13
-10
security/integrity/ima/ima_appraise.c
+13
-10
security/integrity/ima/ima_appraise.c
···
68
68
*
69
69
* Return 1 to appraise or hash
70
70
*/
71
-
int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func)
71
+
int ima_must_appraise(struct user_namespace *mnt_userns, struct inode *inode,
72
+
int mask, enum ima_hooks func)
72
73
{
73
74
u32 secid;
74
75
···
77
76
return 0;
78
77
79
78
security_task_getsecid(current, &secid);
80
-
return ima_match_policy(inode, current_cred(), secid, func, mask,
81
-
IMA_APPRAISE | IMA_HASH, NULL, NULL, NULL);
79
+
return ima_match_policy(mnt_userns, inode, current_cred(), secid, func,
80
+
mask, IMA_APPRAISE | IMA_HASH, NULL, NULL, NULL);
82
81
}
83
82
84
83
static int ima_fix_xattr(struct dentry *dentry,
···
95
94
iint->ima_hash->xattr.ng.type = IMA_XATTR_DIGEST_NG;
96
95
iint->ima_hash->xattr.ng.algo = algo;
97
96
}
98
-
rc = __vfs_setxattr_noperm(dentry, XATTR_NAME_IMA,
97
+
rc = __vfs_setxattr_noperm(&init_user_ns, dentry, XATTR_NAME_IMA,
99
98
&iint->ima_hash->xattr.data[offset],
100
99
(sizeof(iint->ima_hash->xattr) - offset) +
101
100
iint->ima_hash->length, 0);
···
216
215
{
217
216
ssize_t ret;
218
217
219
-
ret = vfs_getxattr_alloc(dentry, XATTR_NAME_IMA, (char **)xattr_value,
220
-
0, GFP_NOFS);
218
+
ret = vfs_getxattr_alloc(&init_user_ns, dentry, XATTR_NAME_IMA,
219
+
(char **)xattr_value, 0, GFP_NOFS);
221
220
if (ret == -EOPNOTSUPP)
222
221
ret = 0;
223
222
return ret;
···
351
350
352
351
rc = is_binary_blacklisted(digest, digestsize);
353
352
if ((rc == -EPERM) && (iint->flags & IMA_MEASURE))
354
-
process_buffer_measurement(NULL, digest, digestsize,
353
+
process_buffer_measurement(&init_user_ns, NULL, digest, digestsize,
355
354
"blacklisted-hash", NONE,
356
355
pcr, NULL, false);
357
356
}
···
502
501
503
502
/**
504
503
* ima_inode_post_setattr - reflect file metadata changes
504
+
* @mnt_userns: user namespace of the mount the inode was found from
505
505
* @dentry: pointer to the affected dentry
506
506
*
507
507
* Changes to a dentry's metadata might result in needing to appraise.
···
510
508
* This function is called from notify_change(), which expects the caller
511
509
* to lock the inode's i_mutex.
512
510
*/
513
-
void ima_inode_post_setattr(struct dentry *dentry)
511
+
void ima_inode_post_setattr(struct user_namespace *mnt_userns,
512
+
struct dentry *dentry)
514
513
{
515
514
struct inode *inode = d_backing_inode(dentry);
516
515
struct integrity_iint_cache *iint;
···
521
518
|| !(inode->i_opflags & IOP_XATTR))
522
519
return;
523
520
524
-
action = ima_must_appraise(inode, MAY_ACCESS, POST_SETATTR);
521
+
action = ima_must_appraise(mnt_userns, inode, MAY_ACCESS, POST_SETATTR);
525
522
if (!action)
526
-
__vfs_removexattr(dentry, XATTR_NAME_IMA);
523
+
__vfs_removexattr(&init_user_ns, dentry, XATTR_NAME_IMA);
527
524
iint = integrity_iint_find(inode);
528
525
if (iint) {
529
526
set_bit(IMA_CHANGE_ATTR, &iint->atomic_flags);
+2
-1
security/integrity/ima/ima_asymmetric_keys.c
+2
-1
security/integrity/ima/ima_asymmetric_keys.c
···
10
10
*/
11
11
12
12
#include <keys/asymmetric-type.h>
13
+
#include <linux/user_namespace.h>
13
14
#include "ima.h"
14
15
15
16
/**
···
59
58
* if the IMA policy is configured to measure a key linked
60
59
* to the given keyring.
61
60
*/
62
-
process_buffer_measurement(NULL, payload, payload_len,
61
+
process_buffer_measurement(&init_user_ns, NULL, payload, payload_len,
63
62
keyring->description, KEY_CHECK, 0,
64
63
keyring->description, false);
65
64
}
+25
-15
security/integrity/ima/ima_main.c
+25
-15
security/integrity/ima/ima_main.c
···
218
218
* bitmask based on the appraise/audit/measurement policy.
219
219
* Included is the appraise submask.
220
220
*/
221
-
action = ima_get_action(inode, cred, secid, mask, func, &pcr,
222
-
&template_desc, NULL);
221
+
action = ima_get_action(file_mnt_user_ns(file), inode, cred, secid,
222
+
mask, func, &pcr, &template_desc, NULL);
223
223
violation_check = ((func == FILE_CHECK || func == MMAP_CHECK) &&
224
224
(ima_policy_flag & IMA_MEASURE));
225
225
if (!action && !violation_check)
···
431
431
432
432
security_task_getsecid(current, &secid);
433
433
inode = file_inode(vma->vm_file);
434
-
action = ima_get_action(inode, current_cred(), secid, MAY_EXEC,
435
-
MMAP_CHECK, &pcr, &template, 0);
434
+
action = ima_get_action(file_mnt_user_ns(vma->vm_file), inode,
435
+
current_cred(), secid, MAY_EXEC, MMAP_CHECK,
436
+
&pcr, &template, 0);
436
437
437
438
/* Is the mmap'ed file in policy? */
438
439
if (!(action & (IMA_MEASURE | IMA_APPRAISE_SUBMASK)))
···
593
592
594
593
/**
595
594
* ima_post_create_tmpfile - mark newly created tmpfile as new
595
+
* @mnt_userns: user namespace of the mount the inode was found from
596
596
* @file : newly created tmpfile
597
597
*
598
598
* No measuring, appraising or auditing of newly created tmpfiles is needed.
599
599
* Skip calling process_measurement(), but indicate which newly, created
600
600
* tmpfiles are in policy.
601
601
*/
602
-
void ima_post_create_tmpfile(struct inode *inode)
602
+
void ima_post_create_tmpfile(struct user_namespace *mnt_userns,
603
+
struct inode *inode)
603
604
{
604
605
struct integrity_iint_cache *iint;
605
606
int must_appraise;
606
607
607
-
must_appraise = ima_must_appraise(inode, MAY_ACCESS, FILE_CHECK);
608
+
must_appraise = ima_must_appraise(mnt_userns, inode, MAY_ACCESS,
609
+
FILE_CHECK);
608
610
if (!must_appraise)
609
611
return;
610
612
···
623
619
624
620
/**
625
621
* ima_post_path_mknod - mark as a new inode
622
+
* @mnt_userns: user namespace of the mount the inode was found from
626
623
* @dentry: newly created dentry
627
624
*
628
625
* Mark files created via the mknodat syscall as new, so that the
629
626
* file data can be written later.
630
627
*/
631
-
void ima_post_path_mknod(struct dentry *dentry)
628
+
void ima_post_path_mknod(struct user_namespace *mnt_userns,
629
+
struct dentry *dentry)
632
630
{
633
631
struct integrity_iint_cache *iint;
634
632
struct inode *inode = dentry->d_inode;
635
633
int must_appraise;
636
634
637
-
must_appraise = ima_must_appraise(inode, MAY_ACCESS, FILE_CHECK);
635
+
must_appraise = ima_must_appraise(mnt_userns, inode, MAY_ACCESS,
636
+
FILE_CHECK);
638
637
if (!must_appraise)
639
638
return;
640
639
···
817
810
818
811
/*
819
812
* process_buffer_measurement - Measure the buffer or the buffer data hash
813
+
* @mnt_userns: user namespace of the mount the inode was found from
820
814
* @inode: inode associated with the object being measured (NULL for KEY_CHECK)
821
815
* @buf: pointer to the buffer that needs to be added to the log.
822
816
* @size: size of buffer(in bytes).
···
829
821
*
830
822
* Based on policy, either the buffer data or buffer data hash is measured
831
823
*/
832
-
void process_buffer_measurement(struct inode *inode, const void *buf, int size,
824
+
void process_buffer_measurement(struct user_namespace *mnt_userns,
825
+
struct inode *inode, const void *buf, int size,
833
826
const char *eventname, enum ima_hooks func,
834
827
int pcr, const char *func_data,
835
828
bool buf_hash)
···
873
864
*/
874
865
if (func) {
875
866
security_task_getsecid(current, &secid);
876
-
action = ima_get_action(inode, current_cred(), secid, 0, func,
877
-
&pcr, &template, func_data);
867
+
action = ima_get_action(mnt_userns, inode, current_cred(),
868
+
secid, 0, func, &pcr, &template,
869
+
func_data);
878
870
if (!(action & IMA_MEASURE))
879
871
return;
880
872
}
···
947
937
if (!f.file)
948
938
return;
949
939
950
-
process_buffer_measurement(file_inode(f.file), buf, size,
951
-
"kexec-cmdline", KEXEC_CMDLINE, 0, NULL,
952
-
false);
940
+
process_buffer_measurement(file_mnt_user_ns(f.file), file_inode(f.file),
941
+
buf, size, "kexec-cmdline", KEXEC_CMDLINE, 0,
942
+
NULL, false);
953
943
fdput(f);
954
944
}
955
945
···
974
964
if (!event_name || !event_label || !buf || !buf_len)
975
965
return;
976
966
977
-
process_buffer_measurement(NULL, buf, buf_len, event_name,
967
+
process_buffer_measurement(&init_user_ns, NULL, buf, buf_len, event_name,
978
968
CRITICAL_DATA, 0, event_label,
979
969
hash);
980
970
}
+12
-8
security/integrity/ima/ima_policy.c
+12
-8
security/integrity/ima/ima_policy.c
···
513
513
/**
514
514
* ima_match_rules - determine whether an inode matches the policy rule.
515
515
* @rule: a pointer to a rule
516
+
* @mnt_userns: user namespace of the mount the inode was found from
516
517
* @inode: a pointer to an inode
517
518
* @cred: a pointer to a credentials structure for user validation
518
519
* @secid: the secid of the task to be validated
···
523
522
*
524
523
* Returns true on rule match, false on failure.
525
524
*/
526
-
static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode,
527
-
const struct cred *cred, u32 secid,
528
-
enum ima_hooks func, int mask,
525
+
static bool ima_match_rules(struct ima_rule_entry *rule,
526
+
struct user_namespace *mnt_userns,
527
+
struct inode *inode, const struct cred *cred,
528
+
u32 secid, enum ima_hooks func, int mask,
529
529
const char *func_data)
530
530
{
531
531
int i;
···
572
570
}
573
571
574
572
if ((rule->flags & IMA_FOWNER) &&
575
-
!rule->fowner_op(inode->i_uid, rule->fowner))
573
+
!rule->fowner_op(i_uid_into_mnt(mnt_userns, inode), rule->fowner))
576
574
return false;
577
575
for (i = 0; i < MAX_LSM_RULES; i++) {
578
576
int rc = 0;
···
635
633
636
634
/**
637
635
* ima_match_policy - decision based on LSM and other conditions
636
+
* @mnt_userns: user namespace of the mount the inode was found from
638
637
* @inode: pointer to an inode for which the policy decision is being made
639
638
* @cred: pointer to a credentials structure for which the policy decision is
640
639
* being made
···
653
650
* list when walking it. Reads are many orders of magnitude more numerous
654
651
* than writes so ima_match_policy() is classical RCU candidate.
655
652
*/
656
-
int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid,
657
-
enum ima_hooks func, int mask, int flags, int *pcr,
653
+
int ima_match_policy(struct user_namespace *mnt_userns, struct inode *inode,
654
+
const struct cred *cred, u32 secid, enum ima_hooks func,
655
+
int mask, int flags, int *pcr,
658
656
struct ima_template_desc **template_desc,
659
657
const char *func_data)
660
658
{
···
671
667
if (!(entry->action & actmask))
672
668
continue;
673
669
674
-
if (!ima_match_rules(entry, inode, cred, secid, func, mask,
675
-
func_data))
670
+
if (!ima_match_rules(entry, mnt_userns, inode, cred, secid,
671
+
func, mask, func_data))
676
672
continue;
677
673
678
674
action |= entry->flags & IMA_ACTION_FLAGS;
+3
-1
security/integrity/ima/ima_queue_keys.c
+3
-1
security/integrity/ima/ima_queue_keys.c
···
8
8
* Enables deferred processing of keys
9
9
*/
10
10
11
+
#include <linux/user_namespace.h>
11
12
#include <linux/workqueue.h>
12
13
#include <keys/asymmetric-type.h>
13
14
#include "ima.h"
···
159
158
160
159
list_for_each_entry_safe(entry, tmp, &ima_keys, list) {
161
160
if (!timer_expired)
162
-
process_buffer_measurement(NULL, entry->payload,
161
+
process_buffer_measurement(&init_user_ns, NULL,
162
+
entry->payload,
163
163
entry->payload_len,
164
164
entry->keyring_name,
165
165
KEY_CHECK, 0,
+15
-10
security/security.c
+15
-10
security/security.c
···
1288
1288
return call_int_hook(inode_getattr, 0, path);
1289
1289
}
1290
1290
1291
-
int security_inode_setxattr(struct dentry *dentry, const char *name,
1291
+
int security_inode_setxattr(struct user_namespace *mnt_userns,
1292
+
struct dentry *dentry, const char *name,
1292
1293
const void *value, size_t size, int flags)
1293
1294
{
1294
1295
int ret;
···
1300
1299
* SELinux and Smack integrate the cap call,
1301
1300
* so assume that all LSMs supplying this call do so.
1302
1301
*/
1303
-
ret = call_int_hook(inode_setxattr, 1, dentry, name, value, size,
1304
-
flags);
1302
+
ret = call_int_hook(inode_setxattr, 1, mnt_userns, dentry, name, value,
1303
+
size, flags);
1305
1304
1306
1305
if (ret == 1)
1307
1306
ret = cap_inode_setxattr(dentry, name, value, size, flags);
···
1336
1335
return call_int_hook(inode_listxattr, 0, dentry);
1337
1336
}
1338
1337
1339
-
int security_inode_removexattr(struct dentry *dentry, const char *name)
1338
+
int security_inode_removexattr(struct user_namespace *mnt_userns,
1339
+
struct dentry *dentry, const char *name)
1340
1340
{
1341
1341
int ret;
1342
1342
···
1347
1345
* SELinux and Smack integrate the cap call,
1348
1346
* so assume that all LSMs supplying this call do so.
1349
1347
*/
1350
-
ret = call_int_hook(inode_removexattr, 1, dentry, name);
1348
+
ret = call_int_hook(inode_removexattr, 1, mnt_userns, dentry, name);
1351
1349
if (ret == 1)
1352
-
ret = cap_inode_removexattr(dentry, name);
1350
+
ret = cap_inode_removexattr(mnt_userns, dentry, name);
1353
1351
if (ret)
1354
1352
return ret;
1355
1353
ret = ima_inode_removexattr(dentry, name);
···
1363
1361
return call_int_hook(inode_need_killpriv, 0, dentry);
1364
1362
}
1365
1363
1366
-
int security_inode_killpriv(struct dentry *dentry)
1364
+
int security_inode_killpriv(struct user_namespace *mnt_userns,
1365
+
struct dentry *dentry)
1367
1366
{
1368
-
return call_int_hook(inode_killpriv, 0, dentry);
1367
+
return call_int_hook(inode_killpriv, 0, mnt_userns, dentry);
1369
1368
}
1370
1369
1371
-
int security_inode_getsecurity(struct inode *inode, const char *name, void **buffer, bool alloc)
1370
+
int security_inode_getsecurity(struct user_namespace *mnt_userns,
1371
+
struct inode *inode, const char *name,
1372
+
void **buffer, bool alloc)
1372
1373
{
1373
1374
struct security_hook_list *hp;
1374
1375
int rc;
···
1382
1377
* Only one module will provide an attribute with a given name.
1383
1378
*/
1384
1379
hlist_for_each_entry(hp, &security_hook_heads.inode_getsecurity, list) {
1385
-
rc = hp->hook.inode_getsecurity(inode, name, buffer, alloc);
1380
+
rc = hp->hook.inode_getsecurity(mnt_userns, inode, name, buffer, alloc);
1386
1381
if (rc != LSM_RET_DEFAULT(inode_getsecurity))
1387
1382
return rc;
1388
1383
}
+14
-9
security/selinux/hooks.c
+14
-9
security/selinux/hooks.c
···
3203
3203
return true;
3204
3204
}
3205
3205
3206
-
static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
3206
+
static int selinux_inode_setxattr(struct user_namespace *mnt_userns,
3207
+
struct dentry *dentry, const char *name,
3207
3208
const void *value, size_t size, int flags)
3208
3209
{
3209
3210
struct inode *inode = d_backing_inode(dentry);
···
3225
3224
}
3226
3225
3227
3226
if (!selinux_initialized(&selinux_state))
3228
-
return (inode_owner_or_capable(inode) ? 0 : -EPERM);
3227
+
return (inode_owner_or_capable(mnt_userns, inode) ? 0 : -EPERM);
3229
3228
3230
3229
sbsec = inode->i_sb->s_security;
3231
3230
if (!(sbsec->flags & SBLABEL_MNT))
3232
3231
return -EOPNOTSUPP;
3233
3232
3234
-
if (!inode_owner_or_capable(inode))
3233
+
if (!inode_owner_or_capable(mnt_userns, inode))
3235
3234
return -EPERM;
3236
3235
3237
3236
ad.type = LSM_AUDIT_DATA_DENTRY;
···
3352
3351
return dentry_has_perm(cred, dentry, FILE__GETATTR);
3353
3352
}
3354
3353
3355
-
static int selinux_inode_removexattr(struct dentry *dentry, const char *name)
3354
+
static int selinux_inode_removexattr(struct user_namespace *mnt_userns,
3355
+
struct dentry *dentry, const char *name)
3356
3356
{
3357
3357
if (strcmp(name, XATTR_NAME_SELINUX)) {
3358
-
int rc = cap_inode_removexattr(dentry, name);
3358
+
int rc = cap_inode_removexattr(mnt_userns, dentry, name);
3359
3359
if (rc)
3360
3360
return rc;
3361
3361
···
3422
3420
*
3423
3421
* Permission check is handled by selinux_inode_getxattr hook.
3424
3422
*/
3425
-
static int selinux_inode_getsecurity(struct inode *inode, const char *name, void **buffer, bool alloc)
3423
+
static int selinux_inode_getsecurity(struct user_namespace *mnt_userns,
3424
+
struct inode *inode, const char *name,
3425
+
void **buffer, bool alloc)
3426
3426
{
3427
3427
u32 size;
3428
3428
int error;
···
6618
6614
*/
6619
6615
static int selinux_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
6620
6616
{
6621
-
return __vfs_setxattr_noperm(dentry, XATTR_NAME_SELINUX, ctx, ctxlen, 0);
6617
+
return __vfs_setxattr_noperm(&init_user_ns, dentry, XATTR_NAME_SELINUX,
6618
+
ctx, ctxlen, 0);
6622
6619
}
6623
6620
6624
6621
static int selinux_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
6625
6622
{
6626
6623
int len = 0;
6627
-
len = selinux_inode_getsecurity(inode, XATTR_SELINUX_SUFFIX,
6628
-
ctx, true);
6624
+
len = selinux_inode_getsecurity(&init_user_ns, inode,
6625
+
XATTR_SELINUX_SUFFIX, ctx, true);
6629
6626
if (len < 0)
6630
6627
return len;
6631
6628
*ctxlen = len;
+13
-9
security/smack/smack_lsm.c
+13
-9
security/smack/smack_lsm.c
···
1240
1240
*
1241
1241
* Returns 0 if access is permitted, an error code otherwise
1242
1242
*/
1243
-
static int smack_inode_setxattr(struct dentry *dentry, const char *name,
1243
+
static int smack_inode_setxattr(struct user_namespace *mnt_userns,
1244
+
struct dentry *dentry, const char *name,
1244
1245
const void *value, size_t size, int flags)
1245
1246
{
1246
1247
struct smk_audit_info ad;
···
1363
1362
*
1364
1363
* Returns 0 if access is permitted, an error code otherwise
1365
1364
*/
1366
-
static int smack_inode_removexattr(struct dentry *dentry, const char *name)
1365
+
static int smack_inode_removexattr(struct user_namespace *mnt_userns,
1366
+
struct dentry *dentry, const char *name)
1367
1367
{
1368
1368
struct inode_smack *isp;
1369
1369
struct smk_audit_info ad;
···
1379
1377
if (!smack_privileged(CAP_MAC_ADMIN))
1380
1378
rc = -EPERM;
1381
1379
} else
1382
-
rc = cap_inode_removexattr(dentry, name);
1380
+
rc = cap_inode_removexattr(mnt_userns, dentry, name);
1383
1381
1384
1382
if (rc != 0)
1385
1383
return rc;
···
1422
1420
*
1423
1421
* Returns the size of the attribute or an error code
1424
1422
*/
1425
-
static int smack_inode_getsecurity(struct inode *inode,
1426
-
const char *name, void **buffer,
1427
-
bool alloc)
1423
+
static int smack_inode_getsecurity(struct user_namespace *mnt_userns,
1424
+
struct inode *inode, const char *name,
1425
+
void **buffer, bool alloc)
1428
1426
{
1429
1427
struct socket_smack *ssp;
1430
1428
struct socket *sock;
···
3427
3425
*/
3428
3426
if (isp->smk_flags & SMK_INODE_CHANGED) {
3429
3427
isp->smk_flags &= ~SMK_INODE_CHANGED;
3430
-
rc = __vfs_setxattr(dp, inode,
3428
+
rc = __vfs_setxattr(&init_user_ns, dp, inode,
3431
3429
XATTR_NAME_SMACKTRANSMUTE,
3432
3430
TRANS_TRUE, TRANS_TRUE_SIZE,
3433
3431
0);
···
4599
4597
4600
4598
static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
4601
4599
{
4602
-
return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, ctxlen, 0);
4600
+
return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx,
4601
+
ctxlen, 0);
4603
4602
}
4604
4603
4605
4604
static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
4606
4605
{
4607
-
return __vfs_setxattr_noperm(dentry, XATTR_NAME_SMACK, ctx, ctxlen, 0);
4606
+
return __vfs_setxattr_noperm(&init_user_ns, dentry, XATTR_NAME_SMACK,
4607
+
ctx, ctxlen, 0);
4608
4608
}
4609
4609
4610
4610
static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
+3
-1
tools/include/uapi/asm-generic/unistd.h
+3
-1
tools/include/uapi/asm-generic/unistd.h
···
861
861
__SYSCALL(__NR_process_madvise, sys_process_madvise)
862
862
#define __NR_epoll_pwait2 441
863
863
__SC_COMP(__NR_epoll_pwait2, sys_epoll_pwait2, compat_sys_epoll_pwait2)
864
+
#define __NR_mount_setattr 442
865
+
__SYSCALL(__NR_mount_setattr, sys_mount_setattr)
864
866
865
867
#undef __NR_syscalls
866
-
#define __NR_syscalls 442
868
+
#define __NR_syscalls 443
867
869
868
870
/*
869
871
* 32 bit systems traditionally used different
+1
tools/testing/selftests/Makefile
+1
tools/testing/selftests/Makefile
+1
tools/testing/selftests/mount_setattr/.gitignore
+1
tools/testing/selftests/mount_setattr/.gitignore
···
1
+
mount_setattr_test
+7
tools/testing/selftests/mount_setattr/Makefile
+7
tools/testing/selftests/mount_setattr/Makefile
+1
tools/testing/selftests/mount_setattr/config
+1
tools/testing/selftests/mount_setattr/config
···
1
+
CONFIG_USER_NS=y
+1424
tools/testing/selftests/mount_setattr/mount_setattr_test.c
+1424
tools/testing/selftests/mount_setattr/mount_setattr_test.c
···
1
+
// SPDX-License-Identifier: GPL-2.0
2
+
#define _GNU_SOURCE
3
+
#include <sched.h>
4
+
#include <stdio.h>
5
+
#include <errno.h>
6
+
#include <pthread.h>
7
+
#include <string.h>
8
+
#include <sys/stat.h>
9
+
#include <sys/types.h>
10
+
#include <sys/mount.h>
11
+
#include <sys/wait.h>
12
+
#include <sys/vfs.h>
13
+
#include <sys/statvfs.h>
14
+
#include <sys/sysinfo.h>
15
+
#include <stdlib.h>
16
+
#include <unistd.h>
17
+
#include <fcntl.h>
18
+
#include <grp.h>
19
+
#include <stdbool.h>
20
+
#include <stdarg.h>
21
+
22
+
#include "../kselftest_harness.h"
23
+
24
+
#ifndef CLONE_NEWNS
25
+
#define CLONE_NEWNS 0x00020000
26
+
#endif
27
+
28
+
#ifndef CLONE_NEWUSER
29
+
#define CLONE_NEWUSER 0x10000000
30
+
#endif
31
+
32
+
#ifndef MS_REC
33
+
#define MS_REC 16384
34
+
#endif
35
+
36
+
#ifndef MS_RELATIME
37
+
#define MS_RELATIME (1 << 21)
38
+
#endif
39
+
40
+
#ifndef MS_STRICTATIME
41
+
#define MS_STRICTATIME (1 << 24)
42
+
#endif
43
+
44
+
#ifndef MOUNT_ATTR_RDONLY
45
+
#define MOUNT_ATTR_RDONLY 0x00000001
46
+
#endif
47
+
48
+
#ifndef MOUNT_ATTR_NOSUID
49
+
#define MOUNT_ATTR_NOSUID 0x00000002
50
+
#endif
51
+
52
+
#ifndef MOUNT_ATTR_NOEXEC
53
+
#define MOUNT_ATTR_NOEXEC 0x00000008
54
+
#endif
55
+
56
+
#ifndef MOUNT_ATTR_NODIRATIME
57
+
#define MOUNT_ATTR_NODIRATIME 0x00000080
58
+
#endif
59
+
60
+
#ifndef MOUNT_ATTR__ATIME
61
+
#define MOUNT_ATTR__ATIME 0x00000070
62
+
#endif
63
+
64
+
#ifndef MOUNT_ATTR_RELATIME
65
+
#define MOUNT_ATTR_RELATIME 0x00000000
66
+
#endif
67
+
68
+
#ifndef MOUNT_ATTR_NOATIME
69
+
#define MOUNT_ATTR_NOATIME 0x00000010
70
+
#endif
71
+
72
+
#ifndef MOUNT_ATTR_STRICTATIME
73
+
#define MOUNT_ATTR_STRICTATIME 0x00000020
74
+
#endif
75
+
76
+
#ifndef AT_RECURSIVE
77
+
#define AT_RECURSIVE 0x8000
78
+
#endif
79
+
80
+
#ifndef MS_SHARED
81
+
#define MS_SHARED (1 << 20)
82
+
#endif
83
+
84
+
#define DEFAULT_THREADS 4
85
+
#define ptr_to_int(p) ((int)((intptr_t)(p)))
86
+
#define int_to_ptr(u) ((void *)((intptr_t)(u)))
87
+
88
+
#ifndef __NR_mount_setattr
89
+
#if defined __alpha__
90
+
#define __NR_mount_setattr 552
91
+
#elif defined _MIPS_SIM
92
+
#if _MIPS_SIM == _MIPS_SIM_ABI32 /* o32 */
93
+
#define __NR_mount_setattr (442 + 4000)
94
+
#endif
95
+
#if _MIPS_SIM == _MIPS_SIM_NABI32 /* n32 */
96
+
#define __NR_mount_setattr (442 + 6000)
97
+
#endif
98
+
#if _MIPS_SIM == _MIPS_SIM_ABI64 /* n64 */
99
+
#define __NR_mount_setattr (442 + 5000)
100
+
#endif
101
+
#elif defined __ia64__
102
+
#define __NR_mount_setattr (442 + 1024)
103
+
#else
104
+
#define __NR_mount_setattr 442
105
+
#endif
106
+
107
+
struct mount_attr {
108
+
__u64 attr_set;
109
+
__u64 attr_clr;
110
+
__u64 propagation;
111
+
__u64 userns_fd;
112
+
};
113
+
#endif
114
+
115
+
#ifndef __NR_open_tree
116
+
#if defined __alpha__
117
+
#define __NR_open_tree 538
118
+
#elif defined _MIPS_SIM
119
+
#if _MIPS_SIM == _MIPS_SIM_ABI32 /* o32 */
120
+
#define __NR_open_tree 4428
121
+
#endif
122
+
#if _MIPS_SIM == _MIPS_SIM_NABI32 /* n32 */
123
+
#define __NR_open_tree 6428
124
+
#endif
125
+
#if _MIPS_SIM == _MIPS_SIM_ABI64 /* n64 */
126
+
#define __NR_open_tree 5428
127
+
#endif
128
+
#elif defined __ia64__
129
+
#define __NR_open_tree (428 + 1024)
130
+
#else
131
+
#define __NR_open_tree 428
132
+
#endif
133
+
#endif
134
+
135
+
#ifndef MOUNT_ATTR_IDMAP
136
+
#define MOUNT_ATTR_IDMAP 0x00100000
137
+
#endif
138
+
139
+
static inline int sys_mount_setattr(int dfd, const char *path, unsigned int flags,
140
+
struct mount_attr *attr, size_t size)
141
+
{
142
+
return syscall(__NR_mount_setattr, dfd, path, flags, attr, size);
143
+
}
144
+
145
+
#ifndef OPEN_TREE_CLONE
146
+
#define OPEN_TREE_CLONE 1
147
+
#endif
148
+
149
+
#ifndef OPEN_TREE_CLOEXEC
150
+
#define OPEN_TREE_CLOEXEC O_CLOEXEC
151
+
#endif
152
+
153
+
#ifndef AT_RECURSIVE
154
+
#define AT_RECURSIVE 0x8000 /* Apply to the entire subtree */
155
+
#endif
156
+
157
+
static inline int sys_open_tree(int dfd, const char *filename, unsigned int flags)
158
+
{
159
+
return syscall(__NR_open_tree, dfd, filename, flags);
160
+
}
161
+
162
+
static ssize_t write_nointr(int fd, const void *buf, size_t count)
163
+
{
164
+
ssize_t ret;
165
+
166
+
do {
167
+
ret = write(fd, buf, count);
168
+
} while (ret < 0 && errno == EINTR);
169
+
170
+
return ret;
171
+
}
172
+
173
+
static int write_file(const char *path, const void *buf, size_t count)
174
+
{
175
+
int fd;
176
+
ssize_t ret;
177
+
178
+
fd = open(path, O_WRONLY | O_CLOEXEC | O_NOCTTY | O_NOFOLLOW);
179
+
if (fd < 0)
180
+
return -1;
181
+
182
+
ret = write_nointr(fd, buf, count);
183
+
close(fd);
184
+
if (ret < 0 || (size_t)ret != count)
185
+
return -1;
186
+
187
+
return 0;
188
+
}
189
+
190
+
static int create_and_enter_userns(void)
191
+
{
192
+
uid_t uid;
193
+
gid_t gid;
194
+
char map[100];
195
+
196
+
uid = getuid();
197
+
gid = getgid();
198
+
199
+
if (unshare(CLONE_NEWUSER))
200
+
return -1;
201
+
202
+
if (write_file("/proc/self/setgroups", "deny", sizeof("deny") - 1) &&
203
+
errno != ENOENT)
204
+
return -1;
205
+
206
+
snprintf(map, sizeof(map), "0 %d 1", uid);
207
+
if (write_file("/proc/self/uid_map", map, strlen(map)))
208
+
return -1;
209
+
210
+
211
+
snprintf(map, sizeof(map), "0 %d 1", gid);
212
+
if (write_file("/proc/self/gid_map", map, strlen(map)))
213
+
return -1;
214
+
215
+
if (setgid(0))
216
+
return -1;
217
+
218
+
if (setuid(0))
219
+
return -1;
220
+
221
+
return 0;
222
+
}
223
+
224
+
static int prepare_unpriv_mountns(void)
225
+
{
226
+
if (create_and_enter_userns())
227
+
return -1;
228
+
229
+
if (unshare(CLONE_NEWNS))
230
+
return -1;
231
+
232
+
if (mount(NULL, "/", NULL, MS_REC | MS_PRIVATE, 0))
233
+
return -1;
234
+
235
+
return 0;
236
+
}
237
+
238
+
static int read_mnt_flags(const char *path)
239
+
{
240
+
int ret;
241
+
struct statvfs stat;
242
+
unsigned int mnt_flags;
243
+
244
+
ret = statvfs(path, &stat);
245
+
if (ret != 0)
246
+
return -EINVAL;
247
+
248
+
if (stat.f_flag &
249
+
~(ST_RDONLY | ST_NOSUID | ST_NODEV | ST_NOEXEC | ST_NOATIME |
250
+
ST_NODIRATIME | ST_RELATIME | ST_SYNCHRONOUS | ST_MANDLOCK))
251
+
return -EINVAL;
252
+
253
+
mnt_flags = 0;
254
+
if (stat.f_flag & ST_RDONLY)
255
+
mnt_flags |= MS_RDONLY;
256
+
if (stat.f_flag & ST_NOSUID)
257
+
mnt_flags |= MS_NOSUID;
258
+
if (stat.f_flag & ST_NODEV)
259
+
mnt_flags |= MS_NODEV;
260
+
if (stat.f_flag & ST_NOEXEC)
261
+
mnt_flags |= MS_NOEXEC;
262
+
if (stat.f_flag & ST_NOATIME)
263
+
mnt_flags |= MS_NOATIME;
264
+
if (stat.f_flag & ST_NODIRATIME)
265
+
mnt_flags |= MS_NODIRATIME;
266
+
if (stat.f_flag & ST_RELATIME)
267
+
mnt_flags |= MS_RELATIME;
268
+
if (stat.f_flag & ST_SYNCHRONOUS)
269
+
mnt_flags |= MS_SYNCHRONOUS;
270
+
if (stat.f_flag & ST_MANDLOCK)
271
+
mnt_flags |= ST_MANDLOCK;
272
+
273
+
return mnt_flags;
274
+
}
275
+
276
+
static char *get_field(char *src, int nfields)
277
+
{
278
+
int i;
279
+
char *p = src;
280
+
281
+
for (i = 0; i < nfields; i++) {
282
+
while (*p && *p != ' ' && *p != '\t')
283
+
p++;
284
+
285
+
if (!*p)
286
+
break;
287
+
288
+
p++;
289
+
}
290
+
291
+
return p;
292
+
}
293
+
294
+
static void null_endofword(char *word)
295
+
{
296
+
while (*word && *word != ' ' && *word != '\t')
297
+
word++;
298
+
*word = '\0';
299
+
}
300
+
301
+
static bool is_shared_mount(const char *path)
302
+
{
303
+
size_t len = 0;
304
+
char *line = NULL;
305
+
FILE *f = NULL;
306
+
307
+
f = fopen("/proc/self/mountinfo", "re");
308
+
if (!f)
309
+
return false;
310
+
311
+
while (getline(&line, &len, f) != -1) {
312
+
char *opts, *target;
313
+
314
+
target = get_field(line, 4);
315
+
if (!target)
316
+
continue;
317
+
318
+
opts = get_field(target, 2);
319
+
if (!opts)
320
+
continue;
321
+
322
+
null_endofword(target);
323
+
324
+
if (strcmp(target, path) != 0)
325
+
continue;
326
+
327
+
null_endofword(opts);
328
+
if (strstr(opts, "shared:"))
329
+
return true;
330
+
}
331
+
332
+
free(line);
333
+
fclose(f);
334
+
335
+
return false;
336
+
}
337
+
338
+
static void *mount_setattr_thread(void *data)
339
+
{
340
+
struct mount_attr attr = {
341
+
.attr_set = MOUNT_ATTR_RDONLY | MOUNT_ATTR_NOSUID,
342
+
.attr_clr = 0,
343
+
.propagation = MS_SHARED,
344
+
};
345
+
346
+
if (sys_mount_setattr(-1, "/mnt/A", AT_RECURSIVE, &attr, sizeof(attr)))
347
+
pthread_exit(int_to_ptr(-1));
348
+
349
+
pthread_exit(int_to_ptr(0));
350
+
}
351
+
352
+
/* Attempt to de-conflict with the selftests tree. */
353
+
#ifndef SKIP
354
+
#define SKIP(s, ...) XFAIL(s, ##__VA_ARGS__)
355
+
#endif
356
+
357
+
static bool mount_setattr_supported(void)
358
+
{
359
+
int ret;
360
+
361
+
ret = sys_mount_setattr(-EBADF, "", AT_EMPTY_PATH, NULL, 0);
362
+
if (ret < 0 && errno == ENOSYS)
363
+
return false;
364
+
365
+
return true;
366
+
}
367
+
368
+
FIXTURE(mount_setattr) {
369
+
};
370
+
371
+
FIXTURE_SETUP(mount_setattr)
372
+
{
373
+
if (!mount_setattr_supported())
374
+
SKIP(return, "mount_setattr syscall not supported");
375
+
376
+
ASSERT_EQ(prepare_unpriv_mountns(), 0);
377
+
378
+
(void)umount2("/mnt", MNT_DETACH);
379
+
(void)umount2("/tmp", MNT_DETACH);
380
+
381
+
ASSERT_EQ(mount("testing", "/tmp", "tmpfs", MS_NOATIME | MS_NODEV,
382
+
"size=100000,mode=700"), 0);
383
+
384
+
ASSERT_EQ(mkdir("/tmp/B", 0777), 0);
385
+
386
+
ASSERT_EQ(mount("testing", "/tmp/B", "tmpfs", MS_NOATIME | MS_NODEV,
387
+
"size=100000,mode=700"), 0);
388
+
389
+
ASSERT_EQ(mkdir("/tmp/B/BB", 0777), 0);
390
+
391
+
ASSERT_EQ(mount("testing", "/tmp/B/BB", "tmpfs", MS_NOATIME | MS_NODEV,
392
+
"size=100000,mode=700"), 0);
393
+
394
+
ASSERT_EQ(mount("testing", "/mnt", "tmpfs", MS_NOATIME | MS_NODEV,
395
+
"size=100000,mode=700"), 0);
396
+
397
+
ASSERT_EQ(mkdir("/mnt/A", 0777), 0);
398
+
399
+
ASSERT_EQ(mount("testing", "/mnt/A", "tmpfs", MS_NOATIME | MS_NODEV,
400
+
"size=100000,mode=700"), 0);
401
+
402
+
ASSERT_EQ(mkdir("/mnt/A/AA", 0777), 0);
403
+
404
+
ASSERT_EQ(mount("/tmp", "/mnt/A/AA", NULL, MS_BIND | MS_REC, NULL), 0);
405
+
406
+
ASSERT_EQ(mkdir("/mnt/B", 0777), 0);
407
+
408
+
ASSERT_EQ(mount("testing", "/mnt/B", "ramfs",
409
+
MS_NOATIME | MS_NODEV | MS_NOSUID, 0), 0);
410
+
411
+
ASSERT_EQ(mkdir("/mnt/B/BB", 0777), 0);
412
+
413
+
ASSERT_EQ(mount("testing", "/tmp/B/BB", "devpts",
414
+
MS_RELATIME | MS_NOEXEC | MS_RDONLY, 0), 0);
415
+
}
416
+
417
+
FIXTURE_TEARDOWN(mount_setattr)
418
+
{
419
+
if (!mount_setattr_supported())
420
+
SKIP(return, "mount_setattr syscall not supported");
421
+
422
+
(void)umount2("/mnt/A", MNT_DETACH);
423
+
(void)umount2("/tmp", MNT_DETACH);
424
+
}
425
+
426
+
TEST_F(mount_setattr, invalid_attributes)
427
+
{
428
+
struct mount_attr invalid_attr = {
429
+
.attr_set = (1U << 31),
430
+
};
431
+
432
+
if (!mount_setattr_supported())
433
+
SKIP(return, "mount_setattr syscall not supported");
434
+
435
+
ASSERT_NE(sys_mount_setattr(-1, "/mnt/A", AT_RECURSIVE, &invalid_attr,
436
+
sizeof(invalid_attr)), 0);
437
+
438
+
invalid_attr.attr_set = 0;
439
+
invalid_attr.attr_clr = (1U << 31);
440
+
ASSERT_NE(sys_mount_setattr(-1, "/mnt/A", AT_RECURSIVE, &invalid_attr,
441
+
sizeof(invalid_attr)), 0);
442
+
443
+
invalid_attr.attr_clr = 0;
444
+
invalid_attr.propagation = (1U << 31);
445
+
ASSERT_NE(sys_mount_setattr(-1, "/mnt/A", AT_RECURSIVE, &invalid_attr,
446
+
sizeof(invalid_attr)), 0);
447
+
448
+
invalid_attr.attr_set = (1U << 31);
449
+
invalid_attr.attr_clr = (1U << 31);
450
+
invalid_attr.propagation = (1U << 31);
451
+
ASSERT_NE(sys_mount_setattr(-1, "/mnt/A", AT_RECURSIVE, &invalid_attr,
452
+
sizeof(invalid_attr)), 0);
453
+
454
+
ASSERT_NE(sys_mount_setattr(-1, "mnt/A", AT_RECURSIVE, &invalid_attr,
455
+
sizeof(invalid_attr)), 0);
456
+
}
457
+
458
+
TEST_F(mount_setattr, extensibility)
459
+
{
460
+
unsigned int old_flags = 0, new_flags = 0, expected_flags = 0;
461
+
char *s = "dummy";
462
+
struct mount_attr invalid_attr = {};
463
+
struct mount_attr_large {
464
+
struct mount_attr attr1;
465
+
struct mount_attr attr2;
466
+
struct mount_attr attr3;
467
+
} large_attr = {};
468
+
469
+
if (!mount_setattr_supported())
470
+
SKIP(return, "mount_setattr syscall not supported");
471
+
472
+
old_flags = read_mnt_flags("/mnt/A");
473
+
ASSERT_GT(old_flags, 0);
474
+
475
+
ASSERT_NE(sys_mount_setattr(-1, "/mnt/A", AT_RECURSIVE, NULL,
476
+
sizeof(invalid_attr)), 0);
477
+
ASSERT_EQ(errno, EFAULT);
478
+
479
+
ASSERT_NE(sys_mount_setattr(-1, "/mnt/A", AT_RECURSIVE, (void *)s,
480
+
sizeof(invalid_attr)), 0);
481
+
ASSERT_EQ(errno, EINVAL);
482
+
483
+
ASSERT_NE(sys_mount_setattr(-1, "/mnt/A", AT_RECURSIVE, &invalid_attr, 0), 0);
484
+
ASSERT_EQ(errno, EINVAL);
485
+
486
+
ASSERT_NE(sys_mount_setattr(-1, "/mnt/A", AT_RECURSIVE, &invalid_attr,
487
+
sizeof(invalid_attr) / 2), 0);
488
+
ASSERT_EQ(errno, EINVAL);
489
+
490
+
ASSERT_NE(sys_mount_setattr(-1, "/mnt/A", AT_RECURSIVE, &invalid_attr,
491
+
sizeof(invalid_attr) / 2), 0);
492
+
ASSERT_EQ(errno, EINVAL);
493
+
494
+
ASSERT_EQ(sys_mount_setattr(-1, "/mnt/A", AT_RECURSIVE,
495
+
(void *)&large_attr, sizeof(large_attr)), 0);
496
+
497
+
large_attr.attr3.attr_set = MOUNT_ATTR_RDONLY;
498
+
ASSERT_NE(sys_mount_setattr(-1, "/mnt/A", AT_RECURSIVE,
499
+
(void *)&large_attr, sizeof(large_attr)), 0);
500
+
501
+
large_attr.attr3.attr_set = 0;
502
+
large_attr.attr1.attr_set = MOUNT_ATTR_RDONLY;
503
+
ASSERT_EQ(sys_mount_setattr(-1, "/mnt/A", AT_RECURSIVE,
504
+
(void *)&large_attr, sizeof(large_attr)), 0);
505
+
506
+
expected_flags = old_flags;
507
+
expected_flags |= MS_RDONLY;
508
+
509
+
new_flags = read_mnt_flags("/mnt/A");
510
+
ASSERT_EQ(new_flags, expected_flags);
511
+
512
+
new_flags = read_mnt_flags("/mnt/A/AA");
513
+
ASSERT_EQ(new_flags, expected_flags);
514
+
515
+
new_flags = read_mnt_flags("/mnt/A/AA/B");
516
+
ASSERT_EQ(new_flags, expected_flags);
517
+
518
+
new_flags = read_mnt_flags("/mnt/A/AA/B/BB");
519
+
ASSERT_EQ(new_flags, expected_flags);
520
+
}
521
+
522
+
TEST_F(mount_setattr, basic)
523
+
{
524
+
unsigned int old_flags = 0, new_flags = 0, expected_flags = 0;
525
+
struct mount_attr attr = {
526
+
.attr_set = MOUNT_ATTR_RDONLY | MOUNT_ATTR_NOEXEC | MOUNT_ATTR_RELATIME,
527
+
.attr_clr = MOUNT_ATTR__ATIME,
528
+
};
529
+
530
+
if (!mount_setattr_supported())
531
+
SKIP(return, "mount_setattr syscall not supported");
532
+
533
+
old_flags = read_mnt_flags("/mnt/A");
534
+
ASSERT_GT(old_flags, 0);
535
+
536
+
ASSERT_EQ(sys_mount_setattr(-1, "/mnt/A", 0, &attr, sizeof(attr)), 0);
537
+
538
+
expected_flags = old_flags;
539
+
expected_flags |= MS_RDONLY;
540
+
expected_flags |= MS_NOEXEC;
541
+
expected_flags &= ~MS_NOATIME;
542
+
expected_flags |= MS_RELATIME;
543
+
544
+
new_flags = read_mnt_flags("/mnt/A");
545
+
ASSERT_EQ(new_flags, expected_flags);
546
+
547
+
new_flags = read_mnt_flags("/mnt/A/AA");
548
+
ASSERT_EQ(new_flags, old_flags);
549
+
550
+
new_flags = read_mnt_flags("/mnt/A/AA/B");
551
+
ASSERT_EQ(new_flags, old_flags);
552
+
553
+
new_flags = read_mnt_flags("/mnt/A/AA/B/BB");
554
+
ASSERT_EQ(new_flags, old_flags);
555
+
}
556
+
557
+
TEST_F(mount_setattr, basic_recursive)
558
+
{
559
+
int fd;
560
+
unsigned int old_flags = 0, new_flags = 0, expected_flags = 0;
561
+
struct mount_attr attr = {
562
+
.attr_set = MOUNT_ATTR_RDONLY | MOUNT_ATTR_NOEXEC | MOUNT_ATTR_RELATIME,
563
+
.attr_clr = MOUNT_ATTR__ATIME,
564
+
};
565
+
566
+
if (!mount_setattr_supported())
567
+
SKIP(return, "mount_setattr syscall not supported");
568
+
569
+
old_flags = read_mnt_flags("/mnt/A");
570
+
ASSERT_GT(old_flags, 0);
571
+
572
+
ASSERT_EQ(sys_mount_setattr(-1, "/mnt/A", AT_RECURSIVE, &attr, sizeof(attr)), 0);
573
+
574
+
expected_flags = old_flags;
575
+
expected_flags |= MS_RDONLY;
576
+
expected_flags |= MS_NOEXEC;
577
+
expected_flags &= ~MS_NOATIME;
578
+
expected_flags |= MS_RELATIME;
579
+
580
+
new_flags = read_mnt_flags("/mnt/A");
581
+
ASSERT_EQ(new_flags, expected_flags);
582
+
583
+
new_flags = read_mnt_flags("/mnt/A/AA");
584
+
ASSERT_EQ(new_flags, expected_flags);
585
+
586
+
new_flags = read_mnt_flags("/mnt/A/AA/B");
587
+
ASSERT_EQ(new_flags, expected_flags);
588
+
589
+
new_flags = read_mnt_flags("/mnt/A/AA/B/BB");
590
+
ASSERT_EQ(new_flags, expected_flags);
591
+
592
+
memset(&attr, 0, sizeof(attr));
593
+
attr.attr_clr = MOUNT_ATTR_RDONLY;
594
+
attr.propagation = MS_SHARED;
595
+
ASSERT_EQ(sys_mount_setattr(-1, "/mnt/A", AT_RECURSIVE, &attr, sizeof(attr)), 0);
596
+
597
+
expected_flags &= ~MS_RDONLY;
598
+
new_flags = read_mnt_flags("/mnt/A");
599
+
ASSERT_EQ(new_flags, expected_flags);
600
+
601
+
ASSERT_EQ(is_shared_mount("/mnt/A"), true);
602
+
603
+
new_flags = read_mnt_flags("/mnt/A/AA");
604
+
ASSERT_EQ(new_flags, expected_flags);
605
+
606
+
ASSERT_EQ(is_shared_mount("/mnt/A/AA"), true);
607
+
608
+
new_flags = read_mnt_flags("/mnt/A/AA/B");
609
+
ASSERT_EQ(new_flags, expected_flags);
610
+
611
+
ASSERT_EQ(is_shared_mount("/mnt/A/AA/B"), true);
612
+
613
+
new_flags = read_mnt_flags("/mnt/A/AA/B/BB");
614
+
ASSERT_EQ(new_flags, expected_flags);
615
+
616
+
ASSERT_EQ(is_shared_mount("/mnt/A/AA/B/BB"), true);
617
+
618
+
fd = open("/mnt/A/AA/B/b", O_RDWR | O_CLOEXEC | O_CREAT | O_EXCL, 0777);
619
+
ASSERT_GE(fd, 0);
620
+
621
+
/*
622
+
* We're holding a fd open for writing so this needs to fail somewhere
623
+
* in the middle and the mount options need to be unchanged.
624
+
*/
625
+
attr.attr_set = MOUNT_ATTR_RDONLY;
626
+
ASSERT_LT(sys_mount_setattr(-1, "/mnt/A", AT_RECURSIVE, &attr, sizeof(attr)), 0);
627
+
628
+
new_flags = read_mnt_flags("/mnt/A");
629
+
ASSERT_EQ(new_flags, expected_flags);
630
+
631
+
ASSERT_EQ(is_shared_mount("/mnt/A"), true);
632
+
633
+
new_flags = read_mnt_flags("/mnt/A/AA");
634
+
ASSERT_EQ(new_flags, expected_flags);
635
+
636
+
ASSERT_EQ(is_shared_mount("/mnt/A/AA"), true);
637
+
638
+
new_flags = read_mnt_flags("/mnt/A/AA/B");
639
+
ASSERT_EQ(new_flags, expected_flags);
640
+
641
+
ASSERT_EQ(is_shared_mount("/mnt/A/AA/B"), true);
642
+
643
+
new_flags = read_mnt_flags("/mnt/A/AA/B/BB");
644
+
ASSERT_EQ(new_flags, expected_flags);
645
+
646
+
ASSERT_EQ(is_shared_mount("/mnt/A/AA/B/BB"), true);
647
+
648
+
EXPECT_EQ(close(fd), 0);
649
+
}
650
+
651
+
TEST_F(mount_setattr, mount_has_writers)
652
+
{
653
+
int fd, dfd;
654
+
unsigned int old_flags = 0, new_flags = 0;
655
+
struct mount_attr attr = {
656
+
.attr_set = MOUNT_ATTR_RDONLY | MOUNT_ATTR_NOEXEC | MOUNT_ATTR_RELATIME,
657
+
.attr_clr = MOUNT_ATTR__ATIME,
658
+
.propagation = MS_SHARED,
659
+
};
660
+
661
+
if (!mount_setattr_supported())
662
+
SKIP(return, "mount_setattr syscall not supported");
663
+
664
+
old_flags = read_mnt_flags("/mnt/A");
665
+
ASSERT_GT(old_flags, 0);
666
+
667
+
fd = open("/mnt/A/AA/B/b", O_RDWR | O_CLOEXEC | O_CREAT | O_EXCL, 0777);
668
+
ASSERT_GE(fd, 0);
669
+
670
+
/*
671
+
* We're holding a fd open to a mount somwhere in the middle so this
672
+
* needs to fail somewhere in the middle. After this the mount options
673
+
* need to be unchanged.
674
+
*/
675
+
ASSERT_LT(sys_mount_setattr(-1, "/mnt/A", AT_RECURSIVE, &attr, sizeof(attr)), 0);
676
+
677
+
new_flags = read_mnt_flags("/mnt/A");
678
+
ASSERT_EQ(new_flags, old_flags);
679
+
680
+
ASSERT_EQ(is_shared_mount("/mnt/A"), false);
681
+
682
+
new_flags = read_mnt_flags("/mnt/A/AA");
683
+
ASSERT_EQ(new_flags, old_flags);
684
+
685
+
ASSERT_EQ(is_shared_mount("/mnt/A/AA"), false);
686
+
687
+
new_flags = read_mnt_flags("/mnt/A/AA/B");
688
+
ASSERT_EQ(new_flags, old_flags);
689
+
690
+
ASSERT_EQ(is_shared_mount("/mnt/A/AA/B"), false);
691
+
692
+
new_flags = read_mnt_flags("/mnt/A/AA/B/BB");
693
+
ASSERT_EQ(new_flags, old_flags);
694
+
695
+
ASSERT_EQ(is_shared_mount("/mnt/A/AA/B/BB"), false);
696
+
697
+
dfd = open("/mnt/A/AA/B", O_DIRECTORY | O_CLOEXEC);
698
+
ASSERT_GE(dfd, 0);
699
+
EXPECT_EQ(fsync(dfd), 0);
700
+
EXPECT_EQ(close(dfd), 0);
701
+
702
+
EXPECT_EQ(fsync(fd), 0);
703
+
EXPECT_EQ(close(fd), 0);
704
+
705
+
/* All writers are gone so this should succeed. */
706
+
ASSERT_EQ(sys_mount_setattr(-1, "/mnt/A", AT_RECURSIVE, &attr, sizeof(attr)), 0);
707
+
}
708
+
709
+
TEST_F(mount_setattr, mixed_mount_options)
710
+
{
711
+
unsigned int old_flags1 = 0, old_flags2 = 0, new_flags = 0, expected_flags = 0;
712
+
struct mount_attr attr = {
713
+
.attr_clr = MOUNT_ATTR_RDONLY | MOUNT_ATTR_NOSUID | MOUNT_ATTR_NOEXEC | MOUNT_ATTR__ATIME,
714
+
.attr_set = MOUNT_ATTR_RELATIME,
715
+
};
716
+
717
+
if (!mount_setattr_supported())
718
+
SKIP(return, "mount_setattr syscall not supported");
719
+
720
+
old_flags1 = read_mnt_flags("/mnt/B");
721
+
ASSERT_GT(old_flags1, 0);
722
+
723
+
old_flags2 = read_mnt_flags("/mnt/B/BB");
724
+
ASSERT_GT(old_flags2, 0);
725
+
726
+
ASSERT_EQ(sys_mount_setattr(-1, "/mnt/B", AT_RECURSIVE, &attr, sizeof(attr)), 0);
727
+
728
+
expected_flags = old_flags2;
729
+
expected_flags &= ~(MS_RDONLY | MS_NOEXEC | MS_NOATIME | MS_NOSUID);
730
+
expected_flags |= MS_RELATIME;
731
+
732
+
new_flags = read_mnt_flags("/mnt/B");
733
+
ASSERT_EQ(new_flags, expected_flags);
734
+
735
+
expected_flags = old_flags2;
736
+
expected_flags &= ~(MS_RDONLY | MS_NOEXEC | MS_NOATIME | MS_NOSUID);
737
+
expected_flags |= MS_RELATIME;
738
+
739
+
new_flags = read_mnt_flags("/mnt/B/BB");
740
+
ASSERT_EQ(new_flags, expected_flags);
741
+
}
742
+
743
+
TEST_F(mount_setattr, time_changes)
744
+
{
745
+
unsigned int old_flags = 0, new_flags = 0, expected_flags = 0;
746
+
struct mount_attr attr = {
747
+
.attr_set = MOUNT_ATTR_NODIRATIME | MOUNT_ATTR_NOATIME,
748
+
};
749
+
750
+
if (!mount_setattr_supported())
751
+
SKIP(return, "mount_setattr syscall not supported");
752
+
753
+
ASSERT_NE(sys_mount_setattr(-1, "/mnt/A", AT_RECURSIVE, &attr, sizeof(attr)), 0);
754
+
755
+
attr.attr_set = MOUNT_ATTR_STRICTATIME;
756
+
ASSERT_NE(sys_mount_setattr(-1, "/mnt/A", AT_RECURSIVE, &attr, sizeof(attr)), 0);
757
+
758
+
attr.attr_set = MOUNT_ATTR_STRICTATIME | MOUNT_ATTR_NOATIME;
759
+
ASSERT_NE(sys_mount_setattr(-1, "/mnt/A", AT_RECURSIVE, &attr, sizeof(attr)), 0);
760
+
761
+
attr.attr_set = MOUNT_ATTR_STRICTATIME | MOUNT_ATTR_NOATIME;
762
+
attr.attr_clr = MOUNT_ATTR__ATIME;
763
+
ASSERT_NE(sys_mount_setattr(-1, "/mnt/A", AT_RECURSIVE, &attr, sizeof(attr)), 0);
764
+
765
+
attr.attr_set = 0;
766
+
attr.attr_clr = MOUNT_ATTR_STRICTATIME;
767
+
ASSERT_NE(sys_mount_setattr(-1, "/mnt/A", AT_RECURSIVE, &attr, sizeof(attr)), 0);
768
+
769
+
attr.attr_clr = MOUNT_ATTR_NOATIME;
770
+
ASSERT_NE(sys_mount_setattr(-1, "/mnt/A", AT_RECURSIVE, &attr, sizeof(attr)), 0);
771
+
772
+
old_flags = read_mnt_flags("/mnt/A");
773
+
ASSERT_GT(old_flags, 0);
774
+
775
+
attr.attr_set = MOUNT_ATTR_NODIRATIME | MOUNT_ATTR_NOATIME;
776
+
attr.attr_clr = MOUNT_ATTR__ATIME;
777
+
ASSERT_EQ(sys_mount_setattr(-1, "/mnt/A", AT_RECURSIVE, &attr, sizeof(attr)), 0);
778
+
779
+
expected_flags = old_flags;
780
+
expected_flags |= MS_NOATIME;
781
+
expected_flags |= MS_NODIRATIME;
782
+
783
+
new_flags = read_mnt_flags("/mnt/A");
784
+
ASSERT_EQ(new_flags, expected_flags);
785
+
786
+
new_flags = read_mnt_flags("/mnt/A/AA");
787
+
ASSERT_EQ(new_flags, expected_flags);
788
+
789
+
new_flags = read_mnt_flags("/mnt/A/AA/B");
790
+
ASSERT_EQ(new_flags, expected_flags);
791
+
792
+
new_flags = read_mnt_flags("/mnt/A/AA/B/BB");
793
+
ASSERT_EQ(new_flags, expected_flags);
794
+
795
+
memset(&attr, 0, sizeof(attr));
796
+
attr.attr_set &= ~MOUNT_ATTR_NOATIME;
797
+
attr.attr_set |= MOUNT_ATTR_RELATIME;
798
+
attr.attr_clr |= MOUNT_ATTR__ATIME;
799
+
ASSERT_EQ(sys_mount_setattr(-1, "/mnt/A", AT_RECURSIVE, &attr, sizeof(attr)), 0);
800
+
801
+
expected_flags &= ~MS_NOATIME;
802
+
expected_flags |= MS_RELATIME;
803
+
804
+
new_flags = read_mnt_flags("/mnt/A");
805
+
ASSERT_EQ(new_flags, expected_flags);
806
+
807
+
new_flags = read_mnt_flags("/mnt/A/AA");
808
+
ASSERT_EQ(new_flags, expected_flags);
809
+
810
+
new_flags = read_mnt_flags("/mnt/A/AA/B");
811
+
ASSERT_EQ(new_flags, expected_flags);
812
+
813
+
new_flags = read_mnt_flags("/mnt/A/AA/B/BB");
814
+
ASSERT_EQ(new_flags, expected_flags);
815
+
816
+
memset(&attr, 0, sizeof(attr));
817
+
attr.attr_set &= ~MOUNT_ATTR_RELATIME;
818
+
attr.attr_set |= MOUNT_ATTR_STRICTATIME;
819
+
attr.attr_clr |= MOUNT_ATTR__ATIME;
820
+
ASSERT_EQ(sys_mount_setattr(-1, "/mnt/A", AT_RECURSIVE, &attr, sizeof(attr)), 0);
821
+
822
+
expected_flags &= ~MS_RELATIME;
823
+
824
+
new_flags = read_mnt_flags("/mnt/A");
825
+
ASSERT_EQ(new_flags, expected_flags);
826
+
827
+
new_flags = read_mnt_flags("/mnt/A/AA");
828
+
ASSERT_EQ(new_flags, expected_flags);
829
+
830
+
new_flags = read_mnt_flags("/mnt/A/AA/B");
831
+
ASSERT_EQ(new_flags, expected_flags);
832
+
833
+
new_flags = read_mnt_flags("/mnt/A/AA/B/BB");
834
+
ASSERT_EQ(new_flags, expected_flags);
835
+
836
+
memset(&attr, 0, sizeof(attr));
837
+
attr.attr_set &= ~MOUNT_ATTR_STRICTATIME;
838
+
attr.attr_set |= MOUNT_ATTR_NOATIME;
839
+
attr.attr_clr |= MOUNT_ATTR__ATIME;
840
+
ASSERT_EQ(sys_mount_setattr(-1, "/mnt/A", AT_RECURSIVE, &attr, sizeof(attr)), 0);
841
+
842
+
expected_flags |= MS_NOATIME;
843
+
new_flags = read_mnt_flags("/mnt/A");
844
+
ASSERT_EQ(new_flags, expected_flags);
845
+
846
+
new_flags = read_mnt_flags("/mnt/A/AA");
847
+
ASSERT_EQ(new_flags, expected_flags);
848
+
849
+
new_flags = read_mnt_flags("/mnt/A/AA/B");
850
+
ASSERT_EQ(new_flags, expected_flags);
851
+
852
+
new_flags = read_mnt_flags("/mnt/A/AA/B/BB");
853
+
ASSERT_EQ(new_flags, expected_flags);
854
+
855
+
memset(&attr, 0, sizeof(attr));
856
+
ASSERT_EQ(sys_mount_setattr(-1, "/mnt/A", AT_RECURSIVE, &attr, sizeof(attr)), 0);
857
+
858
+
new_flags = read_mnt_flags("/mnt/A");
859
+
ASSERT_EQ(new_flags, expected_flags);
860
+
861
+
new_flags = read_mnt_flags("/mnt/A/AA");
862
+
ASSERT_EQ(new_flags, expected_flags);
863
+
864
+
new_flags = read_mnt_flags("/mnt/A/AA/B");
865
+
ASSERT_EQ(new_flags, expected_flags);
866
+
867
+
new_flags = read_mnt_flags("/mnt/A/AA/B/BB");
868
+
ASSERT_EQ(new_flags, expected_flags);
869
+
870
+
memset(&attr, 0, sizeof(attr));
871
+
attr.attr_clr = MOUNT_ATTR_NODIRATIME;
872
+
ASSERT_EQ(sys_mount_setattr(-1, "/mnt/A", AT_RECURSIVE, &attr, sizeof(attr)), 0);
873
+
874
+
expected_flags &= ~MS_NODIRATIME;
875
+
876
+
new_flags = read_mnt_flags("/mnt/A");
877
+
ASSERT_EQ(new_flags, expected_flags);
878
+
879
+
new_flags = read_mnt_flags("/mnt/A/AA");
880
+
ASSERT_EQ(new_flags, expected_flags);
881
+
882
+
new_flags = read_mnt_flags("/mnt/A/AA/B");
883
+
ASSERT_EQ(new_flags, expected_flags);
884
+
885
+
new_flags = read_mnt_flags("/mnt/A/AA/B/BB");
886
+
ASSERT_EQ(new_flags, expected_flags);
887
+
}
888
+
889
+
TEST_F(mount_setattr, multi_threaded)
890
+
{
891
+
int i, j, nthreads, ret = 0;
892
+
unsigned int old_flags = 0, new_flags = 0, expected_flags = 0;
893
+
pthread_attr_t pattr;
894
+
pthread_t threads[DEFAULT_THREADS];
895
+
896
+
if (!mount_setattr_supported())
897
+
SKIP(return, "mount_setattr syscall not supported");
898
+
899
+
old_flags = read_mnt_flags("/mnt/A");
900
+
ASSERT_GT(old_flags, 0);
901
+
902
+
/* Try to change mount options from multiple threads. */
903
+
nthreads = get_nprocs_conf();
904
+
if (nthreads > DEFAULT_THREADS)
905
+
nthreads = DEFAULT_THREADS;
906
+
907
+
pthread_attr_init(&pattr);
908
+
for (i = 0; i < nthreads; i++)
909
+
ASSERT_EQ(pthread_create(&threads[i], &pattr, mount_setattr_thread, NULL), 0);
910
+
911
+
for (j = 0; j < i; j++) {
912
+
void *retptr = NULL;
913
+
914
+
EXPECT_EQ(pthread_join(threads[j], &retptr), 0);
915
+
916
+
ret += ptr_to_int(retptr);
917
+
EXPECT_EQ(ret, 0);
918
+
}
919
+
pthread_attr_destroy(&pattr);
920
+
921
+
ASSERT_EQ(ret, 0);
922
+
923
+
expected_flags = old_flags;
924
+
expected_flags |= MS_RDONLY;
925
+
expected_flags |= MS_NOSUID;
926
+
new_flags = read_mnt_flags("/mnt/A");
927
+
ASSERT_EQ(new_flags, expected_flags);
928
+
929
+
ASSERT_EQ(is_shared_mount("/mnt/A"), true);
930
+
931
+
new_flags = read_mnt_flags("/mnt/A/AA");
932
+
ASSERT_EQ(new_flags, expected_flags);
933
+
934
+
ASSERT_EQ(is_shared_mount("/mnt/A/AA"), true);
935
+
936
+
new_flags = read_mnt_flags("/mnt/A/AA/B");
937
+
ASSERT_EQ(new_flags, expected_flags);
938
+
939
+
ASSERT_EQ(is_shared_mount("/mnt/A/AA/B"), true);
940
+
941
+
new_flags = read_mnt_flags("/mnt/A/AA/B/BB");
942
+
ASSERT_EQ(new_flags, expected_flags);
943
+
944
+
ASSERT_EQ(is_shared_mount("/mnt/A/AA/B/BB"), true);
945
+
}
946
+
947
+
TEST_F(mount_setattr, wrong_user_namespace)
948
+
{
949
+
int ret;
950
+
struct mount_attr attr = {
951
+
.attr_set = MOUNT_ATTR_RDONLY,
952
+
};
953
+
954
+
if (!mount_setattr_supported())
955
+
SKIP(return, "mount_setattr syscall not supported");
956
+
957
+
EXPECT_EQ(create_and_enter_userns(), 0);
958
+
ret = sys_mount_setattr(-1, "/mnt/A", AT_RECURSIVE, &attr, sizeof(attr));
959
+
ASSERT_LT(ret, 0);
960
+
ASSERT_EQ(errno, EPERM);
961
+
}
962
+
963
+
TEST_F(mount_setattr, wrong_mount_namespace)
964
+
{
965
+
int fd, ret;
966
+
struct mount_attr attr = {
967
+
.attr_set = MOUNT_ATTR_RDONLY,
968
+
};
969
+
970
+
if (!mount_setattr_supported())
971
+
SKIP(return, "mount_setattr syscall not supported");
972
+
973
+
fd = open("/mnt/A", O_DIRECTORY | O_CLOEXEC);
974
+
ASSERT_GE(fd, 0);
975
+
976
+
ASSERT_EQ(unshare(CLONE_NEWNS), 0);
977
+
978
+
ret = sys_mount_setattr(fd, "", AT_EMPTY_PATH | AT_RECURSIVE, &attr, sizeof(attr));
979
+
ASSERT_LT(ret, 0);
980
+
ASSERT_EQ(errno, EINVAL);
981
+
}
982
+
983
+
FIXTURE(mount_setattr_idmapped) {
984
+
};
985
+
986
+
FIXTURE_SETUP(mount_setattr_idmapped)
987
+
{
988
+
int img_fd = -EBADF;
989
+
990
+
ASSERT_EQ(unshare(CLONE_NEWNS), 0);
991
+
992
+
ASSERT_EQ(mount(NULL, "/", NULL, MS_REC | MS_PRIVATE, 0), 0);
993
+
994
+
(void)umount2("/mnt", MNT_DETACH);
995
+
(void)umount2("/tmp", MNT_DETACH);
996
+
997
+
ASSERT_EQ(mount("testing", "/tmp", "tmpfs", MS_NOATIME | MS_NODEV,
998
+
"size=100000,mode=700"), 0);
999
+
1000
+
ASSERT_EQ(mkdir("/tmp/B", 0777), 0);
1001
+
ASSERT_EQ(mknodat(-EBADF, "/tmp/B/b", S_IFREG | 0644, 0), 0);
1002
+
ASSERT_EQ(chown("/tmp/B/b", 0, 0), 0);
1003
+
1004
+
ASSERT_EQ(mount("testing", "/tmp/B", "tmpfs", MS_NOATIME | MS_NODEV,
1005
+
"size=100000,mode=700"), 0);
1006
+
1007
+
ASSERT_EQ(mkdir("/tmp/B/BB", 0777), 0);
1008
+
ASSERT_EQ(mknodat(-EBADF, "/tmp/B/BB/b", S_IFREG | 0644, 0), 0);
1009
+
ASSERT_EQ(chown("/tmp/B/BB/b", 0, 0), 0);
1010
+
1011
+
ASSERT_EQ(mount("testing", "/tmp/B/BB", "tmpfs", MS_NOATIME | MS_NODEV,
1012
+
"size=100000,mode=700"), 0);
1013
+
1014
+
ASSERT_EQ(mount("testing", "/mnt", "tmpfs", MS_NOATIME | MS_NODEV,
1015
+
"size=100000,mode=700"), 0);
1016
+
1017
+
ASSERT_EQ(mkdir("/mnt/A", 0777), 0);
1018
+
1019
+
ASSERT_EQ(mount("testing", "/mnt/A", "tmpfs", MS_NOATIME | MS_NODEV,
1020
+
"size=100000,mode=700"), 0);
1021
+
1022
+
ASSERT_EQ(mkdir("/mnt/A/AA", 0777), 0);
1023
+
1024
+
ASSERT_EQ(mount("/tmp", "/mnt/A/AA", NULL, MS_BIND | MS_REC, NULL), 0);
1025
+
1026
+
ASSERT_EQ(mkdir("/mnt/B", 0777), 0);
1027
+
1028
+
ASSERT_EQ(mount("testing", "/mnt/B", "ramfs",
1029
+
MS_NOATIME | MS_NODEV | MS_NOSUID, 0), 0);
1030
+
1031
+
ASSERT_EQ(mkdir("/mnt/B/BB", 0777), 0);
1032
+
1033
+
ASSERT_EQ(mount("testing", "/tmp/B/BB", "devpts",
1034
+
MS_RELATIME | MS_NOEXEC | MS_RDONLY, 0), 0);
1035
+
1036
+
ASSERT_EQ(mkdir("/mnt/C", 0777), 0);
1037
+
ASSERT_EQ(mkdir("/mnt/D", 0777), 0);
1038
+
img_fd = openat(-EBADF, "/mnt/C/ext4.img", O_CREAT | O_WRONLY, 0600);
1039
+
ASSERT_GE(img_fd, 0);
1040
+
ASSERT_EQ(ftruncate(img_fd, 1024 * 2048), 0);
1041
+
ASSERT_EQ(system("mkfs.ext4 -q /mnt/C/ext4.img"), 0);
1042
+
ASSERT_EQ(system("mount -o loop -t ext4 /mnt/C/ext4.img /mnt/D/"), 0);
1043
+
ASSERT_EQ(close(img_fd), 0);
1044
+
}
1045
+
1046
+
FIXTURE_TEARDOWN(mount_setattr_idmapped)
1047
+
{
1048
+
(void)umount2("/mnt/A", MNT_DETACH);
1049
+
(void)umount2("/tmp", MNT_DETACH);
1050
+
}
1051
+
1052
+
/**
1053
+
* Validate that negative fd values are rejected.
1054
+
*/
1055
+
TEST_F(mount_setattr_idmapped, invalid_fd_negative)
1056
+
{
1057
+
struct mount_attr attr = {
1058
+
.attr_set = MOUNT_ATTR_IDMAP,
1059
+
.userns_fd = -EBADF,
1060
+
};
1061
+
1062
+
if (!mount_setattr_supported())
1063
+
SKIP(return, "mount_setattr syscall not supported");
1064
+
1065
+
ASSERT_NE(sys_mount_setattr(-1, "/", 0, &attr, sizeof(attr)), 0) {
1066
+
TH_LOG("failure: created idmapped mount with negative fd");
1067
+
}
1068
+
}
1069
+
1070
+
/**
1071
+
* Validate that excessively large fd values are rejected.
1072
+
*/
1073
+
TEST_F(mount_setattr_idmapped, invalid_fd_large)
1074
+
{
1075
+
struct mount_attr attr = {
1076
+
.attr_set = MOUNT_ATTR_IDMAP,
1077
+
.userns_fd = INT64_MAX,
1078
+
};
1079
+
1080
+
if (!mount_setattr_supported())
1081
+
SKIP(return, "mount_setattr syscall not supported");
1082
+
1083
+
ASSERT_NE(sys_mount_setattr(-1, "/", 0, &attr, sizeof(attr)), 0) {
1084
+
TH_LOG("failure: created idmapped mount with too large fd value");
1085
+
}
1086
+
}
1087
+
1088
+
/**
1089
+
* Validate that closed fd values are rejected.
1090
+
*/
1091
+
TEST_F(mount_setattr_idmapped, invalid_fd_closed)
1092
+
{
1093
+
int fd;
1094
+
struct mount_attr attr = {
1095
+
.attr_set = MOUNT_ATTR_IDMAP,
1096
+
};
1097
+
1098
+
if (!mount_setattr_supported())
1099
+
SKIP(return, "mount_setattr syscall not supported");
1100
+
1101
+
fd = open("/dev/null", O_RDONLY | O_CLOEXEC);
1102
+
ASSERT_GE(fd, 0);
1103
+
ASSERT_GE(close(fd), 0);
1104
+
1105
+
attr.userns_fd = fd;
1106
+
ASSERT_NE(sys_mount_setattr(-1, "/", 0, &attr, sizeof(attr)), 0) {
1107
+
TH_LOG("failure: created idmapped mount with closed fd");
1108
+
}
1109
+
}
1110
+
1111
+
/**
1112
+
* Validate that the initial user namespace is rejected.
1113
+
*/
1114
+
TEST_F(mount_setattr_idmapped, invalid_fd_initial_userns)
1115
+
{
1116
+
int open_tree_fd = -EBADF;
1117
+
struct mount_attr attr = {
1118
+
.attr_set = MOUNT_ATTR_IDMAP,
1119
+
};
1120
+
1121
+
if (!mount_setattr_supported())
1122
+
SKIP(return, "mount_setattr syscall not supported");
1123
+
1124
+
open_tree_fd = sys_open_tree(-EBADF, "/mnt/D",
1125
+
AT_NO_AUTOMOUNT |
1126
+
AT_SYMLINK_NOFOLLOW |
1127
+
OPEN_TREE_CLOEXEC | OPEN_TREE_CLONE);
1128
+
ASSERT_GE(open_tree_fd, 0);
1129
+
1130
+
attr.userns_fd = open("/proc/1/ns/user", O_RDONLY | O_CLOEXEC);
1131
+
ASSERT_GE(attr.userns_fd, 0);
1132
+
ASSERT_NE(sys_mount_setattr(open_tree_fd, "", AT_EMPTY_PATH, &attr, sizeof(attr)), 0);
1133
+
ASSERT_EQ(errno, EPERM);
1134
+
ASSERT_EQ(close(attr.userns_fd), 0);
1135
+
ASSERT_EQ(close(open_tree_fd), 0);
1136
+
}
1137
+
1138
+
static int map_ids(pid_t pid, unsigned long nsid, unsigned long hostid,
1139
+
unsigned long range)
1140
+
{
1141
+
char map[100], procfile[256];
1142
+
1143
+
snprintf(procfile, sizeof(procfile), "/proc/%d/uid_map", pid);
1144
+
snprintf(map, sizeof(map), "%lu %lu %lu", nsid, hostid, range);
1145
+
if (write_file(procfile, map, strlen(map)))
1146
+
return -1;
1147
+
1148
+
1149
+
snprintf(procfile, sizeof(procfile), "/proc/%d/gid_map", pid);
1150
+
snprintf(map, sizeof(map), "%lu %lu %lu", nsid, hostid, range);
1151
+
if (write_file(procfile, map, strlen(map)))
1152
+
return -1;
1153
+
1154
+
return 0;
1155
+
}
1156
+
1157
+
#define __STACK_SIZE (8 * 1024 * 1024)
1158
+
static pid_t do_clone(int (*fn)(void *), void *arg, int flags)
1159
+
{
1160
+
void *stack;
1161
+
1162
+
stack = malloc(__STACK_SIZE);
1163
+
if (!stack)
1164
+
return -ENOMEM;
1165
+
1166
+
#ifdef __ia64__
1167
+
return __clone2(fn, stack, __STACK_SIZE, flags | SIGCHLD, arg, NULL);
1168
+
#else
1169
+
return clone(fn, stack + __STACK_SIZE, flags | SIGCHLD, arg, NULL);
1170
+
#endif
1171
+
}
1172
+
1173
+
static int get_userns_fd_cb(void *data)
1174
+
{
1175
+
return kill(getpid(), SIGSTOP);
1176
+
}
1177
+
1178
+
static int wait_for_pid(pid_t pid)
1179
+
{
1180
+
int status, ret;
1181
+
1182
+
again:
1183
+
ret = waitpid(pid, &status, 0);
1184
+
if (ret == -1) {
1185
+
if (errno == EINTR)
1186
+
goto again;
1187
+
1188
+
return -1;
1189
+
}
1190
+
1191
+
if (!WIFEXITED(status))
1192
+
return -1;
1193
+
1194
+
return WEXITSTATUS(status);
1195
+
}
1196
+
1197
+
static int get_userns_fd(unsigned long nsid, unsigned long hostid, unsigned long range)
1198
+
{
1199
+
int ret;
1200
+
pid_t pid;
1201
+
char path[256];
1202
+
1203
+
pid = do_clone(get_userns_fd_cb, NULL, CLONE_NEWUSER);
1204
+
if (pid < 0)
1205
+
return -errno;
1206
+
1207
+
ret = map_ids(pid, nsid, hostid, range);
1208
+
if (ret < 0)
1209
+
return ret;
1210
+
1211
+
snprintf(path, sizeof(path), "/proc/%d/ns/user", pid);
1212
+
ret = open(path, O_RDONLY | O_CLOEXEC);
1213
+
kill(pid, SIGKILL);
1214
+
wait_for_pid(pid);
1215
+
return ret;
1216
+
}
1217
+
1218
+
/**
1219
+
* Validate that an attached mount in our mount namespace can be idmapped.
1220
+
* (The kernel enforces that the mount's mount namespace and the caller's mount
1221
+
* namespace match.)
1222
+
*/
1223
+
TEST_F(mount_setattr_idmapped, attached_mount_inside_current_mount_namespace)
1224
+
{
1225
+
int open_tree_fd = -EBADF;
1226
+
struct mount_attr attr = {
1227
+
.attr_set = MOUNT_ATTR_IDMAP,
1228
+
};
1229
+
1230
+
if (!mount_setattr_supported())
1231
+
SKIP(return, "mount_setattr syscall not supported");
1232
+
1233
+
open_tree_fd = sys_open_tree(-EBADF, "/mnt/D",
1234
+
AT_EMPTY_PATH |
1235
+
AT_NO_AUTOMOUNT |
1236
+
AT_SYMLINK_NOFOLLOW |
1237
+
OPEN_TREE_CLOEXEC);
1238
+
ASSERT_GE(open_tree_fd, 0);
1239
+
1240
+
attr.userns_fd = get_userns_fd(0, 10000, 10000);
1241
+
ASSERT_GE(attr.userns_fd, 0);
1242
+
ASSERT_EQ(sys_mount_setattr(open_tree_fd, "", AT_EMPTY_PATH, &attr, sizeof(attr)), 0);
1243
+
ASSERT_EQ(close(attr.userns_fd), 0);
1244
+
ASSERT_EQ(close(open_tree_fd), 0);
1245
+
}
1246
+
1247
+
/**
1248
+
* Validate that idmapping a mount is rejected if the mount's mount namespace
1249
+
* and our mount namespace don't match.
1250
+
* (The kernel enforces that the mount's mount namespace and the caller's mount
1251
+
* namespace match.)
1252
+
*/
1253
+
TEST_F(mount_setattr_idmapped, attached_mount_outside_current_mount_namespace)
1254
+
{
1255
+
int open_tree_fd = -EBADF;
1256
+
struct mount_attr attr = {
1257
+
.attr_set = MOUNT_ATTR_IDMAP,
1258
+
};
1259
+
1260
+
if (!mount_setattr_supported())
1261
+
SKIP(return, "mount_setattr syscall not supported");
1262
+
1263
+
open_tree_fd = sys_open_tree(-EBADF, "/mnt/D",
1264
+
AT_EMPTY_PATH |
1265
+
AT_NO_AUTOMOUNT |
1266
+
AT_SYMLINK_NOFOLLOW |
1267
+
OPEN_TREE_CLOEXEC);
1268
+
ASSERT_GE(open_tree_fd, 0);
1269
+
1270
+
ASSERT_EQ(unshare(CLONE_NEWNS), 0);
1271
+
1272
+
attr.userns_fd = get_userns_fd(0, 10000, 10000);
1273
+
ASSERT_GE(attr.userns_fd, 0);
1274
+
ASSERT_NE(sys_mount_setattr(open_tree_fd, "", AT_EMPTY_PATH, &attr,
1275
+
sizeof(attr)), 0);
1276
+
ASSERT_EQ(close(attr.userns_fd), 0);
1277
+
ASSERT_EQ(close(open_tree_fd), 0);
1278
+
}
1279
+
1280
+
/**
1281
+
* Validate that an attached mount in our mount namespace can be idmapped.
1282
+
*/
1283
+
TEST_F(mount_setattr_idmapped, detached_mount_inside_current_mount_namespace)
1284
+
{
1285
+
int open_tree_fd = -EBADF;
1286
+
struct mount_attr attr = {
1287
+
.attr_set = MOUNT_ATTR_IDMAP,
1288
+
};
1289
+
1290
+
if (!mount_setattr_supported())
1291
+
SKIP(return, "mount_setattr syscall not supported");
1292
+
1293
+
open_tree_fd = sys_open_tree(-EBADF, "/mnt/D",
1294
+
AT_EMPTY_PATH |
1295
+
AT_NO_AUTOMOUNT |
1296
+
AT_SYMLINK_NOFOLLOW |
1297
+
OPEN_TREE_CLOEXEC |
1298
+
OPEN_TREE_CLONE);
1299
+
ASSERT_GE(open_tree_fd, 0);
1300
+
1301
+
/* Changing mount properties on a detached mount. */
1302
+
attr.userns_fd = get_userns_fd(0, 10000, 10000);
1303
+
ASSERT_GE(attr.userns_fd, 0);
1304
+
ASSERT_EQ(sys_mount_setattr(open_tree_fd, "",
1305
+
AT_EMPTY_PATH, &attr, sizeof(attr)), 0);
1306
+
ASSERT_EQ(close(attr.userns_fd), 0);
1307
+
ASSERT_EQ(close(open_tree_fd), 0);
1308
+
}
1309
+
1310
+
/**
1311
+
* Validate that a detached mount not in our mount namespace can be idmapped.
1312
+
*/
1313
+
TEST_F(mount_setattr_idmapped, detached_mount_outside_current_mount_namespace)
1314
+
{
1315
+
int open_tree_fd = -EBADF;
1316
+
struct mount_attr attr = {
1317
+
.attr_set = MOUNT_ATTR_IDMAP,
1318
+
};
1319
+
1320
+
if (!mount_setattr_supported())
1321
+
SKIP(return, "mount_setattr syscall not supported");
1322
+
1323
+
open_tree_fd = sys_open_tree(-EBADF, "/mnt/D",
1324
+
AT_EMPTY_PATH |
1325
+
AT_NO_AUTOMOUNT |
1326
+
AT_SYMLINK_NOFOLLOW |
1327
+
OPEN_TREE_CLOEXEC |
1328
+
OPEN_TREE_CLONE);
1329
+
ASSERT_GE(open_tree_fd, 0);
1330
+
1331
+
ASSERT_EQ(unshare(CLONE_NEWNS), 0);
1332
+
1333
+
/* Changing mount properties on a detached mount. */
1334
+
attr.userns_fd = get_userns_fd(0, 10000, 10000);
1335
+
ASSERT_GE(attr.userns_fd, 0);
1336
+
ASSERT_EQ(sys_mount_setattr(open_tree_fd, "",
1337
+
AT_EMPTY_PATH, &attr, sizeof(attr)), 0);
1338
+
ASSERT_EQ(close(attr.userns_fd), 0);
1339
+
ASSERT_EQ(close(open_tree_fd), 0);
1340
+
}
1341
+
1342
+
/**
1343
+
* Validate that currently changing the idmapping of an idmapped mount fails.
1344
+
*/
1345
+
TEST_F(mount_setattr_idmapped, change_idmapping)
1346
+
{
1347
+
int open_tree_fd = -EBADF;
1348
+
struct mount_attr attr = {
1349
+
.attr_set = MOUNT_ATTR_IDMAP,
1350
+
};
1351
+
1352
+
if (!mount_setattr_supported())
1353
+
SKIP(return, "mount_setattr syscall not supported");
1354
+
1355
+
open_tree_fd = sys_open_tree(-EBADF, "/mnt/D",
1356
+
AT_EMPTY_PATH |
1357
+
AT_NO_AUTOMOUNT |
1358
+
AT_SYMLINK_NOFOLLOW |
1359
+
OPEN_TREE_CLOEXEC |
1360
+
OPEN_TREE_CLONE);
1361
+
ASSERT_GE(open_tree_fd, 0);
1362
+
1363
+
attr.userns_fd = get_userns_fd(0, 10000, 10000);
1364
+
ASSERT_GE(attr.userns_fd, 0);
1365
+
ASSERT_EQ(sys_mount_setattr(open_tree_fd, "",
1366
+
AT_EMPTY_PATH, &attr, sizeof(attr)), 0);
1367
+
ASSERT_EQ(close(attr.userns_fd), 0);
1368
+
1369
+
/* Change idmapping on a detached mount that is already idmapped. */
1370
+
attr.userns_fd = get_userns_fd(0, 20000, 10000);
1371
+
ASSERT_GE(attr.userns_fd, 0);
1372
+
ASSERT_NE(sys_mount_setattr(open_tree_fd, "", AT_EMPTY_PATH, &attr, sizeof(attr)), 0);
1373
+
ASSERT_EQ(close(attr.userns_fd), 0);
1374
+
ASSERT_EQ(close(open_tree_fd), 0);
1375
+
}
1376
+
1377
+
static bool expected_uid_gid(int dfd, const char *path, int flags,
1378
+
uid_t expected_uid, gid_t expected_gid)
1379
+
{
1380
+
int ret;
1381
+
struct stat st;
1382
+
1383
+
ret = fstatat(dfd, path, &st, flags);
1384
+
if (ret < 0)
1385
+
return false;
1386
+
1387
+
return st.st_uid == expected_uid && st.st_gid == expected_gid;
1388
+
}
1389
+
1390
+
TEST_F(mount_setattr_idmapped, idmap_mount_tree_invalid)
1391
+
{
1392
+
int open_tree_fd = -EBADF;
1393
+
struct mount_attr attr = {
1394
+
.attr_set = MOUNT_ATTR_IDMAP,
1395
+
};
1396
+
1397
+
if (!mount_setattr_supported())
1398
+
SKIP(return, "mount_setattr syscall not supported");
1399
+
1400
+
ASSERT_EQ(expected_uid_gid(-EBADF, "/tmp/B/b", 0, 0, 0), 0);
1401
+
ASSERT_EQ(expected_uid_gid(-EBADF, "/tmp/B/BB/b", 0, 0, 0), 0);
1402
+
1403
+
open_tree_fd = sys_open_tree(-EBADF, "/mnt/A",
1404
+
AT_RECURSIVE |
1405
+
AT_EMPTY_PATH |
1406
+
AT_NO_AUTOMOUNT |
1407
+
AT_SYMLINK_NOFOLLOW |
1408
+
OPEN_TREE_CLOEXEC |
1409
+
OPEN_TREE_CLONE);
1410
+
ASSERT_GE(open_tree_fd, 0);
1411
+
1412
+
attr.userns_fd = get_userns_fd(0, 10000, 10000);
1413
+
ASSERT_GE(attr.userns_fd, 0);
1414
+
ASSERT_NE(sys_mount_setattr(open_tree_fd, "", AT_EMPTY_PATH, &attr, sizeof(attr)), 0);
1415
+
ASSERT_EQ(close(attr.userns_fd), 0);
1416
+
ASSERT_EQ(close(open_tree_fd), 0);
1417
+
1418
+
ASSERT_EQ(expected_uid_gid(-EBADF, "/tmp/B/b", 0, 0, 0), 0);
1419
+
ASSERT_EQ(expected_uid_gid(-EBADF, "/tmp/B/BB/b", 0, 0, 0), 0);
1420
+
ASSERT_EQ(expected_uid_gid(open_tree_fd, "B/b", 0, 0, 0), 0);
1421
+
ASSERT_EQ(expected_uid_gid(open_tree_fd, "B/BB/b", 0, 0, 0), 0);
1422
+
}
1423
+
1424
+
TEST_HARNESS_MAIN