From: Seth Forshee <seth.forshee@canonical.com>
To: "Eric W. Biederman" <ebiederm@xmission.com>,
Alexander Viro <viro@zeniv.linux.org.uk>,
linux-mtd@lists.infradead.org, linux-fsdevel@vger.kernel.org,
linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov
Cc: Serge Hallyn <serge.hallyn@canonical.com>,
Andy Lutomirski <luto@amacapital.net>,
linux-kernel@vger.kernel.org,
Seth Forshee <seth.forshee@canonical.com>
Subject: [PATCH v4 0/7] Initial support for user namespace owned mounts
Date: Wed, 23 Sep 2015 15:16:00 -0500 [thread overview]
Message-ID: <1443039368-55445-1-git-send-email-seth.forshee@canonical.com> (raw)
This is the fourth revision of the patch series introducing the concept
of superblocks owned by user namespaces, containing only trivial changes
from the previous revision.
These are the first in a larger set of patches, with the goal of
eventually allowing some regular filesystem types to be mounted in
unprivileged containers. The full series is available at:
git://kernel.ubuntu.com/sforshee/linux.git userns-mounts
The strategy for this series is to do as much of the heavy lifting as
possible in the vfs to minimize the need to handle edge cases in
individual filesystems. The patches that follow lay some of the
groundwork and fall into two groups:
1. Patches 1-2 add s_user_ns to struct superblock and use it to
simplify MNT_NODEV handling.
2. Patches 3-7 tighten down security for mounts with s_user_ns !=
&init_user_ns.
Note that these patches only address security at the vfs level. As has
been discussed previously, individual filesystems may still be
vulnerable to attacks via malicious metadata in the backing store. The
goal is to find a small set of filesystems which can be hardened from
attacks from below. I am initially targeting fuse, which has been
designed to resist such attacks, and ext4, which is so far standing up
quite well to fuzzing.
Changes since v3:
- Reword commit message for the MNT_NODEV handling changes to better
emphasize that it results in a user visible change in behavior.
- Consolidate smk_initialized into smk_flags as requested by Casey.
Andy Lutomirski (1):
fs: Treat foreign mounts as nosuid
Eric W. Biederman (1):
userns: Simpilify MNT_NODEV handling.
Seth Forshee (5):
fs: Add user namesapace member to struct super_block
fs: Verify access of user towards block device file when mounting
fs: Limit file caps to the user namespace of the super block
Smack: Add support for unprivileged mounts from user namespaces
selinux: Add support for unprivileged mounts from user namespaces
drivers/mtd/mtdsuper.c | 7 +++++-
fs/block_dev.c | 54 +++++++++++++++++++++++++++++++++---------
fs/exec.c | 2 +-
fs/namei.c | 9 ++++++-
fs/namespace.c | 34 +++++++++++++++-----------
fs/proc/root.c | 3 ++-
fs/super.c | 38 +++++++++++++++++++++++++----
include/linux/fs.h | 11 ++++++++-
include/linux/mount.h | 1 +
include/linux/user_namespace.h | 8 +++++++
kernel/user_namespace.c | 14 +++++++++++
security/commoncap.c | 4 +++-
security/selinux/hooks.c | 25 ++++++++++++++++++-
security/smack/smack.h | 8 ++++++-
security/smack/smack_lsm.c | 41 +++++++++++++++++++++++---------
15 files changed, 210 insertions(+), 49 deletions(-)
next reply other threads:[~2015-09-23 20:16 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-09-23 20:16 Seth Forshee [this message]
2015-09-23 20:16 ` [PATCH v4 1/7] fs: Add user namesapace member to struct super_block Seth Forshee
2015-09-24 21:14 ` Eric W. Biederman
2015-09-25 12:54 ` Seth Forshee
2015-09-25 17:27 ` Eric W. Biederman
2016-03-15 12:08 ` [PATCH] fs: fix a posible leak of allocated superblock Pavel Tikhomirov
2016-03-15 13:32 ` Seth Forshee
2015-09-23 20:16 ` [PATCH v4 2/7] userns: Simpilify MNT_NODEV handling Seth Forshee
2015-09-23 20:16 ` [PATCH v4 3/7] fs: Verify access of user towards block device file when mounting Seth Forshee
2015-09-24 21:53 ` Eric W. Biederman
2015-09-25 12:48 ` Seth Forshee
2015-09-25 17:16 ` Eric W. Biederman
2015-09-25 17:39 ` Seth Forshee
2015-09-25 17:49 ` Eric W. Biederman
2015-09-23 20:16 ` [PATCH v4 4/7] fs: Limit file caps to the user namespace of the super block Seth Forshee
2015-09-24 21:59 ` Eric W. Biederman
2015-09-25 12:49 ` Seth Forshee
2015-09-25 17:57 ` Eric W. Biederman
2015-09-23 20:16 ` [PATCH v4 5/7] fs: Treat foreign mounts as nosuid Seth Forshee
2015-09-23 20:16 ` [PATCH v4 6/7] Smack: Add support for unprivileged mounts from user namespaces Seth Forshee
2015-09-24 22:16 ` Eric W. Biederman
2015-09-24 22:34 ` Casey Schaufler
2015-09-27 19:30 ` Eric W. Biederman
2015-09-28 19:45 ` Seth Forshee
2015-09-23 20:16 ` [PATCH v4 7/7] selinux: " Seth Forshee
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1443039368-55445-1-git-send-email-seth.forshee@canonical.com \
--to=seth.forshee@canonical.com \
--cc=ebiederm@xmission.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mtd@lists.infradead.org \
--cc=linux-security-module@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=selinux@tycho.nsa.gov \
--cc=serge.hallyn@canonical.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.