From: Seth Forshee <seth.forshee@canonical.com>
To: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
containers@lists.linux-foundation.org,
James Bottomley <James.Bottomley@HansenPartnership.com>
Subject: [RFC PATCH 3/6] shiftfs: copy inode attrs up from underlying fs
Date: Thu, 1 Nov 2018 16:48:53 -0500 [thread overview]
Message-ID: <20181101214856.4563-4-seth.forshee@canonical.com> (raw)
In-Reply-To: <20181101214856.4563-1-seth.forshee@canonical.com>
Not all inode permission checks go through the permission
callback, e.g. some checks related to file capabilities. Always
copy up the inode attrs to ensure these checks work as expected.
Also introduce helpers helpers for shifting kernel ids from one
user ns to another, as this is an operation that is going to be
repeated.
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
---
fs/shiftfs.c | 30 +++++++++++++++++++++++++++++-
1 file changed, 29 insertions(+), 1 deletion(-)
diff --git a/fs/shiftfs.c b/fs/shiftfs.c
index b179a1be7bc1..556594988dd2 100644
--- a/fs/shiftfs.c
+++ b/fs/shiftfs.c
@@ -266,6 +266,33 @@ static int shiftfs_xattr_set(const struct xattr_handler *handler,
return shiftfs_setxattr(dentry, inode, name, value, size, flags);
}
+static kuid_t shift_kuid(struct user_namespace *from, struct user_namespace *to,
+ kuid_t kuid)
+{
+ uid_t uid = from_kuid(from, kuid);
+ return make_kuid(to, uid);
+}
+
+static kgid_t shift_kgid(struct user_namespace *from, struct user_namespace *to,
+ kgid_t kgid)
+{
+ gid_t gid = from_kgid(from, kgid);
+ return make_kgid(to, gid);
+}
+
+static void shiftfs_copyattr(struct inode *from, struct inode *to)
+{
+ struct user_namespace *from_ns = from->i_sb->s_user_ns;
+ struct user_namespace *to_ns = to->i_sb->s_user_ns;
+
+ to->i_uid = shift_kuid(from_ns, to_ns, from->i_uid);
+ to->i_gid = shift_kgid(from_ns, to_ns, from->i_gid);
+ to->i_mode = from->i_mode;
+ to->i_atime = from->i_atime;
+ to->i_mtime = from->i_mtime;
+ to->i_ctime = from->i_ctime;
+}
+
static void shiftfs_fill_inode(struct inode *inode, struct dentry *dentry)
{
struct inode *reali;
@@ -278,6 +305,7 @@ static void shiftfs_fill_inode(struct inode *inode, struct dentry *dentry)
if (!reali->i_op->get_link)
inode->i_opflags |= IOP_NOFOLLOW;
+ shiftfs_copyattr(reali, inode);
inode->i_mapping = reali->i_mapping;
inode->i_private = reali;
set_nlink(inode, reali->i_nlink);
@@ -573,7 +601,7 @@ static int shiftfs_setattr(struct dentry *dentry, struct iattr *attr)
return err;
/* all OK, reflect the change on our inode */
- setattr_copy(d_inode(dentry), attr);
+ shiftfs_copyattr(reali, d_inode(dentry));
return 0;
}
--
2.19.1
next prev parent reply other threads:[~2018-11-01 21:49 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-01 21:48 [RFC PATCH 0/6] shiftfs fixes and enhancements Seth Forshee
2018-11-01 21:48 ` [RFC PATCH 1/6] shiftfs: uid/gid shifting bind mount Seth Forshee
2018-11-01 21:48 ` [RFC PATCH 2/6] shiftfs: map inodes to lower fs inodes instead of dentries Seth Forshee
2018-11-01 21:48 ` Seth Forshee [this message]
2018-11-01 21:48 ` [RFC PATCH 4/6] shiftfs: translate uids using s_user_ns from lower fs Seth Forshee
2018-11-01 21:48 ` [RFC PATCH 5/6] shiftfs: add support for posix acls Seth Forshee
2018-11-01 21:48 ` [RFC PATCH 6/6] shiftfs: support nested shiftfs mounts Seth Forshee
2018-11-02 10:02 ` Amir Goldstein
2018-11-02 12:44 ` Seth Forshee
2018-11-02 13:16 ` Amir Goldstein
2018-11-02 13:47 ` Seth Forshee
2018-11-02 16:57 ` James Bottomley
2018-11-02 8:59 ` [RFC PATCH 0/6] shiftfs fixes and enhancements Amir Goldstein
2018-11-02 12:26 ` Seth Forshee
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181101214856.4563-4-seth.forshee@canonical.com \
--to=seth.forshee@canonical.com \
--cc=James.Bottomley@HansenPartnership.com \
--cc=containers@lists.linux-foundation.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.