From: "Serge E. Hallyn" <serge@hallyn.com>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: "Serge E. Hallyn" <serge@hallyn.com>,
Miklos Szeredi <mszeredi@redhat.com>,
linux-fsdevel@vger.kernel.org, linux-unionfs@vger.kernel.org,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org,
Christian Brauner <christian.brauner@ubuntu.com>
Subject: Re: [PATCH 2/2] security.capability: fix conversions on getxattr
Date: Fri, 29 Jan 2021 20:06:52 -0600 [thread overview]
Message-ID: <20210130020652.GB7163@mail.hallyn.com> (raw)
In-Reply-To: <87im7fuzdq.fsf@x220.int.ebiederm.org>
On Fri, Jan 29, 2021 at 04:55:29PM -0600, Eric W. Biederman wrote:
> "Serge E. Hallyn" <serge@hallyn.com> writes:
>
> > On Thu, Jan 28, 2021 at 02:19:13PM -0600, Eric W. Biederman wrote:
> >> "Serge E. Hallyn" <serge@hallyn.com> writes:
> >>
> >> > On Tue, Jan 19, 2021 at 07:34:49PM -0600, Eric W. Biederman wrote:
> >> >> Miklos Szeredi <mszeredi@redhat.com> writes:
> >> >>
> >> >> > If a capability is stored on disk in v2 format cap_inode_getsecurity() will
> >> >> > currently return in v2 format unconditionally.
> >> >> >
> >> >> > This is wrong: v2 cap should be equivalent to a v3 cap with zero rootid,
> >> >> > and so the same conversions performed on it.
> >> >> >
> >> >> > If the rootid cannot be mapped v3 is returned unconverted. Fix this so
> >> >> > that both v2 and v3 return -EOVERFLOW if the rootid (or the owner of the fs
> >> >> > user namespace in case of v2) cannot be mapped in the current user
> >> >> > namespace.
> >> >>
> >> >> This looks like a good cleanup.
> >> >
> >> > Sorry, I'm not following. Why is this a good cleanup? Why should
> >> > the xattr be shown as faked v3 in this case?
> >>
> >> If the reader is in &init_user_ns. If the filesystem was mounted in a
> >> user namespace. Then the reader looses the information that the
> >
> > Can you be more precise about "filesystem was mounted in a user namespace"?
> > Is this a FUSE thing, the fs is marked as being mounted in a non-init userns?
> > If that's a possible case, then yes that must be represented as v3. Using
> > is_v2header() may be the simpler way to check for that, but the more accurate
> > check would be "is it v2 header and mounted by init_user_ns".
>
> I think the filesystems current relevant are fuse,overlayfs,ramfs,tmpfs.
>
> > Basically yes, in as many cases as possible we want to just give a v2
> > cap because more userspace knows what to do with that, but a non-init-userns
> > mounted fs which provides a v2 fscap should have it represented as v3 cap
> > with rootid being the kuid that owns the userns.
>
> That is the case we that is being fixed in the patch.
>
> > Or am I still thinking wrongly? Wouldn't be entirely surprised :)
>
> No you got it.
So then can we make faking a v3 gated on whether
sb->s_user_ns != &init_user_ns ?
next prev parent reply other threads:[~2021-01-30 10:09 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-19 16:22 [PATCH 0/2] capability conversion fixes Miklos Szeredi
2021-01-19 16:22 ` [PATCH 1/2] ecryptfs: fix uid translation for setxattr on security.capability Miklos Szeredi
2021-01-19 21:06 ` Eric W. Biederman
2021-01-20 7:52 ` Miklos Szeredi
2021-01-22 16:04 ` Tyler Hicks
2021-01-22 18:31 ` Tyler Hicks
2021-01-25 13:25 ` Miklos Szeredi
2021-01-25 13:46 ` Miklos Szeredi
2021-01-26 1:52 ` Tyler Hicks
2021-01-19 16:22 ` [PATCH 2/2] security.capability: fix conversions on getxattr Miklos Szeredi
2021-01-20 1:34 ` Eric W. Biederman
2021-01-20 7:58 ` Miklos Szeredi
2021-01-28 16:58 ` Serge E. Hallyn
2021-01-28 20:19 ` Eric W. Biederman
2021-01-28 20:38 ` Miklos Szeredi
2021-01-28 20:49 ` Eric W. Biederman
[not found] ` <20210129154839.GC1130@mail.hallyn.com>
2021-01-29 22:55 ` Eric W. Biederman
2021-01-30 2:06 ` Serge E. Hallyn [this message]
2021-01-31 18:14 ` Eric W. Biederman
[not found] ` <CAJfpegt34fO8tUw8R2_ZxxKHBdBO_-quf+-f3N8aZmS=1oRdvQ@mail.gmail.com>
[not found] ` <20210129153807.GA1130@mail.hallyn.com>
2021-01-29 23:11 ` Eric W. Biederman
2021-01-30 2:04 ` Serge E. Hallyn
2021-01-20 19:37 ` kernel test robot
2021-01-20 19:37 ` kernel test robot
2021-01-20 21:08 ` kernel test robot
2021-01-20 21:08 ` kernel test robot
2021-01-19 21:10 ` [PATCH 0/2] capability conversion fixes Eric W. Biederman
2021-01-20 7:39 ` Miklos Szeredi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210130020652.GB7163@mail.hallyn.com \
--to=serge@hallyn.com \
--cc=christian.brauner@ubuntu.com \
--cc=ebiederm@xmission.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linux-unionfs@vger.kernel.org \
--cc=mszeredi@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.