From: Vivek Goyal <vgoyal@redhat.com> To: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, virtio-fs@redhat.com, miklos@szeredi.hu Cc: vgoyal@redhat.com, lhenriques@suse.de, dgilbert@redhat.com, seth.forshee@canonical.com Subject: [PATCH 3/3] fuse: Add a flag FUSE_SETXATTR_ACL_KILL_SGID to kill SGID Date: Fri, 19 Mar 2021 15:55:47 -0400 [thread overview] Message-ID: <20210319195547.427371-4-vgoyal@redhat.com> (raw) In-Reply-To: <20210319195547.427371-1-vgoyal@redhat.com> When posix access ACL is set, it can have an effect on file mode and it can also need to clear SGID if. - None of caller's group/supplementary groups match file owner group. AND - Caller is not priviliged (No CAP_FSETID). As of now fuser server is responsible for changing the file mode as well. But it does not know whether to clear SGID or not. So add a flag FUSE_SETXATTR_ACL_KILL_SGID and send this info with SETXATTR to let file server know that sgid needs to be cleared as well. Reported-by: Luis Henriques <lhenriques@suse.de> Signed-off-by: Vivek Goyal <vgoyal@redhat.com> --- fs/fuse/acl.c | 7 ++++++- include/uapi/linux/fuse.h | 7 +++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/fs/fuse/acl.c b/fs/fuse/acl.c index d31260a139d4..45358124181a 100644 --- a/fs/fuse/acl.c +++ b/fs/fuse/acl.c @@ -71,6 +71,7 @@ int fuse_set_acl(struct user_namespace *mnt_userns, struct inode *inode, return -EINVAL; if (acl) { + unsigned extra_flags = 0; /* * Fuse userspace is responsible for updating access * permissions in the inode, if needed. fuse_setxattr @@ -94,7 +95,11 @@ int fuse_set_acl(struct user_namespace *mnt_userns, struct inode *inode, return ret; } - ret = fuse_setxattr(inode, name, value, size, 0, 0); + if (fc->setxattr_v2 && + posix_acl_mode_clear_sgid(&init_user_ns, inode)) + extra_flags |= FUSE_SETXATTR_ACL_KILL_SGID; + + ret = fuse_setxattr(inode, name, value, size, 0, extra_flags); kfree(value); } else { ret = fuse_removexattr(inode, name); diff --git a/include/uapi/linux/fuse.h b/include/uapi/linux/fuse.h index 1bb555c1c117..08c11a7beaa7 100644 --- a/include/uapi/linux/fuse.h +++ b/include/uapi/linux/fuse.h @@ -180,6 +180,7 @@ * - add FUSE_HANDLE_KILLPRIV_V2, FUSE_WRITE_KILL_SUIDGID, FATTR_KILL_SUIDGID * - add FUSE_OPEN_KILL_SUIDGID * - add FUSE_SETXATTR_V2 + * - add FUSE_SETXATTR_ACL_KILL_SGID */ #ifndef _LINUX_FUSE_H @@ -454,6 +455,12 @@ struct fuse_file_lock { */ #define FUSE_OPEN_KILL_SUIDGID (1 << 0) +/** + * setxattr flags + * FUSE_SETXATTR_ACL_KILL_SGID: Clear SGID when system.posix_acl_access is set + */ +#define FUSE_SETXATTR_ACL_KILL_SGID (1 << 0) + enum fuse_opcode { FUSE_LOOKUP = 1, FUSE_FORGET = 2, /* no reply */ -- 2.25.4
WARNING: multiple messages have this Message-ID (diff)
From: Vivek Goyal <vgoyal@redhat.com> To: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, virtio-fs@redhat.com, miklos@szeredi.hu Cc: seth.forshee@canonical.com, vgoyal@redhat.com Subject: [Virtio-fs] [PATCH 3/3] fuse: Add a flag FUSE_SETXATTR_ACL_KILL_SGID to kill SGID Date: Fri, 19 Mar 2021 15:55:47 -0400 [thread overview] Message-ID: <20210319195547.427371-4-vgoyal@redhat.com> (raw) In-Reply-To: <20210319195547.427371-1-vgoyal@redhat.com> When posix access ACL is set, it can have an effect on file mode and it can also need to clear SGID if. - None of caller's group/supplementary groups match file owner group. AND - Caller is not priviliged (No CAP_FSETID). As of now fuser server is responsible for changing the file mode as well. But it does not know whether to clear SGID or not. So add a flag FUSE_SETXATTR_ACL_KILL_SGID and send this info with SETXATTR to let file server know that sgid needs to be cleared as well. Reported-by: Luis Henriques <lhenriques@suse.de> Signed-off-by: Vivek Goyal <vgoyal@redhat.com> --- fs/fuse/acl.c | 7 ++++++- include/uapi/linux/fuse.h | 7 +++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/fs/fuse/acl.c b/fs/fuse/acl.c index d31260a139d4..45358124181a 100644 --- a/fs/fuse/acl.c +++ b/fs/fuse/acl.c @@ -71,6 +71,7 @@ int fuse_set_acl(struct user_namespace *mnt_userns, struct inode *inode, return -EINVAL; if (acl) { + unsigned extra_flags = 0; /* * Fuse userspace is responsible for updating access * permissions in the inode, if needed. fuse_setxattr @@ -94,7 +95,11 @@ int fuse_set_acl(struct user_namespace *mnt_userns, struct inode *inode, return ret; } - ret = fuse_setxattr(inode, name, value, size, 0, 0); + if (fc->setxattr_v2 && + posix_acl_mode_clear_sgid(&init_user_ns, inode)) + extra_flags |= FUSE_SETXATTR_ACL_KILL_SGID; + + ret = fuse_setxattr(inode, name, value, size, 0, extra_flags); kfree(value); } else { ret = fuse_removexattr(inode, name); diff --git a/include/uapi/linux/fuse.h b/include/uapi/linux/fuse.h index 1bb555c1c117..08c11a7beaa7 100644 --- a/include/uapi/linux/fuse.h +++ b/include/uapi/linux/fuse.h @@ -180,6 +180,7 @@ * - add FUSE_HANDLE_KILLPRIV_V2, FUSE_WRITE_KILL_SUIDGID, FATTR_KILL_SUIDGID * - add FUSE_OPEN_KILL_SUIDGID * - add FUSE_SETXATTR_V2 + * - add FUSE_SETXATTR_ACL_KILL_SGID */ #ifndef _LINUX_FUSE_H @@ -454,6 +455,12 @@ struct fuse_file_lock { */ #define FUSE_OPEN_KILL_SUIDGID (1 << 0) +/** + * setxattr flags + * FUSE_SETXATTR_ACL_KILL_SGID: Clear SGID when system.posix_acl_access is set + */ +#define FUSE_SETXATTR_ACL_KILL_SGID (1 << 0) + enum fuse_opcode { FUSE_LOOKUP = 1, FUSE_FORGET = 2, /* no reply */ -- 2.25.4
next prev parent reply other threads:[~2021-03-19 19:57 UTC|newest] Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-03-19 19:55 [PATCH 0/3] fuse: Fix clearing SGID when access ACL is set Vivek Goyal 2021-03-19 19:55 ` [Virtio-fs] " Vivek Goyal 2021-03-19 19:55 ` [PATCH 1/3] posic_acl: Add a helper determine if SGID should be cleared Vivek Goyal 2021-03-19 19:55 ` [Virtio-fs] " Vivek Goyal 2021-03-19 22:42 ` Andreas Grünbacher 2021-03-19 22:42 ` [Virtio-fs] " Andreas Grünbacher 2021-03-20 10:03 ` Christian Brauner 2021-03-20 10:03 ` [Virtio-fs] " Christian Brauner 2021-03-22 17:01 ` Vivek Goyal 2021-03-22 17:01 ` [Virtio-fs] " Vivek Goyal 2021-03-23 9:32 ` Christian Brauner 2021-03-23 9:32 ` [Virtio-fs] " Christian Brauner 2021-03-23 22:50 ` Vivek Goyal 2021-03-23 22:50 ` [Virtio-fs] " Vivek Goyal 2021-03-19 19:55 ` [PATCH 2/3] fuse: Add support for FUSE_SETXATTR_V2 Vivek Goyal 2021-03-19 19:55 ` [Virtio-fs] " Vivek Goyal 2021-03-19 19:55 ` Vivek Goyal [this message] 2021-03-19 19:55 ` [Virtio-fs] [PATCH 3/3] fuse: Add a flag FUSE_SETXATTR_ACL_KILL_SGID to kill SGID Vivek Goyal
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20210319195547.427371-4-vgoyal@redhat.com \ --to=vgoyal@redhat.com \ --cc=dgilbert@redhat.com \ --cc=lhenriques@suse.de \ --cc=linux-fsdevel@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=miklos@szeredi.hu \ --cc=seth.forshee@canonical.com \ --cc=virtio-fs@redhat.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.