From: "Darrick J. Wong" <djwong@kernel.org>
To: Andrey Zhadchenko <andrey.zhadchenko@virtuozzo.com>
Cc: Christian Brauner <brauner@kernel.org>,
linux-xfs@vger.kernel.org, christian.brauner@ubuntu.com,
hch@lst.de
Subject: Re: [PATCH] xfs: do not clear S_ISUID|S_ISGID for idmapped mounts
Date: Fri, 25 Feb 2022 09:11:27 -0800 [thread overview]
Message-ID: <20220225171127.GR8313@magnolia> (raw)
In-Reply-To: <e7cbc35c-386b-3323-0cef-da1ebf358f1a@virtuozzo.com>
On Fri, Feb 25, 2022 at 01:42:26PM +0300, Andrey Zhadchenko wrote:
>
>
> On 2/25/22 12:45, Christian Brauner wrote:
> > On Thu, Feb 24, 2022 at 05:57:38PM -0800, Darrick J. Wong wrote:
> > > On Mon, Feb 21, 2022 at 09:22:18PM +0300, Andrey Zhadchenko wrote:
> > > > xfs_fileattr_set() handles idmapped mounts correctly and do not drop this
> > > > bits.
> > > > Unfortunately chown syscall results in different callstask:
> > > > i_op->xfs_vn_setattr()->...->xfs_setattr_nonsize() which checks if process
> > > > has CAP_FSETID capable in init_user_ns rather than mntns userns.
> > > >
> > > > Signed-off-by: Andrey Zhadchenko <andrey.zhadchenko@virtuozzo.com>
> > >
> > > LGTM...
> > > Reviewed-by: Darrick J. Wong <djwong@kernel.org>
> >
> > Darrick, could I ask you to please wait with applying.
> > The correct fix for this is either to simply remove the check here
> > altogether as we figured out in the thread or to switch to a generic vfs
> > helper setattr_copy().
> > Andrey will send a new patch in the not too distant future afaict
> > including tests.
>
> Yes, please do not apply this patch for now. I am currently working on next
> version, however it is postponed a bit due to my personal affairs.
> Also I intend to add a second patch for xfs_fileattr_set() since it has the
> similar flaw - it may drop S_ISUID|S_ISGID for directories and may not drop
> S_ISUID for executable files.
> I expect to send patches next week alongside with new xfstests.
Ah, fair enough. Felipe noticed that generic/673 produced inconsistent
outputs between btrfs and xfs last week and had asked about why the
setuid/setgid dropping behavior was unique to xfs. We discovered that
xfs' omission of the setattr_copy logic was behind that...
--D
prev parent reply other threads:[~2022-02-25 17:11 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-21 18:22 [PATCH] xfs: do not clear S_ISUID|S_ISGID for idmapped mounts Andrey Zhadchenko
2022-02-22 8:33 ` Christoph Hellwig
2022-02-22 9:25 ` Andrey Zhadchenko
2022-02-22 10:24 ` Christian Brauner
2022-02-22 11:19 ` Andrey Zhadchenko
2022-02-22 12:23 ` Christian Brauner
2022-02-22 12:36 ` Christian Brauner
2022-02-22 12:44 ` Christian Brauner
2022-02-22 14:54 ` Andrey Zhadchenko
2022-02-22 15:03 ` Christian Brauner
2022-02-22 21:40 ` Dave Chinner
2022-02-23 8:11 ` Christian Brauner
2022-02-25 1:57 ` Darrick J. Wong
2022-02-25 9:45 ` Christian Brauner
2022-02-25 10:42 ` Andrey Zhadchenko
2022-02-25 17:11 ` Darrick J. Wong [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220225171127.GR8313@magnolia \
--to=djwong@kernel.org \
--cc=andrey.zhadchenko@virtuozzo.com \
--cc=brauner@kernel.org \
--cc=christian.brauner@ubuntu.com \
--cc=hch@lst.de \
--cc=linux-xfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.