From: "xuyang2018.jy@fujitsu.com" <xuyang2018.jy@fujitsu.com>
To: Christian Brauner <brauner@kernel.org>
Cc: "david@fromorbit.com" <david@fromorbit.com>,
"djwong@kernel.org" <djwong@kernel.org>,
"linux-fsdevel@vger.kernel.org" <linux-fsdevel@vger.kernel.org>,
"fstests@vger.kernel.org" <fstests@vger.kernel.org>
Subject: Re: [PATCH v3 3/5] idmapped-mounts: Add open with O_TMPFILE operation in setgid test
Date: Wed, 13 Apr 2022 08:48:11 +0000 [thread overview]
Message-ID: <62569C96.3080207@fujitsu.com> (raw)
In-Reply-To: <20220413080733.6sz3tssi4wo3jc67@wittgenstein>
on 2022/4/13 16:07, Christian Brauner wrote:
> On Tue, Apr 12, 2022 at 07:33:44PM +0800, Yang Xu wrote:
>> Since we can create temp file by using O_TMPFILE flag and filesystem driver also
>> has this api, we should also check this operation whether strip S_ISGID.
>>
>> Reviewed-by: Christian Brauner (Microsoft)<brauner@kernel.org>
>> Signed-off-by: Yang Xu<xuyang2018.jy@fujitsu.com>
>> ---
>> src/idmapped-mounts/idmapped-mounts.c | 148 ++++++++++++++++++++++++++
>> 1 file changed, 148 insertions(+)
>>
>> diff --git a/src/idmapped-mounts/idmapped-mounts.c b/src/idmapped-mounts/idmapped-mounts.c
>> index 617f56e0..02f91558 100644
>> --- a/src/idmapped-mounts/idmapped-mounts.c
>> +++ b/src/idmapped-mounts/idmapped-mounts.c
>> @@ -51,6 +51,7 @@
>> #define FILE1_RENAME "file1_rename"
>> #define FILE2 "file2"
>> #define FILE2_RENAME "file2_rename"
>> +#define FILE3 "file3"
>> #define DIR1 "dir1"
>> #define DIR2 "dir2"
>> #define DIR3 "dir3"
>> @@ -337,6 +338,24 @@ out:
>> return fret;
>> }
>>
>> +static bool openat_tmpfile_supported(int dirfd)
>> +{
>> + int fd = -1;
>> +
>> + fd = openat(dirfd, ".", O_TMPFILE | O_RDWR, S_IXGRP | S_ISGID);
>> + if (fd == -1) {
>> + if (errno == ENOTSUP)
>> + return false;
>> + else
>> + return log_errno(false, "failure: create");
>> + }
>> +
>> + if (close(fd))
>> + log_stderr("failure: close");
>> +
>> + return true;
>> +}
>> +
>> /* __expected_uid_gid - check whether file is owned by the provided uid and gid */
>> static bool __expected_uid_gid(int dfd, const char *path, int flags,
>> uid_t expected_uid, gid_t expected_gid, bool log)
>> @@ -7841,7 +7860,10 @@ static int setgid_create(void)
>> {
>> int fret = -1;
>> int file1_fd = -EBADF;
>> + int tmpfile_fd = -EBADF;
>> pid_t pid;
>> + bool supported = false;
>> + char path[PATH_MAX];
>>
>> if (!caps_supported())
>> return 0;
>> @@ -7866,6 +7888,8 @@ static int setgid_create(void)
>> goto out;
>> }
>>
>> + supported = openat_tmpfile_supported(t_dir1_fd);
>> +
>> pid = fork();
>> if (pid< 0) {
>> log_stderr("failure: fork");
>> @@ -7929,6 +7953,25 @@ static int setgid_create(void)
>> if (unlinkat(t_dir1_fd, CHRDEV1, 0))
>> die("failure: delete");
>>
>> + /* create tmpfile via filesystem tmpfile api */
>> + if (supported) {
>> + tmpfile_fd = openat(t_dir1_fd, ".", O_TMPFILE | O_RDWR, S_IXGRP | S_ISGID);
>> + if (tmpfile_fd< 0)
>> + die("failure: create");
>> + /* link the temporary file into the filesystem, making it permanent */
>> + snprintf(path, PATH_MAX, "/proc/self/fd/%d", tmpfile_fd);
>> + if (linkat(AT_FDCWD, path, t_dir1_fd, FILE3, AT_SYMLINK_FOLLOW))
>> + die("failure: linkat");
>
> Fwiw, I don't think you need that snprintf() dance as you should be able
> to use AT_EMPTY_PATH:
>
> if (linkat(fd, "", t_dir1_fd, FILE3, AT_EMPTY_PATH))
>
> for this.
Oh, Yes, it works well. Thanks.
ps:I also use this way but failed before(I used wrong argument NULL
instead of "" when see open(2) man-pages ) .
Best Regards
Yang Xu
next prev parent reply other threads:[~2022-04-13 8:48 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-12 11:33 [PATCH v3 1/5] idmapped-mounts: Reset errno to zero after detect fs_allow_idmap Yang Xu
2022-04-12 11:33 ` [PATCH v3 2/5] idmapped-mounts: Add mknodat operation in setgid test Yang Xu
2022-04-13 7:59 ` Christian Brauner
2022-04-13 8:31 ` xuyang2018.jy
2022-04-13 9:05 ` Christian Brauner
2022-04-12 11:33 ` [PATCH v3 3/5] idmapped-mounts: Add open with O_TMPFILE " Yang Xu
2022-04-13 8:07 ` Christian Brauner
2022-04-13 8:48 ` xuyang2018.jy [this message]
2022-04-12 11:33 ` [PATCH v3 4/5] idmapped-mounts: Add new setgid_create_umask test Yang Xu
2022-04-13 8:59 ` Christian Brauner
2022-04-13 9:45 ` xuyang2018.jy
2022-04-13 9:59 ` Christian Brauner
2022-04-13 10:09 ` xuyang2018.jy
2022-04-12 11:33 ` [PATCH v3 5/5] idmapped-mounts: Add new setgid_create_acl test Yang Xu
2022-04-13 7:50 ` [PATCH v3 1/5] idmapped-mounts: Reset errno to zero after detect fs_allow_idmap Christian Brauner
2022-05-07 1:33 ` xuyang2018.jy
2022-05-07 8:52 ` Zorro Lang
2022-05-07 9:12 ` xuyang2018.jy
2022-05-07 11:40 ` Christian Brauner
2022-05-07 12:26 ` Zorro Lang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=62569C96.3080207@fujitsu.com \
--to=xuyang2018.jy@fujitsu.com \
--cc=brauner@kernel.org \
--cc=david@fromorbit.com \
--cc=djwong@kernel.org \
--cc=fstests@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.