* 4.2: Can't mount sysfs in a mount ns & user ns
@ 2015-08-13 7:53 Lubomir Rintel
2015-08-13 15:20 ` Eric W. Biederman
0 siblings, 1 reply; 7+ messages in thread
From: Lubomir Rintel @ 2015-08-13 7:53 UTC (permalink / raw)
To: linux-fsdevel; +Cc: Eric W. Biederman
Hi,
4.0.6-300.fc22.x86_64:
[lkundrak@fedora22-1 ~]$ unshare -r --mount --net
[root@fedora22-1 ~]# mount --make-slave /sys
[root@fedora22-1 ~]# mount -t sysfs sysfs /sys
[root@fedora22-1 ~]#
4.2.0-0.rc6.git0.1.fc24.x86_64:
[lkundrak@fedora23-1 ~]$ unshare -r --mount --net
[root@fedora23-1 ~]# mount --make-slave /sys
[root@fedora23-1 ~]# mount -t sysfs sysfs /sys
mount: permission denied
[root@fedora23-1 ~]#
we use this in NetworkManager test suite, to ensure the devices we see
via GUdev are the same as we see via rtnetlink.
I'm wondering if this is a bug or an intended change?
Thanks,
Lubo
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: 4.2: Can't mount sysfs in a mount ns & user ns
2015-08-13 7:53 4.2: Can't mount sysfs in a mount ns & user ns Lubomir Rintel
@ 2015-08-13 15:20 ` Eric W. Biederman
2015-08-13 16:07 ` Lubomir Rintel
0 siblings, 1 reply; 7+ messages in thread
From: Eric W. Biederman @ 2015-08-13 15:20 UTC (permalink / raw)
To: Lubomir Rintel; +Cc: linux-fsdevel
Lubomir Rintel <lkundrak@v3.sk> writes:
> Hi,
>
> 4.0.6-300.fc22.x86_64:
> [lkundrak@fedora22-1 ~]$ unshare -r --mount --net
> [root@fedora22-1 ~]# mount --make-slave /sys
> [root@fedora22-1 ~]# mount -t sysfs sysfs /sys
> [root@fedora22-1 ~]#
>
> 4.2.0-0.rc6.git0.1.fc24.x86_64:
> [lkundrak@fedora23-1 ~]$ unshare -r --mount --net
> [root@fedora23-1 ~]# mount --make-slave /sys
> [root@fedora23-1 ~]# mount -t sysfs sysfs /sys
> mount: permission denied
> [root@fedora23-1 ~]#
>
> we use this in NetworkManager test suite, to ensure the devices we see
> via GUdev are the same as we see via rtnetlink.
>
> I'm wondering if this is a bug or an intended change?
There was an intentional tightening up of the permissions required to
mount sysfs to prevent people in jails from gaining access to things
they would not ordinarily have access to. The change was not expected
to affect anyones legitimate use case.
What are the mount flags of the previous mount of sysfs?
What is mounted on top of sysfs?
Or in short can I see /proc/self/mounts for the failing scenario?
Without a little more detail I can't see if there is a possible security
violation in your code or if this is something I can fix.
Eric
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: 4.2: Can't mount sysfs in a mount ns & user ns
2015-08-13 15:20 ` Eric W. Biederman
@ 2015-08-13 16:07 ` Lubomir Rintel
2015-08-13 16:17 ` Eric W. Biederman
0 siblings, 1 reply; 7+ messages in thread
From: Lubomir Rintel @ 2015-08-13 16:07 UTC (permalink / raw)
To: Eric W. Biederman; +Cc: linux-fsdevel
Hello,
On Thu, 2015-08-13 at 10:20 -0500, Eric W. Biederman wrote:
> Lubomir Rintel <lkundrak@v3.sk> writes:
>
> > Hi,
> >
> > 4.0.6-300.fc22.x86_64:
> > [lkundrak@fedora22-1 ~]$ unshare -r --mount --net
> > [root@fedora22-1 ~]# mount --make-slave /sys
> > [root@fedora22-1 ~]# mount -t sysfs sysfs /sys
> > [root@fedora22-1 ~]#
> >
> > 4.2.0-0.rc6.git0.1.fc24.x86_64:
> > [lkundrak@fedora23-1 ~]$ unshare -r --mount --net
> > [root@fedora23-1 ~]# mount --make-slave /sys
> > [root@fedora23-1 ~]# mount -t sysfs sysfs /sys
> > mount: permission denied
> > [root@fedora23-1 ~]#
> >
> > we use this in NetworkManager test suite, to ensure the devices we
> > see
> > via GUdev are the same as we see via rtnetlink.
> >
> > I'm wondering if this is a bug or an intended change?
>
> There was an intentional tightening up of the permissions required to
> mount sysfs to prevent people in jails from gaining access to things
> they would not ordinarily have access to. The change was not
> expected
> to affect anyones legitimate use case.
>
> What are the mount flags of the previous mount of sysfs?
> What is mounted on top of sysfs?
>
> Or in short can I see /proc/self/mounts for the failing scenario?
Looks like this:
sysfs /sys sysfs rw,seclabel,nosuid,nodev,noexec,relatime 0 0
proc /proc proc rw,relatime 0 0
devtmpfs /dev devtmpfs rw,seclabel,nosuid,size=882904k,nr_inodes=220726,mode=755 0 0
securityfs /sys/kernel/security securityfs rw,nosuid,nodev,noexec,relatime 0 0
tmpfs /dev/shm tmpfs rw,seclabel,nosuid,nodev 0 0
devpts /dev/pts devpts rw,seclabel,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0
tmpfs /run tmpfs rw,seclabel,nosuid,nodev,mode=755 0 0
tmpfs /sys/fs/cgroup tmpfs ro,seclabel,nosuid,nodev,noexec,mode=755 0 0
cgroup /sys/fs/cgroup/systemd cgroup rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd 0 0
pstore /sys/fs/pstore pstore rw,seclabel,nosuid,nodev,noexec,relatime 0 0
kdbusfs /sys/fs/kdbus kdbusfs rw,nosuid,nodev,noexec,relatime 0 0
cgroup /sys/fs/cgroup/hugetlb cgroup rw,nosuid,nodev,noexec,relatime,hugetlb 0 0
cgroup /sys/fs/cgroup/net_cls,net_prio cgroup rw,nosuid,nodev,noexec,relatime,net_cls,net_prio 0 0
cgroup /sys/fs/cgroup/devices cgroup rw,nosuid,nodev,noexec,relatime,devices 0 0
cgroup /sys/fs/cgroup/cpu,cpuacct cgroup rw,nosuid,nodev,noexec,relatime,cpu,cpuacct 0 0
cgroup /sys/fs/cgroup/perf_event cgroup rw,nosuid,nodev,noexec,relatime,perf_event 0 0
cgroup /sys/fs/cgroup/cpuset cgroup rw,nosuid,nodev,noexec,relatime,cpuset 0 0
cgroup /sys/fs/cgroup/memory cgroup rw,nosuid,nodev,noexec,relatime,memory 0 0
cgroup /sys/fs/cgroup/freezer cgroup rw,nosuid,nodev,noexec,relatime,freezer 0 0
cgroup /sys/fs/cgroup/blkio cgroup rw,nosuid,nodev,noexec,relatime,blkio 0 0
configfs /sys/kernel/config configfs rw,relatime 0 0
/dev/vda3 / btrfs rw,seclabel,relatime,space_cache,subvolid=5,subvol=/ 0 0
selinuxfs /sys/fs/selinux selinuxfs rw,relatime 0 0
systemd-1 /proc/sys/fs/binfmt_misc autofs rw,relatime,fd=36,pgrp=1,timeout=0,minproto=5,maxproto=5,direct 0 0
tmpfs /tmp tmpfs rw,seclabel 0 0
mqueue /dev/mqueue mqueue rw,seclabel,relatime 0 0
debugfs /sys/kernel/debug debugfs rw,seclabel,relatime 0 0
hugetlbfs /dev/hugepages hugetlbfs rw,seclabel,relatime 0 0
/dev/vda1 /boot ext4 rw,seclabel,relatime,data=ordered 0 0
tmpfs /run/user/42 tmpfs rw,seclabel,nosuid,nodev,relatime,size=178648k,mode=700,uid=42,gid=42 0 0
gvfsd-fuse /run/user/42/gvfs fuse.gvfsd-fuse rw,nosuid,nodev,relatime,user_id=42,group_id=42 0 0
fusectl /sys/fs/fuse/connections fusectl rw,relatime 0 0
tmpfs /run/user/8086 tmpfs rw,seclabel,nosuid,nodev,relatime,size=178648k,mode=700,uid=8086,gid=8086 0 0
gvfsd-fuse /run/user/8086/gvfs fuse.gvfsd-fuse rw,nosuid,nodev,relatime,user_id=8086,group_id=8086 0 0
> Without a little more detail I can't see if there is a possible
> security
> violation in your code or if this is something I can fix.
>
> Eric
Thanks for the response
Lubo
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: 4.2: Can't mount sysfs in a mount ns & user ns
2015-08-13 16:07 ` Lubomir Rintel
@ 2015-08-13 16:17 ` Eric W. Biederman
2015-08-14 13:21 ` [PATCH] kdbus: create /sys/fs/kdbus with sysfs_create_mount_point() Lubomir Rintel
0 siblings, 1 reply; 7+ messages in thread
From: Eric W. Biederman @ 2015-08-13 16:17 UTC (permalink / raw)
To: Lubomir Rintel; +Cc: linux-fsdevel
Lubomir Rintel <lkundrak@v3.sk> writes:
> Hello,
>
> On Thu, 2015-08-13 at 10:20 -0500, Eric W. Biederman wrote:
>> Lubomir Rintel <lkundrak@v3.sk> writes:
>>
>> > Hi,
>> >
>> > 4.0.6-300.fc22.x86_64:
>> > [lkundrak@fedora22-1 ~]$ unshare -r --mount --net
>> > [root@fedora22-1 ~]# mount --make-slave /sys
>> > [root@fedora22-1 ~]# mount -t sysfs sysfs /sys
>> > [root@fedora22-1 ~]#
>> >
>> > 4.2.0-0.rc6.git0.1.fc24.x86_64:
>> > [lkundrak@fedora23-1 ~]$ unshare -r --mount --net
>> > [root@fedora23-1 ~]# mount --make-slave /sys
>> > [root@fedora23-1 ~]# mount -t sysfs sysfs /sys
>> > mount: permission denied
>> > [root@fedora23-1 ~]#
>> >
>> > we use this in NetworkManager test suite, to ensure the devices we
>> > see
>> > via GUdev are the same as we see via rtnetlink.
>> >
>> > I'm wondering if this is a bug or an intended change?
>>
>> There was an intentional tightening up of the permissions required to
>> mount sysfs to prevent people in jails from gaining access to things
>> they would not ordinarily have access to. The change was not
>> expected
>> to affect anyones legitimate use case.
>>
>> What are the mount flags of the previous mount of sysfs?
>> What is mounted on top of sysfs?
>>
>> Or in short can I see /proc/self/mounts for the failing scenario?
>
> Looks like this:
>
> sysfs /sys sysfs rw,seclabel,nosuid,nodev,noexec,relatime 0 0
> proc /proc proc rw,relatime 0 0
> devtmpfs /dev devtmpfs rw,seclabel,nosuid,size=882904k,nr_inodes=220726,mode=755 0 0
> securityfs /sys/kernel/security securityfs rw,nosuid,nodev,noexec,relatime 0 0
> tmpfs /dev/shm tmpfs rw,seclabel,nosuid,nodev 0 0
> devpts /dev/pts devpts rw,seclabel,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0
> tmpfs /run tmpfs rw,seclabel,nosuid,nodev,mode=755 0 0
> tmpfs /sys/fs/cgroup tmpfs ro,seclabel,nosuid,nodev,noexec,mode=755 0 0
> cgroup /sys/fs/cgroup/systemd cgroup rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd 0 0
> pstore /sys/fs/pstore pstore rw,seclabel,nosuid,nodev,noexec,relatime 0 0
> kdbusfs /sys/fs/kdbus kdbusfs rw,nosuid,nodev,noexec,relatime 0 0
^^^^^^^^^^^^^ This directory is probably not created with sysfs_create_mount_point
So I suspect this is your culprit.
> cgroup /sys/fs/cgroup/hugetlb cgroup rw,nosuid,nodev,noexec,relatime,hugetlb 0 0
> cgroup /sys/fs/cgroup/net_cls,net_prio cgroup rw,nosuid,nodev,noexec,relatime,net_cls,net_prio 0 0
> cgroup /sys/fs/cgroup/devices cgroup rw,nosuid,nodev,noexec,relatime,devices 0 0
> cgroup /sys/fs/cgroup/cpu,cpuacct cgroup rw,nosuid,nodev,noexec,relatime,cpu,cpuacct 0 0
> cgroup /sys/fs/cgroup/perf_event cgroup rw,nosuid,nodev,noexec,relatime,perf_event 0 0
> cgroup /sys/fs/cgroup/cpuset cgroup rw,nosuid,nodev,noexec,relatime,cpuset 0 0
> cgroup /sys/fs/cgroup/memory cgroup rw,nosuid,nodev,noexec,relatime,memory 0 0
> cgroup /sys/fs/cgroup/freezer cgroup rw,nosuid,nodev,noexec,relatime,freezer 0 0
> cgroup /sys/fs/cgroup/blkio cgroup rw,nosuid,nodev,noexec,relatime,blkio 0 0
> configfs /sys/kernel/config configfs rw,relatime 0 0
> /dev/vda3 / btrfs rw,seclabel,relatime,space_cache,subvolid=5,subvol=/ 0 0
> selinuxfs /sys/fs/selinux selinuxfs rw,relatime 0 0
> systemd-1 /proc/sys/fs/binfmt_misc autofs rw,relatime,fd=36,pgrp=1,timeout=0,minproto=5,maxproto=5,direct 0 0
> tmpfs /tmp tmpfs rw,seclabel 0 0
> mqueue /dev/mqueue mqueue rw,seclabel,relatime 0 0
> debugfs /sys/kernel/debug debugfs rw,seclabel,relatime 0 0
> hugetlbfs /dev/hugepages hugetlbfs rw,seclabel,relatime 0 0
> /dev/vda1 /boot ext4 rw,seclabel,relatime,data=ordered 0 0
> tmpfs /run/user/42 tmpfs rw,seclabel,nosuid,nodev,relatime,size=178648k,mode=700,uid=42,gid=42 0 0
> gvfsd-fuse /run/user/42/gvfs fuse.gvfsd-fuse rw,nosuid,nodev,relatime,user_id=42,group_id=42 0 0
> fusectl /sys/fs/fuse/connections fusectl rw,relatime 0 0
> tmpfs /run/user/8086 tmpfs rw,seclabel,nosuid,nodev,relatime,size=178648k,mode=700,uid=8086,gid=8086 0 0
> gvfsd-fuse /run/user/8086/gvfs fuse.gvfsd-fuse rw,nosuid,nodev,relatime,user_id=8086,group_id=8086 0 0
>
>> Without a little more detail I can't see if there is a possible
>> security
>> violation in your code or if this is something I can fix.
>>
>> Eric
>
> Thanks for the response
It looks like this is a kdbus thing. I don't see anything else that
should be causing problems. Please try again with kdbus disabled and
see what happens, and when it works please let the kdbus guys know that
the need to use sysfs_create_mount_point.
Eric
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH] kdbus: create /sys/fs/kdbus with sysfs_create_mount_point()
2015-08-13 16:17 ` Eric W. Biederman
@ 2015-08-14 13:21 ` Lubomir Rintel
2015-08-17 17:23 ` David Herrmann
0 siblings, 1 reply; 7+ messages in thread
From: Lubomir Rintel @ 2015-08-14 13:21 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: Daniel Mack, David Herrmann, Djalal Harouni, linux-kernel,
Eric W. Biederman, linux-fsdevel, Lubomir Rintel
Since 0cbee99269 user-namespace pull, if a kdbusfs is mounted on a
location that's not created with sysfs_create_mount_point the user
namespaces are not allowed to mount their sysfs instances.
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
---
Applies on top of char-misc/kdbus a36324913.
ipc/kdbus/main.c | 13 +++++--------
1 file changed, 5 insertions(+), 8 deletions(-)
diff --git a/ipc/kdbus/main.c b/ipc/kdbus/main.c
index 1ad4dc8..c2117ea 100644
--- a/ipc/kdbus/main.c
+++ b/ipc/kdbus/main.c
@@ -75,16 +75,13 @@
* '» struct kdbus_ep *ep (owned)
*/
-/* kdbus mount-point /sys/fs/kdbus */
-static struct kobject *kdbus_dir;
-
static int __init kdbus_init(void)
{
int ret;
- kdbus_dir = kobject_create_and_add(KBUILD_MODNAME, fs_kobj);
- if (!kdbus_dir)
- return -ENOMEM;
+ ret = sysfs_create_mount_point(fs_kobj, KBUILD_MODNAME);
+ if (ret)
+ return ret;
ret = kdbus_fs_init();
if (ret < 0) {
@@ -96,14 +93,14 @@ static int __init kdbus_init(void)
return 0;
exit_dir:
- kobject_put(kdbus_dir);
+ sysfs_remove_mount_point(fs_kobj, KBUILD_MODNAME);
return ret;
}
static void __exit kdbus_exit(void)
{
kdbus_fs_exit();
- kobject_put(kdbus_dir);
+ sysfs_remove_mount_point(fs_kobj, KBUILD_MODNAME);
ida_destroy(&kdbus_node_ida);
}
--
2.4.3
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH] kdbus: create /sys/fs/kdbus with sysfs_create_mount_point()
2015-08-14 13:21 ` [PATCH] kdbus: create /sys/fs/kdbus with sysfs_create_mount_point() Lubomir Rintel
@ 2015-08-17 17:23 ` David Herrmann
2015-08-17 20:52 ` Josh Boyer
0 siblings, 1 reply; 7+ messages in thread
From: David Herrmann @ 2015-08-17 17:23 UTC (permalink / raw)
To: Lubomir Rintel
Cc: Greg Kroah-Hartman, Daniel Mack, David Herrmann, Djalal Harouni,
linux-kernel, Eric W. Biederman, linux-fsdevel
Hi
On Fri, Aug 14, 2015 at 3:21 PM, Lubomir Rintel <lkundrak@v3.sk> wrote:
> Since 0cbee99269 user-namespace pull, if a kdbusfs is mounted on a
> location that's not created with sysfs_create_mount_point the user
> namespaces are not allowed to mount their sysfs instances.
>
> Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
> ---
> Applies on top of char-misc/kdbus a36324913.
This does not apply on top of char-misc/kdbus. The tree lacks the
necessary commits. But yeah, it's required for 4.2. I'll keep it
starred until Greg back-merges 4.2.
Anyway, this is still: Reviewed-by: David Herrmann <dh.herrmann@gmail.com>
Thanks!
David
> ipc/kdbus/main.c | 13 +++++--------
> 1 file changed, 5 insertions(+), 8 deletions(-)
>
> diff --git a/ipc/kdbus/main.c b/ipc/kdbus/main.c
> index 1ad4dc8..c2117ea 100644
> --- a/ipc/kdbus/main.c
> +++ b/ipc/kdbus/main.c
> @@ -75,16 +75,13 @@
> * '» struct kdbus_ep *ep (owned)
> */
>
> -/* kdbus mount-point /sys/fs/kdbus */
> -static struct kobject *kdbus_dir;
> -
> static int __init kdbus_init(void)
> {
> int ret;
>
> - kdbus_dir = kobject_create_and_add(KBUILD_MODNAME, fs_kobj);
> - if (!kdbus_dir)
> - return -ENOMEM;
> + ret = sysfs_create_mount_point(fs_kobj, KBUILD_MODNAME);
> + if (ret)
> + return ret;
>
> ret = kdbus_fs_init();
> if (ret < 0) {
> @@ -96,14 +93,14 @@ static int __init kdbus_init(void)
> return 0;
>
> exit_dir:
> - kobject_put(kdbus_dir);
> + sysfs_remove_mount_point(fs_kobj, KBUILD_MODNAME);
> return ret;
> }
>
> static void __exit kdbus_exit(void)
> {
> kdbus_fs_exit();
> - kobject_put(kdbus_dir);
> + sysfs_remove_mount_point(fs_kobj, KBUILD_MODNAME);
> ida_destroy(&kdbus_node_ida);
> }
>
> --
> 2.4.3
>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] kdbus: create /sys/fs/kdbus with sysfs_create_mount_point()
2015-08-17 17:23 ` David Herrmann
@ 2015-08-17 20:52 ` Josh Boyer
0 siblings, 0 replies; 7+ messages in thread
From: Josh Boyer @ 2015-08-17 20:52 UTC (permalink / raw)
To: David Herrmann
Cc: Lubomir Rintel, Greg Kroah-Hartman, Daniel Mack, David Herrmann,
Djalal Harouni, linux-kernel, Eric W. Biederman, linux-fsdevel
On Mon, Aug 17, 2015 at 1:23 PM, David Herrmann <dh.herrmann@gmail.com> wrote:
> Hi
>
> On Fri, Aug 14, 2015 at 3:21 PM, Lubomir Rintel <lkundrak@v3.sk> wrote:
>> Since 0cbee99269 user-namespace pull, if a kdbusfs is mounted on a
>> location that's not created with sysfs_create_mount_point the user
>> namespaces are not allowed to mount their sysfs instances.
>>
>> Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
>> ---
>> Applies on top of char-misc/kdbus a36324913.
>
> This does not apply on top of char-misc/kdbus. The tree lacks the
> necessary commits. But yeah, it's required for 4.2. I'll keep it
> starred until Greg back-merges 4.2.
>
> Anyway, this is still: Reviewed-by: David Herrmann <dh.herrmann@gmail.com>
Grumble. Keeping track of this is getting to be somewhat of a pain.
Why isn't the kdbus-next branch already at 4.2?
So if one was carrying the contents of char-misc/kdbus as stand-alone
patches on top of 4.2-rc7, should your Reviewed-by count as "yes,
apply this patch in that instance?"
josh
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2015-08-17 20:52 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-08-13 7:53 4.2: Can't mount sysfs in a mount ns & user ns Lubomir Rintel
2015-08-13 15:20 ` Eric W. Biederman
2015-08-13 16:07 ` Lubomir Rintel
2015-08-13 16:17 ` Eric W. Biederman
2015-08-14 13:21 ` [PATCH] kdbus: create /sys/fs/kdbus with sysfs_create_mount_point() Lubomir Rintel
2015-08-17 17:23 ` David Herrmann
2015-08-17 20:52 ` Josh Boyer
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.