From: Alessio Balsini <balsini@android.com>
To: Miklos Szeredi <miklos@szeredi.hu>
Cc: Akilesh Kailash <akailash@google.com>,
Amir Goldstein <amir73il@gmail.com>,
Antonio SJ Musumeci <trapexit@spawn.link>,
David Anderson <dvander@google.com>,
Giuseppe Scrivano <gscrivan@redhat.com>,
Jann Horn <jannh@google.com>, Jens Axboe <axboe@kernel.dk>,
Martijn Coenen <maco@android.com>,
Palmer Dabbelt <palmer@dabbelt.com>,
Paul Lawrence <paullawrence@google.com>,
Stefano Duo <stefanoduo@google.com>,
Zimuzo Ezeozue <zezeozue@google.com>,
fuse-devel@lists.sourceforge.net, kernel-team@android.com,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH V9 2/4] fuse: Trace daemon creds
Date: Thu, 24 Sep 2020 14:13:16 +0100
Message-ID: <20200924131318.2654747-3-balsini@android.com> (raw)
In-Reply-To: <20200924131318.2654747-1-balsini@android.com>
Add a reference to the FUSE daemon credentials, so that they can be used to
temporarily raise the user credentials when accessing lower file system
files in passthrough.
When using FUSE passthrough, read/write operations are directly forwarded
to the lower file system file, but there is no guarantee that the process
that is triggering the request has the right permissions to access the
lower file system.
By default, in the non-passthrough use case, it is the daemon that handles
the read/write operations, that can be performed to the lower file system
with the daemon privileges.
When passthrough is active, instead, the read/write operation is directly
applied to the lower file system, so to keep the same behavior as before,
the calling process temporarily receives the same credentials as the
daemon, that should be removed as soon as the operation completes.
Signed-off-by: Alessio Balsini <balsini@android.com>
---
fs/fuse/fuse_i.h | 3 +++
fs/fuse/inode.c | 8 ++++++++
2 files changed, 11 insertions(+)
diff --git a/fs/fuse/fuse_i.h b/fs/fuse/fuse_i.h
index 6c5166447905..67bf5919f8d6 100644
--- a/fs/fuse/fuse_i.h
+++ b/fs/fuse/fuse_i.h
@@ -524,6 +524,9 @@ struct fuse_conn {
/** The group id for this mount */
kgid_t group_id;
+ /** Creds of process which created this mount point */
+ const struct cred *creator_cred;
+
/** The pid namespace for this mount */
struct pid_namespace *pid_ns;
diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
index eb223130a917..d22407bfa959 100644
--- a/fs/fuse/inode.c
+++ b/fs/fuse/inode.c
@@ -654,6 +654,8 @@ void fuse_conn_put(struct fuse_conn *fc)
fiq->ops->release(fiq);
put_pid_ns(fc->pid_ns);
put_user_ns(fc->user_ns);
+ if (fc->creator_cred)
+ put_cred(fc->creator_cred);
fc->release(fc);
}
}
@@ -1203,6 +1205,12 @@ int fuse_fill_super_common(struct super_block *sb, struct fuse_fs_context *ctx)
fc->allow_other = ctx->allow_other;
fc->user_id = ctx->user_id;
fc->group_id = ctx->group_id;
+ fc->creator_cred = prepare_creds();
+ if (!fc->creator_cred) {
+ err = -ENOMEM;
+ goto err_dev_free;
+ }
+
fc->max_read = max_t(unsigned, 4096, ctx->max_read);
fc->destroy = ctx->destroy;
fc->no_control = ctx->no_control;
--
2.28.0.681.g6f77f65b4e-goog
next prev parent reply index
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-24 13:13 [PATCH V9 0/4] fuse: Add support for passthrough read/write Alessio Balsini
2020-09-24 13:13 ` [PATCH V9 1/4] fuse: Definitions and ioctl() for passthrough Alessio Balsini
2020-09-29 14:37 ` Alessio Balsini
2020-09-30 15:44 ` Miklos Szeredi
2020-10-22 16:12 ` Alessio Balsini
2020-09-24 13:13 ` Alessio Balsini [this message]
2020-09-30 18:45 ` [PATCH V9 2/4] fuse: Trace daemon creds Miklos Szeredi
2020-09-30 19:16 ` Antonio SJ Musumeci
2020-10-22 16:14 ` Alessio Balsini
2020-09-24 13:13 ` [PATCH V9 3/4] fuse: Introduce synchronous read and write for passthrough Alessio Balsini
2020-09-30 18:50 ` Miklos Szeredi
2020-10-22 16:17 ` Alessio Balsini
2020-09-24 13:13 ` [PATCH V9 4/4] fuse: Handle asynchronous read and write in passthrough Alessio Balsini
2020-09-30 18:54 ` Miklos Szeredi
2020-10-22 16:38 ` Alessio Balsini
2020-09-30 15:33 ` [PATCH V9 0/4] fuse: Add support for passthrough read/write Miklos Szeredi
2020-10-02 13:38 ` Alessio Balsini
2020-10-21 15:39 ` Alessio Balsini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200924131318.2654747-3-balsini@android.com \
--to=balsini@android.com \
--cc=akailash@google.com \
--cc=amir73il@gmail.com \
--cc=axboe@kernel.dk \
--cc=dvander@google.com \
--cc=fuse-devel@lists.sourceforge.net \
--cc=gscrivan@redhat.com \
--cc=jannh@google.com \
--cc=kernel-team@android.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=maco@android.com \
--cc=miklos@szeredi.hu \
--cc=palmer@dabbelt.com \
--cc=paullawrence@google.com \
--cc=stefanoduo@google.com \
--cc=trapexit@spawn.link \
--cc=zezeozue@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Linux-Fsdevel Archive on lore.kernel.org
Archives are clonable:
git clone --mirror https://lore.kernel.org/linux-fsdevel/0 linux-fsdevel/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 linux-fsdevel linux-fsdevel/ https://lore.kernel.org/linux-fsdevel \
linux-fsdevel@vger.kernel.org
public-inbox-index linux-fsdevel
Example config snippet for mirrors
Newsgroup available over NNTP:
nntp://nntp.lore.kernel.org/org.kernel.vger.linux-fsdevel
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git