From: Miklos Szeredi <mszeredi@redhat.com>
To: "Eric W . Biederman" <ebiederm@xmission.com>
Cc: linux-fsdevel@vger.kernel.org, linux-unionfs@vger.kernel.org,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org,
John Johansen <john.johansen@canonical.com>,
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Subject: [PATCH v2 00/10] allow unprivileged overlay mounts
Date: Mon, 7 Dec 2020 17:32:45 +0100 [thread overview]
Message-ID: <20201207163255.564116-1-mszeredi@redhat.com> (raw)
I've done some more work to verify that unprivileged mount of overlayfs is
safe.
One thing I did is to basically audit all function calls made by overlayfs
to see if it's normally called with any checks and whether overlayfs calls
it with the same (permission and other) checks.
Some of this work has already made it into 5.8 and this series contains
more fixes.
A general observation is that overlayfs does not call security_path_*()
hooks on the underlying fs. I don't see this as a problem, because a
simple bind mount done inside a private mount namespace also defeats the
path based security checks. Maybe I'm missing something here, so I'm
interested in comments from AppArmor and Tomoyo developers.
Eric, do you have thought about what to look for with respect to
unprivileged mount safety and whether you think this is ready for upstream?
Git tree:
git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs.git#ovl-unpriv-v2
Thanks,
Miklos
Miklos Szeredi (10):
vfs: move cap_convert_nscap() call into vfs_setxattr()
vfs: verify source area in vfs_dedupe_file_range_one()
ovl: check privs before decoding file handle
ovl: make ioctl() safe
ovl: simplify file splice
ovl: user xattr
ovl: do not fail when setting origin xattr
ovl: do not fail because of O_NOATIME
ovl: do not get metacopy for userxattr
ovl: unprivieged mounts
fs/overlayfs/copy_up.c | 3 +-
fs/overlayfs/file.c | 126 +++----------------------------------
fs/overlayfs/inode.c | 10 ++-
fs/overlayfs/namei.c | 3 +
fs/overlayfs/overlayfs.h | 8 ++-
fs/overlayfs/ovl_entry.h | 1 +
fs/overlayfs/super.c | 56 +++++++++++++++--
fs/overlayfs/util.c | 12 +++-
fs/remap_range.c | 10 ++-
fs/xattr.c | 17 +++--
include/linux/capability.h | 2 +-
security/commoncap.c | 3 +-
12 files changed, 110 insertions(+), 141 deletions(-)
--
2.26.2
next reply other threads:[~2020-12-07 16:34 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-07 16:32 Miklos Szeredi [this message]
2020-12-07 16:32 ` [PATCH v2 01/10] vfs: move cap_convert_nscap() call into vfs_setxattr() Miklos Szeredi
2020-12-09 1:53 ` James Morris
2021-01-01 17:35 ` Eric W. Biederman
2021-01-11 13:49 ` Miklos Szeredi
2021-01-12 0:14 ` Eric W. Biederman
2021-01-12 9:43 ` Miklos Szeredi
2021-01-12 10:04 ` Miklos Szeredi
2021-01-12 18:36 ` Eric W. Biederman
2021-01-12 18:49 ` Eric W. Biederman
2020-12-07 16:32 ` [PATCH v2 02/10] vfs: verify source area in vfs_dedupe_file_range_one() Miklos Szeredi
2020-12-07 16:32 ` [PATCH v2 03/10] ovl: check privs before decoding file handle Miklos Szeredi
2020-12-08 13:49 ` Amir Goldstein
2020-12-09 10:13 ` Miklos Szeredi
2020-12-09 16:20 ` Miklos Szeredi
2020-12-09 18:16 ` Amir Goldstein
2020-12-07 16:32 ` [PATCH v2 04/10] ovl: make ioctl() safe Miklos Szeredi
2020-12-08 11:11 ` Amir Goldstein
2020-12-10 15:18 ` Miklos Szeredi
2020-12-14 5:44 ` Amir Goldstein
2020-12-14 13:23 ` Miklos Szeredi
2020-12-14 14:47 ` Amir Goldstein
2020-12-09 1:57 ` James Morris
2020-12-10 15:19 ` Miklos Szeredi
2020-12-07 16:32 ` [PATCH v2 05/10] ovl: simplify file splice Miklos Szeredi
2020-12-07 16:32 ` [PATCH v2 06/10] ovl: user xattr Miklos Szeredi
2020-12-08 13:10 ` Amir Goldstein
2020-12-11 14:55 ` Miklos Szeredi
2020-12-07 16:32 ` [PATCH v2 07/10] ovl: do not fail when setting origin xattr Miklos Szeredi
2020-12-07 16:32 ` [PATCH v2 08/10] ovl: do not fail because of O_NOATIME Miklos Szeredi
2020-12-08 11:29 ` Amir Goldstein
2020-12-11 14:44 ` Miklos Szeredi
2020-12-14 5:49 ` Amir Goldstein
2020-12-07 16:32 ` [PATCH v2 09/10] ovl: do not get metacopy for userxattr Miklos Szeredi
2020-12-07 16:32 ` [PATCH v2 10/10] ovl: unprivieged mounts Miklos Szeredi
2020-12-08 10:27 ` [PATCH v2 00/10] allow unprivileged overlay mounts Tetsuo Handa
2020-12-10 8:56 ` John Johansen
2020-12-10 9:39 ` Miklos Szeredi
2020-12-15 11:03 ` John Johansen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201207163255.564116-1-mszeredi@redhat.com \
--to=mszeredi@redhat.com \
--cc=ebiederm@xmission.com \
--cc=john.johansen@canonical.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linux-unionfs@vger.kernel.org \
--cc=penguin-kernel@I-love.SAKURA.ne.jp \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).