From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.2 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS, USER_AGENT_SANE_1 autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A2475C55185 for ; Wed, 22 Apr 2020 20:57:28 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 8791321473 for ; Wed, 22 Apr 2020 20:57:28 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726460AbgDVU5Z (ORCPT ); Wed, 22 Apr 2020 16:57:25 -0400 Received: from mail.hallyn.com ([178.63.66.53]:45876 "EHLO mail.hallyn.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726105AbgDVU5Z (ORCPT ); Wed, 22 Apr 2020 16:57:25 -0400 X-Greylist: delayed 391 seconds by postgrey-1.27 at vger.kernel.org; Wed, 22 Apr 2020 16:57:22 EDT Received: by mail.hallyn.com (Postfix, from userid 1001) id 2555C9A3; Wed, 22 Apr 2020 15:50:51 -0500 (CDT) Date: Wed, 22 Apr 2020 15:50:51 -0500 From: "Serge E. Hallyn" To: Christian Brauner Cc: Jens Axboe , Greg Kroah-Hartman , linux-kernel@vger.kernel.org, linux-block@vger.kernel.org, linux-api@vger.kernel.org, Jonathan Corbet , Serge Hallyn , "Rafael J. Wysocki" , Tejun Heo , "David S. Miller" , Saravana Kannan , Jan Kara , David Howells , Seth Forshee , David Rheinsberg , Tom Gundersen , Christian Kellner , Dmitry Vyukov , =?iso-8859-1?Q?St=E9phane?= Graber , linux-doc@vger.kernel.org, netdev@vger.kernel.org, Steve Barber , Dylan Reid , Filipe Brandenburger , Kees Cook , Benjamin Elder , Akihiro Suda Subject: Re: [PATCH v2 3/7] loop: use ns_capable for some loop operations Message-ID: <20200422205051.GA31944@mail.hallyn.com> References: <20200422145437.176057-1-christian.brauner@ubuntu.com> <20200422145437.176057-4-christian.brauner@ubuntu.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200422145437.176057-4-christian.brauner@ubuntu.com> User-Agent: Mutt/1.9.4 (2018-02-28) Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org On Wed, Apr 22, 2020 at 04:54:33PM +0200, Christian Brauner wrote: > The following LOOP_GET_STATUS, LOOP_SET_STATUS, and LOOP_SET_BLOCK_SIZE > operations are now allowed in non-initial namespaces. Most other > operations were already possible before. > > Cc: Jens Axboe > Cc: Seth Forshee > Cc: Tom Gundersen > Cc: Tejun Heo > Cc: Christian Kellner > Cc: Greg Kroah-Hartman > Cc: "David S. Miller" > Cc: David Rheinsberg > Cc: Dmitry Vyukov > Cc: "Rafael J. Wysocki" > Signed-off-by: Christian Brauner Reviewed-by: Serge Hallyn > --- > /* v2 */ > - Christian Brauner : > - Adapated loop_capable() based on changes in the loopfs > implementation patchset. Otherwise it is functionally equivalent to > the v1 version. > --- > drivers/block/loop.c | 20 +++++++++++++++----- > 1 file changed, 15 insertions(+), 5 deletions(-) > > diff --git a/drivers/block/loop.c b/drivers/block/loop.c > index 52f7583dd17d..8e21d4b33e01 100644 > --- a/drivers/block/loop.c > +++ b/drivers/block/loop.c > @@ -1352,6 +1352,16 @@ void loopfs_evict_locked(struct loop_device *lo) > } > mutex_unlock(&loop_ctl_mutex); > } > + > +static bool loop_capable(const struct loop_device *lo, int cap) > +{ > + return ns_capable(loopfs_ns(lo), cap); > +} > +#else /* !CONFIG_BLK_DEV_LOOPFS */ > +static inline bool loop_capable(const struct loop_device *lo, int cap) > +{ > + return capable(cap); > +} > #endif /* CONFIG_BLK_DEV_LOOPFS */ > > static int > @@ -1368,7 +1378,7 @@ loop_set_status(struct loop_device *lo, const struct loop_info64 *info) > return err; > if (lo->lo_encrypt_key_size && > !uid_eq(lo->lo_key_owner, uid) && > - !capable(CAP_SYS_ADMIN)) { > + !loop_capable(lo, CAP_SYS_ADMIN)) { > err = -EPERM; > goto out_unlock; > } > @@ -1499,7 +1509,7 @@ loop_get_status(struct loop_device *lo, struct loop_info64 *info) > memcpy(info->lo_crypt_name, lo->lo_crypt_name, LO_NAME_SIZE); > info->lo_encrypt_type = > lo->lo_encryption ? lo->lo_encryption->number : 0; > - if (lo->lo_encrypt_key_size && capable(CAP_SYS_ADMIN)) { > + if (lo->lo_encrypt_key_size && loop_capable(lo, CAP_SYS_ADMIN)) { > info->lo_encrypt_key_size = lo->lo_encrypt_key_size; > memcpy(info->lo_encrypt_key, lo->lo_encrypt_key, > lo->lo_encrypt_key_size); > @@ -1723,7 +1733,7 @@ static int lo_ioctl(struct block_device *bdev, fmode_t mode, > return loop_clr_fd(lo); > case LOOP_SET_STATUS: > err = -EPERM; > - if ((mode & FMODE_WRITE) || capable(CAP_SYS_ADMIN)) { > + if ((mode & FMODE_WRITE) || loop_capable(lo, CAP_SYS_ADMIN)) { > err = loop_set_status_old(lo, > (struct loop_info __user *)arg); > } > @@ -1732,7 +1742,7 @@ static int lo_ioctl(struct block_device *bdev, fmode_t mode, > return loop_get_status_old(lo, (struct loop_info __user *) arg); > case LOOP_SET_STATUS64: > err = -EPERM; > - if ((mode & FMODE_WRITE) || capable(CAP_SYS_ADMIN)) { > + if ((mode & FMODE_WRITE) || loop_capable(lo, CAP_SYS_ADMIN)) { > err = loop_set_status64(lo, > (struct loop_info64 __user *) arg); > } > @@ -1742,7 +1752,7 @@ static int lo_ioctl(struct block_device *bdev, fmode_t mode, > case LOOP_SET_CAPACITY: > case LOOP_SET_DIRECT_IO: > case LOOP_SET_BLOCK_SIZE: > - if (!(mode & FMODE_WRITE) && !capable(CAP_SYS_ADMIN)) > + if (!(mode & FMODE_WRITE) && !loop_capable(lo, CAP_SYS_ADMIN)) > return -EPERM; > /* Fall through */ > default: > -- > 2.26.1