From: Christian Brauner <christian.brauner@ubuntu.com> To: Alexander Viro <viro@zeniv.linux.org.uk>, Christoph Hellwig <hch@infradead.org>, linux-fsdevel@vger.kernel.org Cc: Lennart Poettering <lennart@poettering.net>, Mimi Zohar <zohar@linux.ibm.com>, James Bottomley <James.Bottomley@hansenpartnership.com>, Andreas Dilger <adilger.kernel@dilger.ca>, containers@lists.linux-foundation.org, Christoph Hellwig <hch@lst.de>, Tycho Andersen <tycho@tycho.ws>, Paul Moore <paul@paul-moore.com>, Jonathan Corbet <corbet@lwn.net>, smbarber@chromium.org, linux-ext4@vger.kernel.org, Mrunal Patel <mpatel@redhat.com>, Kees Cook <keescook@chromium.org>, Arnd Bergmann <arnd@arndb.de>, selinux@vger.kernel.org, Josh Triplett <josh@joshtriplett.org>, Seth Forshee <seth.forshee@canonical.com>, Aleksa Sarai <cyphar@cyphar.com>, Andy Lutomirski <luto@kernel.org>, OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>, Geoffrey Thomas <geofft@ldpreload.com>, David Howells <dhowells@redhat.com>, John Johansen <john.johansen@canonical.com>, Theodore Tso <tytso@mit.edu>, Dmitry Kasatkin <dmitry.kasatkin@gmail.com>, Stephen Smalley <stephen.smalley.work@gmail.com>, linux-xfs@vger.kernel.org, linux-security-module@vger.kernel.org, "Eric W. Biederman" <ebiederm@xmission.com>, linux-api@vger.kernel.org, Casey Schaufler <casey@schaufler-ca.com>, Alban Crequy <alban@kinvolk.io>, linux-integrity@vger.kernel.org, Linus Torvalds <torvalds@linux-foundation.org>, Todd Kjos <tkjos@google.com> Subject: [PATCH v5 41/42] tests: extend mount_setattr tests Date: Tue, 12 Jan 2021 23:01:23 +0100 [thread overview] Message-ID: <20210112220124.837960-42-christian.brauner@ubuntu.com> (raw) In-Reply-To: <20210112220124.837960-1-christian.brauner@ubuntu.com> Extend the mount_setattr test-suite to include tests for idmapped mounts. Note, the main test-suite ist part of xfstests and is pretty huge. These tests here just make sure that the syscalls bits work correctly. Cc: Christoph Hellwig <hch@lst.de> Cc: David Howells <dhowells@redhat.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: linux-fsdevel@vger.kernel.org Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> --- /* v2 */ patch introduced /* v3 */ - Christoph Hellwig <hch@lst.de>, Darrick J. Wong <darrick.wong@oracle.com>: - Port main test-suite to xfstests. /* v4 */ unchanged /* v5 */ base-commit: 7c53f6b671f4aba70ff15e1b05148b10d58c2837 --- .../mount_setattr/mount_setattr_test.c | 483 ++++++++++++++++++ 1 file changed, 483 insertions(+) diff --git a/tools/testing/selftests/mount_setattr/mount_setattr_test.c b/tools/testing/selftests/mount_setattr/mount_setattr_test.c index 447b91c05cbd..4e94e566e040 100644 --- a/tools/testing/selftests/mount_setattr/mount_setattr_test.c +++ b/tools/testing/selftests/mount_setattr/mount_setattr_test.c @@ -108,15 +108,57 @@ struct mount_attr { __u64 attr_set; __u64 attr_clr; __u64 propagation; + __u64 userns_fd; }; #endif +#ifndef __NR_open_tree + #if defined __alpha__ + #define __NR_open_tree 538 + #elif defined _MIPS_SIM + #if _MIPS_SIM == _MIPS_SIM_ABI32 /* o32 */ + #define __NR_open_tree 4428 + #endif + #if _MIPS_SIM == _MIPS_SIM_NABI32 /* n32 */ + #define __NR_open_tree 6428 + #endif + #if _MIPS_SIM == _MIPS_SIM_ABI64 /* n64 */ + #define __NR_open_tree 5428 + #endif + #elif defined __ia64__ + #define __NR_open_tree (428 + 1024) + #else + #define __NR_open_tree 428 + #endif +#endif + +#ifndef MOUNT_ATTR_IDMAP +#define MOUNT_ATTR_IDMAP 0x00100000 +#endif + static inline int sys_mount_setattr(int dfd, const char *path, unsigned int flags, struct mount_attr *attr, size_t size) { return syscall(__NR_mount_setattr, dfd, path, flags, attr, size); } +#ifndef OPEN_TREE_CLONE +#define OPEN_TREE_CLONE 1 +#endif + +#ifndef OPEN_TREE_CLOEXEC +#define OPEN_TREE_CLOEXEC O_CLOEXEC +#endif + +#ifndef AT_RECURSIVE +#define AT_RECURSIVE 0x8000 /* Apply to the entire subtree */ +#endif + +static inline int sys_open_tree(int dfd, const char *filename, unsigned int flags) +{ + return syscall(__NR_open_tree, dfd, filename, flags); +} + static ssize_t write_nointr(int fd, const void *buf, size_t count) { ssize_t ret; @@ -938,4 +980,445 @@ TEST_F(mount_setattr, wrong_mount_namespace) ASSERT_EQ(errno, EINVAL); } +FIXTURE(mount_setattr_idmapped) { +}; + +FIXTURE_SETUP(mount_setattr_idmapped) +{ + int img_fd = -EBADF; + + ASSERT_EQ(unshare(CLONE_NEWNS), 0); + + ASSERT_EQ(mount(NULL, "/", NULL, MS_REC | MS_PRIVATE, 0), 0); + + (void)umount2("/mnt", MNT_DETACH); + (void)umount2("/tmp", MNT_DETACH); + + ASSERT_EQ(mount("testing", "/tmp", "tmpfs", MS_NOATIME | MS_NODEV, + "size=100000,mode=700"), 0); + + ASSERT_EQ(mkdir("/tmp/B", 0777), 0); + ASSERT_EQ(mknodat(-EBADF, "/tmp/B/b", S_IFREG | 0644, 0), 0); + ASSERT_EQ(chown("/tmp/B/b", 0, 0), 0); + + ASSERT_EQ(mount("testing", "/tmp/B", "tmpfs", MS_NOATIME | MS_NODEV, + "size=100000,mode=700"), 0); + + ASSERT_EQ(mkdir("/tmp/B/BB", 0777), 0); + ASSERT_EQ(mknodat(-EBADF, "/tmp/B/BB/b", S_IFREG | 0644, 0), 0); + ASSERT_EQ(chown("/tmp/B/BB/b", 0, 0), 0); + + ASSERT_EQ(mount("testing", "/tmp/B/BB", "tmpfs", MS_NOATIME | MS_NODEV, + "size=100000,mode=700"), 0); + + ASSERT_EQ(mount("testing", "/mnt", "tmpfs", MS_NOATIME | MS_NODEV, + "size=100000,mode=700"), 0); + + ASSERT_EQ(mkdir("/mnt/A", 0777), 0); + + ASSERT_EQ(mount("testing", "/mnt/A", "tmpfs", MS_NOATIME | MS_NODEV, + "size=100000,mode=700"), 0); + + ASSERT_EQ(mkdir("/mnt/A/AA", 0777), 0); + + ASSERT_EQ(mount("/tmp", "/mnt/A/AA", NULL, MS_BIND | MS_REC, NULL), 0); + + ASSERT_EQ(mkdir("/mnt/B", 0777), 0); + + ASSERT_EQ(mount("testing", "/mnt/B", "ramfs", + MS_NOATIME | MS_NODEV | MS_NOSUID, 0), 0); + + ASSERT_EQ(mkdir("/mnt/B/BB", 0777), 0); + + ASSERT_EQ(mount("testing", "/tmp/B/BB", "devpts", + MS_RELATIME | MS_NOEXEC | MS_RDONLY, 0), 0); + + ASSERT_EQ(mkdir("/mnt/C", 0777), 0); + ASSERT_EQ(mkdir("/mnt/D", 0777), 0); + img_fd = openat(-EBADF, "/mnt/C/ext4.img", O_CREAT | O_WRONLY, 0600); + ASSERT_GE(img_fd, 0); + ASSERT_EQ(ftruncate(img_fd, 1024 * 2048), 0); + ASSERT_EQ(system("mkfs.ext4 -q /mnt/C/ext4.img"), 0); + ASSERT_EQ(system("mount -o loop -t ext4 /mnt/C/ext4.img /mnt/D/"), 0); + ASSERT_EQ(close(img_fd), 0); +} + +FIXTURE_TEARDOWN(mount_setattr_idmapped) +{ + (void)umount2("/mnt/A", MNT_DETACH); + (void)umount2("/tmp", MNT_DETACH); +} + +/** + * Validate that negative fd values are rejected. + */ +TEST_F(mount_setattr_idmapped, invalid_fd_negative) +{ + struct mount_attr attr = { + .attr_set = MOUNT_ATTR_IDMAP, + .userns_fd = -EBADF, + }; + + if (!mount_setattr_supported()) + SKIP(return, "mount_setattr syscall not supported"); + + ASSERT_NE(sys_mount_setattr(-1, "/", 0, &attr, sizeof(attr)), 0) { + TH_LOG("failure: created idmapped mount with negative fd"); + } +} + +/** + * Validate that excessively large fd values are rejected. + */ +TEST_F(mount_setattr_idmapped, invalid_fd_large) +{ + struct mount_attr attr = { + .attr_set = MOUNT_ATTR_IDMAP, + .userns_fd = INT64_MAX, + }; + + if (!mount_setattr_supported()) + SKIP(return, "mount_setattr syscall not supported"); + + ASSERT_NE(sys_mount_setattr(-1, "/", 0, &attr, sizeof(attr)), 0) { + TH_LOG("failure: created idmapped mount with too large fd value"); + } +} + +/** + * Validate that closed fd values are rejected. + */ +TEST_F(mount_setattr_idmapped, invalid_fd_closed) +{ + int fd; + struct mount_attr attr = { + .attr_set = MOUNT_ATTR_IDMAP, + }; + + if (!mount_setattr_supported()) + SKIP(return, "mount_setattr syscall not supported"); + + fd = open("/dev/null", O_RDONLY | O_CLOEXEC); + ASSERT_GE(fd, 0); + ASSERT_GE(close(fd), 0); + + attr.userns_fd = fd; + ASSERT_NE(sys_mount_setattr(-1, "/", 0, &attr, sizeof(attr)), 0) { + TH_LOG("failure: created idmapped mount with closed fd"); + } +} + +/** + * Validate that the initial user namespace is rejected. + */ +TEST_F(mount_setattr_idmapped, invalid_fd_initial_userns) +{ + int open_tree_fd = -EBADF; + struct mount_attr attr = { + .attr_set = MOUNT_ATTR_IDMAP, + }; + + if (!mount_setattr_supported()) + SKIP(return, "mount_setattr syscall not supported"); + + open_tree_fd = sys_open_tree(-EBADF, "/mnt/D", + AT_NO_AUTOMOUNT | + AT_SYMLINK_NOFOLLOW | + OPEN_TREE_CLOEXEC | OPEN_TREE_CLONE); + ASSERT_GE(open_tree_fd, 0); + + attr.userns_fd = open("/proc/1/ns/user", O_RDONLY | O_CLOEXEC); + ASSERT_GE(attr.userns_fd, 0); + ASSERT_NE(sys_mount_setattr(open_tree_fd, "", AT_EMPTY_PATH, &attr, sizeof(attr)), 0); + ASSERT_EQ(errno, EPERM); + ASSERT_EQ(close(attr.userns_fd), 0); + ASSERT_EQ(close(open_tree_fd), 0); +} + +static int map_ids(pid_t pid, unsigned long nsid, unsigned long hostid, + unsigned long range) +{ + char map[100], procfile[256]; + + snprintf(procfile, sizeof(procfile), "/proc/%d/uid_map", pid); + snprintf(map, sizeof(map), "%lu %lu %lu", nsid, hostid, range); + if (write_file(procfile, map, strlen(map))) + return -1; + + + snprintf(procfile, sizeof(procfile), "/proc/%d/gid_map", pid); + snprintf(map, sizeof(map), "%lu %lu %lu", nsid, hostid, range); + if (write_file(procfile, map, strlen(map))) + return -1; + + return 0; +} + +#define __STACK_SIZE (8 * 1024 * 1024) +static pid_t do_clone(int (*fn)(void *), void *arg, int flags) +{ + void *stack; + + stack = malloc(__STACK_SIZE); + if (!stack) + return -ENOMEM; + +#ifdef __ia64__ + return __clone2(fn, stack, __STACK_SIZE, flags | SIGCHLD, arg, NULL); +#else + return clone(fn, stack + __STACK_SIZE, flags | SIGCHLD, arg, NULL); +#endif +} + +static int get_userns_fd_cb(void *data) +{ + return kill(getpid(), SIGSTOP); +} + +static int wait_for_pid(pid_t pid) +{ + int status, ret; + +again: + ret = waitpid(pid, &status, 0); + if (ret == -1) { + if (errno == EINTR) + goto again; + + return -1; + } + + if (!WIFEXITED(status)) + return -1; + + return WEXITSTATUS(status); +} + +static int get_userns_fd(unsigned long nsid, unsigned long hostid, unsigned long range) +{ + int ret; + pid_t pid; + char path[256]; + + pid = do_clone(get_userns_fd_cb, NULL, CLONE_NEWUSER); + if (pid < 0) + return -errno; + + ret = map_ids(pid, nsid, hostid, range); + if (ret < 0) + return ret; + + snprintf(path, sizeof(path), "/proc/%d/ns/user", pid); + ret = open(path, O_RDONLY | O_CLOEXEC); + kill(pid, SIGKILL); + wait_for_pid(pid); + return ret; +} + +/** + * Validate that an attached mount in our mount namespace can be idmapped. + * (The kernel enforces that the mount's mount namespace and the caller's mount + * namespace match.) + */ +TEST_F(mount_setattr_idmapped, attached_mount_inside_current_mount_namespace) +{ + int open_tree_fd = -EBADF; + struct mount_attr attr = { + .attr_set = MOUNT_ATTR_IDMAP, + }; + + if (!mount_setattr_supported()) + SKIP(return, "mount_setattr syscall not supported"); + + open_tree_fd = sys_open_tree(-EBADF, "/mnt/D", + AT_EMPTY_PATH | + AT_NO_AUTOMOUNT | + AT_SYMLINK_NOFOLLOW | + OPEN_TREE_CLOEXEC); + ASSERT_GE(open_tree_fd, 0); + + attr.userns_fd = get_userns_fd(0, 10000, 10000); + ASSERT_GE(attr.userns_fd, 0); + ASSERT_EQ(sys_mount_setattr(open_tree_fd, "", AT_EMPTY_PATH, &attr, sizeof(attr)), 0); + ASSERT_EQ(close(attr.userns_fd), 0); + ASSERT_EQ(close(open_tree_fd), 0); +} + +/** + * Validate that idmapping a mount is rejected if the mount's mount namespace + * and our mount namespace don't match. + * (The kernel enforces that the mount's mount namespace and the caller's mount + * namespace match.) + */ +TEST_F(mount_setattr_idmapped, attached_mount_outside_current_mount_namespace) +{ + int open_tree_fd = -EBADF; + struct mount_attr attr = { + .attr_set = MOUNT_ATTR_IDMAP, + }; + + if (!mount_setattr_supported()) + SKIP(return, "mount_setattr syscall not supported"); + + open_tree_fd = sys_open_tree(-EBADF, "/mnt/D", + AT_EMPTY_PATH | + AT_NO_AUTOMOUNT | + AT_SYMLINK_NOFOLLOW | + OPEN_TREE_CLOEXEC); + ASSERT_GE(open_tree_fd, 0); + + ASSERT_EQ(unshare(CLONE_NEWNS), 0); + + attr.userns_fd = get_userns_fd(0, 10000, 10000); + ASSERT_GE(attr.userns_fd, 0); + ASSERT_NE(sys_mount_setattr(open_tree_fd, "", AT_EMPTY_PATH, &attr, + sizeof(attr)), 0); + ASSERT_EQ(close(attr.userns_fd), 0); + ASSERT_EQ(close(open_tree_fd), 0); +} + +/** + * Validate that an attached mount in our mount namespace can be idmapped. + */ +TEST_F(mount_setattr_idmapped, detached_mount_inside_current_mount_namespace) +{ + int open_tree_fd = -EBADF; + struct mount_attr attr = { + .attr_set = MOUNT_ATTR_IDMAP, + }; + + if (!mount_setattr_supported()) + SKIP(return, "mount_setattr syscall not supported"); + + open_tree_fd = sys_open_tree(-EBADF, "/mnt/D", + AT_EMPTY_PATH | + AT_NO_AUTOMOUNT | + AT_SYMLINK_NOFOLLOW | + OPEN_TREE_CLOEXEC | + OPEN_TREE_CLONE); + ASSERT_GE(open_tree_fd, 0); + + /* Changing mount properties on a detached mount. */ + attr.userns_fd = get_userns_fd(0, 10000, 10000); + ASSERT_GE(attr.userns_fd, 0); + ASSERT_EQ(sys_mount_setattr(open_tree_fd, "", + AT_EMPTY_PATH, &attr, sizeof(attr)), 0); + ASSERT_EQ(close(attr.userns_fd), 0); + ASSERT_EQ(close(open_tree_fd), 0); +} + +/** + * Validate that a detached mount not in our mount namespace can be idmapped. + */ +TEST_F(mount_setattr_idmapped, detached_mount_outside_current_mount_namespace) +{ + int open_tree_fd = -EBADF; + struct mount_attr attr = { + .attr_set = MOUNT_ATTR_IDMAP, + }; + + if (!mount_setattr_supported()) + SKIP(return, "mount_setattr syscall not supported"); + + open_tree_fd = sys_open_tree(-EBADF, "/mnt/D", + AT_EMPTY_PATH | + AT_NO_AUTOMOUNT | + AT_SYMLINK_NOFOLLOW | + OPEN_TREE_CLOEXEC | + OPEN_TREE_CLONE); + ASSERT_GE(open_tree_fd, 0); + + ASSERT_EQ(unshare(CLONE_NEWNS), 0); + + /* Changing mount properties on a detached mount. */ + attr.userns_fd = get_userns_fd(0, 10000, 10000); + ASSERT_GE(attr.userns_fd, 0); + ASSERT_EQ(sys_mount_setattr(open_tree_fd, "", + AT_EMPTY_PATH, &attr, sizeof(attr)), 0); + ASSERT_EQ(close(attr.userns_fd), 0); + ASSERT_EQ(close(open_tree_fd), 0); +} + +/** + * Validate that currently changing the idmapping of an idmapped mount fails. + */ +TEST_F(mount_setattr_idmapped, change_idmapping) +{ + int open_tree_fd = -EBADF; + struct mount_attr attr = { + .attr_set = MOUNT_ATTR_IDMAP, + }; + + if (!mount_setattr_supported()) + SKIP(return, "mount_setattr syscall not supported"); + + open_tree_fd = sys_open_tree(-EBADF, "/mnt/D", + AT_EMPTY_PATH | + AT_NO_AUTOMOUNT | + AT_SYMLINK_NOFOLLOW | + OPEN_TREE_CLOEXEC | + OPEN_TREE_CLONE); + ASSERT_GE(open_tree_fd, 0); + + attr.userns_fd = get_userns_fd(0, 10000, 10000); + ASSERT_GE(attr.userns_fd, 0); + ASSERT_EQ(sys_mount_setattr(open_tree_fd, "", + AT_EMPTY_PATH, &attr, sizeof(attr)), 0); + ASSERT_EQ(close(attr.userns_fd), 0); + + /* Change idmapping on a detached mount that is already idmapped. */ + attr.userns_fd = get_userns_fd(0, 20000, 10000); + ASSERT_GE(attr.userns_fd, 0); + ASSERT_NE(sys_mount_setattr(open_tree_fd, "", AT_EMPTY_PATH, &attr, sizeof(attr)), 0); + ASSERT_EQ(close(attr.userns_fd), 0); + ASSERT_EQ(close(open_tree_fd), 0); +} + +static bool expected_uid_gid(int dfd, const char *path, int flags, + uid_t expected_uid, gid_t expected_gid) +{ + int ret; + struct stat st; + + ret = fstatat(dfd, path, &st, flags); + if (ret < 0) + return false; + + return st.st_uid == expected_uid && st.st_gid == expected_gid; +} + +TEST_F(mount_setattr_idmapped, idmap_mount_tree_invalid) +{ + int open_tree_fd = -EBADF; + struct mount_attr attr = { + .attr_set = MOUNT_ATTR_IDMAP, + }; + + if (!mount_setattr_supported()) + SKIP(return, "mount_setattr syscall not supported"); + + ASSERT_EQ(expected_uid_gid(-EBADF, "/tmp/B/b", 0, 0, 0), 0); + ASSERT_EQ(expected_uid_gid(-EBADF, "/tmp/B/BB/b", 0, 0, 0), 0); + + open_tree_fd = sys_open_tree(-EBADF, "/mnt/A", + AT_RECURSIVE | + AT_EMPTY_PATH | + AT_NO_AUTOMOUNT | + AT_SYMLINK_NOFOLLOW | + OPEN_TREE_CLOEXEC | + OPEN_TREE_CLONE); + ASSERT_GE(open_tree_fd, 0); + + attr.userns_fd = get_userns_fd(0, 10000, 10000); + ASSERT_GE(attr.userns_fd, 0); + ASSERT_NE(sys_mount_setattr(open_tree_fd, "", AT_EMPTY_PATH, &attr, sizeof(attr)), 0); + ASSERT_EQ(close(attr.userns_fd), 0); + ASSERT_EQ(close(open_tree_fd), 0); + + ASSERT_EQ(expected_uid_gid(-EBADF, "/tmp/B/b", 0, 0, 0), 0); + ASSERT_EQ(expected_uid_gid(-EBADF, "/tmp/B/BB/b", 0, 0, 0), 0); + ASSERT_EQ(expected_uid_gid(open_tree_fd, "B/b", 0, 0, 0), 0); + ASSERT_EQ(expected_uid_gid(open_tree_fd, "B/BB/b", 0, 0, 0), 0); +} + TEST_HARNESS_MAIN -- 2.30.0 _______________________________________________ Containers mailing list Containers@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/containers
WARNING: multiple messages have this Message-ID (diff)
From: Christian Brauner <christian.brauner@ubuntu.com> To: Alexander Viro <viro@zeniv.linux.org.uk>, Christoph Hellwig <hch@infradead.org>, linux-fsdevel@vger.kernel.org Cc: "John Johansen" <john.johansen@canonical.com>, "James Morris" <jmorris@namei.org>, "Mimi Zohar" <zohar@linux.ibm.com>, "Dmitry Kasatkin" <dmitry.kasatkin@gmail.com>, "Stephen Smalley" <stephen.smalley.work@gmail.com>, "Casey Schaufler" <casey@schaufler-ca.com>, "Arnd Bergmann" <arnd@arndb.de>, "Andreas Dilger" <adilger.kernel@dilger.ca>, "OGAWA Hirofumi" <hirofumi@mail.parknet.co.jp>, "Geoffrey Thomas" <geofft@ldpreload.com>, "Mrunal Patel" <mpatel@redhat.com>, "Josh Triplett" <josh@joshtriplett.org>, "Andy Lutomirski" <luto@kernel.org>, "Theodore Tso" <tytso@mit.edu>, "Alban Crequy" <alban@kinvolk.io>, "Tycho Andersen" <tycho@tycho.ws>, "David Howells" <dhowells@redhat.com>, "James Bottomley" <James.Bottomley@hansenpartnership.com>, "Seth Forshee" <seth.forshee@canonical.com>, "Stéphane Graber" <stgraber@ubuntu.com>, "Linus Torvalds" <torvalds@linux-foundation.org>, "Aleksa Sarai" <cyphar@cyphar.com>, "Lennart Poettering" <lennart@poettering.net>, "Eric W. Biederman" <ebiederm@xmission.com>, smbarber@chromium.org, "Phil Estes" <estesp@gmail.com>, "Serge Hallyn" <serge@hallyn.com>, "Kees Cook" <keescook@chromium.org>, "Todd Kjos" <tkjos@google.com>, "Paul Moore" <paul@paul-moore.com>, "Jonathan Corbet" <corbet@lwn.net>, containers@lists.linux-foundation.org, linux-security-module@vger.kernel.org, linux-api@vger.kernel.org, linux-ext4@vger.kernel.org, linux-xfs@vger.kernel.org, linux-integrity@vger.kernel.org, selinux@vger.kernel.org, "Christian Brauner" <christian.brauner@ubuntu.com>, "Christoph Hellwig" <hch@lst.de> Subject: [PATCH v5 41/42] tests: extend mount_setattr tests Date: Tue, 12 Jan 2021 23:01:23 +0100 [thread overview] Message-ID: <20210112220124.837960-42-christian.brauner@ubuntu.com> (raw) In-Reply-To: <20210112220124.837960-1-christian.brauner@ubuntu.com> Extend the mount_setattr test-suite to include tests for idmapped mounts. Note, the main test-suite ist part of xfstests and is pretty huge. These tests here just make sure that the syscalls bits work correctly. Cc: Christoph Hellwig <hch@lst.de> Cc: David Howells <dhowells@redhat.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: linux-fsdevel@vger.kernel.org Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> --- /* v2 */ patch introduced /* v3 */ - Christoph Hellwig <hch@lst.de>, Darrick J. Wong <darrick.wong@oracle.com>: - Port main test-suite to xfstests. /* v4 */ unchanged /* v5 */ base-commit: 7c53f6b671f4aba70ff15e1b05148b10d58c2837 --- .../mount_setattr/mount_setattr_test.c | 483 ++++++++++++++++++ 1 file changed, 483 insertions(+) diff --git a/tools/testing/selftests/mount_setattr/mount_setattr_test.c b/tools/testing/selftests/mount_setattr/mount_setattr_test.c index 447b91c05cbd..4e94e566e040 100644 --- a/tools/testing/selftests/mount_setattr/mount_setattr_test.c +++ b/tools/testing/selftests/mount_setattr/mount_setattr_test.c @@ -108,15 +108,57 @@ struct mount_attr { __u64 attr_set; __u64 attr_clr; __u64 propagation; + __u64 userns_fd; }; #endif +#ifndef __NR_open_tree + #if defined __alpha__ + #define __NR_open_tree 538 + #elif defined _MIPS_SIM + #if _MIPS_SIM == _MIPS_SIM_ABI32 /* o32 */ + #define __NR_open_tree 4428 + #endif + #if _MIPS_SIM == _MIPS_SIM_NABI32 /* n32 */ + #define __NR_open_tree 6428 + #endif + #if _MIPS_SIM == _MIPS_SIM_ABI64 /* n64 */ + #define __NR_open_tree 5428 + #endif + #elif defined __ia64__ + #define __NR_open_tree (428 + 1024) + #else + #define __NR_open_tree 428 + #endif +#endif + +#ifndef MOUNT_ATTR_IDMAP +#define MOUNT_ATTR_IDMAP 0x00100000 +#endif + static inline int sys_mount_setattr(int dfd, const char *path, unsigned int flags, struct mount_attr *attr, size_t size) { return syscall(__NR_mount_setattr, dfd, path, flags, attr, size); } +#ifndef OPEN_TREE_CLONE +#define OPEN_TREE_CLONE 1 +#endif + +#ifndef OPEN_TREE_CLOEXEC +#define OPEN_TREE_CLOEXEC O_CLOEXEC +#endif + +#ifndef AT_RECURSIVE +#define AT_RECURSIVE 0x8000 /* Apply to the entire subtree */ +#endif + +static inline int sys_open_tree(int dfd, const char *filename, unsigned int flags) +{ + return syscall(__NR_open_tree, dfd, filename, flags); +} + static ssize_t write_nointr(int fd, const void *buf, size_t count) { ssize_t ret; @@ -938,4 +980,445 @@ TEST_F(mount_setattr, wrong_mount_namespace) ASSERT_EQ(errno, EINVAL); } +FIXTURE(mount_setattr_idmapped) { +}; + +FIXTURE_SETUP(mount_setattr_idmapped) +{ + int img_fd = -EBADF; + + ASSERT_EQ(unshare(CLONE_NEWNS), 0); + + ASSERT_EQ(mount(NULL, "/", NULL, MS_REC | MS_PRIVATE, 0), 0); + + (void)umount2("/mnt", MNT_DETACH); + (void)umount2("/tmp", MNT_DETACH); + + ASSERT_EQ(mount("testing", "/tmp", "tmpfs", MS_NOATIME | MS_NODEV, + "size=100000,mode=700"), 0); + + ASSERT_EQ(mkdir("/tmp/B", 0777), 0); + ASSERT_EQ(mknodat(-EBADF, "/tmp/B/b", S_IFREG | 0644, 0), 0); + ASSERT_EQ(chown("/tmp/B/b", 0, 0), 0); + + ASSERT_EQ(mount("testing", "/tmp/B", "tmpfs", MS_NOATIME | MS_NODEV, + "size=100000,mode=700"), 0); + + ASSERT_EQ(mkdir("/tmp/B/BB", 0777), 0); + ASSERT_EQ(mknodat(-EBADF, "/tmp/B/BB/b", S_IFREG | 0644, 0), 0); + ASSERT_EQ(chown("/tmp/B/BB/b", 0, 0), 0); + + ASSERT_EQ(mount("testing", "/tmp/B/BB", "tmpfs", MS_NOATIME | MS_NODEV, + "size=100000,mode=700"), 0); + + ASSERT_EQ(mount("testing", "/mnt", "tmpfs", MS_NOATIME | MS_NODEV, + "size=100000,mode=700"), 0); + + ASSERT_EQ(mkdir("/mnt/A", 0777), 0); + + ASSERT_EQ(mount("testing", "/mnt/A", "tmpfs", MS_NOATIME | MS_NODEV, + "size=100000,mode=700"), 0); + + ASSERT_EQ(mkdir("/mnt/A/AA", 0777), 0); + + ASSERT_EQ(mount("/tmp", "/mnt/A/AA", NULL, MS_BIND | MS_REC, NULL), 0); + + ASSERT_EQ(mkdir("/mnt/B", 0777), 0); + + ASSERT_EQ(mount("testing", "/mnt/B", "ramfs", + MS_NOATIME | MS_NODEV | MS_NOSUID, 0), 0); + + ASSERT_EQ(mkdir("/mnt/B/BB", 0777), 0); + + ASSERT_EQ(mount("testing", "/tmp/B/BB", "devpts", + MS_RELATIME | MS_NOEXEC | MS_RDONLY, 0), 0); + + ASSERT_EQ(mkdir("/mnt/C", 0777), 0); + ASSERT_EQ(mkdir("/mnt/D", 0777), 0); + img_fd = openat(-EBADF, "/mnt/C/ext4.img", O_CREAT | O_WRONLY, 0600); + ASSERT_GE(img_fd, 0); + ASSERT_EQ(ftruncate(img_fd, 1024 * 2048), 0); + ASSERT_EQ(system("mkfs.ext4 -q /mnt/C/ext4.img"), 0); + ASSERT_EQ(system("mount -o loop -t ext4 /mnt/C/ext4.img /mnt/D/"), 0); + ASSERT_EQ(close(img_fd), 0); +} + +FIXTURE_TEARDOWN(mount_setattr_idmapped) +{ + (void)umount2("/mnt/A", MNT_DETACH); + (void)umount2("/tmp", MNT_DETACH); +} + +/** + * Validate that negative fd values are rejected. + */ +TEST_F(mount_setattr_idmapped, invalid_fd_negative) +{ + struct mount_attr attr = { + .attr_set = MOUNT_ATTR_IDMAP, + .userns_fd = -EBADF, + }; + + if (!mount_setattr_supported()) + SKIP(return, "mount_setattr syscall not supported"); + + ASSERT_NE(sys_mount_setattr(-1, "/", 0, &attr, sizeof(attr)), 0) { + TH_LOG("failure: created idmapped mount with negative fd"); + } +} + +/** + * Validate that excessively large fd values are rejected. + */ +TEST_F(mount_setattr_idmapped, invalid_fd_large) +{ + struct mount_attr attr = { + .attr_set = MOUNT_ATTR_IDMAP, + .userns_fd = INT64_MAX, + }; + + if (!mount_setattr_supported()) + SKIP(return, "mount_setattr syscall not supported"); + + ASSERT_NE(sys_mount_setattr(-1, "/", 0, &attr, sizeof(attr)), 0) { + TH_LOG("failure: created idmapped mount with too large fd value"); + } +} + +/** + * Validate that closed fd values are rejected. + */ +TEST_F(mount_setattr_idmapped, invalid_fd_closed) +{ + int fd; + struct mount_attr attr = { + .attr_set = MOUNT_ATTR_IDMAP, + }; + + if (!mount_setattr_supported()) + SKIP(return, "mount_setattr syscall not supported"); + + fd = open("/dev/null", O_RDONLY | O_CLOEXEC); + ASSERT_GE(fd, 0); + ASSERT_GE(close(fd), 0); + + attr.userns_fd = fd; + ASSERT_NE(sys_mount_setattr(-1, "/", 0, &attr, sizeof(attr)), 0) { + TH_LOG("failure: created idmapped mount with closed fd"); + } +} + +/** + * Validate that the initial user namespace is rejected. + */ +TEST_F(mount_setattr_idmapped, invalid_fd_initial_userns) +{ + int open_tree_fd = -EBADF; + struct mount_attr attr = { + .attr_set = MOUNT_ATTR_IDMAP, + }; + + if (!mount_setattr_supported()) + SKIP(return, "mount_setattr syscall not supported"); + + open_tree_fd = sys_open_tree(-EBADF, "/mnt/D", + AT_NO_AUTOMOUNT | + AT_SYMLINK_NOFOLLOW | + OPEN_TREE_CLOEXEC | OPEN_TREE_CLONE); + ASSERT_GE(open_tree_fd, 0); + + attr.userns_fd = open("/proc/1/ns/user", O_RDONLY | O_CLOEXEC); + ASSERT_GE(attr.userns_fd, 0); + ASSERT_NE(sys_mount_setattr(open_tree_fd, "", AT_EMPTY_PATH, &attr, sizeof(attr)), 0); + ASSERT_EQ(errno, EPERM); + ASSERT_EQ(close(attr.userns_fd), 0); + ASSERT_EQ(close(open_tree_fd), 0); +} + +static int map_ids(pid_t pid, unsigned long nsid, unsigned long hostid, + unsigned long range) +{ + char map[100], procfile[256]; + + snprintf(procfile, sizeof(procfile), "/proc/%d/uid_map", pid); + snprintf(map, sizeof(map), "%lu %lu %lu", nsid, hostid, range); + if (write_file(procfile, map, strlen(map))) + return -1; + + + snprintf(procfile, sizeof(procfile), "/proc/%d/gid_map", pid); + snprintf(map, sizeof(map), "%lu %lu %lu", nsid, hostid, range); + if (write_file(procfile, map, strlen(map))) + return -1; + + return 0; +} + +#define __STACK_SIZE (8 * 1024 * 1024) +static pid_t do_clone(int (*fn)(void *), void *arg, int flags) +{ + void *stack; + + stack = malloc(__STACK_SIZE); + if (!stack) + return -ENOMEM; + +#ifdef __ia64__ + return __clone2(fn, stack, __STACK_SIZE, flags | SIGCHLD, arg, NULL); +#else + return clone(fn, stack + __STACK_SIZE, flags | SIGCHLD, arg, NULL); +#endif +} + +static int get_userns_fd_cb(void *data) +{ + return kill(getpid(), SIGSTOP); +} + +static int wait_for_pid(pid_t pid) +{ + int status, ret; + +again: + ret = waitpid(pid, &status, 0); + if (ret == -1) { + if (errno == EINTR) + goto again; + + return -1; + } + + if (!WIFEXITED(status)) + return -1; + + return WEXITSTATUS(status); +} + +static int get_userns_fd(unsigned long nsid, unsigned long hostid, unsigned long range) +{ + int ret; + pid_t pid; + char path[256]; + + pid = do_clone(get_userns_fd_cb, NULL, CLONE_NEWUSER); + if (pid < 0) + return -errno; + + ret = map_ids(pid, nsid, hostid, range); + if (ret < 0) + return ret; + + snprintf(path, sizeof(path), "/proc/%d/ns/user", pid); + ret = open(path, O_RDONLY | O_CLOEXEC); + kill(pid, SIGKILL); + wait_for_pid(pid); + return ret; +} + +/** + * Validate that an attached mount in our mount namespace can be idmapped. + * (The kernel enforces that the mount's mount namespace and the caller's mount + * namespace match.) + */ +TEST_F(mount_setattr_idmapped, attached_mount_inside_current_mount_namespace) +{ + int open_tree_fd = -EBADF; + struct mount_attr attr = { + .attr_set = MOUNT_ATTR_IDMAP, + }; + + if (!mount_setattr_supported()) + SKIP(return, "mount_setattr syscall not supported"); + + open_tree_fd = sys_open_tree(-EBADF, "/mnt/D", + AT_EMPTY_PATH | + AT_NO_AUTOMOUNT | + AT_SYMLINK_NOFOLLOW | + OPEN_TREE_CLOEXEC); + ASSERT_GE(open_tree_fd, 0); + + attr.userns_fd = get_userns_fd(0, 10000, 10000); + ASSERT_GE(attr.userns_fd, 0); + ASSERT_EQ(sys_mount_setattr(open_tree_fd, "", AT_EMPTY_PATH, &attr, sizeof(attr)), 0); + ASSERT_EQ(close(attr.userns_fd), 0); + ASSERT_EQ(close(open_tree_fd), 0); +} + +/** + * Validate that idmapping a mount is rejected if the mount's mount namespace + * and our mount namespace don't match. + * (The kernel enforces that the mount's mount namespace and the caller's mount + * namespace match.) + */ +TEST_F(mount_setattr_idmapped, attached_mount_outside_current_mount_namespace) +{ + int open_tree_fd = -EBADF; + struct mount_attr attr = { + .attr_set = MOUNT_ATTR_IDMAP, + }; + + if (!mount_setattr_supported()) + SKIP(return, "mount_setattr syscall not supported"); + + open_tree_fd = sys_open_tree(-EBADF, "/mnt/D", + AT_EMPTY_PATH | + AT_NO_AUTOMOUNT | + AT_SYMLINK_NOFOLLOW | + OPEN_TREE_CLOEXEC); + ASSERT_GE(open_tree_fd, 0); + + ASSERT_EQ(unshare(CLONE_NEWNS), 0); + + attr.userns_fd = get_userns_fd(0, 10000, 10000); + ASSERT_GE(attr.userns_fd, 0); + ASSERT_NE(sys_mount_setattr(open_tree_fd, "", AT_EMPTY_PATH, &attr, + sizeof(attr)), 0); + ASSERT_EQ(close(attr.userns_fd), 0); + ASSERT_EQ(close(open_tree_fd), 0); +} + +/** + * Validate that an attached mount in our mount namespace can be idmapped. + */ +TEST_F(mount_setattr_idmapped, detached_mount_inside_current_mount_namespace) +{ + int open_tree_fd = -EBADF; + struct mount_attr attr = { + .attr_set = MOUNT_ATTR_IDMAP, + }; + + if (!mount_setattr_supported()) + SKIP(return, "mount_setattr syscall not supported"); + + open_tree_fd = sys_open_tree(-EBADF, "/mnt/D", + AT_EMPTY_PATH | + AT_NO_AUTOMOUNT | + AT_SYMLINK_NOFOLLOW | + OPEN_TREE_CLOEXEC | + OPEN_TREE_CLONE); + ASSERT_GE(open_tree_fd, 0); + + /* Changing mount properties on a detached mount. */ + attr.userns_fd = get_userns_fd(0, 10000, 10000); + ASSERT_GE(attr.userns_fd, 0); + ASSERT_EQ(sys_mount_setattr(open_tree_fd, "", + AT_EMPTY_PATH, &attr, sizeof(attr)), 0); + ASSERT_EQ(close(attr.userns_fd), 0); + ASSERT_EQ(close(open_tree_fd), 0); +} + +/** + * Validate that a detached mount not in our mount namespace can be idmapped. + */ +TEST_F(mount_setattr_idmapped, detached_mount_outside_current_mount_namespace) +{ + int open_tree_fd = -EBADF; + struct mount_attr attr = { + .attr_set = MOUNT_ATTR_IDMAP, + }; + + if (!mount_setattr_supported()) + SKIP(return, "mount_setattr syscall not supported"); + + open_tree_fd = sys_open_tree(-EBADF, "/mnt/D", + AT_EMPTY_PATH | + AT_NO_AUTOMOUNT | + AT_SYMLINK_NOFOLLOW | + OPEN_TREE_CLOEXEC | + OPEN_TREE_CLONE); + ASSERT_GE(open_tree_fd, 0); + + ASSERT_EQ(unshare(CLONE_NEWNS), 0); + + /* Changing mount properties on a detached mount. */ + attr.userns_fd = get_userns_fd(0, 10000, 10000); + ASSERT_GE(attr.userns_fd, 0); + ASSERT_EQ(sys_mount_setattr(open_tree_fd, "", + AT_EMPTY_PATH, &attr, sizeof(attr)), 0); + ASSERT_EQ(close(attr.userns_fd), 0); + ASSERT_EQ(close(open_tree_fd), 0); +} + +/** + * Validate that currently changing the idmapping of an idmapped mount fails. + */ +TEST_F(mount_setattr_idmapped, change_idmapping) +{ + int open_tree_fd = -EBADF; + struct mount_attr attr = { + .attr_set = MOUNT_ATTR_IDMAP, + }; + + if (!mount_setattr_supported()) + SKIP(return, "mount_setattr syscall not supported"); + + open_tree_fd = sys_open_tree(-EBADF, "/mnt/D", + AT_EMPTY_PATH | + AT_NO_AUTOMOUNT | + AT_SYMLINK_NOFOLLOW | + OPEN_TREE_CLOEXEC | + OPEN_TREE_CLONE); + ASSERT_GE(open_tree_fd, 0); + + attr.userns_fd = get_userns_fd(0, 10000, 10000); + ASSERT_GE(attr.userns_fd, 0); + ASSERT_EQ(sys_mount_setattr(open_tree_fd, "", + AT_EMPTY_PATH, &attr, sizeof(attr)), 0); + ASSERT_EQ(close(attr.userns_fd), 0); + + /* Change idmapping on a detached mount that is already idmapped. */ + attr.userns_fd = get_userns_fd(0, 20000, 10000); + ASSERT_GE(attr.userns_fd, 0); + ASSERT_NE(sys_mount_setattr(open_tree_fd, "", AT_EMPTY_PATH, &attr, sizeof(attr)), 0); + ASSERT_EQ(close(attr.userns_fd), 0); + ASSERT_EQ(close(open_tree_fd), 0); +} + +static bool expected_uid_gid(int dfd, const char *path, int flags, + uid_t expected_uid, gid_t expected_gid) +{ + int ret; + struct stat st; + + ret = fstatat(dfd, path, &st, flags); + if (ret < 0) + return false; + + return st.st_uid == expected_uid && st.st_gid == expected_gid; +} + +TEST_F(mount_setattr_idmapped, idmap_mount_tree_invalid) +{ + int open_tree_fd = -EBADF; + struct mount_attr attr = { + .attr_set = MOUNT_ATTR_IDMAP, + }; + + if (!mount_setattr_supported()) + SKIP(return, "mount_setattr syscall not supported"); + + ASSERT_EQ(expected_uid_gid(-EBADF, "/tmp/B/b", 0, 0, 0), 0); + ASSERT_EQ(expected_uid_gid(-EBADF, "/tmp/B/BB/b", 0, 0, 0), 0); + + open_tree_fd = sys_open_tree(-EBADF, "/mnt/A", + AT_RECURSIVE | + AT_EMPTY_PATH | + AT_NO_AUTOMOUNT | + AT_SYMLINK_NOFOLLOW | + OPEN_TREE_CLOEXEC | + OPEN_TREE_CLONE); + ASSERT_GE(open_tree_fd, 0); + + attr.userns_fd = get_userns_fd(0, 10000, 10000); + ASSERT_GE(attr.userns_fd, 0); + ASSERT_NE(sys_mount_setattr(open_tree_fd, "", AT_EMPTY_PATH, &attr, sizeof(attr)), 0); + ASSERT_EQ(close(attr.userns_fd), 0); + ASSERT_EQ(close(open_tree_fd), 0); + + ASSERT_EQ(expected_uid_gid(-EBADF, "/tmp/B/b", 0, 0, 0), 0); + ASSERT_EQ(expected_uid_gid(-EBADF, "/tmp/B/BB/b", 0, 0, 0), 0); + ASSERT_EQ(expected_uid_gid(open_tree_fd, "B/b", 0, 0, 0), 0); + ASSERT_EQ(expected_uid_gid(open_tree_fd, "B/BB/b", 0, 0, 0), 0); +} + TEST_HARNESS_MAIN -- 2.30.0
next prev parent reply other threads:[~2021-01-12 22:10 UTC|newest] Thread overview: 164+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-01-12 22:00 [PATCH v5 00/42] idmapped mounts Christian Brauner 2021-01-12 22:00 ` Christian Brauner 2021-01-12 22:00 ` [PATCH v5 01/42] namespace: take lock_mount_hash() directly when changing flags Christian Brauner 2021-01-12 22:00 ` Christian Brauner 2021-01-12 22:00 ` [PATCH v5 02/42] mount: make {lock,unlock}_mount_hash() static Christian Brauner 2021-01-12 22:00 ` Christian Brauner 2021-01-12 22:00 ` [PATCH v5 03/42] namespace: only take read lock in do_reconfigure_mnt() Christian Brauner 2021-01-12 22:00 ` Christian Brauner 2021-01-12 22:00 ` [PATCH v5 04/42] fs: split out functions to hold writers Christian Brauner 2021-01-12 22:00 ` Christian Brauner 2021-01-12 22:00 ` [PATCH v5 05/42] fs: add attr_flags_to_mnt_flags helper Christian Brauner 2021-01-12 22:00 ` Christian Brauner 2021-01-12 22:00 ` [PATCH v5 06/42] fs: add mount_setattr() Christian Brauner 2021-01-12 22:00 ` Christian Brauner 2021-01-12 22:00 ` [PATCH v5 07/42] tests: add mount_setattr() selftests Christian Brauner 2021-01-12 22:00 ` Christian Brauner 2021-01-12 22:00 ` [PATCH v5 08/42] fs: add id translation helpers Christian Brauner 2021-01-12 22:00 ` Christian Brauner 2021-01-12 22:00 ` [PATCH v5 09/42] mount: attach mappings to mounts Christian Brauner 2021-01-12 22:00 ` Christian Brauner 2021-01-19 9:20 ` Christoph Hellwig 2021-01-19 9:20 ` Christoph Hellwig 2021-01-12 22:00 ` [PATCH v5 10/42] capability: handle idmapped mounts Christian Brauner 2021-01-12 22:00 ` Christian Brauner 2021-01-19 9:22 ` Christoph Hellwig 2021-01-19 9:22 ` Christoph Hellwig 2021-01-12 22:00 ` [PATCH v5 11/42] namei: make permission helpers idmapped mount aware Christian Brauner 2021-01-12 22:00 ` Christian Brauner 2021-01-19 9:23 ` Christoph Hellwig 2021-01-19 9:23 ` Christoph Hellwig 2021-01-12 22:00 ` [PATCH v5 12/42] inode: make init and " Christian Brauner 2021-01-12 22:00 ` Christian Brauner 2021-01-19 9:24 ` Christoph Hellwig 2021-01-19 9:24 ` Christoph Hellwig 2021-01-12 22:00 ` [PATCH v5 13/42] attr: handle idmapped mounts Christian Brauner 2021-01-12 22:00 ` Christian Brauner 2021-01-19 9:25 ` Christoph Hellwig 2021-01-19 9:25 ` Christoph Hellwig 2021-01-12 22:00 ` [PATCH v5 14/42] acl: " Christian Brauner 2021-01-12 22:00 ` Christian Brauner 2021-01-19 9:26 ` Christoph Hellwig 2021-01-19 9:26 ` Christoph Hellwig 2021-01-12 22:00 ` [PATCH v5 15/42] fs: add file_user_ns() helper Christian Brauner 2021-01-12 22:00 ` Christian Brauner 2021-01-19 9:27 ` Christoph Hellwig 2021-01-19 9:27 ` Christoph Hellwig 2021-01-19 15:05 ` Jann Horn via Containers 2021-01-19 15:05 ` Jann Horn 2021-01-20 12:03 ` Christian Brauner 2021-01-20 12:03 ` Christian Brauner 2021-01-12 22:00 ` [PATCH v5 16/42] xattr: handle idmapped mounts Christian Brauner 2021-01-12 22:00 ` Christian Brauner 2021-01-19 9:31 ` Christoph Hellwig 2021-01-19 9:31 ` Christoph Hellwig 2021-01-12 22:00 ` [PATCH v5 17/42] commoncap: " Christian Brauner 2021-01-12 22:00 ` Christian Brauner 2021-01-19 9:31 ` Christoph Hellwig 2021-01-19 9:31 ` Christoph Hellwig 2021-01-12 22:01 ` [PATCH v5 18/42] stat: " Christian Brauner 2021-01-12 22:01 ` Christian Brauner 2021-01-19 9:32 ` Christoph Hellwig 2021-01-19 9:32 ` Christoph Hellwig 2021-01-12 22:01 ` [PATCH v5 19/42] namei: handle idmapped mounts in may_*() helpers Christian Brauner 2021-01-12 22:01 ` Christian Brauner 2021-01-19 9:33 ` Christoph Hellwig 2021-01-19 9:33 ` Christoph Hellwig 2021-01-12 22:01 ` [PATCH v5 20/42] namei: introduce struct renamedata Christian Brauner 2021-01-12 22:01 ` Christian Brauner 2021-01-19 9:34 ` Christoph Hellwig 2021-01-19 9:34 ` Christoph Hellwig 2021-01-12 22:01 ` [PATCH v5 21/42] namei: prepare for idmapped mounts Christian Brauner 2021-01-12 22:01 ` Christian Brauner 2021-01-19 9:34 ` Christoph Hellwig 2021-01-19 9:34 ` Christoph Hellwig 2021-01-12 22:01 ` [PATCH v5 22/42] open: handle idmapped mounts in do_truncate() Christian Brauner 2021-01-12 22:01 ` Christian Brauner 2021-01-19 9:37 ` Christoph Hellwig 2021-01-19 9:37 ` Christoph Hellwig 2021-01-12 22:01 ` [PATCH v5 23/42] open: handle idmapped mounts Christian Brauner 2021-01-12 22:01 ` Christian Brauner 2021-01-19 9:38 ` Christoph Hellwig 2021-01-19 9:38 ` Christoph Hellwig 2021-01-19 14:57 ` Christian Brauner 2021-01-19 14:57 ` Christian Brauner 2021-01-12 22:01 ` [PATCH v5 24/42] af_unix: " Christian Brauner 2021-01-12 22:01 ` Christian Brauner 2021-01-19 9:39 ` Christoph Hellwig 2021-01-19 9:39 ` Christoph Hellwig 2021-01-12 22:01 ` [PATCH v5 25/42] utimes: " Christian Brauner 2021-01-12 22:01 ` Christian Brauner 2021-01-19 9:40 ` Christoph Hellwig 2021-01-19 9:40 ` Christoph Hellwig 2021-01-12 22:01 ` [PATCH v5 26/42] fcntl: " Christian Brauner 2021-01-12 22:01 ` Christian Brauner 2021-01-19 9:41 ` Christoph Hellwig 2021-01-19 9:41 ` Christoph Hellwig 2021-01-12 22:01 ` [PATCH v5 27/42] notify: " Christian Brauner 2021-01-12 22:01 ` Christian Brauner 2021-01-19 9:42 ` Christoph Hellwig 2021-01-19 9:42 ` Christoph Hellwig 2021-01-12 22:01 ` [PATCH v5 28/42] init: " Christian Brauner 2021-01-12 22:01 ` Christian Brauner 2021-01-12 22:01 ` [PATCH v5 29/42] ioctl: " Christian Brauner 2021-01-12 22:01 ` Christian Brauner 2021-01-19 9:44 ` Christoph Hellwig 2021-01-19 9:44 ` Christoph Hellwig 2021-01-12 22:01 ` [PATCH v5 30/42] would_dump: " Christian Brauner 2021-01-12 22:01 ` Christian Brauner 2021-01-19 9:44 ` Christoph Hellwig 2021-01-19 9:44 ` Christoph Hellwig 2021-01-12 22:01 ` [PATCH v5 31/42] exec: " Christian Brauner 2021-01-12 22:01 ` Christian Brauner 2021-01-19 9:45 ` Christoph Hellwig 2021-01-19 9:45 ` Christoph Hellwig 2021-01-12 22:01 ` [PATCH v5 32/42] fs: make helpers idmap mount aware Christian Brauner 2021-01-12 22:01 ` Christian Brauner 2021-01-19 9:45 ` Christoph Hellwig 2021-01-19 9:45 ` Christoph Hellwig 2021-01-12 22:01 ` [PATCH v5 33/42] apparmor: handle idmapped mounts Christian Brauner 2021-01-12 22:01 ` Christian Brauner 2021-01-12 22:01 ` [PATCH v5 34/42] ima: " Christian Brauner 2021-01-12 22:01 ` Christian Brauner 2021-01-12 22:01 ` [PATCH v5 35/42] fat: " Christian Brauner 2021-01-12 22:01 ` Christian Brauner 2021-01-12 22:01 ` [PATCH v5 36/42] ext4: support " Christian Brauner 2021-01-12 22:01 ` Christian Brauner 2021-01-12 22:01 ` [PATCH v5 37/42] xfs: " Christian Brauner 2021-01-12 22:01 ` Christian Brauner 2021-01-14 20:51 ` Dave Chinner 2021-01-14 20:51 ` Dave Chinner 2021-01-14 22:10 ` Christian Brauner 2021-01-14 22:10 ` Christian Brauner 2021-01-17 21:06 ` Dave Chinner 2021-01-17 21:06 ` Dave Chinner 2021-01-15 16:22 ` Christoph Hellwig 2021-01-15 16:22 ` Christoph Hellwig 2021-01-12 22:01 ` [PATCH v5 38/42] ecryptfs: do not mount on top of " Christian Brauner 2021-01-12 22:01 ` Christian Brauner 2021-01-12 22:01 ` [PATCH v5 39/42] overlayfs: " Christian Brauner 2021-01-12 22:01 ` Christian Brauner 2021-01-12 22:01 ` [PATCH v5 40/42] fs: introduce MOUNT_ATTR_IDMAP Christian Brauner 2021-01-12 22:01 ` Christian Brauner 2021-01-19 9:47 ` Christoph Hellwig 2021-01-19 9:47 ` Christoph Hellwig 2021-01-19 11:43 ` Christian Brauner 2021-01-19 11:43 ` Christian Brauner 2021-01-12 22:01 ` Christian Brauner [this message] 2021-01-12 22:01 ` [PATCH v5 41/42] tests: extend mount_setattr tests Christian Brauner 2021-01-13 0:32 ` Randy Dunlap 2021-01-13 0:32 ` Randy Dunlap 2021-01-12 22:01 ` [PATCH v5 42/42] generic/622: add fstests for idmapped mounts Christian Brauner 2021-01-12 22:01 ` Christian Brauner 2021-01-14 17:12 ` [PATCH v5 00/42] " Darrick J. Wong 2021-01-14 17:12 ` Darrick J. Wong 2021-01-14 17:54 ` Christian Brauner 2021-01-14 17:54 ` Christian Brauner 2021-01-14 20:43 ` Dave Chinner 2021-01-14 20:43 ` Dave Chinner 2021-01-15 16:24 ` Christoph Hellwig 2021-01-15 16:24 ` Christoph Hellwig 2021-01-15 17:51 ` Theodore Ts'o 2021-01-15 17:51 ` Theodore Ts'o 2021-01-16 0:27 ` Christian Brauner 2021-01-16 0:27 ` Christian Brauner
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20210112220124.837960-42-christian.brauner@ubuntu.com \ --to=christian.brauner@ubuntu.com \ --cc=James.Bottomley@hansenpartnership.com \ --cc=adilger.kernel@dilger.ca \ --cc=alban@kinvolk.io \ --cc=arnd@arndb.de \ --cc=casey@schaufler-ca.com \ --cc=containers@lists.linux-foundation.org \ --cc=corbet@lwn.net \ --cc=cyphar@cyphar.com \ --cc=dhowells@redhat.com \ --cc=dmitry.kasatkin@gmail.com \ --cc=ebiederm@xmission.com \ --cc=geofft@ldpreload.com \ --cc=hch@infradead.org \ --cc=hch@lst.de \ --cc=hirofumi@mail.parknet.co.jp \ --cc=john.johansen@canonical.com \ --cc=josh@joshtriplett.org \ --cc=keescook@chromium.org \ --cc=lennart@poettering.net \ --cc=linux-api@vger.kernel.org \ --cc=linux-ext4@vger.kernel.org \ --cc=linux-fsdevel@vger.kernel.org \ --cc=linux-integrity@vger.kernel.org \ --cc=linux-security-module@vger.kernel.org \ --cc=linux-xfs@vger.kernel.org \ --cc=luto@kernel.org \ --cc=mpatel@redhat.com \ --cc=paul@paul-moore.com \ --cc=selinux@vger.kernel.org \ --cc=seth.forshee@canonical.com \ --cc=smbarber@chromium.org \ --cc=stephen.smalley.work@gmail.com \ --cc=tkjos@google.com \ --cc=torvalds@linux-foundation.org \ --cc=tycho@tycho.ws \ --cc=tytso@mit.edu \ --cc=viro@zeniv.linux.org.uk \ --cc=zohar@linux.ibm.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.