diff options
| author |   Christian Brauner <christian.brauner@ubuntu.com> | 2021-01-21 14:19:25 +0100 |
|---|---|---|
| committer | Christian Brauner <christian.brauner@ubuntu.com> | 2021-01-24 14:27:16 +0100 |
| commit | 21cb47be6fb9ece7e6ee63f6780986faa384a77c (patch) | |
| tree | 986aa824a8b3aa45487b26364dbde88dbc853ff4 /fs/namei.c | |
| parent | namei: make permission helpers idmapped mount aware (diff) | |
| download | linux-dev-21cb47be6fb9ece7e6ee63f6780986faa384a77c.tar.xz linux-dev-21cb47be6fb9ece7e6ee63f6780986faa384a77c.zip | |
inode: make init and permission helpers idmapped mount aware
The inode_owner_or_capable() helper determines whether the caller is the
owner of the inode or is capable with respect to that inode. Allow it to
handle idmapped mounts. If the inode is accessed through an idmapped
mount it according to the mount's user namespace. Afterwards the checks
are identical to non-idmapped mounts. If the initial user namespace is
passed nothing changes so non-idmapped mounts will see identical
behavior as before.
Similarly, allow the inode_init_owner() helper to handle idmapped
mounts. It initializes a new inode on idmapped mounts by mapping the
fsuid and fsgid of the caller from the mount's user namespace. If the
initial user namespace is passed nothing changes so non-idmapped mounts
will see identical behavior as before.
Link: https://lore.kernel.org/r/20210121131959.646623-7-christian.brauner@ubuntu.com
Cc: Christoph Hellwig <hch@lst.de>
Cc: David Howells <dhowells@redhat.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: linux-fsdevel@vger.kernel.org
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: James Morris <jamorris@linux.microsoft.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Diffstat (limited to '')
| -rw-r--r-- | fs/namei.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/fs/namei.c b/fs/namei.c index d78d74f5f5af..04b001ddade3 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -1088,7 +1088,8 @@ int may_linkat(struct path *link) /* Source inode owner (or CAP_FOWNER) can hardlink all they like, * otherwise, it must be a safe source. */ - if (safe_hardlink_source(inode) || inode_owner_or_capable(inode)) + if (safe_hardlink_source(inode) || + inode_owner_or_capable(&init_user_ns, inode)) return 0; audit_log_path_denied(AUDIT_ANOM_LINK, "linkat"); @@ -2940,7 +2941,7 @@ static int may_open(const struct path *path, int acc_mode, int flag) } /* O_NOATIME can only be set by the owner or superuser */ - if (flag & O_NOATIME && !inode_owner_or_capable(inode)) + if (flag & O_NOATIME && !inode_owner_or_capable(&init_user_ns, inode)) return -EPERM; return 0; |