Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-16 17:12:06 +00:00
Code Issues Packages Projects Releases Wiki Activity
a6435940b6
linux/fs
History
Christian Brauner a6435940b6
mount: attach mappings to mounts 
In order to support per-mount idmappings vfsmounts are marked with user
namespaces. The idmapping of the user namespace will be used to map the
ids of vfs objects when they are accessed through that mount. By default
all vfsmounts are marked with the initial user namespace. The initial
user namespace is used to indicate that a mount is not idmapped. All
operations behave as before.

Based on prior discussions we want to attach the whole user namespace
and not just a dedicated idmapping struct. This allows us to reuse all
the helpers that already exist for dealing with idmappings instead of
introducing a whole new range of helpers. In addition, if we decide in
the future that we are confident enough to enable unprivileged users to
setup idmapped mounts the permission checking can take into account
whether the caller is privileged in the user namespace the mount is
currently marked with.
Later patches enforce that once a mount has been idmapped it can't be
remapped. This keeps permission checking and life-cycle management
simple. Users wanting to change the idmapped can always create a new
detached mount with a different idmapping.

Add a new mnt_userns member to vfsmount and two simple helpers to
retrieve the mnt_userns from vfsmounts and files.

The idea to attach user namespaces to vfsmounts has been floated around
in various forms at Linux Plumbers in ~2018 with the original idea
tracing back to a discussion in 2017 at a conference in St. Petersburg
between Christoph, Tycho, and myself.

Link: https://lore.kernel.org/r/20210121131959.646623-2-christian.brauner@ubuntu.com
Cc: Christoph Hellwig <hch@lst.de>
Cc: David Howells <dhowells@redhat.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: linux-fsdevel@vger.kernel.org
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2021-01-24 14:27:15 +01:00
..
9p 9p for 5.11-rc1 2020-12-21 10:28:02 -08:00
adfs Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2020-10-24 12:26:05 -07:00
affs Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2020-10-24 12:26:05 -07:00
afs afs: Fix directory entry size calculation 2021-01-04 12:25:19 +00:00
autofs file: Replace ksys_close with close_fd 2020-12-10 12:42:59 -06:00
befs [PATCH] reduce boilerplate in fsid handling 2020-09-18 16:45:50 -04:00
bfs bfs: don't use WARNING: string when it's just info. 2020-12-15 22:46:18 -08:00
btrfs for-5.11-rc3-tag 2021-01-11 14:18:56 -08:00
cachefiles cachefiles: Handle readpage error correctly 2020-10-26 10:42:54 -07:00
ceph ceph: reencode gid_list when reconnecting 2020-12-28 20:34:32 +01:00
cifs cifs: style: replace one-element array with flexible-array 2021-01-13 13:36:45 -06:00
coda docs: filesystems: convert coda.txt to ReST 2020-05-05 09:22:21 -06:00
configfs configfs: fix kernel-doc markup issue 2020-11-14 10:22:45 +01:00
cramfs [PATCH] reduce boilerplate in fsid handling 2020-09-18 16:45:50 -04:00
crypto f2fs-for-5.11-rc1 2020-12-17 11:18:00 -08:00
debugfs debugfs: remove return value of debugfs_create_devm_seqfile() 2020-10-30 08:37:39 +01:00
devpts
dlm fs: dlm: check on existing node address 2020-11-10 12:14:20 -06:00
ecryptfs mm, treewide: rename kzfree() to kfree_sensitive() 2020-08-07 11:33:22 -07:00
efivarfs efivarfs: revert "fix memory leak in efivarfs_create()" 2020-11-25 16:55:02 +01:00
efs [PATCH] reduce boilerplate in fsid handling 2020-09-18 16:45:50 -04:00
erofs erofs: avoid using generic_block_bmap 2020-12-10 11:07:40 +08:00
exfat exfat: Avoid allocating upcase table using kcalloc() 2020-12-22 12:31:17 +09:00
exportfs exportfs: Add a function to return the raw output from fh_to_dentry() 2020-12-09 09:39:38 -05:00
ext2 ext2: Fix fall-through warnings for Clang 2020-11-23 10:36:53 +01:00
ext4 A number of bug fixes for ext4: 2021-01-15 14:54:24 -08:00
f2fs f2fs-for-5.11-rc1 2020-12-17 11:18:00 -08:00
fat [PATCH] reduce boilerplate in fsid handling 2020-09-18 16:45:50 -04:00
freevxfs
fscache Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next 2020-06-03 16:27:18 -07:00
fuse fuse: fix bad inode 2020-12-10 15:33:14 +01:00
gfs2 gfs2: in signal_our_withdraw wait for unfreeze of _this_ fs only 2020-12-03 17:04:41 +01:00
hfs fs: Replace zero-length array with flexible-array member 2020-10-29 17:22:59 -05:00
hfsplus fs: Replace zero-length array with flexible-array member 2020-10-29 17:22:59 -05:00
hostfs fix hostfs_open() use of ->f_path.dentry 2020-12-21 21:42:29 -05:00
hpfs [PATCH] reduce boilerplate in fsid handling 2020-09-18 16:45:50 -04:00
hugetlbfs hugetlbfs: prevent filesystem stacking of hugetlbfs 2020-08-12 10:57:56 -07:00
iomap mm: memcontrol: Use helpers to read page's memcg data 2020-12-02 18:28:05 -08:00
isofs fs: Replace zero-length array with flexible-array member 2020-10-29 17:22:59 -05:00
jbd2 jbd2: add a helper to find out number of fast commit blocks 2020-12-17 13:30:45 -05:00
jffs2 jffs2: Fix NULL pointer dereference in rp_size fs option parsing 2020-12-13 21:57:21 +01:00
jfs jfs: Fix array index bounds check in dbAdjTree 2020-11-13 16:03:07 -06:00
kernfs fs/kernfs: remove the double check of dentry->inode 2020-12-09 19:03:49 +01:00
lockd fs/lockd: convert comma to semicolon 2020-12-16 07:57:37 -05:00
minix [PATCH] reduce boilerplate in fsid handling 2020-09-18 16:45:50 -04:00
nfs NFS: nfs_igrab_and_active must first reference the superblock 2021-01-10 16:29:28 -05:00
nfs_common nfs_common: need lock during iterate through the list 2020-12-09 09:38:34 -05:00
nfsd Fixes: 2021-01-11 11:35:46 -08:00
nilfs2 fs/nilfs2: remove some unused macros to tame gcc 2020-12-15 22:46:17 -08:00
nls treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
notify fanotify: Fix sys_fanotify_mark() on native x86-32 2020-12-28 11:58:59 +01:00
ntfs fs/ntfs: remove unused variable attr_len 2020-12-15 12:13:37 -08:00
ocfs2 ocfs2: ratelimit the 'max lookup times reached' notice 2020-12-15 12:13:37 -08:00
omfs fs: omfs: use kmemdup() rather than kmalloc+memcpy 2020-09-22 23:39:45 -04:00
openpromfs
orangefs orangefs: add splice file operations 2020-12-16 16:14:08 -05:00
overlayfs ovl: unprivieged mounts 2020-12-14 15:26:14 +01:00
proc mm: don't play games with pinned pages in clear_page_refs 2021-01-16 10:51:26 -08:00
pstore Tracing updates for 5.11 2020-12-17 13:22:17 -08:00
qnx4 [PATCH] reduce boilerplate in fsid handling 2020-09-18 16:45:50 -04:00
qnx6 [PATCH] reduce boilerplate in fsid handling 2020-09-18 16:45:50 -04:00
quota \n 2020-12-17 11:00:37 -08:00
ramfs ramfs: fix nommu mmap with gaps in the page cache 2020-10-16 11:11:22 -07:00
reiserfs reiserfs: add check for an invalid ih_entry_count 2020-11-26 16:57:28 +01:00
romfs Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2020-10-24 12:26:05 -07:00
squashfs Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2020-10-24 12:26:05 -07:00
sysfs sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output 2020-10-02 12:02:30 +02:00
sysv [PATCH] reduce boilerplate in fsid handling 2020-09-18 16:45:50 -04:00
tracefs
ubifs This pull request contains changes for JFFS2, UBI and UBIFS: 2020-12-17 17:46:34 -08:00
udf Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2020-10-24 12:26:05 -07:00
ufs Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2020-10-24 12:26:05 -07:00
unicode unicode: Add utf8_casefold_hash 2020-09-10 14:03:31 -07:00
vboxsf Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2020-10-15 15:11:56 -07:00
verity Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2020-12-14 12:18:19 -08:00
xfs New code for 5.11: 2020-12-18 12:50:18 -08:00
zonefs zonefs: select CONFIG_CRC32 2021-01-04 09:06:42 +09:00
aio.c Merge branch 'akpm' (patches from Andrew) 2020-12-15 12:53:37 -08:00
anon_inodes.c
attr.c
bad_inode.c fs: move the fiemap definitions out of fs.h 2020-06-03 23:16:55 -04:00
binfmt_aout.c exec: Rename flush_old_exec begin_new_exec 2020-05-07 16:55:47 -05:00
binfmt_elf_fdpic.c binfmt_elf, binfmt_elf_fdpic: use a VMA list snapshot 2020-10-16 11:11:21 -07:00
binfmt_elf.c Merge branch 'exec-for-v5.11' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 2020-12-15 19:29:43 -08:00
binfmt_em86.c Merge branch 'akpm' (patches from Andrew) 2020-06-04 19:18:29 -07:00
binfmt_flat.c binfmt_flat: revert "binfmt_flat: don't offset the data start" 2020-08-24 08:49:13 +10:00
binfmt_misc.c Merge branch 'akpm' (patches from Andrew) 2020-06-04 19:18:29 -07:00
binfmt_script.c Merge branch 'akpm' (patches from Andrew) 2020-06-04 19:18:29 -07:00
block_dev.c block: pre-initialize struct block_device in bdev_alloc_inode 2021-01-07 20:57:53 -07:00
buffer.c for-5.11/block-2020-12-14 2020-12-16 12:57:51 -08:00
char_dev.c vfs: allow unprivileged whiteout creation 2020-05-14 16:44:23 +02:00
compat_binfmt_elf.c elf: Expose ELF header on arch_setup_additional_pages() 2020-10-26 13:46:47 +01:00
coredump.c Merge branch 'exec-for-v5.11' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 2020-12-15 19:29:43 -08:00
d_path.c fs: fix NULL dereference due to data race in prepend_path() 2020-10-14 14:54:45 -07:00
dax.c mm: simplify follow_pte{,pmd} 2020-12-15 22:46:19 -08:00
dcache.c fs: Kill DCACHE_DONTCACHE dentry even if DCACHE_REFERENCED is set 2020-12-10 17:33:17 -05:00
dcookies.c
direct-io.c \n 2020-10-15 15:03:10 -07:00
drop_caches.c sysctl: pass kernel pointers to ->proc_handler 2020-04-27 02:07:40 -04:00
eventfd.c eventfd: Export eventfd_ctx_do_read() 2020-11-15 09:49:10 -05:00
eventpoll.c epoll: add syscall epoll_pwait2 2020-12-19 11:18:38 -08:00
exec.c Merge branch 'parisc-5.11-1' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux 2020-12-16 12:10:40 -08:00
fcntl.c fcntl: Fix potential deadlock in send_sig{io, urg}() 2020-11-05 07:44:15 -05:00
fhandle.c
file_table.c epoll: take epitem list out of struct file 2020-10-25 20:02:08 -04:00
file.c kernel/io_uring: cancel io_uring before task works 2020-12-30 19:36:54 -07:00
filesystems.c fs/filesystems.c: downgrade user-reachable WARN_ONCE() to pr_warn_once() 2020-04-10 15:36:22 -07:00
fs_context.c treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
fs_parser.c fs_parse: mark fs_param_bad_value() as static 2020-10-13 18:38:27 -07:00
fs_pin.c
fs_struct.c vfs: Use sequence counter with associated spinlock 2020-07-29 16:14:27 +02:00
fs_types.c
fs-writeback.c writeback: don't warn on an unregistered BDI in __mark_inode_dirty 2020-12-16 11:56:02 +01:00
fsopen.c treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
init.c init: add an init_dup helper 2020-08-04 21:02:38 -04:00
inode.c Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2020-12-25 10:54:29 -08:00
internal.h for-5.11/block-2020-12-14 2020-12-16 12:57:51 -08:00
io_uring.c io_uring: ensure finish_wait() is always called in __io_uring_task_cancel() 2021-01-15 16:04:23 -07:00
io-wq.c io-wq: kill now unused io_wq_cancel_all() 2020-12-20 10:47:42 -07:00
io-wq.h io-wq: kill now unused io_wq_cancel_all() 2020-12-20 10:47:42 -07:00
ioctl.c fs: remove ksys_ioctl 2020-07-31 08:16:01 +02:00
Kconfig tmpfs: support 64-bit inums per-sb 2020-08-07 11:33:24 -07:00
Kconfig.binfmt treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
kernel_read_file.c fs/kernel_file_read: Add "offset" arg for partial reads 2020-10-05 13:37:04 +02:00
libfs.c f2fs-for-5.11-rc1 2020-12-17 11:18:00 -08:00
locks.c Merge branch 'exec-for-v5.11' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 2020-12-15 19:29:43 -08:00
Makefile Refactored code for 5.10: 2020-10-23 11:33:41 -07:00
mbcache.c
mount.h mnt: Use generic ns_common::count 2020-08-19 14:14:19 +02:00
mpage.c fs: convert mpage_readpages to mpage_readahead 2020-06-02 10:59:07 -07:00
namei.c Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2020-12-25 10:54:29 -08:00
namespace.c mount: attach mappings to mounts 2021-01-24 14:27:15 +01:00
no-block.c
nsfs.c nsproxy: attach to namespaces via pidfds 2020-05-13 11:41:22 +02:00
open.c Merge branch 'exec-for-v5.11' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 2020-12-15 19:29:43 -08:00
pipe.c block: remove i_bdev 2020-12-01 14:53:39 -07:00
pnode.c propagate_one(): mnt_set_mountpoint() needs mount_lock 2020-04-27 10:37:14 -04:00
pnode.h fs/namespace.c: WARN if mnt_count has become negative 2020-12-10 17:33:17 -05:00
posix_acl.c vfs: clean up posix_acl_permission() logic aroudn MAY_NOT_BLOCK 2020-06-08 11:04:19 -07:00
proc_namespace.c proc mountinfo: make splice available again 2020-12-27 12:00:36 -08:00
read_write.c Refactored code for 5.10: 2020-10-23 11:33:41 -07:00
readdir.c fs: remove ksys_getdents64 2020-07-31 08:16:00 +02:00
remap_range.c vfs: verify source area in vfs_dedupe_file_range_one() 2020-12-14 15:26:13 +01:00
select.c poll: fix performance regression due to out-of-line __put_user() 2021-01-08 11:06:29 -08:00
seq_file.c fix return values of seq_read_iter() 2020-11-15 22:12:53 -05:00
signalfd.c treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
splice.c io_uring-5.10-2020-10-24 2020-10-24 12:40:18 -07:00
stack.c
stat.c fs: remove KSTAT_QUERY_FLAGS 2020-09-26 22:55:05 -04:00
statfs.c block: remove i_bdev 2020-12-01 14:53:39 -07:00
super.c block: remove i_bdev 2020-12-01 14:53:39 -07:00
sync.c overlayfs update for 5.8 2020-06-09 15:40:50 -07:00
timerfd.c
userfaultfd.c userfaultfd: add user-mode only option to unprivileged_userfaultfd sysctl knob 2020-12-15 12:13:46 -08:00
utimes.c fs: expose utimes_common 2020-07-31 08:16:01 +02:00
xattr.c vfs: move cap_convert_nscap() call into vfs_setxattr() 2020-12-14 15:26:13 +01:00