linux/fs
Christian Brauner ba73d98745
namei: handle idmapped mounts in may_*() helpers
The may_follow_link(), may_linkat(), may_lookup(), may_open(),
may_o_create(), may_create_in_sticky(), may_delete(), and may_create()
helpers determine whether the caller is privileged enough to perform the
associated operations. Let them handle idmapped mounts by mapping the
inode or fsids according to the mount's user namespace. Afterwards the
checks are identical to non-idmapped inodes. The patch takes care to
retrieve the mount's user namespace right before performing permission
checks and passing it down into the fileystem so the user namespace
can't change in between by someone idmapping a mount that is currently
not idmapped. If the initial user namespace is passed nothing changes so
non-idmapped mounts will see identical behavior as before.

Link: https://lore.kernel.org/r/20210121131959.646623-13-christian.brauner@ubuntu.com
Cc: Christoph Hellwig <hch@lst.de>
Cc: David Howells <dhowells@redhat.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: linux-fsdevel@vger.kernel.org
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: James Morris <jamorris@linux.microsoft.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2021-01-24 14:27:17 +01:00
..
9p stat: handle idmapped mounts 2021-01-24 14:27:17 +01:00
adfs attr: handle idmapped mounts 2021-01-24 14:27:16 +01:00
affs attr: handle idmapped mounts 2021-01-24 14:27:16 +01:00
afs stat: handle idmapped mounts 2021-01-24 14:27:17 +01:00
autofs file: Replace ksys_close with close_fd 2020-12-10 12:42:59 -06:00
befs
bfs inode: make init and permission helpers idmapped mount aware 2021-01-24 14:27:16 +01:00
btrfs namei: handle idmapped mounts in may_*() helpers 2021-01-24 14:27:17 +01:00
cachefiles xattr: handle idmapped mounts 2021-01-24 14:27:17 +01:00
ceph stat: handle idmapped mounts 2021-01-24 14:27:17 +01:00
cifs stat: handle idmapped mounts 2021-01-24 14:27:17 +01:00
coda stat: handle idmapped mounts 2021-01-24 14:27:17 +01:00
configfs namei: make permission helpers idmapped mount aware 2021-01-24 14:27:16 +01:00
cramfs
crypto inode: make init and permission helpers idmapped mount aware 2021-01-24 14:27:16 +01:00
debugfs
devpts
dlm
ecryptfs stat: handle idmapped mounts 2021-01-24 14:27:17 +01:00
efivarfs inode: make init and permission helpers idmapped mount aware 2021-01-24 14:27:16 +01:00
efs
erofs stat: handle idmapped mounts 2021-01-24 14:27:17 +01:00
exfat stat: handle idmapped mounts 2021-01-24 14:27:17 +01:00
exportfs exportfs: Add a function to return the raw output from fh_to_dentry() 2020-12-09 09:39:38 -05:00
ext2 stat: handle idmapped mounts 2021-01-24 14:27:17 +01:00
ext4 stat: handle idmapped mounts 2021-01-24 14:27:17 +01:00
f2fs stat: handle idmapped mounts 2021-01-24 14:27:17 +01:00
fat stat: handle idmapped mounts 2021-01-24 14:27:17 +01:00
freevxfs
fscache
fuse stat: handle idmapped mounts 2021-01-24 14:27:17 +01:00
gfs2 stat: handle idmapped mounts 2021-01-24 14:27:17 +01:00
hfs acl: handle idmapped mounts 2021-01-24 14:27:17 +01:00
hfsplus stat: handle idmapped mounts 2021-01-24 14:27:17 +01:00
hostfs attr: handle idmapped mounts 2021-01-24 14:27:16 +01:00
hpfs attr: handle idmapped mounts 2021-01-24 14:27:16 +01:00
hugetlbfs attr: handle idmapped mounts 2021-01-24 14:27:16 +01:00
iomap mm: memcontrol: Use helpers to read page's memcg data 2020-12-02 18:28:05 -08:00
isofs
jbd2 jbd2: add a helper to find out number of fast commit blocks 2020-12-17 13:30:45 -05:00
jffs2 acl: handle idmapped mounts 2021-01-24 14:27:17 +01:00
jfs acl: handle idmapped mounts 2021-01-24 14:27:17 +01:00
kernfs stat: handle idmapped mounts 2021-01-24 14:27:17 +01:00
lockd fs/lockd: convert comma to semicolon 2020-12-16 07:57:37 -05:00
minix stat: handle idmapped mounts 2021-01-24 14:27:17 +01:00
nfs stat: handle idmapped mounts 2021-01-24 14:27:17 +01:00
nfs_common nfs_common: need lock during iterate through the list 2020-12-09 09:38:34 -05:00
nfsd xattr: handle idmapped mounts 2021-01-24 14:27:17 +01:00
nilfs2 attr: handle idmapped mounts 2021-01-24 14:27:16 +01:00
nls
notify fs: add file and path permissions helpers 2021-01-24 14:27:16 +01:00
ntfs attr: handle idmapped mounts 2021-01-24 14:27:16 +01:00
ocfs2 stat: handle idmapped mounts 2021-01-24 14:27:17 +01:00
omfs attr: handle idmapped mounts 2021-01-24 14:27:16 +01:00
openpromfs
orangefs stat: handle idmapped mounts 2021-01-24 14:27:17 +01:00
overlayfs xattr: handle idmapped mounts 2021-01-24 14:27:17 +01:00
proc stat: handle idmapped mounts 2021-01-24 14:27:17 +01:00
pstore Tracing updates for 5.11 2020-12-17 13:22:17 -08:00
qnx4
qnx6
quota \n 2020-12-17 11:00:37 -08:00
ramfs attr: handle idmapped mounts 2021-01-24 14:27:16 +01:00
reiserfs acl: handle idmapped mounts 2021-01-24 14:27:17 +01:00
romfs
squashfs
sysfs
sysv stat: handle idmapped mounts 2021-01-24 14:27:17 +01:00
tracefs
ubifs stat: handle idmapped mounts 2021-01-24 14:27:17 +01:00
udf stat: handle idmapped mounts 2021-01-24 14:27:17 +01:00
ufs attr: handle idmapped mounts 2021-01-24 14:27:16 +01:00
unicode
vboxsf stat: handle idmapped mounts 2021-01-24 14:27:17 +01:00
verity fs: add file and path permissions helpers 2021-01-24 14:27:16 +01:00
xfs acl: handle idmapped mounts 2021-01-24 14:27:17 +01:00
zonefs attr: handle idmapped mounts 2021-01-24 14:27:16 +01:00
aio.c Merge branch 'akpm' (patches from Andrew) 2020-12-15 12:53:37 -08:00
anon_inodes.c
attr.c commoncap: handle idmapped mounts 2021-01-24 14:27:17 +01:00
bad_inode.c
binfmt_aout.c
binfmt_elf_fdpic.c
binfmt_elf.c Merge branch 'exec-for-v5.11' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 2020-12-15 19:29:43 -08:00
binfmt_em86.c
binfmt_flat.c
binfmt_misc.c
binfmt_script.c
block_dev.c block: pre-initialize struct block_device in bdev_alloc_inode 2021-01-07 20:57:53 -07:00
buffer.c for-5.11/block-2020-12-14 2020-12-16 12:57:51 -08:00
char_dev.c
compat_binfmt_elf.c
coredump.c Merge branch 'exec-for-v5.11' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 2020-12-15 19:29:43 -08:00
d_path.c
dax.c mm: simplify follow_pte{,pmd} 2020-12-15 22:46:19 -08:00
dcache.c fs: Kill DCACHE_DONTCACHE dentry even if DCACHE_REFERENCED is set 2020-12-10 17:33:17 -05:00
dcookies.c
direct-io.c
drop_caches.c
eventfd.c
eventpoll.c epoll: add syscall epoll_pwait2 2020-12-19 11:18:38 -08:00
exec.c namei: make permission helpers idmapped mount aware 2021-01-24 14:27:16 +01:00
fcntl.c inode: make init and permission helpers idmapped mount aware 2021-01-24 14:27:16 +01:00
fhandle.c
file_table.c
file.c kernel/io_uring: cancel io_uring before task works 2020-12-30 19:36:54 -07:00
filesystems.c
fs_context.c
fs_parser.c
fs_pin.c
fs_struct.c
fs_types.c
fs-writeback.c writeback: don't warn on an unregistered BDI in __mark_inode_dirty 2020-12-16 11:56:02 +01:00
fsopen.c
init.c namei: handle idmapped mounts in may_*() helpers 2021-01-24 14:27:17 +01:00
inode.c namei: handle idmapped mounts in may_*() helpers 2021-01-24 14:27:17 +01:00
internal.h namei: handle idmapped mounts in may_*() helpers 2021-01-24 14:27:17 +01:00
io_uring.c io_uring: ensure finish_wait() is always called in __io_uring_task_cancel() 2021-01-15 16:04:23 -07:00
io-wq.c io-wq: kill now unused io_wq_cancel_all() 2020-12-20 10:47:42 -07:00
io-wq.h io-wq: kill now unused io_wq_cancel_all() 2020-12-20 10:47:42 -07:00
ioctl.c
Kconfig
Kconfig.binfmt
kernel_read_file.c
libfs.c stat: handle idmapped mounts 2021-01-24 14:27:17 +01:00
locks.c Merge branch 'exec-for-v5.11' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 2020-12-15 19:29:43 -08:00
Makefile
mbcache.c
mount.h
mpage.c
namei.c namei: handle idmapped mounts in may_*() helpers 2021-01-24 14:27:17 +01:00
namespace.c mount: attach mappings to mounts 2021-01-24 14:27:15 +01:00
no-block.c
nsfs.c
open.c attr: handle idmapped mounts 2021-01-24 14:27:16 +01:00
pipe.c block: remove i_bdev 2020-12-01 14:53:39 -07:00
pnode.c
pnode.h fs/namespace.c: WARN if mnt_count has become negative 2020-12-10 17:33:17 -05:00
posix_acl.c acl: handle idmapped mounts 2021-01-24 14:27:17 +01:00
proc_namespace.c proc mountinfo: make splice available again 2020-12-27 12:00:36 -08:00
read_write.c
readdir.c
remap_range.c namei: make permission helpers idmapped mount aware 2021-01-24 14:27:16 +01:00
select.c poll: fix performance regression due to out-of-line __put_user() 2021-01-08 11:06:29 -08:00
seq_file.c
signalfd.c
splice.c
stack.c
stat.c stat: handle idmapped mounts 2021-01-24 14:27:17 +01:00
statfs.c block: remove i_bdev 2020-12-01 14:53:39 -07:00
super.c block: remove i_bdev 2020-12-01 14:53:39 -07:00
sync.c
timerfd.c
userfaultfd.c userfaultfd: add user-mode only option to unprivileged_userfaultfd sysctl knob 2020-12-15 12:13:46 -08:00
utimes.c attr: handle idmapped mounts 2021-01-24 14:27:16 +01:00
xattr.c namei: handle idmapped mounts in may_*() helpers 2021-01-24 14:27:17 +01:00