git.monstr.eu Git - linux-2.6-microblaze.git/commit

capability: handle idmapped mounts

In order to determine whether a caller holds privilege over a given
inode the capability framework exposes the two helpers
privileged_wrt_inode_uidgid() and capable_wrt_inode_uidgid(). The former
verifies that the inode has a mapping in the caller's user namespace and
the latter additionally verifies that the caller has the requested
capability in their current user namespace.
If the inode is accessed through an idmapped mount map it into the
mount's user namespace. Afterwards the checks are identical to
non-idmapped inodes. If the initial user namespace is passed all
operations are a nop so non-idmapped mounts will not see a change in
behavior.

Link: https://lore.kernel.org/r/20210121131959.646623-5-christian.brauner@ubuntu.com
Cc: Christoph Hellwig <hch@lst.de>
Cc: David Howells <dhowells@redhat.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: linux-fsdevel@vger.kernel.org
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: James Morris <jamorris@linux.microsoft.com>
Acked-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

author	Christian Brauner <christian.brauner@ubuntu.com>
	Thu, 21 Jan 2021 13:19:23 +0000 (14:19 +0100)
committer	Christian Brauner <christian.brauner@ubuntu.com>
	Sun, 24 Jan 2021 13:27:16 +0000 (14:27 +0100)
commit	0558c1bf5a0811bf5e3753eed911a15b9bd08271
tree	bbaad2c11479beaac5328c5c3eb33241f9b3cc45	tree \| snapshot
parent	02f92b3868a1b34ab98464e76b0e4e060474ba10	commit \| diff

fs/attr.c		diff \| blob \| history
fs/exec.c		diff \| blob \| history
fs/inode.c		diff \| blob \| history
fs/namei.c		diff \| blob \| history
fs/overlayfs/super.c		diff \| blob \| history
fs/posix_acl.c		diff \| blob \| history
fs/xfs/xfs_ioctl.c		diff \| blob \| history
include/linux/capability.h		diff \| blob \| history
kernel/capability.c		diff \| blob \| history
security/commoncap.c		diff \| blob \| history