[Devel] [PATCH RH7 00/22] Port: user namespace owned mounts
Pavel Tikhomirov
ptikhomirov at virtuozzo.com
Thu Mar 10 08:31:53 PST 2016
We need it as secure way to provide privileged access to mounts
in containers. For instance setting suid bit, security.capability
xattr, allowing remount in CT.
Those patches are not all in MS now, but actually "[PATCH v4 0/7]
Initial support for user namespace owned mounts" patch series is
partially in Eric W. Biederman's testing tree, here:
git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git for-testing
Other patches are Acked and have stayed without any feedback since
December 2015, see "[PATCH v2 00/19] Support fuse mounts in user
namespaces".
https://jira.sw.ru/browse/PSBM-43294
https://jira.sw.ru/browse/PSBM-43267
Major changes when porting:
1) dropped patches for selinux and other LSM as we do not
support them yet
2) dropped patch "new/fs: Update posix_acl support to handle
user namespace mounts" as that will need porting >=8 additional
patches from mainstream and now I do not know about any real
need of per s_user_ns posix ACLs in Virtuozzo, please correct
me if I'm wrong.
3) dropped fuse specific patches
4) port several needed patches from MS and add some fixes - migth
need to send them upstream.
Now we mount ploop disk to container root before userns for CT has
been created so root mount will have wrong s_user_ns on sb, for
testing purpose I include last patch which allows to change s_user_ns
on remount, but that is not safe, need to think how we can add it to
right userns from the begining.
Pavel Tikhomirov (22):
ms/fs/super.c: fix WARN on alloc_super() fail path
ebiederm/fs: Add user namesapace member to struct super_block
fs: fix a posible leak of allocated superblock
ms/mnt: Only change user settable mount flags in remount
ms/mnt: Move the test for MNT_LOCK_READONLY from change_mount_flags
into do_remount
ms/mnt: Correct permission checks in do_remount
ebiederm/userns: Simpilify MNT_NODEV handling.
ebiederm/fs: Limit file caps to the user namespace of the super block
port/block_dev: Support checking inode permissions in lookup_bdev()
port/block_dev: Check permissions towards block device inode when
mounting
port/fs: Treat foreign mounts as nosuid
fs: remove excess check for in_userns
port/userns: Replace in_userns with current_in_userns
port/fs: Check for invalid i_uid in may_follow_link()
port/cred: Reject inodes with invalid ids in set_create_file_as()
port/fs: Refuse uid/gid changes which don't map into s_user_ns
port/fs: Ensure the mounter of a filesystem is privileged towards its
inodes
port/fs: Don't remove suid for CAP_FSETID in s_user_ns
ms/fs: Add a missing permission check to do_umount
port/fs: Allow superblock owner to access do_remount_sb()
port/capabilities: Allow privileged user in s_user_ns to set
security.* xattrs
draft/ext4: add option to set userns of superblock
drivers/md/dm-table.c | 2 +-
drivers/mtd/mtdsuper.c | 2 +-
fs/attr.c | 11 ++++++
fs/block_dev.c | 20 ++++++++---
fs/exec.c | 2 +-
fs/ext4/super.c | 68 +++++++++++++++++++++++++++++++++----
fs/inode.c | 6 +++-
fs/namei.c | 11 ++++--
fs/namespace.c | 76 ++++++++++++++++++++++++++++++++++--------
fs/proc/namespaces.c | 2 ++
fs/proc/root.c | 3 +-
fs/quota/quota.c | 2 +-
fs/super.c | 46 +++++++++++++++++++++----
include/linux/fs.h | 15 ++++++++-
include/linux/mount.h | 10 +++++-
include/linux/uidgid.h | 10 ++++++
include/linux/user_namespace.h | 6 ++++
kernel/capability.c | 13 +++++---
kernel/cred.c | 2 ++
kernel/user_namespace.c | 14 ++++++++
security/commoncap.c | 14 +++++---
security/selinux/hooks.c | 2 +-
22 files changed, 286 insertions(+), 51 deletions(-)
--
1.9.3
More information about the Devel
mailing list