[Devel] [PATCH RHEL7 COMMIT] ms/vfs: Don't create inodes with a uid or gid unknown to the vfs

Konstantin Khorenko khorenko at virtuozzo.com
Tue Jul 11 18:39:40 MSK 2017 

The commit is pushed to "branch-rh7-3.10.0-514.26.1.vz7.33.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-514.26.1.vz7.33.3
------>
commit f491a81f0d902f8188236e028b35e2376e389f57
Author: Eric W. Biederman <ebiederm at xmission.com>
Date:   Tue Jul 11 19:39:40 2017 +0400

    ms/vfs: Don't create inodes with a uid or gid unknown to the vfs
    
    It is expected that filesystems can not represent uids and gids from
    outside of their user namespace.  Keep things simple by not even
    trying to create filesystem nodes with non-sense uids and gids.
    
    Acked-by: Seth Forshee <seth.forshee at canonical.com>
    Signed-off-by: "Eric W. Biederman" <ebiederm at xmission.com>
    (cherry picked from commit 036d523641c66bef713042894a17f4335f199e49)
    
    https://jira.sw.ru/browse/PSBM-40075
    
    Signed-off-by: Konstantin Khorenko <khorenko at virtuozzo.com>
---
 fs/namei.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/fs/namei.c b/fs/namei.c
index 74abaeb..42a0e6b 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -2636,16 +2636,22 @@ static int may_delete(struct inode *dir, struct dentry *victim, bool isdir)
  *  1. We can't do it if child already exists (open has special treatment for
  *     this case, but since we are inlined it's OK)
  *  2. We can't do it if dir is read-only (done in permission())
- *  3. We should have write and exec permissions on dir
- *  4. We can't do it if dir is immutable (done in permission())
+ *  3. We can't do it if the fs can't represent the fsuid or fsgid.
+ *  4. We should have write and exec permissions on dir
+ *  5. We can't do it if dir is immutable (done in permission())
  */
 static inline int may_create(struct inode *dir, struct dentry *child)
 {
+	struct user_namespace *s_user_ns;
 	audit_inode_child(dir, child, AUDIT_TYPE_CHILD_CREATE);
 	if (child->d_inode)
 		return -EEXIST;
 	if (IS_DEADDIR(dir))
 		return -ENOENT;
+	s_user_ns = dir->i_sb->s_user_ns;
+	if (!kuid_has_mapping(s_user_ns, current_fsuid()) ||
+	    !kgid_has_mapping(s_user_ns, current_fsgid()))
+		return -EOVERFLOW;
 	return inode_permission(dir, MAY_WRITE | MAY_EXEC);
 }

More information about the Devel mailing list