| Message ID | 1853230.1684516880@warthog.procyon.org.uk (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
| Series | cachefiles: Allow the cache to be non-root | expand |
On Fri, 2023-05-19 at 18:21 +0100, David Howells wrote: > > Set mode 0600 on files in the cache so that cachefilesd can run as an > unprivileged user rather than leaving the files all with 0. Directories > are already set to 0700. > > Userspace then needs to set the uid and gid before issuing the "bind" > command and the cache must've been chown'd to those IDs. > > Signed-off-by: David Howells <dhowells@redhat.com> > cc: David Howells <dhowells@redhat.com> > cc: Jeff Layton <jlayton@kernel.org> > cc: linux-cachefs@redhat.com > cc: linux-erofs@lists.ozlabs.org > cc: linux-fsdevel@vger.kernel.org > --- > fs/cachefiles/namei.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/fs/cachefiles/namei.c b/fs/cachefiles/namei.c > index 82219a8f6084..66482c193e86 100644 > --- a/fs/cachefiles/namei.c > +++ b/fs/cachefiles/namei.c > @@ -451,7 +451,8 @@ struct file *cachefiles_create_tmpfile(struct cachefiles_object *object) > > ret = cachefiles_inject_write_error(); > if (ret == 0) { > - file = vfs_tmpfile_open(&nop_mnt_idmap, &parentpath, S_IFREG, > + file = vfs_tmpfile_open(&nop_mnt_idmap, &parentpath, > + S_IFREG | 0600, > O_RDWR | O_LARGEFILE | O_DIRECT, > cache->cache_cred); > ret = PTR_ERR_OR_ZERO(file); > Seems safe enough, and if it helps allow this to run unprivileged then: Reviewed-by: Jeff Layton <jlayton@kernel.org>
On 2023/5/20 10:21, David Howells wrote: > > Set mode 0600 on files in the cache so that cachefilesd can run as an > unprivileged user rather than leaving the files all with 0. Directories > are already set to 0700. > > Userspace then needs to set the uid and gid before issuing the "bind" > command and the cache must've been chown'd to those IDs. > > Signed-off-by: David Howells <dhowells@redhat.com> > cc: David Howells <dhowells@redhat.com> > cc: Jeff Layton <jlayton@kernel.org> > cc: linux-cachefs@redhat.com > cc: linux-erofs@lists.ozlabs.org > cc: linux-fsdevel@vger.kernel.org It seems useful on our side as well and safe: Reviewed-by: Gao Xiang <hsiangkao@linux.alibaba.com> Thanks, Gao Xiang
On Fri, 19 May 2023 18:21:20 +0100, David Howells wrote: > > Set mode 0600 on files in the cache so that cachefilesd can run as an > unprivileged user rather than leaving the files all with 0. Directories > are already set to 0700. > > Userspace then needs to set the uid and gid before issuing the "bind" > command and the cache must've been chown'd to those IDs. > > [...] Applied to the vfs.misc branch of the vfs/vfs.git tree. Patches in the vfs.misc branch should appear in linux-next soon. Please report any outstanding bugs that were missed during review in a new review to the original patch series allowing us to drop it. It's encouraged to provide Acked-bys and Reviewed-bys even though the patch has now been applied. If possible patch trailers will be updated. tree: https://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs.git branch: vfs.misc [1/1] cachefiles: Allow the cache to be non-root https://git.kernel.org/vfs/vfs/c/a64498ff493f
diff --git a/fs/cachefiles/namei.c b/fs/cachefiles/namei.c index 82219a8f6084..66482c193e86 100644 --- a/fs/cachefiles/namei.c +++ b/fs/cachefiles/namei.c @@ -451,7 +451,8 @@ struct file *cachefiles_create_tmpfile(struct cachefiles_object *object) ret = cachefiles_inject_write_error(); if (ret == 0) { - file = vfs_tmpfile_open(&nop_mnt_idmap, &parentpath, S_IFREG, + file = vfs_tmpfile_open(&nop_mnt_idmap, &parentpath, + S_IFREG | 0600, O_RDWR | O_LARGEFILE | O_DIRECT, cache->cache_cred); ret = PTR_ERR_OR_ZERO(file);
Set mode 0600 on files in the cache so that cachefilesd can run as an unprivileged user rather than leaving the files all with 0. Directories are already set to 0700. Userspace then needs to set the uid and gid before issuing the "bind" command and the cache must've been chown'd to those IDs. Signed-off-by: David Howells <dhowells@redhat.com> cc: David Howells <dhowells@redhat.com> cc: Jeff Layton <jlayton@kernel.org> cc: linux-cachefs@redhat.com cc: linux-erofs@lists.ozlabs.org cc: linux-fsdevel@vger.kernel.org --- fs/cachefiles/namei.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)