From patchwork Fri Dec 22 14:32:28 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Dongsu Park <dongsu@kinvolk.io>
X-Patchwork-Id: 10130559
Return-Path: <linux-fsdevel-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	7DD5460318 for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Fri, 22 Dec 2017 14:32:23 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 76B1329FA9
	for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Fri, 22 Dec 2017 14:32:23 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 6B79029FE9; Fri, 22 Dec 2017 14:32:23 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID, DKIM_VALID_AU,
	RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 510B929FA9
	for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Fri, 22 Dec 2017 14:32:22 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1756242AbdLVObe (ORCPT
	<rfc822;patchwork-linux-fsdevel@patchwork.kernel.org>);
	Fri, 22 Dec 2017 09:31:34 -0500
Received: from mail-wm0-f65.google.com ([74.125.82.65]:35516 "EHLO
	mail-wm0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1756111AbdLVObY (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Fri, 22 Dec 2017 09:31:24 -0500
Received: by mail-wm0-f65.google.com with SMTP id f9so22110452wmh.0
	for <linux-fsdevel@vger.kernel.org>;
	Fri, 22 Dec 2017 06:31:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kinvolk.io; s=google;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=RxjH20LYcZR0uLsL3N7zTHuVYTtoLThmxbtml8I6Z6M=;
	b=dz/5BaDg6ps2J0TBbgcpy309kVrYVsCN31Uz8QIySO0TnWS7KiJNJV1ZOBCe/QnYaF
	3KDZGc56Mgxc2IYLMGkRaxtVJ7f/qBhsIcXcc7escw9DyFbQPKWnGrXw1xEk+n9Ruu20
	yeNfjo56EmozviGXyk/WNGfS1BSKlxtszdPl0=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=RxjH20LYcZR0uLsL3N7zTHuVYTtoLThmxbtml8I6Z6M=;
	b=cDHF8paL6dBjp1QxIS99ivLtE1geT9gKm4VD2pGOCNvkxPaf8rQVTAfb6X9I8RCC4x
	Hju3Of7qxKtX7TG4AxzPXxj0EyGherUfsargUOSTGZA4jscg88mHX08gCIfc5Zi40wps
	3Pomf3XAP96rIO9JWZadpKt1i7m/iwApfEw4Nm9YfqrzrcEzFrdMaOMpCsWTKaS3OzJj
	bWcpKnfxDjnbN9Y3Domf3eT8ihkmwVfD89Z4bbZFsqYIjeYkx4RENh8d1zjqGm2FHC+q
	0fM4lVONEdtom3hqhdxRES5SAdjr9QkTGlw1Iub6ZsMogBT5gO2pq+wNxktXXClhL7Bu
	Annw==
X-Gm-Message-State: AKGB3mJFJQlfLcJCvPqxJVL69gPlOgnnE7HKrsqbP3g4CV47vXVoTm39
	t2DRc0+JK4VMuLDdep4BjBzaOA==
X-Google-Smtp-Source: 
 ACJfBosGf4JxveYYd8n2KCySH3vnBjt0dsaoLc1M793hhh6S00V018+Xsu9EIHJYFOiBOuQ3RxTvjw==
X-Received: by 10.80.186.193 with SMTP id x59mr15458382ede.256.1513953083662;
	Fri, 22 Dec 2017 06:31:23 -0800 (PST)
Received: from dberlin.localdomain ([178.19.216.175])
	by smtp.gmail.com with ESMTPSA id
	j39sm19698065ede.38.2017.12.22.06.31.22
	(version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
	Fri, 22 Dec 2017 06:31:23 -0800 (PST)
From: Dongsu Park <dongsu@kinvolk.io>
To: linux-kernel@vger.kernel.org
Cc: containers@lists.linux-foundation.org, Alban Crequy <alban@kinvolk.io>,
	"Eric W . Biederman" <ebiederm@xmission.com>,
	Miklos Szeredi <mszeredi@redhat.com>,
	Seth Forshee <seth.forshee@canonical.com>,
	Sargun Dhillon <sargun@sargun.me>,
	Dongsu Park <dongsu@kinvolk.io>, linux-fsdevel@vger.kernel.org,
	Alexander Viro <viro@zeniv.linux.org.uk>, Serge Hallyn <serge@hallyn.com>
Subject: [PATCH 04/11] fs: Don't remove suid for CAP_FSETID for userns root
Date: Fri, 22 Dec 2017 15:32:28 +0100
Message-Id: 
 <ddf1fb9b5001e633e0022dee7fecb0ef431e851f.1512041070.git.dongsu@kinvolk.io>
X-Mailer: git-send-email 2.13.6
In-Reply-To: <cover.1512741134.git.dongsu@kinvolk.io>
References: <cover.1512741134.git.dongsu@kinvolk.io>
Sender: linux-fsdevel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-fsdevel.vger.kernel.org>
X-Mailing-List: linux-fsdevel@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

From: Seth Forshee <seth.forshee@canonical.com>

Expand the check in should_remove_suid() to keep privileges for
CAP_FSETID in s_user_ns rather than init_user_ns.

Patch v4 is available: https://patchwork.kernel.org/patch/8944621/

--EWB Changed from ns_capable(sb->s_user_ns, ) to capable_wrt_inode_uidgid

Cc: linux-fsdevel@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Signed-off-by: Dongsu Park <dongsu@kinvolk.io>
---
 fs/inode.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/fs/inode.c b/fs/inode.c
index fd401028..6459a437 100644
--- a/fs/inode.c
+++ b/fs/inode.c
@@ -1749,7 +1749,8 @@ EXPORT_SYMBOL(touch_atime);
  */
 int should_remove_suid(struct dentry *dentry)
 {
-	umode_t mode = d_inode(dentry)->i_mode;
+	struct inode *inode = d_inode(dentry);
+	umode_t mode = inode->i_mode;
 	int kill = 0;
 
 	/* suid always must be killed */
@@ -1763,7 +1764,8 @@ int should_remove_suid(struct dentry *dentry)
 	if (unlikely((mode & S_ISGID) && (mode & S_IXGRP)))
 		kill |= ATTR_KILL_SGID;
 
-	if (unlikely(kill && !capable(CAP_FSETID) && S_ISREG(mode)))
+	if (unlikely(kill && !capable_wrt_inode_uidgid(inode, CAP_FSETID) &&
+		     S_ISREG(mode)))
 		return kill;
 
 	return 0;