From patchwork Fri Aug 10 16:13:26 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Brauner X-Patchwork-Id: 10562923 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 282F514E2 for ; Fri, 10 Aug 2018 16:13:56 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 174D92BC30 for ; Fri, 10 Aug 2018 16:13:56 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 0A49F2BDBA; Fri, 10 Aug 2018 16:13:56 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 82EB92BC30 for ; Fri, 10 Aug 2018 16:13:55 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728224AbeHJSoY (ORCPT ); Fri, 10 Aug 2018 14:44:24 -0400 Received: from mail-wm0-f68.google.com ([74.125.82.68]:35283 "EHLO mail-wm0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727698AbeHJSoX (ORCPT ); Fri, 10 Aug 2018 14:44:23 -0400 Received: by mail-wm0-f68.google.com with SMTP id o18-v6so2495812wmc.0 for ; Fri, 10 Aug 2018 09:13:53 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=GpDlgQUynOER7MomkBBRjOMwJSHNKxqhc/LXKpLosj4=; b=Ju+AZdH60bVgjD963UMEIWCszu0YLQMB4OX5abVpk9ju4QTPCzLaBOczVTMMUC+8XQ ZsHsfiV4I810Ovay5fBdVzfFRzIM+BDL8ex7wvYyP1EG1OPNCUO+C9H8QjoHyEvkoLyL MMIZVP6KSUJy6HeSKwiddXnqoIjNXz7LkH9npGqyu786JoJ8PUSbZB73OvO697dPgnCG BddUWXvTnCfzJmYd1YwLpVe6yUfSDkfScNUTzrr6W4NODpSRH89KdO8Elm2/Qxm2OaxF RWIWLBKScZ9Ynr3T+xahK5QZzm6QZOFUK8ZMeVL4opWHxB/bfCFU4HJiYlusZdEos9fu criQ== X-Gm-Message-State: AOUpUlENzQesddw9vvvbU1ZqW+nqr7BZOaDF3KywfU4CqHtASK+21Fhd OXj0GX3vYoEBDaa3xoL671+1EZ3v7fQ= X-Google-Smtp-Source: AA+uWPzmL8o8lXLXeAOuttxAWB4N5QtVjuSsL03t7vZd2PLtHiNuvQ3ozKpcvIXfekIzMXlo66ZxyA== X-Received: by 2002:a1c:c7c1:: with SMTP id x184-v6mr1894355wmf.134.1533917632299; Fri, 10 Aug 2018 09:13:52 -0700 (PDT) Received: from localhost.localdomain (u-082-c008.eap.uni-tuebingen.de. [134.2.82.8]) by smtp.gmail.com with ESMTPSA id m13-v6sm9987615wru.93.2018.08.10.09.13.50 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 10 Aug 2018 09:13:51 -0700 (PDT) From: Christian Brauner To: linux-security-module@vger.kernel.org, containers@lists.linux-foundation.org Cc: serge@hallyn.com, morgan@kernel.org, Christian Brauner Subject: [PATCH 0/9] libcap: add user namespace fscaps support Date: Fri, 10 Aug 2018 18:13:26 +0200 Message-Id: <20180810161335.27036-1-christian@brauner.io> X-Mailer: git-send-email 2.17.1 Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Hey everyone, Starting with kernel 4.14 fcaps support in user namespaces was added. libcap currently does not support fcaps in user namespaces. This series adds support for fcaps in user namespaces. To this end two new functions are introduced: 1. cap_get_nsowner() Get the uid associated with the capability sets as seen in the current user namespace. For example, assume that uid 0 in a non-initial userns is mapped to uid 1000000 on the host/initial user namespace. Further assume one of the following: a. A VFS_CAP_REVISION_2 capability has been set from within the non-initial user namespace. b. A VFS_CAP_REVISION_3 capability with nsowner 0 has been set from within said non-initial user namespace. c. A VFS_CAP_REVISION_3 capability with nsowner 100000 has been set from the initial user namespace. In any of these cases, cap_get_nsowner() will return 0 from within said non-initial user namespace, and will return 1000000 from the parent user namespace that wrote this mapping. 2. cap_set_nsowner() Set the owning uid associated with the capability sets. For example, assume that uid 0 in a non-initial userns is mapped to uid 1000000 on the host. Now, cap_set_nsowner() sets the uid for the capabilitiy sets to 1000000 in the parent (host) user namespace of the non-initial user namespace. This will cause a capability to be set that is useless on the host but interpreted in every user namespace that has established the same mapping. More details on how to handle cases where libcap is compiled on a VFS_CAP_REVISION_3 kernel but used on a VFS_CAP_REVISION_2 kernel can be found in the individual commits. Thanks! Christian Christian Brauner (9): cap_file: use v3 xattr macros capability: update to new uapi header cap_file: use struct vfs_ns_cap_data if possible cap_file: add new rootid argument cap_file: initialize rootid in _fcaps_load() capability: add cap_get_nsowner() cap_file: save rootid in _fcaps_save() cap_file: handle run- vs buildtime vfs cap support capability: add cap_set_nsowner() libcap/cap_file.c | 107 ++++++++++++++++++++++++- libcap/include/sys/capability.h | 2 + libcap/include/uapi/linux/capability.h | 39 ++++++--- libcap/libcap.h | 1 + 4 files changed, 134 insertions(+), 15 deletions(-)