From patchwork Fri Aug 10 16:13:33 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Christian Brauner <christian@brauner.io>
X-Patchwork-Id: 10562937
Return-Path: <linux-security-module-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
 [172.30.200.125])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id BEAB31390
	for <patchwork-linux-security-module@patchwork.kernel.org>;
 Fri, 10 Aug 2018 16:14:04 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id ABE1F2BC6E
	for <patchwork-linux-security-module@patchwork.kernel.org>;
 Fri, 10 Aug 2018 16:14:04 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id A00A22BDD0; Fri, 10 Aug 2018 16:14:04 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI
	autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 908932BC6E
	for <patchwork-linux-security-module@patchwork.kernel.org>;
 Fri, 10 Aug 2018 16:14:03 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728347AbeHJSob (ORCPT
        <rfc822;patchwork-linux-security-module@patchwork.kernel.org>);
        Fri, 10 Aug 2018 14:44:31 -0400
Received: from mail-wr1-f65.google.com ([209.85.221.65]:42775 "EHLO
        mail-wr1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1727698AbeHJSoa (ORCPT
        <rfc822;linux-security-module@vger.kernel.org>);
        Fri, 10 Aug 2018 14:44:30 -0400
Received: by mail-wr1-f65.google.com with SMTP id e7-v6so8752980wrs.9
        for <linux-security-module@vger.kernel.org>;
 Fri, 10 Aug 2018 09:14:00 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references;
        bh=+xKoRfcOtDffqSz8c9BxFksj6tfCBF5lL4B+vKlDaFs=;
        b=VIjBZCy51U4fivrYTsxQuh+mHVF/wUbh1XmxNtBf5gYsVxeX45DqDVWuUgxtdBTf8Z
         KJUvD/QnaiHJnN0enqD+AFVnS32c+836RFTtYIBSDanrr8icgUBVACmZm2FnZpJdc3uT
         Fn3+zMBd3Fgu5FwW/5MIICBMI5OUalvBFpKZMQvpTAFwTaAprlwurjIVXHzgB7SSqg2c
         9yIXLRD77m0/yd/hCQPxEJ6sBOAECeuA+VPkfffpnOa2EziUXN2wk4Jz2ogqslL9Qjrw
         sAi4V0BVSWTJZxlxaaQMfk1K9J6Dic81DC6Ub4KDxXy75ZdVnmwrFnCTr9W4uP3Zennb
         rMOg==
X-Gm-Message-State: AOUpUlE6gARWpFFtavbtiNlybzJTwVplFDatoaoctJ5Miv10C8axjgul
        Qfzh0ZxwntrkgMDBoj82EKfvmIRJndE=
X-Google-Smtp-Source: 
 AA+uWPw3UTzR+sMfmX/YIWmMzSfgdfWYh68/DMwzVZJ195ZinniSl26bSF5T7m00Yc5lcmZz9XYKug==
X-Received: by 2002:adf:9f13:: with SMTP id
 l19-v6mr4713171wrf.206.1533917639295;
        Fri, 10 Aug 2018 09:13:59 -0700 (PDT)
Received: from localhost.localdomain (u-082-c008.eap.uni-tuebingen.de.
 [134.2.82.8])
        by smtp.gmail.com with ESMTPSA id
 m13-v6sm9987615wru.93.2018.08.10.09.13.58
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Fri, 10 Aug 2018 09:13:58 -0700 (PDT)
From: Christian Brauner <christian@brauner.io>
To: linux-security-module@vger.kernel.org,
        containers@lists.linux-foundation.org
Cc: serge@hallyn.com, morgan@kernel.org,
        Christian Brauner <christian@brauner.io>
Subject: [PATCH 7/9] cap_file: save rootid in _fcaps_save()
Date: Fri, 10 Aug 2018 18:13:33 +0200
Message-Id: <20180810161335.27036-8-christian@brauner.io>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20180810161335.27036-1-christian@brauner.io>
References: <20180810161335.27036-1-christian@brauner.io>
Sender: owner-linux-security-module@vger.kernel.org
Precedence: bulk
List-ID: <linux-security-module.vger.kernel.org>
X-Virus-Scanned: ClamAV using ClamSMTP

When the kernel supports namespaced file capabilites (VFS_REVISION_3) it
will take a struct vfs_ns_cap_data that will contain an additional
rootid field recording a rootid.
It can be used to set the rootid of a target user namespace as seen in
the current user namespace. This allows a user namespace to set file
capabilities in lieu of another user namespace.

Signed-off-by: Christian Brauner <christian@brauner.io>
Reviewed-by: Serge Hallyn <serge@hallyn.com>
---
 libcap/cap_file.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/libcap/cap_file.c b/libcap/cap_file.c
index 7acd60c..57c6e3f 100644
--- a/libcap/cap_file.c
+++ b/libcap/cap_file.c
@@ -197,6 +197,13 @@ static int _fcaps_save(struct vfs_cap_data *rawvfscap, cap_t cap_d, int *bytes_p
 	}
     }
 
+#ifdef VFS_CAP_REVISION_3
+    /* The kernel expects the rootid to be a _le32. In case we're on a big
+     * endian machine we need to fix this up.
+     */
+    rawvfscap->rootid = FIXUP_32BITS(cap_d->rootid);
+#endif
+
     if (eff_not_zero == 0) {
 	rawvfscap->magic_etc = FIXUP_32BITS(magic);
     } else {