| Message ID | 20201128213527.2669807-22-christian.brauner@ubuntu.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show
Return-Path: <linux-security-module-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level:
X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,
HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH,
MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT
autolearn=unavailable autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
by smtp.lore.kernel.org (Postfix) with ESMTP id E1906C83012
for <linux-security-module@archiver.kernel.org>;
Sat, 28 Nov 2020 22:11:06 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
by mail.kernel.org (Postfix) with ESMTP id AC7CA21527
for <linux-security-module@archiver.kernel.org>;
Sat, 28 Nov 2020 22:11:06 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S2387443AbgK1WKe (ORCPT
<rfc822;linux-security-module@archiver.kernel.org>);
Sat, 28 Nov 2020 17:10:34 -0500
Received: from youngberry.canonical.com ([91.189.89.112]:55232 "EHLO
youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S1725294AbgK1WKd (ORCPT
<rfc822;linux-security-module@vger.kernel.org>);
Sat, 28 Nov 2020 17:10:33 -0500
Received: from ip5f5af0a0.dynamic.kabel-deutschland.de ([95.90.240.160]
helo=wittgenstein.fritz.box)
by youngberry.canonical.com with esmtpsa
(TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
(Exim 4.86_2)
(envelope-from <christian.brauner@ubuntu.com>)
id 1kj835-0002aM-LK; Sat, 28 Nov 2020 21:46:32 +0000
From: Christian Brauner <christian.brauner@ubuntu.com>
To: Alexander Viro <viro@zeniv.linux.org.uk>,
Christoph Hellwig <hch@infradead.org>,
linux-fsdevel@vger.kernel.org
Cc: John Johansen <john.johansen@canonical.com>,
James Morris <jmorris@namei.org>, Mimi Zohar <zohar@linux.ibm.com>,
Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
Stephen Smalley <stephen.smalley.work@gmail.com>,
Casey Schaufler <casey@schaufler-ca.com>, Arnd Bergmann <arnd@arndb.de>,
Andreas Dilger <adilger.kernel@dilger.ca>,
OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>,
Geoffrey Thomas <geofft@ldpreload.com>, Mrunal Patel <mpatel@redhat.com>,
Josh Triplett <josh@joshtriplett.org>, Andy Lutomirski <luto@kernel.org>,
Theodore Tso <tytso@mit.edu>, Alban Crequy <alban@kinvolk.io>,
Tycho Andersen <tycho@tycho.ws>, David Howells <dhowells@redhat.com>,
James Bottomley <James.Bottomley@hansenpartnership.com>,
Seth Forshee <seth.forshee@canonical.com>,
=?utf-8?q?St=C3=A9phane_Graber?= <stgraber@ubuntu.com>,
Aleksa Sarai <cyphar@cyphar.com>,
Lennart Poettering <lennart@poettering.net>,
"Eric W. Biederman" <ebiederm@xmission.com>, smbarber@chromium.org,
Phil Estes <estesp@gmail.com>, Serge Hallyn <serge@hallyn.com>,
Kees Cook <keescook@chromium.org>, Todd Kjos <tkjos@google.com>,
Paul Moore <paul@paul-moore.com>, Jonathan Corbet <corbet@lwn.net>,
containers@lists.linux-foundation.org, fstests@vger.kernel.org,
linux-security-module@vger.kernel.org, linux-api@vger.kernel.org,
linux-ext4@vger.kernel.org, linux-integrity@vger.kernel.org,
selinux@vger.kernel.org, Christian Brauner <christian.brauner@ubuntu.com>,
Christoph Hellwig <hch@lst.de>
Subject: [PATCH v3 21/38] af_unix: handle idmapped mounts
Date: Sat, 28 Nov 2020 22:35:10 +0100
Message-Id: <20201128213527.2669807-22-christian.brauner@ubuntu.com>
X-Mailer: git-send-email 2.29.2
In-Reply-To: <20201128213527.2669807-1-christian.brauner@ubuntu.com>
References: <20201128213527.2669807-1-christian.brauner@ubuntu.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-security-module.vger.kernel.org>
|
| Series |
idmapped mounts
|
expand
|
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c index b4987805e5e5..4be33240e9cc 100644 --- a/net/unix/af_unix.c +++ b/net/unix/af_unix.c @@ -996,7 +996,7 @@ static int unix_mknod(const char *sun_path, umode_t mode, struct path *res) */ err = security_path_mknod(&path, dentry, mode, 0); if (!err) { - err = vfs_mknod(&init_user_ns, d_inode(path.dentry), dentry, mode, 0); + err = vfs_mknod(mnt_user_ns(path.mnt), d_inode(path.dentry), dentry, mode, 0); if (!err) { res->mnt = mntget(path.mnt); res->dentry = dget(dentry);
When binding a non-abstract AF_UNIX socket it will gain a representation in the filesystem. Enable the socket infrastructure to handle idmapped mounts by passing down the user namespace of the mount the socket will be created from. If the initial user namespace is passed nothing changes so non-idmapped mounts will see identical behavior as before. Cc: Christoph Hellwig <hch@lst.de> Cc: David Howells <dhowells@redhat.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: linux-fsdevel@vger.kernel.org Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> --- /* v2 */ unchanged /* v3 */ unchanged --- net/unix/af_unix.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)