From patchwork Fri Apr 22 15:38:20 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Seth Forshee X-Patchwork-Id: 8913711 Return-Path: X-Original-To: patchwork-selinux@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork1.web.kernel.org (Postfix) with ESMTP id 593F79F457 for ; Fri, 22 Apr 2016 15:55:27 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 9A13F20149 for ; Fri, 22 Apr 2016 15:55:26 +0000 (UTC) Received: from emvm-gh1-uea08.nsa.gov (smtp.nsa.gov [8.44.101.8]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 2A0912015E for ; Fri, 22 Apr 2016 15:55:25 +0000 (UTC) X-TM-IMSS-Message-ID: <61c1200100000a62@nsa.gov> Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by nsa.gov ([10.208.42.193]) with ESMTP (TREND IMSS SMTP Service 7.1) id 61c1200100000a62 ; Fri, 22 Apr 2016 11:50:41 -0400 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u3MFpJUj008531; Fri, 22 Apr 2016 11:51:19 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id u3MFd5Le105255 for ; Fri, 22 Apr 2016 11:39:05 -0400 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u3MFcxa5004148 for ; Fri, 22 Apr 2016 11:39:05 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0CqBAA7RBpX/yQp0ApeHYJwgXu3d4QQhg4CgXQBAQEBAQFmJ4RCAQEBAxIVGQEBNwEPUTQBBQEcBgESIogIAaBpgTE+MYpPhSgBBIxdAQEBAQEBAQMCARcGCoQNggqOYAGNV3SJSIFVjEGJKYVljXEwgQ5igXgNGxaBU04BiHoBAQE X-IPAS-Result: A0CqBAA7RBpX/yQp0ApeHYJwgXu3d4QQhg4CgXQBAQEBAQFmJ4RCAQEBAxIVGQEBNwEPUTQBBQEcBgESIogIAaBpgTE+MYpPhSgBBIxdAQEBAQEBAQMCARcGCoQNggqOYAGNV3SJSIFVjEGJKYVljXEwgQ5igXgNGxaBU04BiHoBAQE X-IronPort-AV: E=Sophos;i="5.24,517,1454994000"; d="scan'208";a="5402608" Received: from emsm-gh1-uea10.corp.nsa.gov (HELO emsm-gh1-uea10.nsa.gov) ([10.208.41.36]) by goalie.tycho.ncsc.mil with ESMTP; 22 Apr 2016 11:39:03 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3AhyqE6x0hhkG3KGgpsmDT+DRfVm0co7zxezQtwd8Z?= =?us-ascii?q?se8TIvad9pjvdHbS+e9qxAeQG96Lu7Qb06GG7+jJYi8p39WoiDg6aptCVhsI24?= =?us-ascii?q?09vjcLJ4q7M3D9N+PgdCcgHc5PBxdP9nC/NlVJSo6lPwWB6kO74TNaIBjjLw09?= =?us-ascii?q?fr2zQd6CyZvvnLDus7ToICx2xxOFKYtoKxu3qQiD/uI3uqBFbpgL9x3Sv3FTcP?= =?us-ascii?q?5Xz247bXianhL7+9vitMU7q3cYk7sb+sVBSaT3ebgjBfwdVWx+cjN92Mq+/zTZ?= =?us-ascii?q?TADH2T1UeGQbnhdSBgHDplmuU53wvyf3rO9VyCybJtb3SrZyUjOnueMjYRvlmC?= =?us-ascii?q?4BOzMjuF/WkMs42LxauhWJtRF5wpCSZICTKeo4ebnSO84ZEy4JcdxcWGRiGIS1?= =?us-ascii?q?b84vBvAdOO9e593yvVYBrhuWAQiqGfPhzSJOinbq3Ko8leM7HleClC4tEdxGlH?= =?us-ascii?q?3FsNLzfPMQVemk0K7O5S3EaPhW2Drn5YTTNBYsvafIFfhSN4L701QkGkvrj1iU?= =?us-ascii?q?pZevd2ef2OUAt2SAx+RhWOajkGM87QZrrW7rjvshiJTPzqIYzRiQ6SdRw4svI9?= =?us-ascii?q?C8DklhbojgWL9R/xOXOYJwCpcmQnNlti884r0bsIG2fW4Bz5Fxg1b9bPyOdY6F?= =?us-ascii?q?+VrcWeeXLC0w0HJsfrSynD659FCwwe3zEM6u3wAZgDBCl4z3u2wNnzLU8NOHR/?= =?us-ascii?q?Y1qlysxTbJ2QfJ8eFJLGg/nKzcLZ8qy7p2nZ0W5xeQVhTqkVn72ffFPn4v/fKl?= =?us-ascii?q?vqG+Ou3r?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A1EiAQCfQhpXjzbaVdFeHAGCcIF7t3eEE?= =?us-ascii?q?IINhAECgXQBAQEBAQECAg8BAQEBBwsLCSGCXH1bPQEBAQMSFRkBATcBD1E0AQU?= =?us-ascii?q?BHAYBEiKICAGgbIExPjGKT4UoAQSMXQEBAQEBAQEDAgEXBgqEDYIKjmCNWHSJS?= =?us-ascii?q?IFVjEGJKYVljXEwgQ6CWg0RChaBU04BiHoBAQE?= X-IPAS-Result: =?us-ascii?q?A1EiAQCfQhpXjzbaVdFeHAGCcIF7t3eEEIINhAECgXQBAQE?= =?us-ascii?q?BAQECAg8BAQEBBwsLCSGCXH1bPQEBAQMSFRkBATcBD1E0AQUBHAYBEiKICAGgb?= =?us-ascii?q?IExPjGKT4UoAQSMXQEBAQEBAQEDAgEXBgqEDYIKjmCNWHSJSIFVjEGJKYVljXE?= =?us-ascii?q?wgQ6CWg0RChaBU04BiHoBAQE?= X-IronPort-AV: E=Sophos;i="5.24,517,1454976000"; d="scan'208";a="12934423" Received: from emvm-gh1-uea08.nsa.gov ([10.208.42.193]) by emsm-gh1-uea10.nsa.gov with ESMTP/TLS/DHE-RSA-AES256-SHA; 22 Apr 2016 15:39:02 +0000 X-TM-IMSS-Message-ID: <61b5d9ed00000533@nsa.gov> Received: from mail-oi0-f54.google.com (mail-oi0-f54.google.com [209.85.218.54]) by nsa.gov ([10.208.42.193]) with ESMTP (TREND IMSS SMTP Service 7.1; TLSv1/SSLv3 AES128-SHA (128/128)) id 61b5d9ed00000533 ; Fri, 22 Apr 2016 11:38:23 -0400 Received: by mail-oi0-f54.google.com with SMTP id k142so120564808oib.1 for ; Fri, 22 Apr 2016 08:39:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=cl5LJKPOcACwCcULywym0f0sau3FhzvVZ9WT8xoh10s=; b=oOEGWHqnUqoR5lkwhBtwKOfjPmTwu2Mk9y7bw+NHjZ45BbKAymdaWniAaVR8D+d3rh HTSTWwjAdweQ1T8FtjjuUt0N9wqlo7d1Tj8ROzXmHE80nU971pVENlb5yqNjyJCkinbB U227asO77VfcWiiVuMMRFcvzYr+qWpfsibPqmALbrTFee/lYxUaWXRP6J5BudOtKCnEe WYYL3ifttjRfO8Zu3GE/mTj3S5+XEAKu0d1PzgAaJPRJ0Ni/ZsFGdVS1Yhnx8mgCkSHA oc8F7fv4NJEJuhvwwkxjTB7R9+wNtHW7WYSFUo55FOPcpr0omRpGHXjCNEjw5ftFS9ph Xo/A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=cl5LJKPOcACwCcULywym0f0sau3FhzvVZ9WT8xoh10s=; b=JzNLcWQN45mxAKH4DjG8Vj5kuAmwZnsj6/kNTXfsvbPhpJHJuwScKbupSuuyBBa6cq x3fnqaFyEsC97hdHefOzu3Ckt7B37A5AtbjEMZhwmZLBdm+xOGy1CLbspXRkDjDiffoE zKEWyWQ61W0jIhu6q6aYVTek65FbB2PMalYplHWEdCl/TjrRiUPYClMngMxRkltedvnh /94mXsp7P6kIO8lz0H3MYcsxv4hCNiQj4BD0GUkg2Za+1cygyFCQ8V7hIfEimX+JK5qC Urmh6xnFMDTFQDPiM6w346aLz5aPKLsfqaWj3UhytsIp90L3IX2szd2FUtJA5IhAjeUD R/Vw== X-Gm-Message-State: AOPr4FXloDDMVmQWVaLr5RjjvIogp1OGe+bPyFpZ471XumsU0HV/cEyXoeGLWlh/7VqC5vrh X-Received: by 10.202.2.79 with SMTP id 76mr8660687oic.108.1461339540407; Fri, 22 Apr 2016 08:39:00 -0700 (PDT) Received: from localhost ([2605:a601:aab:f920:ad1c:41df:dcb1:a4a0]) by smtp.gmail.com with ESMTPSA id 44sm2082314oti.32.2016.04.22.08.38.59 (version=TLS1_2 cipher=AES128-SHA bits=128/128); Fri, 22 Apr 2016 08:38:59 -0700 (PDT) From: Seth Forshee To: "Eric W. Biederman" , Alexander Viro , Greg Kroah-Hartman , Jeff Layton , "J. Bruce Fields" , Tejun Heo , Li Zefan , Johannes Weiner Subject: [PATCH v3 03/21] fs: Allow sysfs and cgroupfs to share super blocks between user namespaces Date: Fri, 22 Apr 2016 10:38:20 -0500 Message-Id: <1461339521-123191-4-git-send-email-seth.forshee@canonical.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1461339521-123191-1-git-send-email-seth.forshee@canonical.com> References: <1461339521-123191-1-git-send-email-seth.forshee@canonical.com> X-TM-AS-MML: disable X-Mailman-Approved-At: Fri, 22 Apr 2016 11:40:16 -0400 X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Cc: linux-bcache@vger.kernel.org, Serge Hallyn , Seth Forshee , dm-devel@redhat.com, Miklos Szeredi , Richard Weinberger , linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, linux-raid@vger.kernel.org, fuse-devel@lists.sourceforge.net, Austin S Hemmelgarn , linux-mtd@lists.infradead.org, selinux@tycho.nsa.gov, linux-fsdevel@vger.kernel.org, cgroups@vger.kernel.org, Pavel Tikhomirov MIME-Version: 1.0 Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, RP_MATCHES_RCVD, T_DKIM_INVALID, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Both of these filesystems already have use cases for mounting the same super block from multiple user namespaces. For sysfs this happens when using criu for snapshotting a container, where sysfs is mounted in the containers network ns but the hosts user ns. The cgroup filesystem shares the same super block for all mounts of the same hierarchy regardless of the namespace. As a result, the restriction on mounting a super block from a single user namespace creates regressions for existing uses of these filesystems. For these specific filesystems this restriction isn't really necessary since the backing store is objects in kernel memory and thus the ids assigned from inodes is not subject to translation relative to s_user_ns. Add a new filesystem flag, FS_USERNS_SHARE_SB, which when set causes sget_userns() to skip the check of s_user_ns. Set this flag for the sysfs and cgroup filesystems to fix the regressions. Signed-off-by: Seth Forshee Acked-by: Serge Hallyn --- fs/super.c | 3 ++- fs/sysfs/mount.c | 3 ++- include/linux/fs.h | 1 + kernel/cgroup.c | 4 ++-- 4 files changed, 7 insertions(+), 4 deletions(-) diff --git a/fs/super.c b/fs/super.c index 092a7828442e..ead156b44bf8 100644 --- a/fs/super.c +++ b/fs/super.c @@ -472,7 +472,8 @@ retry: hlist_for_each_entry(old, &type->fs_supers, s_instances) { if (!test(old, data)) continue; - if (user_ns != old->s_user_ns) { + if (!(type->fs_flags & FS_USERNS_SHARE_SB) && + user_ns != old->s_user_ns) { spin_unlock(&sb_lock); if (s) { up_write(&s->s_umount); diff --git a/fs/sysfs/mount.c b/fs/sysfs/mount.c index f3db82071cfb..9555accd4322 100644 --- a/fs/sysfs/mount.c +++ b/fs/sysfs/mount.c @@ -59,7 +59,8 @@ static struct file_system_type sysfs_fs_type = { .name = "sysfs", .mount = sysfs_mount, .kill_sb = sysfs_kill_sb, - .fs_flags = FS_USERNS_VISIBLE | FS_USERNS_MOUNT, + .fs_flags = FS_USERNS_VISIBLE | FS_USERNS_MOUNT | + FS_USERNS_SHARE_SB, }; int __init sysfs_init(void) diff --git a/include/linux/fs.h b/include/linux/fs.h index be0f8023e28c..66a639ec1bc4 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -1988,6 +1988,7 @@ struct file_system_type { #define FS_USERNS_MOUNT 8 /* Can be mounted by userns root */ #define FS_USERNS_DEV_MOUNT 16 /* A userns mount does not imply MNT_NODEV */ #define FS_USERNS_VISIBLE 32 /* FS must already be visible */ +#define FS_USERNS_SHARE_SB 64 /* Allow sharing sb between userns-es */ #define FS_RENAME_DOES_D_MOVE 32768 /* FS will handle d_move() during rename() internally. */ struct dentry *(*mount) (struct file_system_type *, int, const char *, void *); diff --git a/kernel/cgroup.c b/kernel/cgroup.c index 671dc05c0b0f..9c9aa27e531a 100644 --- a/kernel/cgroup.c +++ b/kernel/cgroup.c @@ -2247,14 +2247,14 @@ static struct file_system_type cgroup_fs_type = { .name = "cgroup", .mount = cgroup_mount, .kill_sb = cgroup_kill_sb, - .fs_flags = FS_USERNS_MOUNT, + .fs_flags = FS_USERNS_MOUNT | FS_USERNS_SHARE_SB, }; static struct file_system_type cgroup2_fs_type = { .name = "cgroup2", .mount = cgroup_mount, .kill_sb = cgroup_kill_sb, - .fs_flags = FS_USERNS_MOUNT, + .fs_flags = FS_USERNS_MOUNT | FS_USERNS_SHARE_SB, }; static char *cgroup_path_ns_locked(struct cgroup *cgrp, char *buf, size_t buflen,