Re: [PATCH] devpts: Make ptmx be owned by the userns owner instead of userns-local 0
- From: Serge Hallyn <serge hallyn ubuntu com>
- To: Andy Lutomirski <luto kernel org>
- Cc: gnome-os-list gnome org, Linux Containers <containers lists linux-foundation org>, linux-kernel vger kernel org, mclasen redhat com, "Eric W. Biederman" <ebiederm xmission com>, Linux FS Devel <linux-fsdevel vger kernel org>
- Subject: Re: [PATCH] devpts: Make ptmx be owned by the userns owner instead of userns-local 0
- Date: Mon, 14 Mar 2016 08:35:01 +0000
Quoting Andy Lutomirski (luto kernel org):
We used to have ptmx be owned by the inner uid and gid 0. Change
this: if the owner and group are both mapped but are not both 0,
then use the owner instead.
For container-style namespaces (LXC, etc), this should have no
effect -- UID 0 is will either be the owner or will be unmapped.
This doesn't seem right - it's often the case that the owner is mapped
in as non-0 uid, safe or not. The actual namespace root uid should be
the owner (so long as it exists).
Why not reverse the cases? If 0 is not mapped, then check whether the
current_user_ns()->owner is mapped?
The important behavior change is for sandboxes: many sandboxes
intentionally do not create an inner uid 0. Without this patch,
mounting devpts in such a sandbox is awkward. With this patch, it
will just work and ptmx will be owned by the namespace owner.
Cc: Alexander Larsson <alexl redhat com>
Cc: mclasen redhat com
Cc: "Eric W. Biederman" <ebiederm xmission com>
Cc: Linux Containers <containers lists linux-foundation org>
Signed-off-by: Andy Lutomirski <luto kernel org>
---
fs/devpts/inode.c | 34 ++++++++++++++++++++++++++++++----
1 file changed, 30 insertions(+), 4 deletions(-)
diff --git a/fs/devpts/inode.c b/fs/devpts/inode.c
index 655f21f99160..d6fa2d1beee3 100644
--- a/fs/devpts/inode.c
+++ b/fs/devpts/inode.c
@@ -27,6 +27,7 @@
#include <linux/parser.h>
#include <linux/fsnotify.h>
#include <linux/seq_file.h>
+#include <linux/user_namespace.h>
#define DEVPTS_DEFAULT_MODE 0600
/*
@@ -250,10 +251,35 @@ static int mknod_ptmx(struct super_block *sb)
kuid_t root_uid;
kgid_t root_gid;
- root_uid = make_kuid(current_user_ns(), 0);
- root_gid = make_kgid(current_user_ns(), 0);
- if (!uid_valid(root_uid) || !gid_valid(root_gid))
- return -EINVAL;
+ /*
+ * For a new devpts instance, ptmx is owned by the creating user
+ * namespace's owner. Usually, that will be 0 as seen by the
+ * user namespace, but for unprivileged sandbox namespaces,
+ * there may not be a uid 0 or gid 0 at all.
+ */
+ root_uid = current_user_ns()->owner;
+ root_gid = current_user_ns()->group;
+
+ if (!uid_valid(root_uid) || !gid_valid(root_gid)) {
+ /*
+ * It's very unlikely for us to get here if the userns
+ * owner is not mapped, but it's possible -- we'd have
+ * to be running in the userns with capabilities granted
+ * by unshare or setns, since there is no inner
+ * privileged user. Nonetheless, this could happen, and
+ * we don't want ptmx to be owned by an unmapped user or
+ * group.
+ *
+ * If this happens fall back to historical behavior:
+ * try to have ptmx be owned by 0:0.
+ */
+ root_uid = make_kuid(current_user_ns(), 0);
+ root_gid = make_kgid(current_user_ns(), 0);
+
+ /* If this still doesn't work, give up. */
+ if (!uid_valid(root_uid) || !gid_valid(root_gid))
+ return -EINVAL;
+ }
inode_lock(d_inode(root));
--
2.5.0
_______________________________________________
Containers mailing list
Containers lists linux-foundation org
https://lists.linuxfoundation.org/mailman/listinfo/containers
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
