linux/fs
Eric W. Biederman 499dcf2024 userns: Support fuse interacting with multiple user namespaces
Use kuid_t and kgid_t in struct fuse_conn and struct fuse_mount_data.

The connection between between a fuse filesystem and a fuse daemon is
established when a fuse filesystem is mounted and provided with a file
descriptor the fuse daemon created by opening /dev/fuse.

For now restrict the communication of uids and gids between the fuse
filesystem and the fuse daemon to the initial user namespace.  Enforce
this by verifying the file descriptor passed to the mount of fuse was
opened in the initial user namespace.  Ensuring the mount happens in
the initial user namespace is not necessary as mounts from non-initial
user namespaces are not yet allowed.

In fuse_req_init_context convert the currrent fsuid and fsgid into the
initial user namespace for the request that will be sent to the fuse
daemon.

In fuse_fill_attr convert the uid and gid passed from the fuse daemon
from the initial user namespace into kuids and kgids.

In iattr_to_fattr called from fuse_setattr convert kuids and kgids
into the uids and gids in the initial user namespace before passing
them to the fuse filesystem.

In fuse_change_attributes_common called from fuse_dentry_revalidate,
fuse_permission, fuse_geattr, and fuse_setattr, and fuse_iget convert
the uid and gid from the fuse daemon into a kuid and a kgid to store
on the fuse inode.

By default fuse mounts are restricted to task whose uid, suid, and
euid matches the fuse user_id and whose gid, sgid, and egid matches
the fuse group id.  Convert the user_id and group_id mount options
into kuids and kgids at mount time, and use uid_eq and gid_eq to
compare the in fuse_allow_task.

Cc: Miklos Szeredi <miklos@szeredi.hu>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
2012-11-14 22:05:33 -08:00
..
9p The following changes since commit 4cbe5a555fa58a79b6ecbb6c531b8bab0650778d: 2012-10-12 09:59:23 +09:00
adfs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-10-02 20:25:04 -07:00
affs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-10-02 20:25:04 -07:00
afs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-10-02 20:25:04 -07:00
autofs4 userns: Support autofs4 interacing with multiple user namespaces 2012-11-14 22:05:32 -08:00
befs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-10-02 20:25:04 -07:00
bfs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-10-02 20:25:04 -07:00
btrfs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs 2012-10-26 09:34:04 -07:00
cachefiles
ceph tmpfs,ceph,gfs2,isofs,reiserfs,xfs: fix fh_len checking 2012-10-09 23:33:55 -04:00
cifs Merge branch 'modules-next' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux 2012-10-14 13:39:34 -07:00
coda fs: push rcu_barrier() from deactivate_locked_super() to filesystems 2012-10-02 21:35:55 -04:00
configfs userns: Convert configfs to use kuid and kgid where appropriate 2012-09-18 01:01:37 -07:00
cramfs userns: Convert cramfs to use kuid/kgid where appropriate 2012-09-21 03:13:08 -07:00
debugfs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 2012-10-02 11:11:09 -07:00
devpts
dlm Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2012-10-02 13:38:27 -07:00
ecryptfs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-10-02 20:25:04 -07:00
efs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-10-02 20:25:04 -07:00
exofs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-10-12 10:52:03 +09:00
exportfs
ext2 ext2: fix return values on parse_options() failure 2012-10-09 23:23:53 +02:00
ext3 Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs 2012-10-16 18:12:38 -07:00
ext4 Various bug fixes for ext4. The most serious of them fixes a security 2012-10-23 08:48:26 +03:00
fat fat: drop lock/unlock super 2012-10-09 23:33:38 -04:00
freevxfs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-10-02 20:25:04 -07:00
fscache
fuse userns: Support fuse interacting with multiple user namespaces 2012-11-14 22:05:33 -08:00
gfs2 tmpfs,ceph,gfs2,isofs,reiserfs,xfs: fix fh_len checking 2012-10-09 23:33:55 -04:00
hfs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-10-02 20:25:04 -07:00
hfsplus Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-10-02 20:25:04 -07:00
hostfs Merge branch 'for-linus-37rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/uml 2012-10-10 11:15:20 +09:00
hpfs hpfs: drop lock/unlock super 2012-10-09 23:33:38 -04:00
hppfs hppfs: fix the return value of get_inode() 2012-10-09 22:34:52 +02:00
hugetlbfs mm: replace vma prio_tree with an interval tree 2012-10-09 16:22:39 +09:00
isofs tmpfs,ceph,gfs2,isofs,reiserfs,xfs: fix fh_len checking 2012-10-09 23:33:55 -04:00
jbd jbd: Fix assertion failure in commit code due to lacking transaction credits 2012-09-12 15:52:03 +02:00
jbd2 The big new feature added this time is supporting online resizing 2012-10-08 06:36:39 +09:00
jffs2 UAPI Disintegration 2012-10-09 2012-10-09 15:04:25 +01:00
jfs jfs: Fix FITRIM argument handling 2012-10-17 09:18:38 -05:00
lockd LOCKD: Clear ln->nsm_clnt only when ln->nsm_users is zero 2012-10-24 10:46:22 -04:00
logfs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-10-02 20:25:04 -07:00
minix Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-10-02 20:25:04 -07:00
ncpfs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-10-02 20:25:04 -07:00
nfs NFSv4: Fix the return value for nfs_callback_start_svc 2012-10-16 13:14:42 -04:00
nfs_common
nfsd UAPI Disintegration 2012-10-09 2012-10-09 18:35:22 -04:00
nilfs2 mm: kill vma flag VM_CAN_NONLINEAR 2012-10-09 16:22:17 +09:00
nls
notify switch simple cases of fget_light to fdget 2012-09-26 22:20:08 -04:00
ntfs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-10-02 20:25:04 -07:00
ocfs2 mm: kill vma flag VM_CAN_NONLINEAR 2012-10-09 16:22:17 +09:00
omfs omfs: convert to use beXX_add_cpu() 2012-10-06 03:05:31 +09:00
openpromfs fs: push rcu_barrier() from deactivate_locked_super() to filesystems 2012-10-02 21:35:55 -04:00
proc Merge branch 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2012-10-24 04:07:02 +03:00
pstore pstore: Avoid recursive spinlocks in the oops_in_progress case 2012-09-20 17:04:50 -07:00
qnx4 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-10-02 20:25:04 -07:00
qnx6 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-10-02 20:25:04 -07:00
quota Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs 2012-10-16 18:12:38 -07:00
ramfs
reiserfs tmpfs,ceph,gfs2,isofs,reiserfs,xfs: fix fh_len checking 2012-10-09 23:33:55 -04:00
romfs fs: push rcu_barrier() from deactivate_locked_super() to filesystems 2012-10-02 21:35:55 -04:00
squashfs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-10-02 20:25:04 -07:00
sysfs sysfs: sysfs_pathname/sysfs_add_one: Use strlcat() instead of strcat() 2012-10-24 15:57:14 -07:00
sysv sysv: drop lock/unlock super 2012-10-09 23:33:39 -04:00
ubifs mm: kill vma flag VM_CAN_NONLINEAR 2012-10-09 16:22:17 +09:00
udf Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs 2012-10-04 09:14:01 -07:00
ufs ufs: drop lock/unlock super 2012-10-09 23:33:39 -04:00
xfs tmpfs,ceph,gfs2,isofs,reiserfs,xfs: fix fh_len checking 2012-10-09 23:33:55 -04:00
Kconfig
Kconfig.binfmt coredump: make core dump functionality optional 2012-10-06 03:05:15 +09:00
Makefile coredump: make core dump functionality optional 2012-10-06 03:05:15 +09:00
aio.c
anon_inodes.c
attr.c ima: add inode_post_setattr call 2012-09-07 14:57:46 -04:00
bad_inode.c
binfmt_aout.c coredump: pass siginfo_t* to do_coredump() and below, not merely signr 2012-10-06 03:05:16 +09:00
binfmt_elf.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/signal 2012-10-10 12:02:25 +09:00
binfmt_elf_fdpic.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/signal 2012-10-10 12:02:25 +09:00
binfmt_em86.c
binfmt_flat.c coredump: pass siginfo_t* to do_coredump() and below, not merely signr 2012-10-06 03:05:16 +09:00
binfmt_misc.c
binfmt_script.c
binfmt_som.c
bio-integrity.c block: Ues bi_pool for bio_integrity_alloc() 2012-09-09 10:35:38 +02:00
bio.c block: makes bio_split support bio without data 2012-09-28 10:38:48 +02:00
block_dev.c Lock splice_read and splice_write functions 2012-10-28 10:59:37 -07:00
buffer.c The big new feature added this time is supporting online resizing 2012-10-08 06:36:39 +09:00
char_dev.c char_dev: pin parent kobject 2012-10-22 08:50:37 +03:00
compat.c vfs: define struct filename and have getname() return it 2012-10-12 20:14:55 -04:00
compat_binfmt_elf.c coredump: extend core dump note section to contain file names of mapped files 2012-10-06 03:05:17 +09:00
compat_ioctl.c fs/compat_ioctl.c: VIDEO_SET_SPU_PALETTE missing error check 2012-10-25 14:37:53 -07:00
coredump.c fix a leak in replace_fd() users 2012-10-16 13:36:50 -04:00
coredump.h coredump: update coredump-related headers 2012-10-06 03:05:15 +09:00
dcache.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-10-02 20:25:04 -07:00
dcookies.c
direct-io.c
drop_caches.c
eventfd.c
eventpoll.c epoll: support for disabling items, and a self-test app 2012-10-06 03:05:00 +09:00
exec.c freezer: exec should clear PF_NOFREEZE along with PF_KTHREAD 2012-10-25 22:28:12 +02:00
fcntl.c Fix F_DUPFD_CLOEXEC breakage 2012-10-09 15:52:31 +09:00
fhandle.c switch simple cases of fget_light to fdget 2012-09-26 22:20:08 -04:00
fifo.c
file.c dup3: Return an error when oldfd == newfd. 2012-10-09 23:33:38 -04:00
file_table.c lglock: add DEFINE_STATIC_LGLOCK() 2012-10-10 01:15:44 -04:00
filesystems.c vfs: define struct filename and have getname() return it 2012-10-12 20:14:55 -04:00
fs-writeback.c Merge branch 'writeback-for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/wfg/linux 2012-10-12 10:46:03 +09:00
fs_struct.c
generic_acl.c userns: Pass a userns parameter into posix_acl_to_xattr and posix_acl_from_xattr 2012-09-18 01:01:35 -07:00
inode.c mm: replace vma prio_tree with an interval tree 2012-10-09 16:22:39 +09:00
internal.h vfs: make path_openat take a struct filename pointer 2012-10-12 20:15:09 -04:00
ioctl.c switch simple cases of fget_light to fdget 2012-09-26 22:20:08 -04:00
ioprio.c
libfs.c vfs: fix kerneldoc for generic_fh_to_parent() 2012-09-05 10:59:30 +02:00
locks.c UAPI Disintegration 2012-10-09 2012-10-09 18:35:22 -04:00
mbcache.c
mount.h
mpage.c
namei.c VFS: don't do protected {sym,hard}links by default 2012-10-26 10:05:07 -07:00
namespace.c vfs: define struct filename and have getname() return it 2012-10-12 20:14:55 -04:00
no-block.c
open.c vfs: make path_openat take a struct filename pointer 2012-10-12 20:15:09 -04:00
pipe.c pipe(2) - race-free error recovery 2012-09-26 21:08:52 -04:00
pnode.c
pnode.h
posix_acl.c userns: Convert vfs posix_acl support to use kuids and kgids 2012-09-18 01:01:35 -07:00
proc_namespace.c
read_write.c compat: fs: Generic compat_sys_sendfile implementation 2012-10-02 21:35:55 -04:00
read_write.h compat: fs: Generic compat_sys_sendfile implementation 2012-10-02 21:35:55 -04:00
readdir.c switch simple cases of fget_light to fdget 2012-09-26 22:20:08 -04:00
select.c switch simple cases of fget_light to fdget 2012-09-26 22:20:08 -04:00
seq_file.c
signalfd.c switch simple cases of fget_light to fdget 2012-09-26 22:20:08 -04:00
splice.c switch simple cases of fget_light to fdget 2012-09-26 22:20:08 -04:00
stack.c
stat.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-10-02 20:25:04 -07:00
statfs.c switch simple cases of fget_light to fdget 2012-09-26 22:20:08 -04:00
super.c vfs: drop lock/unlock super 2012-10-09 23:33:39 -04:00
sync.c switch simple cases of fget_light to fdget 2012-09-26 22:20:08 -04:00
timerfd.c switch simple cases of fget_light to fdget 2012-09-26 22:20:08 -04:00
utimes.c switch simple cases of fget_light to fdget 2012-09-26 22:20:08 -04:00
xattr.c fs, xattr: fix bug when removing a name not in xattr list 2012-10-18 12:35:58 -07:00
xattr_acl.c userns: Fix posix_acl_file_xattr_userns gid conversion 2012-10-12 13:16:48 -07:00