[PATCH v5 00/42] idmapped mounts
Christoph Hellwig
hch at infradead.org
Fri Jan 15 16:24:23 UTC 2021
On Fri, Jan 15, 2021 at 07:43:34AM +1100, Dave Chinner wrote:
> > That sounds neat. AFAICT, the VFS passes the filesystem a mount userns
> > structure, which is then carried down the call stack to whatever
> > functions actually care about mapping kernel [ug]ids to their ondisk
> > versions?
> >
> > Does quota still work after this patchset is applied? There isn't any
> > mention of that in the cover letter and I don't see a code patch, so
> > does that mean everything just works? I'm particularly curious about
> > whether there can exist processes with CAP_SYS_ADMIN and an idmapped
> > mount? Syscalls like bulkstat and quotactl present file [ug]ids to
> > programs, but afaict there won't be any translating going on?
>
> bulkstat is not allowed inside user namespaces. It's an init
> namespace only thing because it provides unchecked/unbounded access
> to all inodes in the filesystem, not just those contained within a
> specific mount container.
>
> Hence I don't think bulkstat output (and other initns+root only
> filesystem introspection APIs) should be subject to or concerned
> about idmapping.
That is what the capabilities are designed for and we already check
for them.
More information about the Linux-security-module-archive
mailing list