[PATCH v5 00/42] idmapped mounts

Christoph Hellwig hch at infradead.org
Fri Jan 15 16:24:23 UTC 2021

On Fri, Jan 15, 2021 at 07:43:34AM +1100, Dave Chinner wrote:
> > That sounds neat.  AFAICT, the VFS passes the filesystem a mount userns
> > structure, which is then carried down the call stack to whatever
> > functions actually care about mapping kernel [ug]ids to their ondisk
> > versions?
> > 
> > Does quota still work after this patchset is applied?  There isn't any
> > mention of that in the cover letter and I don't see a code patch, so
> > does that mean everything just works?  I'm particularly curious about
> > whether there can exist processes with CAP_SYS_ADMIN and an idmapped
> > mount?  Syscalls like bulkstat and quotactl present file [ug]ids to
> > programs, but afaict there won't be any translating going on?
> bulkstat is not allowed inside user namespaces. It's an init
> namespace only thing because it provides unchecked/unbounded access
> to all inodes in the filesystem, not just those contained within a
> specific mount container.
> Hence I don't think bulkstat output (and other initns+root only
> filesystem introspection APIs) should be subject to or concerned
> about idmapping.

That is what the capabilities are designed for and we already check
for them.

More information about the Linux-security-module-archive mailing list