Re: [PATCH v6 23/40] exec: handle idmapped mounts

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 21 Jan 2021, Christian Brauner wrote:

> When executing a setuid binary the kernel will verify in bprm_fill_uid()
> that the inode has a mapping in the caller's user namespace before
> setting the callers uid and gid. Let bprm_fill_uid() handle idmapped
> mounts. If the inode is accessed through an idmapped mount it is mapped
> according to the mount's user namespace. Afterwards the checks are
> identical to non-idmapped mounts. If the initial user namespace is
> passed nothing changes so non-idmapped mounts will see identical
> behavior as before.
> 
> Link: https://lore.kernel.org/r/20210112220124.837960-32-christian.brauner@xxxxxxxxxx
> Cc: Christoph Hellwig <hch@xxxxxx>
> Cc: David Howells <dhowells@xxxxxxxxxx>
> Cc: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
> Cc: linux-fsdevel@xxxxxxxxxxxxxxx
> Reviewed-by: Christoph Hellwig <hch@xxxxxx>
> Signed-off-by: Christian Brauner <christian.brauner@xxxxxxxxxx>


Reviewed-by: James Morris <jamorris@xxxxxxxxxxxxxxxxxxx>


-- 
James Morris
<jmorris@xxxxxxxxx>




[Index of Archives]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux