Re: [PATCH RFC 01/12] userns: Support 9p interacting with multiple user namespaces

Zhao Hongjiang <zhaohongjiang37@xxxxxxxxx> · Wed, 21 Nov 2012 17:20:24 +0800

On 2012/11/20 20:43, Eric W. Biederman wrote:
> From: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>

> diff --git a/fs/9p/v9fs.c b/fs/9p/v9fs.c
> index d934f04..1c750ab 100644
> --- a/fs/9p/v9fs.c
> +++ b/fs/9p/v9fs.c
> @@ -161,7 +161,13 @@ static int v9fs_parse_options(struct v9fs_session_info *v9ses, char *opts)
>  				ret = r;
>  				continue;
>  			}
> -			v9ses->dfltuid = option;
> +			v9ses->dfltuid = make_kuid(&init_user_ns, option);

I think the init_user_ns should be current_user_ns() cause the value is come from userspace
and in kernel we should mapping it to its own user_ns.

Hongjiang

> +			if (!uid_valid(v9ses->dfltuid)) {
> +				p9_debug(P9_DEBUG_ERROR,
> +					 "uid field, but not a uid?\n");
> +				ret = -EINVAL;
> +				continue;
> +			}
>  			break;
>  		case Opt_dfltgid:
>  			r = match_int(&args[0], &option);
> @@ -171,7 +177,13 @@ static int v9fs_parse_options(struct v9fs_session_info *v9ses, char *opts)
>  				ret = r;
>  				continue;
>  			}
> -			v9ses->dfltgid = option;
> +			v9ses->dfltgid = make_kgid(&init_user_ns, option);

And this one.

> +			if (!gid_valid(v9ses->dfltgid)) {
> +				p9_debug(P9_DEBUG_ERROR,
> +					 "gid field, but not a gid?\n");
> +				ret = -EINVAL;
> +				continue;
> +			}
>  			break;
>  		case Opt_afid:
>  			r = match_int(&args[0], &option);
> @@ -248,8 +260,9 @@ static int v9fs_parse_options(struct v9fs_session_info *v9ses, char *opts)
>  			else if (strcmp(s, "client") == 0) {
>  				v9ses->flags |= V9FS_ACCESS_CLIENT;
>  			} else {
> +				uid_t uid;
>  				v9ses->flags |= V9FS_ACCESS_SINGLE;
> -				v9ses->uid = simple_strtoul(s, &e, 10);
> +				uid = simple_strtoul(s, &e, 10);
>  				if (*e != '\0') {
>  					ret = -EINVAL;
>  					pr_info("Unknown access argument %s\n",
> @@ -257,6 +270,13 @@ static int v9fs_parse_options(struct v9fs_session_info *v9ses, char *opts)
>  					kfree(s);
>  					goto free_and_return;
>  				}
> +				v9ses->uid = make_kuid(&init_user_ns, uid);

Also this one.

> +				if (!uid_valid(v9ses->uid)) {
> +					ret = -EINVAL;
> +					pr_info("Uknown uid %s\n", s);
> +					kfree(s);
> +					goto free_and_return;
> +				}
>  			}
>
>  			kfree(s);

.

_______________________________________________
Containers mailing list
Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linuxfoundation.org/mailman/listinfo/containers