Christian Brauner <christian.brauner@xxxxxxxxxx> wrote: > In order to answer this more confidently I need to know a bit more about > how cachefiles are supposed to work. > > From what I gather here it seemed what this code is trying to set here > is an internal "CacheFiles.cache" extended attribute on the indode. This > extended attribute doesn't store any uids and gids or filesystem > capabilities so the user namespace isn't relevant for that since there > doesn't need to be any conversion. > > What I need to know is what information do you use for cachefiles to > determine whether someone can set that "Cachefiles.cache" extended > attribute on the inode: > - Is it the mnt_userns of a/the mount of the filesystem you're caching for? > - The mnt_userns of the mnt of struct cachefiles_cache? > - Or the stashed or current creds of the caller? Mostly it's about permission checking. The cache driver wants to do accesses onto the files in cache using the context of whatever process writes the "bind" command to /dev/cachefiles, not the context of whichever process issued a read or write, say, on an NFS file that is being cached. This causes standard UNIX perm checking, SELinux checking, etc. all to be switched to the appropriate context. It also controls what appears in the audit logs. There is an exception to this: It also governs the ownership of new files and directories created in the cache and what security labels will be set on them. Quite possibly this doesn't matter for the xattr stuff. It's hard to tell since we use user namespaces to convey so many different things at different times. David