On Tue, Aug 16, 2022 at 07:07:51PM +0200, Christian Brauner wrote:
> On Tue, Aug 16, 2022 at 11:47:52AM -0500, Seth Forshee wrote:
> > Idmapped mounts should not allow a user to map file ownsership into a
> > range of ids which is not under the control of that user. However, we
> > currently don't check whether the mounter is privileged wrt to the
> > target user namespace.
> >
> > Currently no FS_USERNS_MOUNT filesystems support idmapped mounts, thus
> > this is not a problem as only CAP_SYS_ADMIN in init_user_ns is allowed
> > to set up idmapped mounts. But this could change in the future, so add a
> > check to refuse to create idmapped mounts when the mounter does not have
> > CAP_SYS_ADMIN in the target user namespace.
> >
> > Fixes: bd303368b776 ("fs: support mapped mounts of mapped filesystems")
> > Signed-off-by: Seth Forshee <sforshee@xxxxxxxxxxxxxxxx>
> > ---
>
> Fwiw, I think we can probably move the check into build_mount_idmapped()
> right before we setup kattr->mnt_userns so we don't end up calling this
> multiple times for each mount. But no need to resend for this. I can
> move this. In general that seems like a good idea and good future
> proofing,
> Reviewed-by: Christian Brauner (Microsoft) <brauner@xxxxxxxxxx>
That makes sense. Thanks!
