On Fri, 2023-05-19 at 18:21 +0100, David Howells wrote:
>
> Set mode 0600 on files in the cache so that cachefilesd can run as an
> unprivileged user rather than leaving the files all with 0. Directories
> are already set to 0700.
>
> Userspace then needs to set the uid and gid before issuing the "bind"
> command and the cache must've been chown'd to those IDs.
>
> Signed-off-by: David Howells <dhowells@xxxxxxxxxx>
> cc: David Howells <dhowells@xxxxxxxxxx>
> cc: Jeff Layton <jlayton@xxxxxxxxxx>
> cc: linux-cachefs@xxxxxxxxxx
> cc: linux-erofs@xxxxxxxxxxxxxxxx
> cc: linux-fsdevel@xxxxxxxxxxxxxxx
> ---
> fs/cachefiles/namei.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/fs/cachefiles/namei.c b/fs/cachefiles/namei.c
> index 82219a8f6084..66482c193e86 100644
> --- a/fs/cachefiles/namei.c
> +++ b/fs/cachefiles/namei.c
> @@ -451,7 +451,8 @@ struct file *cachefiles_create_tmpfile(struct cachefiles_object *object)
>
> ret = cachefiles_inject_write_error();
> if (ret == 0) {
> - file = vfs_tmpfile_open(&nop_mnt_idmap, &parentpath, S_IFREG,
> + file = vfs_tmpfile_open(&nop_mnt_idmap, &parentpath,
> + S_IFREG | 0600,
> O_RDWR | O_LARGEFILE | O_DIRECT,
> cache->cache_cred);
> ret = PTR_ERR_OR_ZERO(file);
>
Seems safe enough, and if it helps allow this to run unprivileged then:
Reviewed-by: Jeff Layton <jlayton@xxxxxxxxxx>
