Your suggestions make sense to me, especially after looking
at how other filesystems use init_user_ns...
As far as kicking us out of the Kernel, good grief, I hope not, it
was hard getting into the kernel!
-Mike
On Sat, Jun 25, 2016 at 12:29 AM, Eric W. Biederman
<ebiederm@xxxxxxxxxxxx> wrote:
> Jann Horn <jannh@xxxxxxxxxx> writes:
>
>> diff --git a/fs/orangefs/devorangefs-req.c b/fs/orangefs/devorangefs-req.c
>> index db170be..a287a66 100644
>> --- a/fs/orangefs/devorangefs-req.c
>> +++ b/fs/orangefs/devorangefs-req.c
>> @@ -116,6 +116,13 @@ static int orangefs_devreq_open(struct inode *inode, struct file *file)
>> {
>> int ret = -EINVAL;
>>
>> + /* in order to ensure that the filesystem driver sees correct UIDs */
>> + if (file->f_cred->user_ns != &init_user_ns) {
>> + gossip_err("%s: device cannot be opened outside init_user_ns\n",
>> + __func__);
>> + goto out;
>> + }
>> +
>
> Not necessarily in this patch but the code should also verify that the
> opener is also in the initial pid namespace as pids are transferred in
> the upcalls as well.
>
>> if (!(file->f_flags & O_NONBLOCK)) {
>> gossip_err("%s: device cannot be opened in blocking mode\n",
>> __func__);
>
> Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
