On 2/25/22 12:45, Christian Brauner wrote:
On Thu, Feb 24, 2022 at 05:57:38PM -0800, Darrick J. Wong wrote:
On Mon, Feb 21, 2022 at 09:22:18PM +0300, Andrey Zhadchenko wrote:
xfs_fileattr_set() handles idmapped mounts correctly and do not drop this
bits.
Unfortunately chown syscall results in different callstask:
i_op->xfs_vn_setattr()->...->xfs_setattr_nonsize() which checks if process
has CAP_FSETID capable in init_user_ns rather than mntns userns.
Signed-off-by: Andrey Zhadchenko <andrey.zhadchenko@xxxxxxxxxxxxx>
LGTM...
Reviewed-by: Darrick J. Wong <djwong@xxxxxxxxxx>
Darrick, could I ask you to please wait with applying.
The correct fix for this is either to simply remove the check here
altogether as we figured out in the thread or to switch to a generic vfs
helper setattr_copy().
Andrey will send a new patch in the not too distant future afaict
including tests.
Yes, please do not apply this patch for now. I am currently working on
next version, however it is postponed a bit due to my personal affairs.
Also I intend to add a second patch for xfs_fileattr_set() since it has
the similar flaw - it may drop S_ISUID|S_ISGID for directories and may
not drop S_ISUID for executable files.
I expect to send patches next week alongside with new xfstests.
