Commit ca52383a authored by Eric W. Biederman's avatar Eric W. Biederman Committed by Luis Henriques

(namespace) vfs: Don't create inodes with a uid or gid unknown to the vfs

BugLink: http://bugs.launchpad.net/bugs/1634964

It is expected that filesystems can not represent uids and gids from
outside of their user namespace.  Keep things simple by not even
trying to create filesystem nodes with non-sense uids and gids.
Acked-by: default avatarSeth Forshee <seth.forshee@canonical.com>
Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
(cherry picked from commit 036d5236)
Signed-off-by: default avatarSeth Forshee <seth.forshee@canonical.com>
Acked-by: default avatarTim Gardner <tim.gardner@canonical.com>
Signed-off-by: default avatarLuis Henriques <luis.henriques@canonical.com>
parent ac7f3f73
...@@ -2608,16 +2608,22 @@ static int may_delete(struct inode *dir, struct dentry *victim, bool isdir) ...@@ -2608,16 +2608,22 @@ static int may_delete(struct inode *dir, struct dentry *victim, bool isdir)
* 1. We can't do it if child already exists (open has special treatment for * 1. We can't do it if child already exists (open has special treatment for
* this case, but since we are inlined it's OK) * this case, but since we are inlined it's OK)
* 2. We can't do it if dir is read-only (done in permission()) * 2. We can't do it if dir is read-only (done in permission())
* 3. We should have write and exec permissions on dir * 3. We can't do it if the fs can't represent the fsuid or fsgid.
* 4. We can't do it if dir is immutable (done in permission()) * 4. We should have write and exec permissions on dir
* 5. We can't do it if dir is immutable (done in permission())
*/ */
static inline int may_create(struct inode *dir, struct dentry *child) static inline int may_create(struct inode *dir, struct dentry *child)
{ {
struct user_namespace *s_user_ns;
audit_inode_child(dir, child, AUDIT_TYPE_CHILD_CREATE); audit_inode_child(dir, child, AUDIT_TYPE_CHILD_CREATE);
if (child->d_inode) if (child->d_inode)
return -EEXIST; return -EEXIST;
if (IS_DEADDIR(dir)) if (IS_DEADDIR(dir))
return -ENOENT; return -ENOENT;
s_user_ns = dir->i_sb->s_user_ns;
if (!kuid_has_mapping(s_user_ns, current_fsuid()) ||
!kgid_has_mapping(s_user_ns, current_fsgid()))
return -EOVERFLOW;
return inode_permission(dir, MAY_WRITE | MAY_EXEC); return inode_permission(dir, MAY_WRITE | MAY_EXEC);
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment