- 06 Apr, 2016 40 commits
-
-
Tycho Andersen authored
Operations with the GENL_ADMIN_PERM flag fail permissions checks because this flag means we call netlink_capable, which uses the init user ns. Instead, let's introduce a new flag, GENL_UNS_ADMIN_PERM for operations which should be allowed inside a user namespace. The motivation for this is to be able to run openvswitch in unprivileged containers. I've tested this and it seems to work, but I really have no idea about the security consequences of this patch, so thoughts would be much appreciated. v2: use the GENL_UNS_ADMIN_PERM flag instead of a check in each function v3: use separate ifs for UNS_ADMIN_PERM and ADMIN_PERM, instead of one massive one Reported-by: James Page <james.page@canonical.com> Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com> CC: Eric Biederman <ebiederm@xmission.com> CC: Pravin Shelar <pshelar@ovn.org> CC: Justin Pettit <jpettit@nicira.com> CC: "David S. Miller" <davem@davemloft.net> Acked-by: Pravin B Shelar <pshelar@ovn.org> Signed-off-by: David S. Miller <davem@davemloft.net> (cherry picked from linux-next commit 4a92602a) Signed-off-by: Leann Ogasawara <leann.ogasawara@canonical.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
Tomas Henzl authored
BugLink: http://bugs.launchpad.net/bugs/1544679 A barrier should be added to ensure proper ordering of memory mapped writes. Signed-off-by: Tomas Henzl <thenzl@redhat.com> Reviewed-by: Kashyap Desai <kashyap.desai@broadcom.com> Acked-by: Kashyap Desai <kashyap.desai@broadcom.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> (cherry picked from linux-next commit 4327614e7154a29a5db10469e49282f61598f41a) Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
Sumit Saxena authored
BugLink: http://bugs.launchpad.net/bugs/1544679 Inside compat IOCTL hook of driver, driver was using wrong address of ioc->frame.raw which leads sense_ioc_ptr to be calculated wrongly and failing IOCTL. Signed-off-by: Sumit Saxena <sumit.saxena@avagotech.com> Reviewed-by: Tomas Henzl <thenzl@redhat.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> (cherry picked from linux-next commit 5ee15e20a7616bff57ab085271b2c05d1967a6ff) Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
Sumit Saxena authored
BugLink: http://bugs.launchpad.net/bugs/1544679 Driver assumes that VFs always have peers present whenever they have same LD IDs. But this is not the case. This patch handles the above mentioned by explicitly checking for a peer before making HA/non-HA path decision. Signed-off-by: Uday Lingala <uday.lingala@avagotech.com> Signed-off-by: Sumit Saxena <sumit.saxena@avagotech.com> Reviewed-by: Tomas Henzl <thenzl@redhat.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> (cherry picked from linux-next commit 07d6c5aa4d4128cadb7ff0557576f70085f2cae1) Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
Maurizio Lombardi authored
BugLink: http://bugs.launchpad.net/bugs/1544679 The pd_seq_sync pointer can't be NULL, we have to check its entries instead. Signed-off-by: Maurizio Lombardi <mlombard@redhat.com> Acked-by: Sumit Saxena <sumit.saxena@broadcom.com> Reviewed-by: Tomas Henzl <thenzl@redhat.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> (cherry picked from linux-next commit bd27c97fae40ff3a96e91750304296d851b3c5f2) Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
Sumit Saxena authored
BugLink: http://bugs.launchpad.net/bugs/1544679Signed-off-by: Sumit Saxena <sumit.saxena@avagotech.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> (cherry picked from linux-next commit aee21fb6abaf67eb2ad8a72a8aabbe5e1837207e) Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
Sumit Saxena authored
BugLink: http://bugs.launchpad.net/bugs/1544679 This patch fixes online controller resets on SRIOV-enabled series of Avago controllers. 1) Remove late detection heartbeat. 2) Change in the behavior if the FW found in READY/OPERATIONAL state. Signed-off-by: Uday Lingala <uday.lingala@avagotech.com> Signed-off-by: Sumit Saxena <sumit.saxena@avagotech.com> Reviewed-by: Tomas Henzl <thenzl@redhat.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> (cherry picked from linux-next commit 92d21b2e4c9e9ac9f027b8ce0b74eb4c03230214) Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
Sumit Saxena authored
BugLink: http://bugs.launchpad.net/bugs/1544679 This patch will introduce module-parameter for SCSI command timeout value and fix setting of resetwaittime beyond a value. Signed-off-by: Kashyap Desai <kashyap.desai@avagotech.com> Signed-off-by: Sumit Saxena <sumit.saxena@avagotech.com> Reviewed-by: Tomas Henzl <thenzl@redhat.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> (cherry picked from linux-next commit f4a01f737e56ab0054e4c1d93c3870f0e0803ba0) Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
Sumit Saxena authored
BugLink: http://bugs.launchpad.net/bugs/1544679 Optimized MFI adapters' OCR path, particularly megasas_wait_for_outstanding() function. Signed-off-by: Kashyap Desai <kashyap.desai@avagotech.com> Signed-off-by: Sumit Saxena <sumit.saxena@avagotech.com> Reviewed-by: Tomas Henzl <thenzl@redhat.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> (cherry picked from linux-next commit c05c7e5c091a6527bed7f31e0238749c845a4744) Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
Sumit Saxena authored
BugLink: http://bugs.launchpad.net/bugs/1544679 Make instance->adprecovery variable atomic and removes hba_lock spinlock while accessing instance->adprecovery. Signed-off-by: Sumit Saxena <sumit.saxena@avagotech.com> Signed-off-by: Kashyap Desai <kashyap.desai@avagotech.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> (cherry picked from linux-next commit 19a9f01b55a094d46f02c50d7906514f239ab737) Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
Sumit Saxena authored
BugLink: http://bugs.launchpad.net/bugs/1544679 This patch will add capability in driver to tell firmware that it can throttle IOs in case controller's queue depth is downgraded post OFU (online firmware upgrade). This feature will ensure firmware can be downgraded from higher queue depth to lower queue depth without needing system reboot. Added throttling code in IO path of driver, in case OS tries to send more IOs than post OFU firmware's queue depth. Signed-off-by: Sumit Saxena <sumit.saxena@avagotech.com> Signed-off-by: Kashyap Desai <kashyap.desai@avagotech.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> (cherry picked from linux-next commit a78fae31ce973dc68021d040fe23d85dfebd62be) Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
Sumit Saxena authored
BugLink: http://bugs.launchpad.net/bugs/1544679 1. For iMR controllers, firmware will report two queue depths: - Controller-wide queue depth - LDIO queue depth (240) Controller-wide queue depth will be greater among the two. Using this new feature, iMR can provide larger Queue depth(QD) for JBOD and limited QD for Virtual Disk(VD). 2. megaraid_sas driver will throttle read/write LDIOs based on "LDIO Queue Depth". 3. Dual queue depth can be enabled/disabled via module parameter. It is enabled by default if the firmware supports it. Only specific firmware builds will enable the feature. 4. Added sysfs parameter "ldio_outstanding" which permits querying the number of outstanding LDIO requests at runtime. Signed-off-by: Sumit Saxena <sumit.saxena@avagotech.com> Signed-off-by: Kashyap Desai <kashyap.desai@avagotech.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> (cherry picked from linux-next commit 6516e25f7dc9f19d3a1138a1a9c19840f5962a48) Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
Sumit Saxena authored
BugLink: http://bugs.launchpad.net/bugs/1544679 build_and_issue_cmd should return SCSI_MLQUEUE_HOST_BUSY for a few error cases instead of returning 1. Signed-off-by: Sumit Saxena <sumit.saxena@avagotech.com> Reviewed-by: Tomas Henzl <thenzl@redhat.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> (cherry picked from linux-next commit 6af29f582aae28bd3098cc1f6f037a8c4d49d5b9) Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
Sumit Saxena authored
BugLink: http://bugs.launchpad.net/bugs/1544679 This patch will create a reply queue pool for each MSI-X index and will provide an array of base addresses instead of the single address of legacy mode. Using this new interface the driver can support higher queue depths through scattered DMA pools. If array mode is not supported driver will fall back to the legacy method of reply pool allocation. This limits controller queue depth to 1K max. To enable a queue depth of more than 1K driver requires firmware to support array mode and scratch_pad3 will provide the new queue depth value. When RDPQ is used, downgrading to an older firmware release should not be permitted. This may cause firmware fault and is not supported. Signed-off-by: Kashyap Desai <kashyap.desai@avagotech.com> Signed-off-by: Sumit Saxena <sumit.saxena@avagotech.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> (cherry picked from linux-next commit 7cb94182656215333ded440ab785e88aa850283f) Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
Sumit Saxena authored
BugLink: http://bugs.launchpad.net/bugs/1544679 Firmware will fill out per-LD data to tell driver whether a particular LD supports region lock bypass. If yes, then driver will send non-FP LDIO to region lock bypass FIFO. With this change in driver, firmware will optimize certain code to improve performance. Signed-off-by: Kashyap Desai <kashyap.desai@avagotech.com> Signed-off-by: Sumit Saxena <sumit.saxena@avagotech.com> Reviewed-by: Tomas Henzl <thenzl@redhat.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> (cherry picked from linux-next commit 9ddddb30a4b9e5e8bb20c255056bf319c5767a87) Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
Sumit Saxena authored
BugLink: http://bugs.launchpad.net/bugs/1544679 This patch will update device Queue depth based on interface type(SAS, SATA..) for sysPDs. For Virtual disks(VDs), there will be no change in queue depth (will remain 256). To fetch interface type (SAS or SATA or FC..) of syspD, driver will send DCMD MR_DCMD_PD_GET_INFO. Signed-off-by: Sumit Saxena <sumit.saxena@avagotech.com> Signed-off-by: Kashyap Desai <kashyap.desai@avagotech.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> (cherry picked from linux-next commit 86596b4b69767c628763c892b39c58e514890ac1) Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
Sumit Saxena authored
BugLink: http://bugs.launchpad.net/bugs/1544679 This patch adds task management for SCSI commands. Added functions are task abort and target reset. 1. Currently, megaraid_sas driver performs controller reset when any IO times out. With task management support added, task abort and target reset will be tried to recover timed out IO. If task management fails, then controller reset will be performaned. If the task management request times out, fail the request and escalate to the next level (controller reset). 2. mr_device_priv_data will be allocated for all generations of controller, but is_tm_capable flag will never be set for controllers (prior to Invader series) as firmware support is not available for task management. 3. Task management capable firmware will set is_tm_capable flag in firmware API. Signed-off-by: Sumit Saxena <sumit.saxena@avagotech.com> Signed-off-by: Kashyap Desai <kashyap.desai@avagotech.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> (cherry picked from linux-next commit 31796fa184ee12f290da92f695845e3c780ff11d) Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
Sumit Saxena authored
BugLink: http://bugs.launchpad.net/bugs/1544679Signed-off-by: Sumit Saxena <sumit.saxena@avagotech.com> Reviewed-by: Tomas Henzl <thenzl@redhat.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> (cherry picked from linux-next commit 4331dc0b8a9071e02404f43bd78cfce38eacf8cf) Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
Sumit Saxena authored
BugLink: http://bugs.launchpad.net/bugs/1544679 This patch will do proper error handling for DCMD timeout failure cases for Fusion adapters: 1. For MFI adapters, in case of DCMD timeout (DCMD which must return SUCCESS) driver will call kill adapter. 2. What action needs to be taken in case of DCMD timeout is decided by function dcmd_timeout_ocr_possible(). DCMD timeout causing OCR is applicable to the following commands: MR_DCMD_PD_LIST_QUERY MR_DCMD_LD_GET_LIST MR_DCMD_LD_LIST_QUERY MR_DCMD_CTRL_SET_CRASH_DUMP_PARAMS MR_DCMD_SYSTEM_PD_MAP_GET_INFO MR_DCMD_LD_MAP_GET_INFO 3. If DCMD fails from driver init path there are certain DCMDs which must return SUCCESS. If those DCMDs fail, driver bails out. For optional DCMDs like pd_info etc., driver continues without executing certain functionality. Signed-off-by: Sumit Saxena <sumit.saxena@avagotech.com> Signed-off-by: Kashyap Desai <kashyap.desai@avagotech.com> Reviewed-by: Tomas Henzl <thenzl@redhat.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> (cherry picked from linux-next commit da8939d675e3fdd9652500c37640423062497edc) Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
Sumit Saxena authored
BugLink: http://bugs.launchpad.net/bugs/1544679 This patch will do synhronization between OCR function and AEN function using "reset_mutex" lock. reset_mutex will be acquired only in the first half of the AEN function which issues a DCMD. Second half of the function which calls SCSI API (scsi_add_device/scsi_remove_device) should be out of reset_mutex to avoid deadlock between scsi_eh thread and driver. During chip reset (inside OCR function), there should not be any PCI access and AEN function (which is called in delayed context) may be firing DCMDs (doing PCI writes) when chip reset is happening in parallel which will cause FW fault. This patch will solve the problem by making AEN thread and OCR thread mutually exclusive. Signed-off-by: Sumit Saxena <sumit.saxena@avagotech.com> Signed-off-by: Kashyap Desai <kashyap.desai@avagotech.com> Reviewed-by: Tomas Henzl <thenzl@redhat.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> (cherry picked from linux-next commit e5bf0a869b770ff035cd64e5a8b66a3c6bdd9f3b) Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
Tim Gardner authored
BugLink: http://bugs.launchpad.net/bugs/1544321Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
Tim Gardner authored
Ignore: yes Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
Tim Gardner authored
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
Seth Forshee authored
This is still an experimental feature, so disable it by default and allow it only when the system administrator supplies the userns_mounts=true module parameter. Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
Seth Forshee authored
This is still an experimental feature, so disable it by default and allow it only when the system administrator supplies the userns_mounts=true module parameter. Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
Seth Forshee authored
Support unprivileged mounting of ext4 volumes from user namespaces. This requires the following changes: - Perform all uid and gid conversions to/from disk relative to s_user_ns. In many cases this will already be handled by the vfs helper functions. This also requires updates to handle cases where ids may not map into s_user_ns. - Update most capability checks to check for capabilities in s_user_ns rather than init_user_ns. These mostly reflect changes to the filesystem that a user in s_user_ns could already make externally by virtue of having write access to the backing device. - Restrict unsafe options in either the mount options or the ext4 superblock. Currently the only concerning option is errors=panic, and this is made to require CAP_SYS_ADMIN in init_user_ns. - Verify that unprivileged users have the required access to the journal device at the path passed via the journal_path mount option. Note that for the journal_path and the journal_dev mount options, and for external journal devices specified in the ext4 superblock, devcgroup restrictions will be enforced by __blkdev_get(), (via blkdev_get_by_dev()), ensuring that the user has been granted appropriate access to the block device. - Set the FS_USERNS_MOUNT flag on the filesystem types supported by ext4. sysfs attributes for ext4 mounts remain writable only by real root. Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
Seth Forshee authored
For unprivileged mounts to be safe the user must not be able to make changes to the backing store while it is mounted. This patch takes a step towards preventing this by refusing to mount in a user namepspace if the block device is open for writing and refusing attempts to open the block device for writing by non- root while it is mounted in a user namespace. To prevent this from happening we use i_writecount in the inodes of the bdev filesystem similarly to how it is used for regular files. Whenever the device is opened for writing i_writecount is checked; if it is negative the open returns -EBUSY, otherwise i_writecount is incremented. On mount, a positive i_writecount results in mount_bdev returning -EBUSY, otherwise i_writecount is decremented. Opens by root and mounts from init_user_ns do not check nor modify i_writecount. Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
Seth Forshee authored
Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
Seth Forshee authored
The user in control of a super block should be allowed to freeze and thaw it. Relax the restrictions on the FIFREEZE and FITHAW ioctls to require CAP_SYS_ADMIN in s_user_ns. Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
Seth Forshee authored
The EVM HMAC should be calculated using the on disk user and group ids, so the k[ug]ids in the inode must be translated relative to the s_user_ns of the inode's super block. Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
Seth Forshee authored
When dealing with mounts from user namespaces quota user ids must be translated relative to s_user_ns, especially when they will be stored on disk. For purposes of the in-kernel hash table using init_user_ns is still okay and may help reduce hash collisions, so continue using init_user_ns there. These changes introduce the possibility that the conversion operations in struct qtree_fmt_operations could fail if an id cannot be legitimately converted. Change these operations to return int rather than void, and update the callers to handle failures. Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
Seth Forshee authored
For filesystems mounted from a user namespace on-disk ids should be translated relative to s_users_ns rather than init_user_ns. When an id in the filesystem doesn't exist in s_user_ns the associated id in the inode will be set to INVALID_[UG]ID, which turns these into de facto "nobody" ids. This actually maps pretty well into the way most code already works, and those places where it didn't were fixed in previous patches. Moving forward vfs code needs to be careful to handle instances where ids in inodes may be invalid. Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
Seth Forshee authored
Unprivileged users should not be able to mount mtd block devices when they lack sufficient privileges towards the block device inode. Update mount_mtd() to validate that the user has the required access to the inode at the specified path. The check will be skipped for CAP_SYS_ADMIN, so privileged mounts will continue working as before. Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
Seth Forshee authored
Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
Seth Forshee authored
Unprivileged users are normally restricted from mounting with the allow_other option by system policy, but this could be bypassed for a mount done with user namespace root permissions. In such cases allow_other should not allow users outside the userns to access the mount as doing so would give the unprivileged user the ability to manipulate processes it would otherwise be unable to manipulate. Restrict allow_other to apply to users in the same userns used at mount or a descendant of that namespace. Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
Seth Forshee authored
In order to support mounts from namespaces other than init_user_ns, fuse must translate uids and gids to/from the userns of the process servicing requests on /dev/fuse. This patch does that, with a couple of restrictions on the namespace: - The userns for the fuse connection is fixed to the namespace from which /dev/fuse is opened. - The namespace must be the same as s_user_ns. These restrictions simplify the implementation by avoiding the need to pass around userns references and by allowing fuse to rely on the checks in inode_change_ok for ownership changes. Either restriction could be relaxed in the future if needed. For cuse the namespace used for the connection is also simply current_user_ns() at the time /dev/cuse is opened. Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
Seth Forshee authored
If the userspace process servicing fuse requests is running in a pid namespace then pids passed via the fuse fd need to be translated relative to that namespace. Capture the pid namespace in use when the filesystem is mounted and use this for pid translation. Since no use case currently exists for changing namespaces all translations are done relative to the pid namespace in use when /dev/fuse is opened. Mounting or /dev/fuse IO from another namespace will return errors. Requests from processes whose pid cannot be translated into the target namespace are not permitted, except for requests allocated via fuse_get_req_nofail_nopages. For no-fail requests in.h.pid will be 0 if the pid translation fails. File locking changes based on previous work done by Eric Biederman. Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Signed-off-by: Miklos Szeredi <mszeredi@suse.cz> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
Seth Forshee authored
A privileged user in s_user_ns will generally have the ability to manipulate the backing store and insert security.* xattrs into the filesystem directly. Therefore the kernel must be prepared to handle these xattrs from unprivileged mounts, and it makes little sense for commoncap to prevent writing these xattrs to the filesystem. The capability and LSM code have already been updated to appropriately handle xattrs from unprivileged mounts, so it is safe to loosen this restriction on setting xattrs. The exception to this logic is that writing xattrs to a mounted filesystem may also cause the LSM inode_post_setxattr or inode_setsecurity callbacks to be invoked. SELinux will deny the xattr update by virtue of applying mountpoint labeling to unprivileged userns mounts, and Smack will deny the writes for any user without global CAP_MAC_ADMIN, so loosening the capability check in commoncap is safe in this respect as well. Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
Seth Forshee authored
Superblock level remounts are currently restricted to global CAP_SYS_ADMIN, as is the path for changing the root mount to read only on umount. Loosen both of these permission checks to also allow CAP_SYS_ADMIN in any namespace which is privileged towards the userns which originally mounted the filesystem. Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Acked-by: "Eric W. Biederman" <ebiederm@xmission.com> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-
Seth Forshee authored
Expand the check in should_remove_suid() to keep privileges for CAP_FSETID in s_user_ns rather than init_user_ns. Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
-