[PULL][unstable] Namespace mount patches for 4.7
Seth Forshee
seth.forshee at canonical.com
Tue Aug 2 16:51:22 UTC 2016
This is a fairly enormous pile of changes. When we move to 4.8 the delta
will be much smaller, as most (30) of the patches are cherry picks or
backports of patches already merged for 4.8, and those patches accounts
for the vast majority of the delta.
The upstream patches are focused on vfs hardening and general
improvements for maintainability. Not all of it is directly enabling
namespace mounting, but as it's all rather entwined it's easiest to just
take all the changes.
The rest loosen some restrictions in the vfs for namespace mounts and
add namespace mount support for fuse and ext4. The requirement that was
present in xenial to enable namespace mounts via a module parameter has
been lifted for fuse but remains in place for ext4.
Thanks,
Seth
The following changes since commit c998cdcbce2f641d7618d0b952198ad94b2b185d:
UBUNTU: Ubuntu-4.7.0-0.2 (2016-08-02 10:18:23 -0600)
are available in the git repository at:
git://git.launchpad.net/~sforshee/+git/linux-unstable nsmount
for you to fetch changes up to af43a505daed3fc336afa3f837fcde4008a87a55:
UBUNTU: SAUCE: (namespace) ext4: Add module parameter to enable user namespace mounts (2016-08-02 11:22:12 -0500)
----------------------------------------------------------------
Andy Lutomirski (1):
(namespace) fs: Treat foreign mounts as nosuid
Eric W. Biederman (21):
(namespace) mnt: Refactor fs_fully_visible into mount_too_revealing
(namespace) ipc: Initialize ipc_namespace->user_ns early.
(namespace) vfs: Pass data, ns, and ns->userns to mount_ns
(namespace) proc: Convert proc_mount to use mount_ns.
(namespace) fs: Add user namespace member to struct super_block
(namespace) mnt: Move the FS_USERNS_MOUNT check into sget_userns
(namespace) kernfs: The cgroup filesystem also benefits from SB_I_NOEXEC
(namespace) ipc/mqueue: The mqueue filesystem should never contain executables
(namespace) vfs: Generalize filesystem nodev handling.
(namespace) mnt: Simplify mount_too_revealing
(namespace) userns: Remove implicit MNT_NODEV fragility.
(namespace) userns: Remove the now unnecessary FS_USERNS_DEV_MOUNT flag
(namespace) userns: Handle -1 in k[ug]id_has_mapping when !CONFIG_USER_NS
(namespace) vfs: Verify acls are valid within superblock's s_user_ns.
(namespace) vfs: Don't modify inodes with a uid or gid unknown to the vfs
(namespace) vfs: Don't create inodes with a uid or gid unknown to the vfs
(namespace) quota: Ensure qids map to the filesystem
(namespace) quota: Handle quota data stored in s_user_ns in quota_setxquota
(namespace) dquot: For now explicitly don't support filesystems outside of init_user_ns
(namespace) fs: Call d_automount with the filesystems creds
UBUNTU: SAUCE: (namespace) fs: Allow superblock owner to change ownership of inodes
Seth Forshee (23):
(namespace) fs: Limit file caps to the user namespace of the super block
(namespace) Smack: Add support for unprivileged mounts from user namespaces
(namespace) Smack: Handle labels consistently in untrusted mounts
(namespace) selinux: Add support for unprivileged mounts from user namespaces
(namespace) fs: Refuse uid/gid changes which don't map into s_user_ns
(namespace) fs: Check for invalid i_uid in may_follow_link()
(namespace) cred: Reject inodes with invalid ids in set_create_file_as()
(namespace) evm: Translate user/group ids relative to s_user_ns when computing HMAC
(namespace) fs: Update i_[ug]id_(read|write) to translate relative to s_user_ns
UBUNTU: SAUCE: (namespace) security/integrity: Harden against malformed xattrs
UBUNTU: SAUCE: (namespace) block_dev: Support checking inode permissions in lookup_bdev()
UBUNTU: SAUCE: (namespace) block_dev: Check permissions towards block device inode when mounting
UBUNTU: SAUCE: (namespace) mtd: Check permissions towards mtd block device inode when mounting
UBUNTU: SAUCE: (namespace) fs: Don't remove suid for CAP_FSETID for userns root
UBUNTU: SAUCE: (namespace) fs: Allow superblock owner to access do_remount_sb()
UBUNTU: SAUCE: (namespace) capabilities: Allow privileged user in s_user_ns to set security.* xattrs
UBUNTU: SAUCE: (namespace) fs: Allow CAP_SYS_ADMIN in s_user_ns to freeze and thaw filesystems
UBUNTU: SAUCE: (namespace) fuse: Add support for pid namespaces
UBUNTU: SAUCE: (namespace) fuse: Support fuse filesystems outside of init_user_ns
UBUNTU: SAUCE: (namespace) fuse: Restrict allow_other to the superblock's namespace or a descendant
UBUNTU: SAUCE: (namespace) fuse: Allow user namespace mounts
UBUNTU: SAUCE: (namespace) ext4: Add support for unprivileged mounts from user namespaces
UBUNTU: SAUCE: (namespace) ext4: Add module parameter to enable user namespace mounts
drivers/md/bcache/super.c | 2 +-
drivers/md/dm-table.c | 2 +-
drivers/mtd/mtdsuper.c | 6 +-
drivers/staging/lustre/lustre/mdc/mdc_request.c | 2 +-
fs/9p/acl.c | 2 +-
fs/attr.c | 53 ++++++++++--
fs/block_dev.c | 20 ++++-
fs/devpts/inode.c | 3 +-
fs/exec.c | 2 +-
fs/ext4/acl.c | 31 ++++---
fs/ext4/balloc.c | 4 +-
fs/ext4/ialloc.c | 7 +-
fs/ext4/inode.c | 18 +++--
fs/ext4/ioctl.c | 10 ++-
fs/ext4/namei.c | 16 ++--
fs/ext4/resize.c | 2 +-
fs/ext4/super.c | 64 +++++++++++----
fs/fuse/cuse.c | 3 +-
fs/fuse/dev.c | 25 ++++--
fs/fuse/dir.c | 16 ++--
fs/fuse/file.c | 22 +++--
fs/fuse/fuse_i.h | 10 ++-
fs/fuse/inode.c | 40 +++++----
fs/inode.c | 13 ++-
fs/ioctl.c | 4 +-
fs/kernfs/mount.c | 5 +-
fs/namei.c | 55 ++++++++++---
fs/namespace.c | 103 +++++++++++-------------
fs/nfsd/nfsctl.c | 13 +--
fs/posix_acl.c | 8 +-
fs/proc/base.c | 7 ++
fs/proc/generic.c | 7 ++
fs/proc/inode.c | 15 +++-
fs/proc/internal.h | 3 +-
fs/proc/proc_sysctl.c | 7 ++
fs/proc/root.c | 61 ++------------
fs/quota/dquot.c | 8 ++
fs/quota/quota.c | 16 ++--
fs/super.c | 69 ++++++++++++++--
fs/sysfs/mount.c | 5 +-
fs/xattr.c | 7 ++
include/linux/fs.h | 81 ++++++++++++-------
include/linux/mount.h | 1 +
include/linux/posix_acl.h | 2 +-
include/linux/projid.h | 5 ++
include/linux/quota.h | 10 +++
include/linux/uidgid.h | 4 +-
include/linux/user_namespace.h | 6 ++
ipc/mqueue.c | 20 +++--
ipc/namespace.c | 5 +-
kernel/cred.c | 2 +
kernel/user_namespace.c | 15 ++++
net/sunrpc/rpc_pipe.c | 8 +-
security/commoncap.c | 22 +++--
security/integrity/digsig.c | 2 +-
security/integrity/evm/evm_crypto.c | 4 +-
security/integrity/evm/evm_main.c | 4 +
security/integrity/ima/ima_appraise.c | 5 +-
security/selinux/hooks.c | 25 +++++-
security/smack/smack.h | 8 +-
security/smack/smack_lsm.c | 34 +++++++-
61 files changed, 704 insertions(+), 325 deletions(-)
More information about the kernel-team
mailing list