[net-next,v2,01/10] sysfs: add sysfs_file_change_owner{_by_name}()
diff mbox series

Message ID 20200217161436.1748598-2-christian.brauner@ubuntu.com
State Not Applicable, archived
Headers show
Series
  • net: fix sysfs permssions when device changes network
Related show

Commit Message

Christian Brauner Feb. 17, 2020, 4:14 p.m. UTC
Add helpers to change owner of a sysfs files.
The ownership of a sysfs object is determined based on the ownership of
the corresponding kobject, i.e. only if the ownership of a kobject is
changed will this function change the ownership of the corresponding
sysfs entry.
This function will be used to correctly account for kobject ownership
changes, e.g. when moving network devices between network namespaces.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---
/* v2 */
-  Greg Kroah-Hartman <gregkh@linuxfoundation.org>:
   - Better naming for sysfs_file_change_owner() to reflect the fact that it
     can be used to change the owner of the kobject itself by passing NULL as
     argument.
- Christian Brauner <christian.brauner@ubuntu.com>:
  - Split sysfs_file_change_owner() into two helpers sysfs_change_owner() and
    sysfs_change_owner_by_name(). The former changes the owner of the kobject
    itself, the latter the owner of the kobject looked up via the name
    argument.
---
 fs/sysfs/file.c       | 82 +++++++++++++++++++++++++++++++++++++++++++
 include/linux/sysfs.h | 14 ++++++++
 2 files changed, 96 insertions(+)

Comments

Greg Kroah-Hartman Feb. 17, 2020, 4:29 p.m. UTC | #1
On Mon, Feb 17, 2020 at 05:14:27PM +0100, Christian Brauner wrote:
> Add helpers to change owner of a sysfs files.
> The ownership of a sysfs object is determined based on the ownership of
> the corresponding kobject, i.e. only if the ownership of a kobject is
> changed will this function change the ownership of the corresponding
> sysfs entry.
> This function will be used to correctly account for kobject ownership
> changes, e.g. when moving network devices between network namespaces.
> 
> Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
> ---
> /* v2 */
> -  Greg Kroah-Hartman <gregkh@linuxfoundation.org>:
>    - Better naming for sysfs_file_change_owner() to reflect the fact that it
>      can be used to change the owner of the kobject itself by passing NULL as
>      argument.
> - Christian Brauner <christian.brauner@ubuntu.com>:
>   - Split sysfs_file_change_owner() into two helpers sysfs_change_owner() and
>     sysfs_change_owner_by_name(). The former changes the owner of the kobject
>     itself, the latter the owner of the kobject looked up via the name
>     argument.
> ---
>  fs/sysfs/file.c       | 82 +++++++++++++++++++++++++++++++++++++++++++
>  include/linux/sysfs.h | 14 ++++++++
>  2 files changed, 96 insertions(+)
> 
> diff --git a/fs/sysfs/file.c b/fs/sysfs/file.c
> index 130fc6fbcc03..8f2607de2456 100644
> --- a/fs/sysfs/file.c
> +++ b/fs/sysfs/file.c
> @@ -558,3 +558,85 @@ void sysfs_remove_bin_file(struct kobject *kobj,
>  	kernfs_remove_by_name(kobj->sd, attr->attr.name);
>  }
>  EXPORT_SYMBOL_GPL(sysfs_remove_bin_file);
> +
> +static int internal_change_owner(struct kernfs_node *kn, struct kobject *kobj)
> +{
> +	kuid_t uid;
> +	kgid_t gid;
> +	struct iattr newattrs = {
> +		.ia_valid = ATTR_UID | ATTR_GID,
> +	};
> +
> +	kobject_get_ownership(kobj, &uid, &gid);
> +	newattrs.ia_uid = uid;
> +	newattrs.ia_gid = gid;
> +
> +	return kernfs_setattr(kn, &newattrs);
> +}
> +
> +/**
> + *	sysfs_file_change_owner_by_name - change owner of a file.
> + *	@kobj:	object.
> + *	@name:	name of the file to change.
> + *
> + * To change the ownership of a sysfs object, the caller must first change the
> + * uid/gid of the kobject and then call this function.

Why have the caller do this?  Why not pass the uid/gid as a parameter
here?  That would make it totally obvious as to what is happening here,
right?

Otherwise this function is depending on someone doing something before
calling it, and that's going to be a very very hard thing to always
ensure/audit.

thanks,

greg k-h

Patch
diff mbox series

diff --git a/fs/sysfs/file.c b/fs/sysfs/file.c
index 130fc6fbcc03..8f2607de2456 100644
--- a/fs/sysfs/file.c
+++ b/fs/sysfs/file.c
@@ -558,3 +558,85 @@  void sysfs_remove_bin_file(struct kobject *kobj,
 	kernfs_remove_by_name(kobj->sd, attr->attr.name);
 }
 EXPORT_SYMBOL_GPL(sysfs_remove_bin_file);
+
+static int internal_change_owner(struct kernfs_node *kn, struct kobject *kobj)
+{
+	kuid_t uid;
+	kgid_t gid;
+	struct iattr newattrs = {
+		.ia_valid = ATTR_UID | ATTR_GID,
+	};
+
+	kobject_get_ownership(kobj, &uid, &gid);
+	newattrs.ia_uid = uid;
+	newattrs.ia_gid = gid;
+
+	return kernfs_setattr(kn, &newattrs);
+}
+
+/**
+ *	sysfs_file_change_owner_by_name - change owner of a file.
+ *	@kobj:	object.
+ *	@name:	name of the file to change.
+ *
+ * To change the ownership of a sysfs object, the caller must first change the
+ * uid/gid of the kobject and then call this function. Usually this will be
+ * taken care of by the relevant subsystem, e.g. moving a network device
+ * between network namespaces owned by different user namespaces will change
+ * the uid/gid of the kobject to the uid/gid of the root user in the user
+ * namespace. Calling this function afterwards will cause the sysfs object to
+ * reflect the new uid/gid.
+ */
+int sysfs_file_change_owner_by_name(struct kobject *kobj, const char *name)
+{
+	struct kernfs_node *kn;
+	int error;
+
+	if (!name)
+		return -EINVAL;
+
+	if (!kobj->state_in_sysfs)
+		return -EINVAL;
+
+	kn = kernfs_find_and_get(kobj->sd, name);
+	if (!kn)
+		return -ENOENT;
+
+	error = internal_change_owner(kn, kobj);
+
+	kernfs_put(kn);
+
+	return error;
+}
+EXPORT_SYMBOL_GPL(sysfs_file_change_owner_by_name);
+
+/**
+ *	sysfs_file_change_owner - change owner of a file.
+ *	@kobj:	object.
+ *
+ * To change the ownership of a sysfs object, the caller must first change the
+ * uid/gid of the kobject and then call this function. Usually this will be
+ * taken care of by the relevant subsystem, e.g. moving a network device
+ * between network namespaces owned by different user namespaces will change
+ * the uid/gid of the kobject to the uid/gid of the root user in the user
+ * namespace. Calling this function afterwards will cause the sysfs object to
+ * reflect the new uid/gid.
+ */
+int sysfs_file_change_owner(struct kobject *kobj)
+{
+	struct kernfs_node *kn;
+	int error;
+
+	if (!kobj->state_in_sysfs)
+		return -EINVAL;
+
+	kernfs_get(kobj->sd);
+
+	kn = kobj->sd;
+	error = internal_change_owner(kn, kobj);
+
+	kernfs_put(kn);
+
+	return error;
+}
+EXPORT_SYMBOL_GPL(sysfs_file_change_owner);
diff --git a/include/linux/sysfs.h b/include/linux/sysfs.h
index fa7ee503fb76..4b3c3b76ff80 100644
--- a/include/linux/sysfs.h
+++ b/include/linux/sysfs.h
@@ -310,6 +310,9 @@  static inline void sysfs_enable_ns(struct kernfs_node *kn)
 	return kernfs_enable_ns(kn);
 }
 
+int sysfs_file_change_owner(struct kobject *kobj);
+int sysfs_file_change_owner_by_name(struct kobject *kobj, const char *name);
+
 #else /* CONFIG_SYSFS */
 
 static inline int sysfs_create_dir_ns(struct kobject *kobj, const void *ns)
@@ -522,6 +525,17 @@  static inline void sysfs_enable_ns(struct kernfs_node *kn)
 {
 }
 
+static inline int int sysfs_file_change_owner(struct kobject *kobj)
+{
+	return 0;
+}
+
+static inline int sysfs_file_change_owner_by_name(struct kobject *kobj,
+						  const char *name)
+{
+	return 0;
+}
+
 #endif /* CONFIG_SYSFS */
 
 static inline int __must_check sysfs_create_file(struct kobject *kobj,