From patchwork Thu Jul 16 03:15:21 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Eric W. Biederman" <ebiederm@xmission.com>
X-Patchwork-Id: 6803851
Return-Path: <linux-fsdevel-owner@kernel.org>
X-Original-To: patchwork-linux-fsdevel@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.29.136])
	by patchwork1.web.kernel.org (Postfix) with ESMTP id DB6DC9F2F0
	for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Thu, 16 Jul 2015 03:22:04 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id 0196F206E0
	for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Thu, 16 Jul 2015 03:22:04 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id 15F8B206D4
	for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Thu, 16 Jul 2015 03:22:03 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1754332AbbGPDVr (ORCPT
	<rfc822;patchwork-linux-fsdevel@patchwork.kernel.org>);
	Wed, 15 Jul 2015 23:21:47 -0400
Received: from out02.mta.xmission.com ([166.70.13.232]:54102 "EHLO
	out02.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751990AbbGPDVq (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Wed, 15 Jul 2015 23:21:46 -0400
Received: from in02.mta.xmission.com ([166.70.13.52])
	by out02.mta.xmission.com with esmtps
	(TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.82)
	(envelope-from <ebiederm@xmission.com>)
	id 1ZFZk1-0005GC-OP; Wed, 15 Jul 2015 21:21:45 -0600
Received: from 67-3-205-90.omah.qwest.net ([67.3.205.90]
	helo=x220.int.ebiederm.org.xmission.com)
	by in02.mta.xmission.com with esmtpsa
	(TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.82)
	(envelope-from <ebiederm@xmission.com>)
	id 1ZFZjz-0006V6-Tl; Wed, 15 Jul 2015 21:21:45 -0600
From: ebiederm@xmission.com (Eric W. Biederman)
To: Seth Forshee <seth.forshee@canonical.com>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>, linux-fsdevel@vger.kernel.org,
	linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov,
	Serge Hallyn <serge.hallyn@canonical.com>,
	Andy Lutomirski <luto@amacapital.net>, linux-kernel@vger.kernel.org,
	Casey Schaufler <casey@schaufler-ca.com>
References: <1436989569-69582-1-git-send-email-seth.forshee@canonical.com>
Date: Wed, 15 Jul 2015 22:15:21 -0500
In-Reply-To: <1436989569-69582-1-git-send-email-seth.forshee@canonical.com>
	(Seth Forshee's message of "Wed, 15 Jul 2015 14:46:01 -0500")
Message-ID: <87615k7pyu.fsf@x220.int.ebiederm.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux)
MIME-Version: 1.0
X-XM-AID: U2FsdGVkX1+kR9eypv0+I2eTQLPtrR5JM1tHnPocXRo=
X-SA-Exim-Connect-IP: 67.3.205.90
X-SA-Exim-Mail-From: ebiederm@xmission.com
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Spam-Status: No, score=-8.3 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI,
	RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=ham version=3.3.1
X-Spam-DCC: XMission; sa03 1397; Body=1 Fuz1=1 Fuz2=1 
X-Spam-Combo: **;Seth Forshee <seth.forshee@canonical.com>
X-Spam-Relay-Country: 
X-Spam-Timing: total 1346 ms - load_scoreonly_sql: 0.06 (0.0%),
	signal_user_changed: 4 (0.3%), parse: 1.22 (0.1%),
	extract_message_metadata:
	4 (0.3%), get_uri_detail_list: 1.52 (0.1%), tests_pri_-1000: 5 (0.4%),
	tests_pri_-950: 2.00 (0.1%), tests_pri_-900: 1.55 (0.1%),
	tests_pri_-400: 28
	(2.1%), check_bayes: 26 (1.9%), tests_pri_0: 1289 (95.8%),
	tests_pri_500: 6 (0.4%), rewrite_mail: 0.00 (0.0%)
Subject: Re: [PATCH 0/7] Initial support for user namespace owned mounts
X-SA-Exim-Version: 4.2.1 (built Wed, 24 Sep 2014 11:00:52 -0600)
X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com)
Sender: linux-fsdevel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-fsdevel.vger.kernel.org>
X-Mailing-List: linux-fsdevel@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

Seth I think for the LSMs we should start with:


Then we should push this down into all of the lsms.
Then when we should remove or relax or change the check as appropriate
in each lsm.

The point is this is good enough to see that it is trivially safe,
and this allows us to focus on the core issues, and stop worrying about
the lsms for a bit.

Then we can focus on each lsm one at at time and take the time to really
understand them and talk with their maintainers etc to make certain
we get things correct.

This should remove the need for your patches 5, 6 and 7. For the
immediate future.

Eric
---
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/security/security.c b/security/security.c
index 062f3c997fdc..5b6ece92a8e5 100644
--- a/security/security.c
+++ b/security/security.c
@@ -310,6 +310,8 @@ int security_sb_statfs(struct dentry *dentry)
 int security_sb_mount(const char *dev_name, struct path *path,
                        const char *type, unsigned long flags, void *data)
 {
+       if (current_user_ns() != &init_user_ns)
+               return -EPERM;
        return call_int_hook(sb_mount, 0, dev_name, path, type, flags, data);
 }