From patchwork Wed Nov  4 18:52:22 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Eric W. Biederman" <ebiederm@xmission.com>
X-Patchwork-Id: 7552711
Return-Path: <linux-fsdevel-owner@kernel.org>
X-Original-To: patchwork-linux-fsdevel@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.29.136])
	by patchwork2.web.kernel.org (Postfix) with ESMTP id 3DF0DBEEA4
	for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Wed,  4 Nov 2015 19:01:59 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id 60D2C205E8
	for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Wed,  4 Nov 2015 19:01:58 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id 6B986205B5
	for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Wed,  4 Nov 2015 19:01:57 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1031438AbbKDTBm (ORCPT
	<rfc822;patchwork-linux-fsdevel@patchwork.kernel.org>);
	Wed, 4 Nov 2015 14:01:42 -0500
Received: from out02.mta.xmission.com ([166.70.13.232]:48330 "EHLO
	out02.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1031033AbbKDTBl (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Wed, 4 Nov 2015 14:01:41 -0500
Received: from in02.mta.xmission.com ([166.70.13.52])
	by out02.mta.xmission.com with esmtps
	(TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.82)
	(envelope-from <ebiederm@xmission.com>)
	id 1Zu3JO-0002ge-5H; Wed, 04 Nov 2015 12:01:34 -0700
Received: from 67-3-201-231.omah.qwest.net ([67.3.201.231]
	helo=x220.int.ebiederm.org.xmission.com)
	by in02.mta.xmission.com with esmtpsa
	(TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.82)
	(envelope-from <ebiederm@xmission.com>)
	id 1Zu3JN-0005kf-DE; Wed, 04 Nov 2015 12:01:33 -0700
From: ebiederm@xmission.com (Eric W. Biederman)
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Linux Containers <containers@lists.linux-foundation.org>,
	<linux-kernel@vger.kernel.org>, <linux-fsdevel@vger.kernel.org>
Date: Wed, 04 Nov 2015 12:52:22 -0600
Message-ID: <87fv0loavt.fsf@x220.int.ebiederm.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux)
MIME-Version: 1.0
X-XM-AID: U2FsdGVkX1/YK5t8ltYFu2rPYlP8Hm1AeFEUd9Ns2cY=
X-SA-Exim-Connect-IP: 67.3.201.231
X-SA-Exim-Mail-From: ebiederm@xmission.com
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI,
	T_RP_MATCHES_RCVD,
	UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1
X-Spam-DCC: XMission; sa07 1397; Body=1 Fuz1=1 Fuz2=1 
X-Spam-Combo: **;Linus Torvalds <torvalds@linux-foundation.org>
X-Spam-Relay-Country: 
X-Spam-Timing: total 283 ms - load_scoreonly_sql: 0.04 (0.0%),
	signal_user_changed: 6 (2.2%), b_tie_ro: 3.9 (1.4%),
	parse: 0.68 (0.2%),
	extract_message_metadata: 3.1 (1.1%), get_uri_detail_list: 1.43 (0.5%),
	tests_pri_-1000: 2.8 (1.0%), tests_pri_-950: 1.23 (0.4%),
	tests_pri_-900:
	1.03 (0.4%), tests_pri_-400: 20 (7.1%), check_bayes: 19 (6.8%),
	b_tokenize: 5
	(1.8%), b_tok_get_all: 6 (2.0%), b_comp_prob: 1.93 (0.7%),
	b_tok_touch_all:
	4.2 (1.5%), b_finish: 0.67 (0.2%), tests_pri_0: 234 (82.6%),
	tests_pri_500: 5.0 (1.8%), rewrite_mail: 0.00 (0.0%)
Subject: [GIT PULL] userns: Allow hardlinks for 4.4
X-SA-Exim-Version: 4.2.1 (built Wed, 24 Sep 2014 11:00:52 -0600)
X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com)
Sender: linux-fsdevel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-fsdevel.vger.kernel.org>
X-Mailing-List: linux-fsdevel@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

Linus,

Please pull the for-linus branch from the git tree:

   git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git for-linus

   HEAD: f2ca379642d7a843be972ea4167abdd3c8c9e5d1 namei: permit linking with CAP_FOWNER in userns

This round just contains a single patch.  There has been a lot of other
work this period but it is not quite ready yet, so I am pushing it until
4.5.

The remaining change by Dirk Steinmetz wich fixes both Gentoo and Ubuntu
containers allows hardlinks if we have the appropriate capabilities in
the user namespace.  Security wise it is really a gimme as the user
namespace root can already call setuid become that user and create the
hardlink.

Eric


Dirk Steinmetz (1):
      namei: permit linking with CAP_FOWNER in userns

 fs/namei.c | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/fs/namei.c b/fs/namei.c
index 726d211db484..29fc6a657477 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -955,26 +955,23 @@ static bool safe_hardlink_source(struct inode *inode)
  *  - sysctl_protected_hardlinks enabled
  *  - fsuid does not match inode
  *  - hardlink source is unsafe (see safe_hardlink_source() above)
- *  - not CAP_FOWNER
+ *  - not CAP_FOWNER in a namespace with the inode owner uid mapped
  *
  * Returns 0 if successful, -ve on error.
  */
 static int may_linkat(struct path *link)
 {
-	const struct cred *cred;
 	struct inode *inode;
 
 	if (!sysctl_protected_hardlinks)
 		return 0;
 
-	cred = current_cred();
 	inode = link->dentry->d_inode;
 
 	/* Source inode owner (or CAP_FOWNER) can hardlink all they like,
 	 * otherwise, it must be a safe source.
 	 */
-	if (uid_eq(cred->fsuid, inode->i_uid) || safe_hardlink_source(inode) ||
-	    capable(CAP_FOWNER))
+	if (inode_owner_or_capable(inode) || safe_hardlink_source(inode))
 		return 0;
 
 	audit_log_link_denied("linkat", link);