[v4,5/9] vfs: Make switch_userns set PR_SET_DUMPABLE

Message ID	20230314114511.128207-6-rodrigo@sdfg.com.ar (mailing list archive)
State	New, archived
Headers	show Return-Path: <fstests-owner@vger.kernel.org> From: Rodrigo Campos <rodrigo@sdfg.com.ar> To: fstests@vger.kernel.org Cc: Christian Brauner <brauner@kernel.org>, Giuseppe Scrivano <gscrivan@redhat.com>, Rodrigo Campos <rodrigo@sdfg.com.ar> Subject: [PATCH v4 5/9] vfs: Make switch_userns set PR_SET_DUMPABLE Date: Tue, 14 Mar 2023 12:45:07 +0100 Message-Id: <20230314114511.128207-6-rodrigo@sdfg.com.ar> In-Reply-To: <20230314114511.128207-1-rodrigo@sdfg.com.ar> References: <20230314114511.128207-1-rodrigo@sdfg.com.ar> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	Tests for idmapped tmpfs \| expand [v4,0/9] Tests for idmapped tmpfs [v4,1/9] vfs: Don't open-code safe_close() [v4,2/9] vfs: Fix documentation typo [v4,3/9] vfs: Use tabs to indent, not spaces [v4,4/9] vfs: Fix race condition on get_userns_fd() [v4,5/9] vfs: Make switch_userns set PR_SET_DUMPABLE [v4,6/9] vfs: Prepare tests in &s_idmapped_mounts to be reused inside a userns [v4,7/9] vfs: Make idmapped core tests public [v4,8/9] vfs: Export test_setup() and test_cleanup() [v4,9/9] vfs: Add tmpfs tests for idmap mounts

Message ID

20230314114511.128207-6-rodrigo@sdfg.com.ar (mailing list archive)

State

New, archived

Headers

From: Rodrigo Campos <rodrigo@sdfg.com.ar>
To: fstests@vger.kernel.org
Cc: Christian Brauner <brauner@kernel.org>,
        Giuseppe Scrivano <gscrivan@redhat.com>,
        Rodrigo Campos <rodrigo@sdfg.com.ar>
Subject: [PATCH v4 5/9] vfs: Make switch_userns set PR_SET_DUMPABLE
Date: Tue, 14 Mar 2023 12:45:07 +0100
Message-Id: <20230314114511.128207-6-rodrigo@sdfg.com.ar>
In-Reply-To: <20230314114511.128207-1-rodrigo@sdfg.com.ar>
References: <20230314114511.128207-1-rodrigo@sdfg.com.ar>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

Tests for idmapped tmpfs | expand

Commit Message

Rodrigo Campos March 14, 2023, 11:45 a.m. UTC

We need PR_SET_DUMPABLE in order to write the mapping files when
creating a userns. From prctl(2) PR_SET_DUMPABLE is reset when the
process's effective user or group ID is changed.

As we are changing the EUID here, we also reset it to allow creating
nested userns with subsequent switch_users() calls.

This was not causing any issues because we weren't using switch_users()
to create nested userns. Nested userns were created with
userns_fd_cb()/create_userns_hierarchy() that set PR_SET_DUMPABLE.

Future patches will rely on switch_users() to create nested userns. So
this patch fixes that.

Signed-off-by: Rodrigo Campos <rodrigo@sdfg.com.ar>
Reviewed-by: Christian Brauner <brauner@kernel.org>
---
 src/vfs/utils.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git src/vfs/utils.c src/vfs/utils.c
index 2331a3b7..9e67ac37 100644
--- src/vfs/utils.c
+++ src/vfs/utils.c
@@ -286,6 +286,10 @@  bool switch_ids(uid_t uid, gid_t gid)
 	if (setresuid(uid, uid, uid))
 		return syserror("failure: setresuid");
 
+	/* Ensure we can access proc files from processes we can ptrace. */
+	if (prctl(PR_SET_DUMPABLE, 1, 0, 0, 0))
+		return syserror("failure: make dumpable");
+
 	return true;
 }
 
@@ -303,11 +307,6 @@  static int userns_fd_cb(void *data)
 	if (c == '1') {
 		if (!switch_ids(0, 0))
 			return syserror("failure: switch ids to 0");
-
-		/* Ensure we can access proc files from processes we can ptrace. */
-		ret = prctl(PR_SET_DUMPABLE, 1, 0, 0, 0);
-		if (ret < 0)
-			return syserror("failure: make dumpable");
 	}
 
 	ret = write_nointr(h->fd_event, "1", 1);

[v4,5/9] vfs: Make switch_userns set PR_SET_DUMPABLE

Commit Message

Patch