From patchwork Wed Jun 15 13:30:02 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Miklos Szeredi X-Patchwork-Id: 9178547 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 0E49E604DB for ; Wed, 15 Jun 2016 13:30:34 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id F3D7E27E71 for ; Wed, 15 Jun 2016 13:30:33 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id E8B1E27EED; Wed, 15 Jun 2016 13:30:33 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 95E0127E71 for ; Wed, 15 Jun 2016 13:30:33 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932995AbcFONaP (ORCPT ); Wed, 15 Jun 2016 09:30:15 -0400 Received: from mail-wm0-f65.google.com ([74.125.82.65]:32967 "EHLO mail-wm0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753334AbcFONaL (ORCPT ); Wed, 15 Jun 2016 09:30:11 -0400 Received: by mail-wm0-f65.google.com with SMTP id r5so6053048wmr.0 for ; Wed, 15 Jun 2016 06:30:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=szeredi.hu; s=google; h=date:from:to:cc:subject:message-id:mime-version:content-disposition :user-agent; bh=jSlnPUdGcdzTV8G1PilSC5wXJrsWaAuCGdMYupE8IN0=; b=j1KI2UlRpr4MF7We5QIjRshzeDivDVsROowEYS2eW8aLeUlb0jEvHT0X0yvyZRraCp JEyvd2oFcRXFNnD5uxTWI0ISlUNkbFZfgX+zqB/y94aI2k+Fx6Mnfh9SRCeYAHEdrCoR XQ35bGd+G8zwh7QM4N5LuFxqnsak3TduLJfUU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version :content-disposition:user-agent; bh=jSlnPUdGcdzTV8G1PilSC5wXJrsWaAuCGdMYupE8IN0=; b=UeT9ddH6QA4rN55zhWMp+1j7lYwm83FL9PCgpbE6QhFoehPBh4KRnva+pcieHEfqer w+wMttlGN1joIMFO/nEMj3zNg3CmfQArvt5zlbCQTrLFgzbn5o4rxxu7RY75DX9CIBuS iEA4THLQSZHV74nAoxinGiXxPppPCZq4D7/elzFzUFuoVEnpOkY9LoPTM99pmeocyRHi 6PwjN73Yv3vc5BUmA3CnO52k/2tMpQZ9zOIRZ8QDododEkGOow+AryTo3FuqJlSMGB60 rsKrPJMThBWTzmKvVhtczDerrqQ0d7+fFbfU6bhV3H8V5myN1Ifc+b556oW8GCHQ0YkZ /Mkw== X-Gm-Message-State: ALyK8tKLeEQWDGMJBR/BW3MCVIl8zTdJ7w8mU7NwjejkiqXFlE/QjAM0cFdguwfmHsxLww== X-Received: by 10.28.126.195 with SMTP id z186mr10349287wmc.95.1465997409707; Wed, 15 Jun 2016 06:30:09 -0700 (PDT) Received: from veci.piliscsaba.szeredi.hu (pool-dsl-2c-0018.externet.hu. [217.173.44.24]) by smtp.gmail.com with ESMTPSA id f73sm2648896wmg.1.2016.06.15.06.30.08 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 15 Jun 2016 06:30:09 -0700 (PDT) Date: Wed, 15 Jun 2016 15:30:02 +0200 From: Miklos Szeredi To: Vivek Goyal , Stephen Smalley Cc: linux-unionfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] ovl: fix uid/gid when creating over whiteout Message-ID: <20160615133002.GA11993@veci.piliscsaba.szeredi.hu> MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.6.1 (2016-04-27) Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Hi Vivek, I've tested this to fix the regresion that Stephen reported. I think this also is a good base for the selinux fix. Pushed to overlayfs-linus and overlayfs-next branches of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs.git Please let me know if you see any problem with this. Thanks, Miklos --- From: Miklos Szeredi Subject: ovl: fix uid/gid when creating over whiteout Fix a regression when creating a file over a whiteout. The new file/directory needs to use the current fsuid/fsgid, not the ones from the mounter's credentials. The refcounting is a bit tricky: prepare_creds() sets an original refcount, override_creds() gets one more, which revert_cred() drops. So 1) we need to expicitly put the mounter's credentials when overriding with the updated one 2) we need to put the original ref to the updated creds (and this can safely be done before revert_creds(), since we'll still have the ref from override_creds()). Reported-by: Stephen Smalley Fixes: 3fe6e52f0626 ("ovl: override creds with the ones from the superblock mounter") Signed-off-by: Miklos Szeredi --- fs/overlayfs/dir.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html --- a/fs/overlayfs/dir.c +++ b/fs/overlayfs/dir.c @@ -405,12 +405,21 @@ static int ovl_create_or_link(struct den err = ovl_create_upper(dentry, inode, &stat, link, hardlink); } else { const struct cred *old_cred; + struct cred *override_cred; old_cred = ovl_override_creds(dentry->d_sb); - err = ovl_create_over_whiteout(dentry, inode, &stat, link, - hardlink); + err = -ENOMEM; + override_cred = prepare_creds(); + if (override_cred) { + override_cred->fsuid = old_cred->fsuid; + override_cred->fsgid = old_cred->fsgid; + put_cred(override_creds(override_cred)); + put_cred(override_cred); + err = ovl_create_over_whiteout(dentry, inode, &stat, + link, hardlink); + } revert_creds(old_cred); }