From patchwork Wed Jul  6 18:12:07 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Eric W. Biederman" <ebiederm@xmission.com>
X-Patchwork-Id: 9216849
Return-Path: <linux-fsdevel-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	A2E0160752 for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Wed,  6 Jul 2016 18:25:37 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9904F28338
	for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Wed,  6 Jul 2016 18:25:37 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 8D9492833A; Wed,  6 Jul 2016 18:25:37 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI
	autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3DE5528338
	for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Wed,  6 Jul 2016 18:25:37 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1755724AbcGFSZS (ORCPT
	<rfc822;patchwork-linux-fsdevel@patchwork.kernel.org>);
	Wed, 6 Jul 2016 14:25:18 -0400
Received: from out02.mta.xmission.com ([166.70.13.232]:44580 "EHLO
	out02.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1755722AbcGFSZQ (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Wed, 6 Jul 2016 14:25:16 -0400
Received: from in01.mta.xmission.com ([166.70.13.51])
	by out02.mta.xmission.com with esmtps
	(TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.82)
	(envelope-from <ebiederm@xmission.com>)
	id 1bKrVW-0002gR-U9; Wed, 06 Jul 2016 12:25:10 -0600
Received: from 67-3-204-119.omah.qwest.net ([67.3.204.119]
	helo=x220.int.ebiederm.org) by in01.mta.xmission.com with esmtpsa
	(TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.87)
	(envelope-from <ebiederm@xmission.com>)
	id 1bKrVW-00055P-0e; Wed, 06 Jul 2016 12:25:10 -0600
From: "Eric W. Biederman" <ebiederm@xmission.com>
To: Linux Containers <containers@lists.linux-foundation.org>
Cc: Seth Forshee <seth.forshee@canonical.com>, linux-fsdevel@vger.kernel.org,
	Linux API <linux-api@vger.kernel.org>,
	James Bottomley <James.Bottomley@HansenPartnership.com>,
	Djalal Harouni <tixxdz@gmail.com>, "Serge E. Hallyn" <serge@hallyn.com>,
	Andy Lutomirski <luto@amacapital.net>, Jan Kara <jack@suse.cz>,
	Jann Horn <jann@thejh.net>, Michael Kerrisk <mtk.manpages@gmail.com>
Date: Wed,  6 Jul 2016 13:12:07 -0500
Message-Id: <20160706181212.16267-7-ebiederm@xmission.com>
X-Mailer: git-send-email 2.8.3
In-Reply-To: <20160706181212.16267-1-ebiederm@xmission.com>
References: <874m82bptc.fsf@x220.int.ebiederm.org>
	<20160706181212.16267-1-ebiederm@xmission.com>
X-XM-SPF: eid=1bKrVW-00055P-0e; ; ;
	mid=<20160706181212.16267-7-ebiederm@xmission.com>; ; ;
	hst=in01.mta.xmission.com; ; ; ip=67.3.204.119; ; ;
	frm=ebiederm@xmission.com; ; ; spf=neutral
X-XM-AID: U2FsdGVkX18cn5wzOb3s9ZuhXdXjn4UpGxeKSx3FagM=
X-SA-Exim-Connect-IP: 67.3.204.119
X-SA-Exim-Mail-From: ebiederm@xmission.com
Subject: [PATCH review 07/12] vfs: Don't create inodes with a uid or gid
	unknown to the vfs
X-SA-Exim-Version: 4.2.1 (built Thu, 05 May 2016 13:38:54 -0600)
X-SA-Exim-Scanned: Yes (on in01.mta.xmission.com)
Sender: linux-fsdevel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-fsdevel.vger.kernel.org>
X-Mailing-List: linux-fsdevel@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

It is expected that filesystems can not represent uids and gids from
outside of their user namespace.  Keep things simple by not even
trying to create filesystem nodes with non-sense uids and gids.

Acked-by: Seth Forshee <seth.forshee@canonical.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
---
 fs/namei.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/fs/namei.c b/fs/namei.c
index 840201c4c290..629823f19a6a 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -2814,16 +2814,22 @@ static int may_delete(struct inode *dir, struct dentry *victim, bool isdir)
  *  1. We can't do it if child already exists (open has special treatment for
  *     this case, but since we are inlined it's OK)
  *  2. We can't do it if dir is read-only (done in permission())
- *  3. We should have write and exec permissions on dir
- *  4. We can't do it if dir is immutable (done in permission())
+ *  3. We can't do it if the fs can't represent the fsuid or fsgid.
+ *  4. We should have write and exec permissions on dir
+ *  5. We can't do it if dir is immutable (done in permission())
  */
 static inline int may_create(struct inode *dir, struct dentry *child)
 {
+	struct user_namespace *s_user_ns;
 	audit_inode_child(dir, child, AUDIT_TYPE_CHILD_CREATE);
 	if (child->d_inode)
 		return -EEXIST;
 	if (IS_DEADDIR(dir))
 		return -ENOENT;
+	s_user_ns = dir->i_sb->s_user_ns;
+	if (!kuid_has_mapping(s_user_ns, current_fsuid()) ||
+	    !kgid_has_mapping(s_user_ns, current_fsgid()))
+		return -EOVERFLOW;
 	return inode_permission(dir, MAY_WRITE | MAY_EXEC);
 }