From patchwork Tue Mar 15 20:05:13 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Andy Lutomirski <luto@kernel.org>
X-Patchwork-Id: 8592111
Return-Path: <linux-fsdevel-owner@kernel.org>
X-Original-To: patchwork-linux-fsdevel@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.29.136])
	by patchwork1.web.kernel.org (Postfix) with ESMTP id 89C099F44D
	for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Tue, 15 Mar 2016 20:05:47 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id 9DF212026C
	for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Tue, 15 Mar 2016 20:05:46 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id A415520263
	for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Tue, 15 Mar 2016 20:05:45 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1755524AbcCOUFV (ORCPT
	<rfc822;patchwork-linux-fsdevel@patchwork.kernel.org>);
	Tue, 15 Mar 2016 16:05:21 -0400
Received: from mail.kernel.org ([198.145.29.136]:53253 "EHLO mail.kernel.org"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1754412AbcCOUFT (ORCPT <rfc822;linux-fsdevel@vger.kernel.org>);
	Tue, 15 Mar 2016 16:05:19 -0400
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id AD713202F2;
	Tue, 15 Mar 2016 20:05:17 +0000 (UTC)
Received: from localhost (c-71-202-137-17.hsd1.ca.comcast.net
	[71.202.137.17])
	(using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPSA id B1A4320263;
	Tue, 15 Mar 2016 20:05:16 +0000 (UTC)
From: Andy Lutomirski <luto@kernel.org>
To: Linux FS Devel <linux-fsdevel@vger.kernel.org>,
	<linux-kernel@vger.kernel.org>,
	"Eric W. Biederman" <ebiederm@xmission.com>
Cc: gnome-os-list@gnome.org,
	James Bottomley <James.Bottomley@hansenpartnership.com>,
	Serge Hallyn <serge.hallyn@ubuntu.com>,
	Andy Lutomirski <luto@kernel.org>,
	Alexander Larsson <alexl@redhat.com>, mclasen@redhat.com,
	Linux Containers <containers@lists.linux-foundation.org>
Subject: [PATCH v2] devpts: Make ptmx be owned by the userns owner as a
	fallback
Date: Tue, 15 Mar 2016 13:05:13 -0700
Message-Id: 
 <820e57306e342ca310414ed0f58e75ac99731871.1458072215.git.luto@kernel.org>
X-Mailer: git-send-email 2.5.0
X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI,
	RP_MATCHES_RCVD,
	UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP
Sender: linux-fsdevel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-fsdevel.vger.kernel.org>
X-Mailing-List: linux-fsdevel@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

New devpts instances have ptmx owned by the inner uid and gid 0.

For container-style namespaces (LXC, etc), this should have no
effect, this is fine.

For sandbox-style namespaces (xdg-app and similar), this is
problematic -- there may not be an inner 0:0.  If that happens,
devpts mounts will fail.

Fix it by adding a fallback: if 0:0 is not mapped but the userns
owner and group are mapped, then ptmx will be owned by the namespace
owner.

This won't change behavior except in cases where mount would
currently return -EINVAL.

Cc: Alexander Larsson <alexl@redhat.com>
Cc: mclasen@redhat.com
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Linux Containers <containers@lists.linux-foundation.org>
Signed-off-by: Andy Lutomirski <luto@kernel.org>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
---

Changes from v1:
 - Reversed the preference order (Serge)
 - Fixed misuse of uid_valid on userns->owner

fs/devpts/inode.c | 29 +++++++++++++++++++++++++----
 1 file changed, 25 insertions(+), 4 deletions(-)

diff --git a/fs/devpts/inode.c b/fs/devpts/inode.c
index 655f21f99160..42b1e04d8334 100644
--- a/fs/devpts/inode.c
+++ b/fs/devpts/inode.c
@@ -27,6 +27,7 @@
 #include <linux/parser.h>
 #include <linux/fsnotify.h>
 #include <linux/seq_file.h>
+#include <linux/user_namespace.h>
 
 #define DEVPTS_DEFAULT_MODE 0600
 /*
@@ -247,13 +248,33 @@ static int mknod_ptmx(struct super_block *sb)
 	struct dentry *root = sb->s_root;
 	struct pts_fs_info *fsi = DEVPTS_SB(sb);
 	struct pts_mount_opts *opts = &fsi->mount_opts;
+	struct user_namespace *userns = current_user_ns();
 	kuid_t root_uid;
 	kgid_t root_gid;
 
-	root_uid = make_kuid(current_user_ns(), 0);
-	root_gid = make_kgid(current_user_ns(), 0);
-	if (!uid_valid(root_uid) || !gid_valid(root_gid))
-		return -EINVAL;
+	/*
+	 * For a new devpts instance, ptmx is owned by 0:0 if that uid
+	 * and gid are mapped in the creating namespace.
+	 */
+	root_uid = make_kuid(userns, 0);
+	root_gid = make_kgid(userns, 0);
+
+	if (!uid_valid(root_uid) || !gid_valid(root_gid)) {
+		/*
+		 * If the creating namespace does not have 0:0 mapped
+		 * but does have the owner mapped (this is rare in
+		 * container-style namespaces but common in
+		 * sandbox-style namespaces), then let ptmx be owned by
+		 * the namespace owner.
+		 */
+		root_uid = userns->owner;
+		root_gid = userns->group;
+
+		/* If this still doesn't work, give up. */
+		if (!kuid_has_mapping(userns, root_uid) ||
+		    !kgid_has_mapping(userns, root_gid))
+			return -EINVAL;
+	}
 
 	inode_lock(d_inode(root));