From patchwork Sat Nov 28 21:34:55 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Brauner X-Patchwork-Id: 11938663 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A41E1C8302B for ; Sat, 28 Nov 2020 22:25:38 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 7D160222C2 for ; Sat, 28 Nov 2020 22:25:38 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388806AbgK1WZR (ORCPT ); Sat, 28 Nov 2020 17:25:17 -0500 Received: from youngberry.canonical.com ([91.189.89.112]:53666 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2387831AbgK1Vq1 (ORCPT ); Sat, 28 Nov 2020 16:46:27 -0500 Received: from ip5f5af0a0.dynamic.kabel-deutschland.de ([95.90.240.160] helo=wittgenstein.fritz.box) by youngberry.canonical.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1kj82H-0002aM-JD; Sat, 28 Nov 2020 21:45:41 +0000 From: Christian Brauner To: Alexander Viro , Christoph Hellwig , linux-fsdevel@vger.kernel.org Cc: John Johansen , James Morris , Mimi Zohar , Dmitry Kasatkin , Stephen Smalley , Casey Schaufler , Arnd Bergmann , Andreas Dilger , OGAWA Hirofumi , Geoffrey Thomas , Mrunal Patel , Josh Triplett , Andy Lutomirski , Theodore Tso , Alban Crequy , Tycho Andersen , David Howells , James Bottomley , Seth Forshee , =?utf-8?q?St=C3=A9phane_Graber?= , Aleksa Sarai , Lennart Poettering , "Eric W. Biederman" , smbarber@chromium.org, Phil Estes , Serge Hallyn , Kees Cook , Todd Kjos , Paul Moore , Jonathan Corbet , containers@lists.linux-foundation.org, fstests@vger.kernel.org, linux-security-module@vger.kernel.org, linux-api@vger.kernel.org, linux-ext4@vger.kernel.org, linux-integrity@vger.kernel.org, selinux@vger.kernel.org, Christian Brauner , Christoph Hellwig Subject: [PATCH v3 06/38] fs: add id translation helpers Date: Sat, 28 Nov 2020 22:34:55 +0100 Message-Id: <20201128213527.2669807-7-christian.brauner@ubuntu.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20201128213527.2669807-1-christian.brauner@ubuntu.com> References: <20201128213527.2669807-1-christian.brauner@ubuntu.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Add simple helpers to make it easy to map kuids into and from idmapped mounts. We provide simple wrappers that filesystems can use to e.g. initialize inodes similar to i_{uid,gid}_read() and i_{uid,gid}_write(). Accessing an inode through an idmapped mount will require the inode to be mapped according to the mount's user namespace. If the fsids are used to compare against inodes or to initialize inodes they are required to be shifted from the mount's user namespace. Passing the initial user namespace to these helpers makes them a nop and so any non-idmapped paths will not be impacted. Cc: Christoph Hellwig Cc: David Howells Cc: Al Viro Cc: linux-fsdevel@vger.kernel.org Signed-off-by: Christian Brauner Reviewed-by: Christoph Hellwig --- /* v2 */ - Christoph Hellwig : - Get rid of the ifdefs and the config option that hid idmapped mounts. /* v3 */ unchanged --- include/linux/fs.h | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/include/linux/fs.h b/include/linux/fs.h index 8667d0cdc71e..f59b7f16f216 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -39,6 +39,7 @@ #include #include #include +#include #include #include @@ -1574,6 +1575,48 @@ static inline void i_gid_write(struct inode *inode, gid_t gid) inode->i_gid = make_kgid(inode->i_sb->s_user_ns, gid); } +static inline kuid_t kuid_into_mnt(struct user_namespace *to, kuid_t kuid) +{ + return make_kuid(to, __kuid_val(kuid)); +} + +static inline kgid_t kgid_into_mnt(struct user_namespace *to, kgid_t kgid) +{ + return make_kgid(to, __kgid_val(kgid)); +} + +static inline kuid_t i_uid_into_mnt(struct user_namespace *to, + const struct inode *inode) +{ + return kuid_into_mnt(to, inode->i_uid); +} + +static inline kgid_t i_gid_into_mnt(struct user_namespace *to, + const struct inode *inode) +{ + return kgid_into_mnt(to, inode->i_gid); +} + +static inline kuid_t kuid_from_mnt(struct user_namespace *to, kuid_t kuid) +{ + return KUIDT_INIT(from_kuid(to, kuid)); +} + +static inline kgid_t kgid_from_mnt(struct user_namespace *to, kgid_t kgid) +{ + return KGIDT_INIT(from_kgid(to, kgid)); +} + +static inline kuid_t fsuid_into_mnt(struct user_namespace *to) +{ + return kuid_from_mnt(to, current_fsuid()); +} + +static inline kgid_t fsgid_into_mnt(struct user_namespace *to) +{ + return kgid_from_mnt(to, current_fsgid()); +} + extern struct timespec64 current_time(struct inode *inode); /*