| Message ID | 20160802165122.GA57483@ubuntu-hedt |
|---|---|
| State | New |
| Headers | show
Return-Path: <kernel-team-bounces@lists.ubuntu.com> X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) by ozlabs.org (Postfix) with ESMTP id 3s3j0769flz9tRZ; Wed, 3 Aug 2016 02:51:35 +1000 (AEST) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=canonical-com.20150623.gappssmtp.com header.i=@canonical-com.20150623.gappssmtp.com header.b=PeL8EaRn; dkim-atps=neutral Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.76) (envelope-from <kernel-team-bounces@lists.ubuntu.com>) id 1bUcug-0001c1-6W; Tue, 02 Aug 2016 16:51:30 +0000 Received: from mail-oi0-f52.google.com ([209.85.218.52]) by huckleberry.canonical.com with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from <seth.forshee@canonical.com>) id 1bUcub-0001bi-Gu for kernel-team@lists.ubuntu.com; Tue, 02 Aug 2016 16:51:25 +0000 Received: by mail-oi0-f52.google.com with SMTP id l65so244687731oib.1 for <kernel-team@lists.ubuntu.com>; Tue, 02 Aug 2016 09:51:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical-com.20150623.gappssmtp.com; s=20150623; h=date:from:to:subject:message-id:mime-version:content-disposition :user-agent; bh=iZtsDpgvxMdgV3XuxMHAYyP+P53pRBiKotZy4cs69VY=; b=PeL8EaRnq24g5dUNlUD3/M564RKYfFJaABhqq9wkpnz/ayBDKsTnxpfm7yirVpk5ye NSpYYnRtFbnYPIBpD35sVWt3+uq8OPGSkEKfqAXtn1MYgFPT/0qPCWuXDXS74MDErHRl AYtrogMnIrCbEZ2i3vzkWmvCOY4wl4r3AJutgiC9YFV6Xb+IIrg/fTaqxPj1R7hNY9Am 18EtD/5Ljn1JJ1cyynJK0JJPB5Rwhm7J/RJp0f+jKrTEFlQmH8CHRPhP1HA0FX/8P+n4 +P9mH0bEXxTXFPZCoXPlOqsugOJazpwUMQJ/bxJ4lLb5iqIzUukbTHctu0upihUJFih8 Im4g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:subject:message-id:mime-version :content-disposition:user-agent; bh=iZtsDpgvxMdgV3XuxMHAYyP+P53pRBiKotZy4cs69VY=; b=BthT4vcpOlKZIZ7WVG5MYug9PnUi9MqILb41aT0D/7TNdmQFntp3frbB4V0YflrD5o qUdibDDCSanLyahDLeLN+oJmaqxUR/fse0WdMi4B+4JDXW9IRhaKEN9gaPqp036jRaRQ c4aP4lo7M18ZAyM0/3fw8gTZDlUmOmGepybDOgDRu7kfmfLDDNlzdAqsEATetQ2FN57E 9wt6FlrDiHqphmOWBA0AJoiw6lD9drhQ6ktxe7LzHobKgLNcMCzHF+rKthC9jWeorhis bYwIb/FXNb9eQYzdTiyxtyDzI1+sannTv7IOsDl+NnTFs2LJtJEWg7KVIqL77TjPlLzH sDHw== X-Gm-Message-State: AEkoouvrneFEosJdfetCWGScznxwBIMfxe2UViYZnFyHXH/xUEEL+jThnqimff3KkotCG1i4 X-Received: by 10.202.241.194 with SMTP id p185mr38179521oih.123.1470156684055; Tue, 02 Aug 2016 09:51:24 -0700 (PDT) Received: from localhost ([2605:a601:aab:f920:8897:1ad4:8b40:9df4]) by smtp.gmail.com with ESMTPSA id t17sm1605636ota.24.2016.08.02.09.51.22 for <kernel-team@lists.ubuntu.com> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 02 Aug 2016 09:51:23 -0700 (PDT) Date: Tue, 2 Aug 2016 11:51:22 -0500 From: Seth Forshee <seth.forshee@canonical.com> To: kernel-team@lists.ubuntu.com Subject: [PULL][unstable] Namespace mount patches for 4.7 Message-ID: <20160802165122.GA57483@ubuntu-hedt> MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.5.24 (2015-08-30) X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.14 Precedence: list List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com> List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>, <mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe> List-Archive: <https://lists.ubuntu.com/archives/kernel-team> List-Post: <mailto:kernel-team@lists.ubuntu.com> List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help> List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>, <mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: kernel-team-bounces@lists.ubuntu.com |
This is a fairly enormous pile of changes. When we move to 4.8 the delta will be much smaller, as most (30) of the patches are cherry picks or backports of patches already merged for 4.8, and those patches accounts for the vast majority of the delta. The upstream patches are focused on vfs hardening and general improvements for maintainability. Not all of it is directly enabling namespace mounting, but as it's all rather entwined it's easiest to just take all the changes. The rest loosen some restrictions in the vfs for namespace mounts and add namespace mount support for fuse and ext4. The requirement that was present in xenial to enable namespace mounts via a module parameter has been lifted for fuse but remains in place for ext4. Thanks, Seth The following changes since commit c998cdcbce2f641d7618d0b952198ad94b2b185d: UBUNTU: Ubuntu-4.7.0-0.2 (2016-08-02 10:18:23 -0600) are available in the git repository at: git://git.launchpad.net/~sforshee/+git/linux-unstable nsmount for you to fetch changes up to af43a505daed3fc336afa3f837fcde4008a87a55: UBUNTU: SAUCE: (namespace) ext4: Add module parameter to enable user namespace mounts (2016-08-02 11:22:12 -0500) ---------------------------------------------------------------- Andy Lutomirski (1): (namespace) fs: Treat foreign mounts as nosuid Eric W. Biederman (21): (namespace) mnt: Refactor fs_fully_visible into mount_too_revealing (namespace) ipc: Initialize ipc_namespace->user_ns early. (namespace) vfs: Pass data, ns, and ns->userns to mount_ns (namespace) proc: Convert proc_mount to use mount_ns. (namespace) fs: Add user namespace member to struct super_block (namespace) mnt: Move the FS_USERNS_MOUNT check into sget_userns (namespace) kernfs: The cgroup filesystem also benefits from SB_I_NOEXEC (namespace) ipc/mqueue: The mqueue filesystem should never contain executables (namespace) vfs: Generalize filesystem nodev handling. (namespace) mnt: Simplify mount_too_revealing (namespace) userns: Remove implicit MNT_NODEV fragility. (namespace) userns: Remove the now unnecessary FS_USERNS_DEV_MOUNT flag (namespace) userns: Handle -1 in k[ug]id_has_mapping when !CONFIG_USER_NS (namespace) vfs: Verify acls are valid within superblock's s_user_ns. (namespace) vfs: Don't modify inodes with a uid or gid unknown to the vfs (namespace) vfs: Don't create inodes with a uid or gid unknown to the vfs (namespace) quota: Ensure qids map to the filesystem (namespace) quota: Handle quota data stored in s_user_ns in quota_setxquota (namespace) dquot: For now explicitly don't support filesystems outside of init_user_ns (namespace) fs: Call d_automount with the filesystems creds UBUNTU: SAUCE: (namespace) fs: Allow superblock owner to change ownership of inodes Seth Forshee (23): (namespace) fs: Limit file caps to the user namespace of the super block (namespace) Smack: Add support for unprivileged mounts from user namespaces (namespace) Smack: Handle labels consistently in untrusted mounts (namespace) selinux: Add support for unprivileged mounts from user namespaces (namespace) fs: Refuse uid/gid changes which don't map into s_user_ns (namespace) fs: Check for invalid i_uid in may_follow_link() (namespace) cred: Reject inodes with invalid ids in set_create_file_as() (namespace) evm: Translate user/group ids relative to s_user_ns when computing HMAC (namespace) fs: Update i_[ug]id_(read|write) to translate relative to s_user_ns UBUNTU: SAUCE: (namespace) security/integrity: Harden against malformed xattrs UBUNTU: SAUCE: (namespace) block_dev: Support checking inode permissions in lookup_bdev() UBUNTU: SAUCE: (namespace) block_dev: Check permissions towards block device inode when mounting UBUNTU: SAUCE: (namespace) mtd: Check permissions towards mtd block device inode when mounting UBUNTU: SAUCE: (namespace) fs: Don't remove suid for CAP_FSETID for userns root UBUNTU: SAUCE: (namespace) fs: Allow superblock owner to access do_remount_sb() UBUNTU: SAUCE: (namespace) capabilities: Allow privileged user in s_user_ns to set security.* xattrs UBUNTU: SAUCE: (namespace) fs: Allow CAP_SYS_ADMIN in s_user_ns to freeze and thaw filesystems UBUNTU: SAUCE: (namespace) fuse: Add support for pid namespaces UBUNTU: SAUCE: (namespace) fuse: Support fuse filesystems outside of init_user_ns UBUNTU: SAUCE: (namespace) fuse: Restrict allow_other to the superblock's namespace or a descendant UBUNTU: SAUCE: (namespace) fuse: Allow user namespace mounts UBUNTU: SAUCE: (namespace) ext4: Add support for unprivileged mounts from user namespaces UBUNTU: SAUCE: (namespace) ext4: Add module parameter to enable user namespace mounts drivers/md/bcache/super.c | 2 +- drivers/md/dm-table.c | 2 +- drivers/mtd/mtdsuper.c | 6 +- drivers/staging/lustre/lustre/mdc/mdc_request.c | 2 +- fs/9p/acl.c | 2 +- fs/attr.c | 53 ++++++++++-- fs/block_dev.c | 20 ++++- fs/devpts/inode.c | 3 +- fs/exec.c | 2 +- fs/ext4/acl.c | 31 ++++--- fs/ext4/balloc.c | 4 +- fs/ext4/ialloc.c | 7 +- fs/ext4/inode.c | 18 +++-- fs/ext4/ioctl.c | 10 ++- fs/ext4/namei.c | 16 ++-- fs/ext4/resize.c | 2 +- fs/ext4/super.c | 64 +++++++++++---- fs/fuse/cuse.c | 3 +- fs/fuse/dev.c | 25 ++++-- fs/fuse/dir.c | 16 ++-- fs/fuse/file.c | 22 +++-- fs/fuse/fuse_i.h | 10 ++- fs/fuse/inode.c | 40 +++++---- fs/inode.c | 13 ++- fs/ioctl.c | 4 +- fs/kernfs/mount.c | 5 +- fs/namei.c | 55 ++++++++++--- fs/namespace.c | 103 +++++++++++------------- fs/nfsd/nfsctl.c | 13 +-- fs/posix_acl.c | 8 +- fs/proc/base.c | 7 ++ fs/proc/generic.c | 7 ++ fs/proc/inode.c | 15 +++- fs/proc/internal.h | 3 +- fs/proc/proc_sysctl.c | 7 ++ fs/proc/root.c | 61 ++------------ fs/quota/dquot.c | 8 ++ fs/quota/quota.c | 16 ++-- fs/super.c | 69 ++++++++++++++-- fs/sysfs/mount.c | 5 +- fs/xattr.c | 7 ++ include/linux/fs.h | 81 ++++++++++++------- include/linux/mount.h | 1 + include/linux/posix_acl.h | 2 +- include/linux/projid.h | 5 ++ include/linux/quota.h | 10 +++ include/linux/uidgid.h | 4 +- include/linux/user_namespace.h | 6 ++ ipc/mqueue.c | 20 +++-- ipc/namespace.c | 5 +- kernel/cred.c | 2 + kernel/user_namespace.c | 15 ++++ net/sunrpc/rpc_pipe.c | 8 +- security/commoncap.c | 22 +++-- security/integrity/digsig.c | 2 +- security/integrity/evm/evm_crypto.c | 4 +- security/integrity/evm/evm_main.c | 4 + security/integrity/ima/ima_appraise.c | 5 +- security/selinux/hooks.c | 25 +++++- security/smack/smack.h | 8 +- security/smack/smack_lsm.c | 34 +++++++- 61 files changed, 704 insertions(+), 325 deletions(-)