diff options
| author | Christian Brauner <christian.brauner@ubuntu.com> | 2021-07-27 12:48:51 +0200 |
|---|---|---|
| committer | David Sterba <dsterba@suse.com> | 2021-08-23 13:19:14 +0200 |
| commit | 5474bf400f16bd1f930627ea65b698bca09dcfc6 (patch) | |
| tree | f74b0732b42d5476e0db43e39b5a56b1bf37b3d9 /tools/perf/scripts/python/net_dropmonitor.py | |
| parent | 3bc71ba02cf5376b390289bef8c9f5d6049f1866 (diff) | |
btrfs: check whether fsgid/fsuid are mapped during subvolume creation
When a new subvolume is created btrfs currently doesn't check whether
the fsgid/fsuid of the caller actually have a mapping in the user
namespace attached to the filesystem. The VFS always checks this to make
sure that the caller's fsgid/fsuid can be represented on-disk. This is
most relevant for filesystems that can be mounted inside user namespaces
but it is in general a good hardening measure to prevent unrepresentable
gid/uid from being written to disk.
Since we want to support idmapped mounts for btrfs ioctls to create
subvolumes in follow-up patches this becomes important since we want to
make sure the fsgid/fsuid of the caller as mapped according to the
idmapped mount can be represented on-disk. Simply add the missing
fsuidgid_has_mapping() line from the VFS may_create() version to
btrfs_may_create().
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Diffstat (limited to 'tools/perf/scripts/python/net_dropmonitor.py')
0 files changed, 0 insertions, 0 deletions