Commit a377566c authored by Seth Forshee's avatar Seth Forshee

fs: Refuse uid/gid changes which don't map into s_user_ns

Add checks to inode_change_ok to verify that uid and gid changes
will map into the superblock's user namespace. If they do not
fail with -EOVERFLOW. This cannot be overriden with ATTR_FORCE.
Signed-off-by: default avatarSeth Forshee <seth.forshee@canonical.com>
parent 3605401d
...@@ -42,6 +42,17 @@ int inode_change_ok(const struct inode *inode, struct iattr *attr) ...@@ -42,6 +42,17 @@ int inode_change_ok(const struct inode *inode, struct iattr *attr)
return error; return error;
} }
/*
* Verify that uid/gid changes are valid in the target namespace
* of the superblock. This cannot be overriden using ATTR_FORCE.
*/
if (ia_valid & ATTR_UID &&
from_kuid(inode->i_sb->s_user_ns, attr->ia_uid) == (uid_t)-1)
return -EOVERFLOW;
if (ia_valid & ATTR_GID &&
from_kgid(inode->i_sb->s_user_ns, attr->ia_gid) == (gid_t)-1)
return -EOVERFLOW;
/* If force is set do it anyway. */ /* If force is set do it anyway. */
if (ia_valid & ATTR_FORCE) if (ia_valid & ATTR_FORCE)
return 0; return 0;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment