Re: overlayfs: caller_credentials option bypass creator_cred

From: Mark Salyzyn
Date: Wed Jun 20 2018 - 11:28:40 EST

Next message: Samuel Morris: "Re: 4.18.0-rc1-next-20180619 boot failed on beagle board x15"
Previous message: Rob Herring: "Re: [PATCH v4 04/26] docs: fix broken references with multiple hints"
In reply to: Vivek Goyal: "Re: overlayfs: caller_credentials option bypass creator_cred"
Next in thread: kbuild test robot: "Re: overlayfs: caller_credentials option bypass creator_cred"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 06/19/2018 07:36 AM, Vivek Goyal wrote:

On Mon, Jun 18, 2018 at 02:59:50PM -0700, Mark Salyzyn wrote:
So in this system all callers are priviliged and have the capability to
mknod and set trusted xattrs.

This is true of the callers that make adjustments (in Android's Case this is an su context provided to the adb tool for sync and push). More importantly the large variety of callers have the passive/read MAC credentials for their domain set of files; where the mounter/creator does not.

(Amir mentioned the reason why we switch
creds). If not, then file unlink (Should do mknod), lower non-empty directory
rename (should set trusted REDIRECT) and bunch of other operations should fail.

Hmmm, neither was part of my test plan b/c these operations are more esoteric for development ... need to add them and address them.

Thanks all (You, Eric, Amir and private) for your comments, will regroup, test and address concerns!

-- Mark

Next message: Samuel Morris: "Re: 4.18.0-rc1-next-20180619 boot failed on beagle board x15"
Previous message: Rob Herring: "Re: [PATCH v4 04/26] docs: fix broken references with multiple hints"
In reply to: Vivek Goyal: "Re: overlayfs: caller_credentials option bypass creator_cred"
Next in thread: kbuild test robot: "Re: overlayfs: caller_credentials option bypass creator_cred"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]