1. Patchew
  2. linux
  3. View series

[PATCH] cachefiles: Allow the cache to be non-root

David Howells posted 1 patch 2 years, 8 months ago 
fs/cachefiles/namei.c |    3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
[PATCH] cachefiles: Allow the cache to be non-root
Posted by David Howells 2 years, 8 months ago 
    
Set mode 0600 on files in the cache so that cachefilesd can run as an
unprivileged user rather than leaving the files all with 0.  Directories
are already set to 0700.

Userspace then needs to set the uid and gid before issuing the "bind"
command and the cache must've been chown'd to those IDs.

Signed-off-by: David Howells <dhowells@redhat.com>
cc: David Howells <dhowells@redhat.com>
cc: Jeff Layton <jlayton@kernel.org>
cc: linux-cachefs@redhat.com
cc: linux-erofs@lists.ozlabs.org
cc: linux-fsdevel@vger.kernel.org
---
 fs/cachefiles/namei.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/fs/cachefiles/namei.c b/fs/cachefiles/namei.c
index 82219a8f6084..66482c193e86 100644
--- a/fs/cachefiles/namei.c
+++ b/fs/cachefiles/namei.c
@@ -451,7 +451,8 @@ struct file *cachefiles_create_tmpfile(struct cachefiles_object *object)
 
 	ret = cachefiles_inject_write_error();
 	if (ret == 0) {
-		file = vfs_tmpfile_open(&nop_mnt_idmap, &parentpath, S_IFREG,
+		file = vfs_tmpfile_open(&nop_mnt_idmap, &parentpath,
+					S_IFREG | 0600,
 					O_RDWR | O_LARGEFILE | O_DIRECT,
 					cache->cache_cred);
 		ret = PTR_ERR_OR_ZERO(file);
Re: [PATCH] cachefiles: Allow the cache to be non-root
Posted by Christian Brauner 2 years, 8 months ago 
On Fri, 19 May 2023 18:21:20 +0100, David Howells wrote:
> 
> Set mode 0600 on files in the cache so that cachefilesd can run as an
> unprivileged user rather than leaving the files all with 0.  Directories
> are already set to 0700.
> 
> Userspace then needs to set the uid and gid before issuing the "bind"
> command and the cache must've been chown'd to those IDs.
> 
> [...]

Applied to the vfs.misc branch of the vfs/vfs.git tree.
Patches in the vfs.misc branch should appear in linux-next soon.

Please report any outstanding bugs that were missed during review in a
new review to the original patch series allowing us to drop it.

It's encouraged to provide Acked-bys and Reviewed-bys even though the
patch has now been applied. If possible patch trailers will be updated.

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs.git
branch: vfs.misc

[1/1] cachefiles: Allow the cache to be non-root
      https://git.kernel.org/vfs/vfs/c/a64498ff493f
Re: [Linux-cachefs] [PATCH] cachefiles: Allow the cache to be non-root
Posted by Gao Xiang 2 years, 8 months ago 

On 2023/5/20 10:21, David Howells wrote:
>      
> Set mode 0600 on files in the cache so that cachefilesd can run as an
> unprivileged user rather than leaving the files all with 0.  Directories
> are already set to 0700.
> 
> Userspace then needs to set the uid and gid before issuing the "bind"
> command and the cache must've been chown'd to those IDs.
> 
> Signed-off-by: David Howells <dhowells@redhat.com>
> cc: David Howells <dhowells@redhat.com>
> cc: Jeff Layton <jlayton@kernel.org>
> cc: linux-cachefs@redhat.com
> cc: linux-erofs@lists.ozlabs.org
> cc: linux-fsdevel@vger.kernel.org

It seems useful on our side as well and safe:

Reviewed-by: Gao Xiang <hsiangkao@linux.alibaba.com>

Thanks,
Gao Xiang
Re: [PATCH] cachefiles: Allow the cache to be non-root
Posted by Jeff Layton 2 years, 8 months ago 
On Fri, 2023-05-19 at 18:21 +0100, David Howells wrote:
>     
> Set mode 0600 on files in the cache so that cachefilesd can run as an
> unprivileged user rather than leaving the files all with 0.  Directories
> are already set to 0700.
> 
> Userspace then needs to set the uid and gid before issuing the "bind"
> command and the cache must've been chown'd to those IDs.
> 
> Signed-off-by: David Howells <dhowells@redhat.com>
> cc: David Howells <dhowells@redhat.com>
> cc: Jeff Layton <jlayton@kernel.org>
> cc: linux-cachefs@redhat.com
> cc: linux-erofs@lists.ozlabs.org
> cc: linux-fsdevel@vger.kernel.org
> ---
>  fs/cachefiles/namei.c |    3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/fs/cachefiles/namei.c b/fs/cachefiles/namei.c
> index 82219a8f6084..66482c193e86 100644
> --- a/fs/cachefiles/namei.c
> +++ b/fs/cachefiles/namei.c
> @@ -451,7 +451,8 @@ struct file *cachefiles_create_tmpfile(struct cachefiles_object *object)
>  
>  	ret = cachefiles_inject_write_error();
>  	if (ret == 0) {
> -		file = vfs_tmpfile_open(&nop_mnt_idmap, &parentpath, S_IFREG,
> +		file = vfs_tmpfile_open(&nop_mnt_idmap, &parentpath,
> +					S_IFREG | 0600,
>  					O_RDWR | O_LARGEFILE | O_DIRECT,
>  					cache->cache_cred);
>  		ret = PTR_ERR_OR_ZERO(file);
> 

Seems safe enough, and if it helps allow this to run unprivileged then:

Reviewed-by: Jeff Layton <jlayton@kernel.org>

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.