diff options
| author | Trond Myklebust <trondmy@gmail.com> | 2019-04-09 12:13:42 -0400 |
|---|---|---|
| committer | J. Bruce Fields <bfields@redhat.com> | 2019-04-24 09:46:35 -0400 |
| commit | e45d1a1835b889676374fb74ff4d0e6b06ad173f (patch) | |
| tree | ccb99869e92ef128774ab5a9f2405d3e869a4a80 /fs/nfsd/nfs4idmap.c | |
| parent | e6667c73a27d80078f8d7fca516d6b14bc4e18a7 (diff) | |
nfsd: knfsd must use the container user namespace
Convert knfsd to use the user namespace of the container that started
the server processes.
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Diffstat (limited to 'fs/nfsd/nfs4idmap.c')
| -rw-r--r-- | fs/nfsd/nfs4idmap.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/fs/nfsd/nfs4idmap.c b/fs/nfsd/nfs4idmap.c index bf137fec33ff..2961016097ac 100644 --- a/fs/nfsd/nfs4idmap.c +++ b/fs/nfsd/nfs4idmap.c | |||
| @@ -634,7 +634,7 @@ nfsd_map_name_to_uid(struct svc_rqst *rqstp, const char *name, size_t namelen, | |||
| 634 | return nfserr_inval; | 634 | return nfserr_inval; |
| 635 | 635 | ||
| 636 | status = do_name_to_id(rqstp, IDMAP_TYPE_USER, name, namelen, &id); | 636 | status = do_name_to_id(rqstp, IDMAP_TYPE_USER, name, namelen, &id); |
| 637 | *uid = make_kuid(&init_user_ns, id); | 637 | *uid = make_kuid(nfsd_user_namespace(rqstp), id); |
| 638 | if (!uid_valid(*uid)) | 638 | if (!uid_valid(*uid)) |
| 639 | status = nfserr_badowner; | 639 | status = nfserr_badowner; |
| 640 | return status; | 640 | return status; |
| @@ -651,7 +651,7 @@ nfsd_map_name_to_gid(struct svc_rqst *rqstp, const char *name, size_t namelen, | |||
| 651 | return nfserr_inval; | 651 | return nfserr_inval; |
| 652 | 652 | ||
| 653 | status = do_name_to_id(rqstp, IDMAP_TYPE_GROUP, name, namelen, &id); | 653 | status = do_name_to_id(rqstp, IDMAP_TYPE_GROUP, name, namelen, &id); |
| 654 | *gid = make_kgid(&init_user_ns, id); | 654 | *gid = make_kgid(nfsd_user_namespace(rqstp), id); |
| 655 | if (!gid_valid(*gid)) | 655 | if (!gid_valid(*gid)) |
| 656 | status = nfserr_badowner; | 656 | status = nfserr_badowner; |
| 657 | return status; | 657 | return status; |
| @@ -660,13 +660,13 @@ nfsd_map_name_to_gid(struct svc_rqst *rqstp, const char *name, size_t namelen, | |||
| 660 | __be32 nfsd4_encode_user(struct xdr_stream *xdr, struct svc_rqst *rqstp, | 660 | __be32 nfsd4_encode_user(struct xdr_stream *xdr, struct svc_rqst *rqstp, |
| 661 | kuid_t uid) | 661 | kuid_t uid) |
| 662 | { | 662 | { |
| 663 | u32 id = from_kuid(&init_user_ns, uid); | 663 | u32 id = from_kuid_munged(nfsd_user_namespace(rqstp), uid); |
| 664 | return encode_name_from_id(xdr, rqstp, IDMAP_TYPE_USER, id); | 664 | return encode_name_from_id(xdr, rqstp, IDMAP_TYPE_USER, id); |
| 665 | } | 665 | } |
| 666 | 666 | ||
| 667 | __be32 nfsd4_encode_group(struct xdr_stream *xdr, struct svc_rqst *rqstp, | 667 | __be32 nfsd4_encode_group(struct xdr_stream *xdr, struct svc_rqst *rqstp, |
| 668 | kgid_t gid) | 668 | kgid_t gid) |
| 669 | { | 669 | { |
| 670 | u32 id = from_kgid(&init_user_ns, gid); | 670 | u32 id = from_kgid_munged(nfsd_user_namespace(rqstp), gid); |
| 671 | return encode_name_from_id(xdr, rqstp, IDMAP_TYPE_GROUP, id); | 671 | return encode_name_from_id(xdr, rqstp, IDMAP_TYPE_GROUP, id); |
| 672 | } | 672 | } |