zfs/config
Wolfgang Bumiller 0e85048f53 Take user namespaces into account in policy checks
Change file related checks to use user namespaces and make
sure involved uids/gids are mappable in the current
namespace.

Note that checks without file ownership information will
still not take user namespaces into account, as some of
these should be handled via 'zfs allow' (otherwise root in a
user namespace could issue commands such as `zpool export`).

This also adds an initial user namespace regression test
for the setgid bit loss, with a user_ns_exec helper usable
in further tests.

Additionally, configure checks for the required user
namespace related features are added for:
  * ns_capable
  * kuid/kgid_has_mapping()
  * user_ns in cred_t

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Closes #6800 
Closes #7270
2018-03-07 15:40:42 -08:00
..
.gitignore Add config/compile to config/.gitignore 2014-10-31 16:25:34 -07:00
Rules.am Support -fsanitize=address with --enable-asan 2018-01-10 10:49:27 -08:00
always-arch.m4 Illumos Crypto Port module added to enable native encryption in zfs 2016-07-20 10:43:30 -07:00
always-compiler-options.m4 Support -fsanitize=address with --enable-asan 2018-01-10 10:49:27 -08:00
ax_code_coverage.m4 Fix "--enable-code-coverage" debug build 2017-09-22 22:16:18 -07:00
config.awk Add build system 2010-08-31 13:41:27 -07:00
deb.am Fix config issues: frame size and headers 2018-02-15 12:58:23 -08:00
kernel-acl-refcount.m4 Linux 4.16 compat: use correct *_dec_and_test() 2018-02-22 09:02:06 -08:00
kernel-acl.m4 Fix config issues: frame size and headers 2018-02-15 12:58:23 -08:00
kernel-aio-fsync.m4 Kernel 4.9 compat: file_operations->aio_fsync removal 2016-11-15 09:20:46 -08:00
kernel-automount.m4 Fix snapshot automounting with GrSecurity constify plugin. 2012-08-24 08:56:38 -07:00
kernel-bdev-block-device-operations.m4 3.10 API change: block_device_operations->release() returns void 2013-07-08 15:41:57 -07:00
kernel-bdev-logical-size.m4 Only use gcc -Wunused-but-set-variable when available 2013-01-10 16:09:39 -08:00
kernel-bdev-physical-size.m4 Only use gcc -Wunused-but-set-variable when available 2013-01-10 16:09:39 -08:00
kernel-bdi.m4 Fix autoconf detection of super_setup_bdi_name 2017-07-25 10:30:20 -07:00
kernel-bio-bvec-iter.m4 Linux 3.14 compat: Immutable biovec changes in vdev_disk.c 2014-04-10 14:28:38 -07:00
kernel-bio-end-io-t-args.m4 Linux 4.13 compat: bio->bi_status and blk_status_t 2017-07-23 19:37:12 -07:00
kernel-bio-failfast.m4 Linux 2.6.36 compat, use REQ_FAILFAST_MASK and remove pre-2.6.36 support 2015-05-11 15:07:00 -07:00
kernel-bio-op.m4 Fix RHEL 7.4 bio_set_op_attrs build error 2017-06-27 12:00:27 -07:00
kernel-bio-rw-barrier.m4 zvol processing should use struct bio 2015-09-04 15:30:24 -04:00
kernel-bio-rw-discard.m4 zvol processing should use struct bio 2015-09-04 15:30:24 -04:00
kernel-bio_set_dev.m4 Linux 3.14 compat: IO acct, global_page_state, etc 2017-09-16 11:00:19 -07:00
kernel-blk-queue-bdi.m4 Enable Linux read-ahead for a single page on ZVOLs 2017-05-04 18:00:27 -04:00
kernel-blk-queue-flush.m4 Linux 4.7 compat: replace blk_queue_flush with blk_queue_write_cache 2016-05-20 11:08:55 -07:00
kernel-blk-queue-max-hw-sectors.m4 Only use gcc -Wunused-but-set-variable when available 2013-01-10 16:09:39 -08:00
kernel-blk-queue-max-segments.m4 Only use gcc -Wunused-but-set-variable when available 2013-01-10 16:09:39 -08:00
kernel-blk-queue-unplug.m4 Explicit block device plugging when submitting multiple BIOs 2016-09-29 13:13:31 -07:00
kernel-blkdev-get-by-path.m4 When checking for symbol exports, try compiling. 2012-07-26 13:42:57 -07:00
kernel-blkdev-get.m4 Move partition scanning from userspace to module. 2012-07-17 09:17:31 -07:00
kernel-block-device-operations-release-void.m4 3.10 API change: block_device_operations->release() returns void 2013-07-08 15:41:57 -07:00
kernel-clear-inode.m4 When checking for symbol exports, try compiling. 2012-07-26 13:42:57 -07:00
kernel-commit-metadata.m4 Implement .commit_metadata hook for NFS export 2012-10-03 10:49:45 -07:00
kernel-create-nameidata.m4 Fix config issues: frame size and headers 2018-02-15 12:58:23 -08:00
kernel-current-time.m4 Linux 4.12 compat: CURRENT_TIME removed 2017-05-10 09:30:48 -07:00
kernel-current_bio_tail.m4 zvol processing should use struct bio 2015-09-04 15:30:24 -04:00
kernel-d-make-root.m4 When checking for symbol exports, try compiling. 2012-07-26 13:42:57 -07:00
kernel-d-obtain-alias.m4 When checking for symbol exports, try compiling. 2012-07-26 13:42:57 -07:00
kernel-d-prune-aliases.m4 Add zfs_sb_prune_aliases() function 2015-06-22 10:22:49 -07:00
kernel-declare-event-class.m4 Swap DTRACE_PROBE* with Linux tracepoints 2014-11-17 11:13:55 -08:00
kernel-dentry-operations.m4 Fix config issues: frame size and headers 2018-02-15 12:58:23 -08:00
kernel-dirty-inode.m4 Eliminate runtime function pointer mods in autotools checks 2013-03-04 08:49:17 -08:00
kernel-discard-granularity.m4 Set zvol discard_granularity to the volblocksize. 2012-08-07 14:55:31 -07:00
kernel-elevator-change.m4 Only use gcc -Wunused-but-set-variable when available 2013-01-10 16:09:39 -08:00
kernel-encode-fh-inode.m4 Linux 3.5 compat, eops->encode_fh() takes inodes 2012-07-23 12:29:23 -07:00
kernel-evict-inode.m4 Fix build failures on PaX/GRSecurity patched kernels 2012-07-17 09:22:43 -07:00
kernel-fallocate.m4 Eliminate runtime function pointer mods in autotools checks 2013-03-04 08:49:17 -08:00
kernel-file-dentry.m4 Use file_dentry and file_inode wrappers 2016-08-11 12:06:37 -07:00
kernel-file-inode.m4 Linux 3.19 compat: file_inode was added 2015-02-10 11:24:51 -08:00
kernel-fmode-t.m4 Fix gcc configure warnings 2011-04-19 10:10:47 -07:00
kernel-follow-down-one.m4 Linux 3.18 compat: Snapshot auto-mounting 2015-08-31 13:54:39 -07:00
kernel-fpu.m4 Support for vectorized algorithms on x86 2016-03-21 09:24:34 -07:00
kernel-fsync.m4 Eliminate runtime function pointer mods in autotools checks 2013-03-04 08:49:17 -08:00
kernel-generic_io_acct.m4 Linux 3.14 compat: IO acct, global_page_state, etc 2017-09-16 11:00:19 -07:00
kernel-generic_readlink.m4 4.10 compat - BIO flag changes and others 2016-12-30 16:03:59 -06:00
kernel-get-disk-and-module.m4 Linux 4.16 compat: get_disk_and_module() 2018-03-05 12:44:35 -08:00
kernel-get-disk-ro.m4 Only use gcc -Wunused-but-set-variable when available 2013-01-10 16:09:39 -08:00
kernel-get-gendisk.m4 When checking for symbol exports, try compiling. 2012-07-26 13:42:57 -07:00
kernel-get-link.m4 Fix config issues: frame size and headers 2018-02-15 12:58:23 -08:00
kernel-global_page_state.m4 Fix free memory calculation on v3.14+ 2018-02-23 08:50:06 -08:00
kernel-inode-getattr.m4 Linux 4.11 compat: iops.getattr and friends 2017-03-20 17:51:16 -07:00
kernel-inode-set-flags.m4 Use inode_set_flags when available 2016-12-16 13:54:51 -08:00
kernel-inode-set-iversion.m4 Linux 4.16 compat: inode_set_iversion() 2018-02-08 21:25:19 -08:00
kernel-insert-inode-locked.m4 When checking for symbol exports, try compiling. 2012-07-26 13:42:57 -07:00
kernel-invalidate-bdev-args.m4 Fix gcc configure warnings 2011-04-19 10:10:47 -07:00
kernel-is_owner_or_cap.m4 Refactor inode_owner_or_capable() autotools check 2014-05-01 10:06:49 -07:00
kernel-kmap-atomic-args.m4 Add compatibility layer for {kmap,kunmap}_atomic 2015-08-24 10:13:25 -07:00
kernel-kuid-helpers.m4 Check whether the kernel supports i_uid/gid_read/write helpers 2016-07-25 13:21:49 -07:00
kernel-lookup-bdev.m4 Fix lookup_bdev() on Ubuntu 2016-10-26 10:30:43 -07:00
kernel-lookup-nameidata.m4 Fix config issues: frame size and headers 2018-02-15 12:58:23 -08:00
kernel-lseek-execute.m4 Add SEEK_DATA/SEEK_HOLE to lseek()/llseek() 2013-07-02 09:24:43 -07:00
kernel-mk-request-fn.m4 Linux 4.4 compat: make_request_fn returns blk_qc_t 2015-12-01 16:48:08 -08:00
kernel-mkdir-umode-t.m4 Fix spelling 2017-01-03 11:31:18 -06:00
kernel-mod-param.m4 Linux compat: Grsecurity kernel 2016-08-22 10:05:45 -07:00
kernel-mount-nodev.m4 When checking for symbol exports, try compiling. 2012-07-26 13:42:57 -07:00
kernel-objtool.m4 Suppress incorrect objtool warnings 2017-12-07 10:28:50 -08:00
kernel-open-bdev-exclusive.m4 When checking for symbol exports, try compiling. 2012-07-26 13:42:57 -07:00
kernel-put-link.m4 Linux 4.5 compat: get_link() / put_link() 2016-01-20 11:36:00 -08:00
kernel-rename.m4 Linux 4.9 compat: iops->rename() wants flags 2016-10-20 09:39:09 -07:00
kernel-security-inode-init.m4 Use -Werror for all kernel configure tests. 2013-02-24 10:20:28 -08:00
kernel-set-nlink.m4 Linux 3.2 compat: set_nlink() 2011-12-16 20:02:52 -08:00
kernel-setattr-prepare.m4 Linux 4.9 compat: inode_change_ok() renamed setattr_prepare() 2016-10-20 09:39:09 -07:00
kernel-sget-args.m4 Linux 3.6 compat, sget() 2012-10-14 13:06:48 -07:00
kernel-show-options.m4 Fix NULL pointer dereference on PaX/GRSecurity patched Linux 3.3 and later kernels 2012-07-20 12:31:45 -07:00
kernel-shrink.m4 3.12 compat, NUMA-aware per-superblock shrinker 2015-06-17 10:43:13 -07:00
kernel-submit_bio.m4 Linux 4.8 compat: submit_bio() 2016-07-29 14:48:00 -07:00
kernel-super-userns.m4 Linux 4.8 compat: new s_user_ns member of struct super_block 2016-08-08 10:47:22 -07:00
kernel-tmpfile.m4 Add support for O_TMPFILE 2016-11-04 10:46:40 -07:00
kernel-truncate-range.m4 Linux 3.5 compat, iops->truncate_range() removed 2012-07-23 12:29:32 -07:00
kernel-truncate-setsize.m4 When checking for symbol exports, try compiling. 2012-07-26 13:42:57 -07:00
kernel-userns-capabilities.m4 Take user namespaces into account in policy checks 2018-03-07 15:40:42 -08:00
kernel-vfs-iterate.m4 Linux 4.7 compat: use iterate_shared for concurrent readdir 2016-05-20 11:09:16 -07:00
kernel-vfs-rw-iterate.m4 Fix incompatibility with Reiser4 patched kernels 2018-01-09 16:18:19 -08:00
kernel-xattr-handler.m4 Fix spelling 2017-01-03 11:31:18 -06:00
kernel.m4 Take user namespaces into account in policy checks 2018-03-07 15:40:42 -08:00
mount-helper.m4 The mount helper mount.zfs MUST be in /sbin (not '$sbindir'). 2015-05-18 16:54:36 -07:00
rpm.am Support parallel build trees (VPATH builds) 2015-07-17 13:42:51 -07:00
suppressed-warnings.txt Suppress packaging warning 2011-11-08 11:32:04 -08:00
tgz.am Fix config issues: frame size and headers 2018-02-15 12:58:23 -08:00
toolchain-simd.m4 Add support for AVX-512 family of instruction sets 2016-08-16 14:10:33 -07:00
user-dracut.m4 Accept udev and dracut paths specified by ./configure 2014-06-11 16:32:57 -07:00
user-libattr.m4 Add the ZFS Test Suite 2016-03-16 13:46:16 -07:00
user-libblkid.m4 Fix config issues: frame size and headers 2018-02-15 12:58:23 -08:00
user-libssl.m4 Fix config issues: frame size and headers 2018-02-15 12:58:23 -08:00
user-libtirpc.m4 Add support for libtirpc 2016-04-28 09:27:40 -07:00
user-libudev.m4 Fix WANT_DEVNAME2DEVID configure error 2016-04-01 09:06:54 -07:00
user-libuuid.m4 Cleanup linking 2016-03-18 13:31:11 -07:00
user-makedev.m4 glibc 2.5 compat: use correct header for makedev() et al. 2017-03-31 09:32:00 -07:00
user-runstatedir.m4 Add defs for makefile installation dir vars 2014-03-31 16:11:13 -07:00
user-systemd.m4 Fix --with-systemd on Debian-based distributions (#6963) 2017-12-17 14:08:48 -08:00
user-sysvinit.m4 Add systemd unit files for ZFS startup 2014-02-05 12:25:30 -08:00
user-udev.m4 Accept udev and dracut paths specified by ./configure 2014-06-11 16:32:57 -07:00
user-zlib.m4 Cleanup linking 2016-03-18 13:31:11 -07:00
user.m4 Support -fsanitize=address with --enable-asan 2018-01-10 10:49:27 -08:00
zfs-build.m4 Fix default libdir for Debian/Ubuntu 2018-02-05 20:42:52 -08:00
zfs-meta.m4 Fix automatically generated release number 2016-09-21 13:45:21 -07:00