git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Gabriel Totev <gabriel.totev@zetier.com>
	Wed, 16 Apr 2025 22:42:08 +0000 (18:42 -0400)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 28 Aug 2025 14:28:28 +0000 (16:28 +0200)
commit	2e487c0fdeb9fe877db2da551aea6968cf2dbe57
tree	7c7f00cd5881bb2ba7e3b889125477fe26f20c30	tree
parent	ef8814a9d64a6cb44b38d6eac38bea78f1855936	commit \| diff

apparmor: shift ouid when mediating hard links in userns

[ Upstream commit c5bf96d20fd787e4909b755de4705d52f3458836 ]

When using AppArmor profiles inside an unprivileged container,
the link operation observes an unshifted ouid.
(tested with LXD and Incus)

For example, root inside container and uid 1000000 outside, with
`owner /root/link l,` profile entry for ln:

/root$ touch chain && ln chain link
==> dmesg
apparmor="DENIED" operation="link" class="file"
namespace="root//lxd-feet_<var-snap-lxd-common-lxd>" profile="linkit"
name="/root/link" pid=1655 comm="ln" requested_mask="l" denied_mask="l"
fsuid=1000000 ouid=0 [<== should be 1000000] target="/root/chain"

Fix by mapping inode uid of old_dentry in aa_path_link() rather than
using it directly, similarly to how it's mapped in __file_path_perm()
later in the file.

Signed-off-by: Gabriel Totev <gabriel.totev@zetier.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>