Re: [PATCH 1/1] getxattr: use correct xattr length

2018-07-23 Thread Serge E. Hallyn
Quoting Christian Brauner (christian.brau...@canonical.com): > On Wed, Jun 13, 2018 at 10:45:37AM -0500, Serge Hallyn wrote: > > On Thu, Jun 07, 2018 at 01:43:48PM +0200, Christian Brauner wrote: > > > When running in a container with a user namespace, if you call getxattr > > > with name =

Re: [PATCH 1/1] getxattr: use correct xattr length

2018-07-23 Thread Serge E. Hallyn
Quoting Christian Brauner (christian.brau...@canonical.com): > On Wed, Jun 13, 2018 at 10:45:37AM -0500, Serge Hallyn wrote: > > On Thu, Jun 07, 2018 at 01:43:48PM +0200, Christian Brauner wrote: > > > When running in a container with a user namespace, if you call getxattr > > > with name =

Re: [PATCH 1/1] getxattr: use correct xattr length

2018-07-23 Thread Christian Brauner
On Wed, Jun 13, 2018 at 10:45:37AM -0500, Serge Hallyn wrote: > On Thu, Jun 07, 2018 at 01:43:48PM +0200, Christian Brauner wrote: > > When running in a container with a user namespace, if you call getxattr > > with name = "system.posix_acl_access" and size % 8 != 4, then getxattr > > silently

Re: [PATCH 1/1] getxattr: use correct xattr length

2018-07-23 Thread Christian Brauner
On Wed, Jun 13, 2018 at 10:45:37AM -0500, Serge Hallyn wrote: > On Thu, Jun 07, 2018 at 01:43:48PM +0200, Christian Brauner wrote: > > When running in a container with a user namespace, if you call getxattr > > with name = "system.posix_acl_access" and size % 8 != 4, then getxattr > > silently

Re: [PATCH 1/1] getxattr: use correct xattr length

2018-06-13 Thread Christian Brauner
On Wed, Jun 13, 2018 at 10:45:37AM -0500, Serge Hallyn wrote: > On Thu, Jun 07, 2018 at 01:43:48PM +0200, Christian Brauner wrote: > > When running in a container with a user namespace, if you call getxattr > > with name = "system.posix_acl_access" and size % 8 != 4, then getxattr > > silently

Re: [PATCH 1/1] getxattr: use correct xattr length

2018-06-13 Thread Christian Brauner
On Wed, Jun 13, 2018 at 10:45:37AM -0500, Serge Hallyn wrote: > On Thu, Jun 07, 2018 at 01:43:48PM +0200, Christian Brauner wrote: > > When running in a container with a user namespace, if you call getxattr > > with name = "system.posix_acl_access" and size % 8 != 4, then getxattr > > silently

Re: [PATCH 1/1] getxattr: use correct xattr length

2018-06-13 Thread Serge E. Hallyn
On Thu, Jun 07, 2018 at 01:43:48PM +0200, Christian Brauner wrote: > When running in a container with a user namespace, if you call getxattr > with name = "system.posix_acl_access" and size % 8 != 4, then getxattr > silently skips the user namespace fixup that it normally does resulting in >

Re: [PATCH 1/1] getxattr: use correct xattr length

2018-06-13 Thread Serge E. Hallyn
On Thu, Jun 07, 2018 at 01:43:48PM +0200, Christian Brauner wrote: > When running in a container with a user namespace, if you call getxattr > with name = "system.posix_acl_access" and size % 8 != 4, then getxattr > silently skips the user namespace fixup that it normally does resulting in >

[PATCH 1/1] getxattr: use correct xattr length

2018-06-07 Thread Christian Brauner
When running in a container with a user namespace, if you call getxattr with name = "system.posix_acl_access" and size % 8 != 4, then getxattr silently skips the user namespace fixup that it normally does resulting in un-fixed-up data being returned. This is caused by posix_acl_fix_xattr_to_user()

[PATCH 1/1] getxattr: use correct xattr length

2018-06-07 Thread Christian Brauner
When running in a container with a user namespace, if you call getxattr with name = "system.posix_acl_access" and size % 8 != 4, then getxattr silently skips the user namespace fixup that it normally does resulting in un-fixed-up data being returned. This is caused by posix_acl_fix_xattr_to_user()