lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:	Sun, 26 May 2013 03:00:05 +0000
From:	Stephen Mell <sub.atomic.fusion@...il.com>
To:	linux-kernel@...r.kernel.org
Subject: proc: add nsfd mount option to allow mounting for pid namespaces other than the current

From: Stephen Mell <sub.atomic.fusion@...il.com>

Currently, there is no userspace method to mount proc for a pid namespace other than the current one. In light of the new namespace filedescriptors, this patch adds a mount option to use the namespace represented by the specified filedescriptor instead of the current pid namespace. This patch depends on "proc: move proc mount options out of pid_namespace".

Signed-off-by: Stephen Mell <sub.atomic.fusion@...il.com>
---
 fs/proc/root.c | 23 ++++++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)
diff --git a/fs/proc/root.c b/fs/proc/root.c
index 5a2b6ff..6a9a46d 100644
--- a/fs/proc/root.c
+++ b/fs/proc/root.c
@@ -39,10 +39,11 @@ static int proc_set_super(struct super_block *sb, void *data)
 }
 
 enum {
-	Opt_gid, Opt_hidepid, Opt_err,
+	Opt_nsfd, Opt_gid, Opt_hidepid, Opt_err,
 };
 
 static const match_table_t tokens = {
+	{Opt_nsfd, "nsfd=%u"},
 	{Opt_hidepid, "hidepid=%u"},
 	{Opt_gid, "gid=%u"},
 	{Opt_err, NULL},
@@ -53,6 +54,8 @@ static int proc_parse_options(char *options, struct proc_sb_info *fsi)
 	char *p;
 	substring_t args[MAX_OPT_ARGS];
 	int option;
+	struct proc_ns *ei;
+	struct file *file;
 
 	if (!options)
 		return 1;
@@ -65,6 +68,24 @@ static int proc_parse_options(char *options, struct proc_sb_info *fsi)
 		args[0].to = args[0].from = NULL;
 		token = match_token(p, tokens, args);
 		switch (token) {
+		case Opt_nsfd:
+			if (match_int(&args[0], &option))
+				return 0;
+			file = proc_ns_fget(option);
+			if (IS_ERR(file)) {
+				pr_err("proc: nsfd value must refer to a pid namespace.\n");
+				return 0;
+			}
+			ei = get_proc_ns(file_inode(file));
+			if (!(ei->ns_ops->type & CLONE_NEWPID)) {
+				pr_err("proc: nsfd value must refer to a pid namespace.\n");
+				return 0;
+			}
+			if (fsi->ns)
+				put_pid_ns(fsi->ns);
+			fsi->ns = ei->ns;
+			get_pid_ns(fsi->ns);
+			break;
 		case Opt_gid:
 			if (match_int(&args[0], &option))
 				return 0;

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ