lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.LRH.1.10.0810171017080.18249@tundra.namei.org>
Date:	Fri, 17 Oct 2008 10:17:23 +1100 (EST)
From:	James Morris <jmorris@...ei.org>
To:	"Serge E. Hallyn" <serue@...ibm.com>
cc:	David Howells <dhowells@...hat.com>,
	Stephen Rothwell <sfr@...b.auug.org.au>,
	lkml <linux-kernel@...r.kernel.org>,
	"Eric W. Biederman" <ebiederm@...ssion.com>,
	Michael Halcrow <mhalcrow@...ibm.com>
Subject: Re: [PATCH] User namespaces: set of cleanups (eventually for
 linux-next?)

On Thu, 16 Oct 2008, Serge E. Hallyn wrote:

> Hi,
> 
> Once the creds-next-subsys branch of the security testing tree hits
> linux-next, is there any chance of having this patch in there?

It should be in linux-next now.

>  It
> offers (imho) drastic cleanup over the current userns code.
> LTP-approved (but then so were previous buggy versions...)
> 
> David, since this consumes your patch, I wasn't sure whether it was
> appropriate to put your signed-off-by on here or not.  I decided
> doing so was the worse of the potential offenses...
> 
> thanks,
> -serge
> 
> Subject: [PATCH] User namespaces: set of cleanups
> From: Serge Hallyn <serue@...ibm.com>
> Date: 1224106725 -0500
> 
> The user_ns is moved from nsproxy to user_struct, so that a struct
> cred by itself is sufficient to determine access (which it otherwise
> would not be).  Corresponding ecryptfs fixes (by David Howells) are
> here as well.
> 
> Fix refcounting.  The following rules now apply:
>         1. The task pins the user struct.
>         2. The user struct pins its user namespace.
>         3. The user namespace pins the struct user which created it.
> 
> User namespaces are cloned during copy_creds().  Unsharing a new user_ns
> is no longer possible.  (We could re-add that, but it'll cause code
> duplication and doesn't seem useful if PAM doesn't need to clone user
> namespaces).
> 
> When a user namespace is created, its first user (uid 0) gets empty
> keyrings and a clean group_info.
> 
> Signed-off-by: Serge Hallyn <serue@...ibm.com>
> 
> ---
> 
>  fs/ecryptfs/messaging.c        |   13 +++----
>  fs/ecryptfs/miscdev.c          |   19 ++++------
>  include/linux/cred.h           |    2 +
>  include/linux/init_task.h      |    1 -
>  include/linux/nsproxy.h        |    1 -
>  include/linux/sched.h          |    1 +
>  include/linux/user_namespace.h |   13 ++-----
>  kernel/cred.c                  |   15 +++++++-
>  kernel/fork.c                  |   19 ++++++++--
>  kernel/nsproxy.c               |   15 +-------
>  kernel/sys.c                   |    4 +-
>  kernel/user.c                  |   47 +++++++-----------------
>  kernel/user_namespace.c        |   77 +++++++++++++++++-----------------------
>  13 files changed, 98 insertions(+), 129 deletions(-)
> 
> 1d3aca5269bcd4471ca7725111d05ad92f17a3a5
> diff --git a/fs/ecryptfs/messaging.c b/fs/ecryptfs/messaging.c
> index 92bf606..eecb8b5 100644
> --- a/fs/ecryptfs/messaging.c
> +++ b/fs/ecryptfs/messaging.c
> @@ -376,7 +376,7 @@ int ecryptfs_process_response(struct ecr
>  	struct ecryptfs_msg_ctx *msg_ctx;
>  	size_t msg_size;
>  	struct nsproxy *nsproxy;
> -	struct user_namespace *current_user_ns;
> +	struct user_namespace *tsk_user_ns;
>  	uid_t ctx_euid;
>  	int rc;
>  
> @@ -401,9 +401,9 @@ int ecryptfs_process_response(struct ecr
>  		mutex_unlock(&ecryptfs_daemon_hash_mux);
>  		goto wake_up;
>  	}
> -	current_user_ns = nsproxy->user_ns;
> +	tsk_user_ns = __task_cred(msg_ctx->task)->user->user_ns;
>  	ctx_euid = task_euid(msg_ctx->task);
> -	rc = ecryptfs_find_daemon_by_euid(&daemon, ctx_euid, current_user_ns);
> +	rc = ecryptfs_find_daemon_by_euid(&daemon, ctx_euid, tsk_user_ns);
>  	rcu_read_unlock();
>  	mutex_unlock(&ecryptfs_daemon_hash_mux);
>  	if (rc) {
> @@ -421,11 +421,11 @@ int ecryptfs_process_response(struct ecr
>  		       euid, ctx_euid);
>  		goto unlock;
>  	}
> -	if (current_user_ns != user_ns) {
> +	if (tsk_user_ns != user_ns) {
>  		rc = -EBADMSG;
>  		printk(KERN_WARNING "%s: Received message from user_ns "
>  		       "[0x%p]; expected message from user_ns [0x%p]\n",
> -		       __func__, user_ns, nsproxy->user_ns);
> +		       __func__, user_ns, tsk_user_ns);
>  		goto unlock;
>  	}
>  	if (daemon->pid != pid) {
> @@ -486,8 +486,7 @@ ecryptfs_send_message_locked(unsigned in
>  	uid_t euid = current_euid();
>  	int rc;
>  
> -	rc = ecryptfs_find_daemon_by_euid(&daemon, euid,
> -					  current->nsproxy->user_ns);
> +	rc = ecryptfs_find_daemon_by_euid(&daemon, euid, current_user_ns());
>  	if (rc || !daemon) {
>  		rc = -ENOTCONN;
>  		printk(KERN_ERR "%s: User [%d] does not have a daemon "
> diff --git a/fs/ecryptfs/miscdev.c b/fs/ecryptfs/miscdev.c
> index 047ac60..efd95a0 100644
> --- a/fs/ecryptfs/miscdev.c
> +++ b/fs/ecryptfs/miscdev.c
> @@ -47,8 +47,7 @@ ecryptfs_miscdev_poll(struct file *file,
>  
>  	mutex_lock(&ecryptfs_daemon_hash_mux);
>  	/* TODO: Just use file->private_data? */
> -	rc = ecryptfs_find_daemon_by_euid(&daemon, euid,
> -					  current->nsproxy->user_ns);
> +	rc = ecryptfs_find_daemon_by_euid(&daemon, euid, current_user_ns());
>  	BUG_ON(rc || !daemon);
>  	mutex_lock(&daemon->mux);
>  	mutex_unlock(&ecryptfs_daemon_hash_mux);
> @@ -95,11 +94,9 @@ ecryptfs_miscdev_open(struct inode *inod
>  		       "count; rc = [%d]\n", __func__, rc);
>  		goto out_unlock_daemon_list;
>  	}
> -	rc = ecryptfs_find_daemon_by_euid(&daemon, euid,
> -					  current->nsproxy->user_ns);
> +	rc = ecryptfs_find_daemon_by_euid(&daemon, euid, current_user_ns());
>  	if (rc || !daemon) {
> -		rc = ecryptfs_spawn_daemon(&daemon, euid,
> -					   current->nsproxy->user_ns,
> +		rc = ecryptfs_spawn_daemon(&daemon, euid, current_user_ns(),
>  					   task_pid(current));
>  		if (rc) {
>  			printk(KERN_ERR "%s: Error attempting to spawn daemon; "
> @@ -153,8 +150,7 @@ ecryptfs_miscdev_release(struct inode *i
>  	int rc;
>  
>  	mutex_lock(&ecryptfs_daemon_hash_mux);
> -	rc = ecryptfs_find_daemon_by_euid(&daemon, euid,
> -					  current->nsproxy->user_ns);
> +	rc = ecryptfs_find_daemon_by_euid(&daemon, euid, current_user_ns());
>  	BUG_ON(rc || !daemon);
>  	mutex_lock(&daemon->mux);
>  	BUG_ON(daemon->pid != task_pid(current));
> @@ -254,8 +250,7 @@ ecryptfs_miscdev_read(struct file *file,
>  
>  	mutex_lock(&ecryptfs_daemon_hash_mux);
>  	/* TODO: Just use file->private_data? */
> -	rc = ecryptfs_find_daemon_by_euid(&daemon, euid,
> -					  current->nsproxy->user_ns);
> +	rc = ecryptfs_find_daemon_by_euid(&daemon, euid, current_user_ns());
>  	BUG_ON(rc || !daemon);
>  	mutex_lock(&daemon->mux);
>  	if (daemon->flags & ECRYPTFS_DAEMON_ZOMBIE) {
> @@ -295,7 +290,7 @@ check_list:
>  		goto check_list;
>  	}
>  	BUG_ON(euid != daemon->euid);
> -	BUG_ON(current->nsproxy->user_ns != daemon->user_ns);
> +	BUG_ON(current_user_ns() != daemon->user_ns);
>  	BUG_ON(task_pid(current) != daemon->pid);
>  	msg_ctx = list_first_entry(&daemon->msg_ctx_out_queue,
>  				   struct ecryptfs_msg_ctx, daemon_out_list);
> @@ -468,7 +463,7 @@ ecryptfs_miscdev_write(struct file *file
>  			goto out_free;
>  		}
>  		rc = ecryptfs_miscdev_response(&data[i], packet_size,
> -					       euid, current->nsproxy->user_ns,
> +					       euid, current_user_ns(),
>  					       task_pid(current), seq);
>  		if (rc)
>  			printk(KERN_WARNING "%s: Failed to deliver miscdev "
> diff --git a/include/linux/cred.h b/include/linux/cred.h
> index 26c1ab1..3282ee4 100644
> --- a/include/linux/cred.h
> +++ b/include/linux/cred.h
> @@ -60,6 +60,7 @@ do {							\
>  } while (0)
>  
>  extern struct group_info *groups_alloc(int);
> +extern struct group_info init_groups;
>  extern void groups_free(struct group_info *);
>  extern int set_current_groups(struct group_info *);
>  extern int set_groups(struct cred *, struct group_info *);
> @@ -315,6 +316,7 @@ static inline void put_cred(const struct
>  #define current_fsgid() 	(current_cred_xxx(fsgid))
>  #define current_cap()		(current_cred_xxx(cap_effective))
>  #define current_user()		(current_cred_xxx(user))
> +#define current_user_ns()	(current_cred_xxx(user)->user_ns)
>  #define current_security()	(current_cred_xxx(security))
>  
>  #define current_uid_gid(_uid, _gid)		\
> diff --git a/include/linux/init_task.h b/include/linux/init_task.h
> index edf0285..126c3c4 100644
> --- a/include/linux/init_task.h
> +++ b/include/linux/init_task.h
> @@ -57,7 +57,6 @@ extern struct nsproxy init_nsproxy;
>  	.mnt_ns		= NULL,						\
>  	INIT_NET_NS(net_ns)                                             \
>  	INIT_IPC_NS(ipc_ns)						\
> -	.user_ns	= &init_user_ns,				\
>  }
>  
>  #define INIT_SIGHAND(sighand) {						\
> diff --git a/include/linux/nsproxy.h b/include/linux/nsproxy.h
> index c8a768e..afad7de 100644
> --- a/include/linux/nsproxy.h
> +++ b/include/linux/nsproxy.h
> @@ -27,7 +27,6 @@ struct nsproxy {
>  	struct ipc_namespace *ipc_ns;
>  	struct mnt_namespace *mnt_ns;
>  	struct pid_namespace *pid_ns;
> -	struct user_namespace *user_ns;
>  	struct net 	     *net_ns;
>  };
>  extern struct nsproxy init_nsproxy;
> diff --git a/include/linux/sched.h b/include/linux/sched.h
> index 0812cfd..02693db 100644
> --- a/include/linux/sched.h
> +++ b/include/linux/sched.h
> @@ -595,6 +595,7 @@ struct user_struct {
>  	/* Hash table maintenance information */
>  	struct hlist_node uidhash_node;
>  	uid_t uid;
> +	struct user_namespace *user_ns;
>  
>  #ifdef CONFIG_USER_SCHED
>  	struct task_group *tg;
> diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h
> index b5f41d4..315bcd3 100644
> --- a/include/linux/user_namespace.h
> +++ b/include/linux/user_namespace.h
> @@ -12,7 +12,7 @@
>  struct user_namespace {
>  	struct kref		kref;
>  	struct hlist_head	uidhash_table[UIDHASH_SZ];
> -	struct user_struct	*root_user;
> +	struct user_struct	*creator;
>  };
>  
>  extern struct user_namespace init_user_ns;
> @@ -26,8 +26,7 @@ static inline struct user_namespace *get
>  	return ns;
>  }
>  
> -extern struct user_namespace *copy_user_ns(int flags,
> -					   struct user_namespace *old_ns);
> +extern int create_user_ns(struct cred *new);
>  extern void free_user_ns(struct kref *kref);
>  
>  static inline void put_user_ns(struct user_namespace *ns)
> @@ -43,13 +42,9 @@ static inline struct user_namespace *get
>  	return &init_user_ns;
>  }
>  
> -static inline struct user_namespace *copy_user_ns(int flags,
> -						  struct user_namespace *old_ns)
> +static inline int create_user_ns(struct cred *new)
>  {
> -	if (flags & CLONE_NEWUSER)
> -		return ERR_PTR(-EINVAL);
> -
> -	return old_ns;
> +	return -EINVAL;
>  }
>  
>  static inline void put_user_ns(struct user_namespace *ns)
> diff --git a/kernel/cred.c b/kernel/cred.c
> index 13697ca..ff7bc07 100644
> --- a/kernel/cred.c
> +++ b/kernel/cred.c
> @@ -274,6 +274,7 @@ int copy_creds(struct task_struct *p, un
>  	struct thread_group_cred *tgcred;
>  #endif
>  	struct cred *new;
> +	int ret;
>  
>  	mutex_init(&p->cred_exec_mutex);
>  
> @@ -293,6 +294,12 @@ int copy_creds(struct task_struct *p, un
>  	if (!new)
>  		return -ENOMEM;
>  
> +	if (clone_flags & CLONE_NEWUSER) {
> +		ret = create_user_ns(new);
> +		if (ret < 0)
> +			goto error_put;
> +	}
> +
>  #ifdef CONFIG_KEYS
>  	/* new threads get their own thread keyrings if their parent already
>  	 * had one */
> @@ -309,8 +316,8 @@ int copy_creds(struct task_struct *p, un
>  	if (!(clone_flags & CLONE_THREAD)) {
>  		tgcred = kmalloc(sizeof(*tgcred), GFP_KERNEL);
>  		if (!tgcred) {
> -			put_cred(new);
> -			return -ENOMEM;
> +			ret = -ENOMEM;
> +			goto error_put;
>  		}
>  		atomic_set(&tgcred->usage, 1);
>  		spin_lock_init(&tgcred->lock);
> @@ -325,6 +332,10 @@ int copy_creds(struct task_struct *p, un
>  	atomic_inc(&new->user->processes);
>  	p->cred = p->real_cred = get_cred(new);
>  	return 0;
> +
> +error_put:
> +	put_cred(new);
> +	return ret;
>  }
>  
>  /**
> diff --git a/kernel/fork.c b/kernel/fork.c
> index e392e5a..c71f3c1 100644
> --- a/kernel/fork.c
> +++ b/kernel/fork.c
> @@ -935,7 +935,7 @@ static struct task_struct *copy_process(
>  	if (atomic_read(&p->real_cred->user->processes) >=
>  			p->signal->rlim[RLIMIT_NPROC].rlim_cur) {
>  		if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE) &&
> -		    p->real_cred->user != current->nsproxy->user_ns->root_user)
> +		    p->real_cred->user != INIT_USER)
>  			goto bad_fork_free;
>  	}
>  
> @@ -1312,6 +1312,20 @@ long do_fork(unsigned long clone_flags,
>  	long nr;
>  
>  	/*
> +	 * Do some preliminary argument and permissions checking before we
> +	 * actually start allocating stuff
> +	 */
> +	if (clone_flags & CLONE_NEWUSER) {
> +		if (clone_flags & CLONE_THREAD)
> +			return -EINVAL;
> +		/* hopefully this check will go away when userns support is
> +		 * complete
> +		 */
> +		if (!capable(CAP_SYS_ADMIN))
> +			return -EPERM;
> +	}
> +
> +	/*
>  	 * We hope to recycle these flags after 2.6.26
>  	 */
>  	if (unlikely(clone_flags & CLONE_STOPPED)) {
> @@ -1556,8 +1570,7 @@ asmlinkage long sys_unshare(unsigned lon
>  	err = -EINVAL;
>  	if (unshare_flags & ~(CLONE_THREAD|CLONE_FS|CLONE_NEWNS|CLONE_SIGHAND|
>  				CLONE_VM|CLONE_FILES|CLONE_SYSVSEM|
> -				CLONE_NEWUTS|CLONE_NEWIPC|CLONE_NEWUSER|
> -				CLONE_NEWNET))
> +				CLONE_NEWUTS|CLONE_NEWIPC|CLONE_NEWNET))
>  		goto bad_unshare_out;
>  
>  	/*
> diff --git a/kernel/nsproxy.c b/kernel/nsproxy.c
> index 1d3ef29..63598dc 100644
> --- a/kernel/nsproxy.c
> +++ b/kernel/nsproxy.c
> @@ -80,12 +80,6 @@ static struct nsproxy *create_new_namesp
>  		goto out_pid;
>  	}
>  
> -	new_nsp->user_ns = copy_user_ns(flags, tsk->nsproxy->user_ns);
> -	if (IS_ERR(new_nsp->user_ns)) {
> -		err = PTR_ERR(new_nsp->user_ns);
> -		goto out_user;
> -	}
> -
>  	new_nsp->net_ns = copy_net_ns(flags, tsk->nsproxy->net_ns);
>  	if (IS_ERR(new_nsp->net_ns)) {
>  		err = PTR_ERR(new_nsp->net_ns);
> @@ -95,9 +89,6 @@ static struct nsproxy *create_new_namesp
>  	return new_nsp;
>  
>  out_net:
> -	if (new_nsp->user_ns)
> -		put_user_ns(new_nsp->user_ns);
> -out_user:
>  	if (new_nsp->pid_ns)
>  		put_pid_ns(new_nsp->pid_ns);
>  out_pid:
> @@ -130,7 +121,7 @@ int copy_namespaces(unsigned long flags,
>  	get_nsproxy(old_ns);
>  
>  	if (!(flags & (CLONE_NEWNS | CLONE_NEWUTS | CLONE_NEWIPC |
> -				CLONE_NEWUSER | CLONE_NEWPID | CLONE_NEWNET)))
> +				CLONE_NEWPID | CLONE_NEWNET)))
>  		return 0;
>  
>  	if (!capable(CAP_SYS_ADMIN)) {
> @@ -173,8 +164,6 @@ void free_nsproxy(struct nsproxy *ns)
>  		put_ipc_ns(ns->ipc_ns);
>  	if (ns->pid_ns)
>  		put_pid_ns(ns->pid_ns);
> -	if (ns->user_ns)
> -		put_user_ns(ns->user_ns);
>  	put_net(ns->net_ns);
>  	kmem_cache_free(nsproxy_cachep, ns);
>  }
> @@ -189,7 +178,7 @@ int unshare_nsproxy_namespaces(unsigned 
>  	int err = 0;
>  
>  	if (!(unshare_flags & (CLONE_NEWNS | CLONE_NEWUTS | CLONE_NEWIPC |
> -			       CLONE_NEWUSER | CLONE_NEWNET)))
> +			       CLONE_NEWNET)))
>  		return 0;
>  
>  	if (!capable(CAP_SYS_ADMIN))
> diff --git a/kernel/sys.c b/kernel/sys.c
> index 6bc3899..26eda31 100644
> --- a/kernel/sys.c
> +++ b/kernel/sys.c
> @@ -565,13 +565,13 @@ static int set_user(struct cred *new)
>  {
>  	struct user_struct *new_user;
>  
> -	new_user = alloc_uid(current->nsproxy->user_ns, new->uid);
> +	new_user = alloc_uid(current_user()->user_ns, new->uid);
>  	if (!new_user)
>  		return -EAGAIN;
>  
>  	if (atomic_read(&new_user->processes) >=
>  				current->signal->rlim[RLIMIT_NPROC].rlim_cur &&
> -			new_user != current->nsproxy->user_ns->root_user) {
> +			new_user != INIT_USER) {
>  		free_uid(new_user);
>  		return -EAGAIN;
>  	}
> diff --git a/kernel/user.c b/kernel/user.c
> index d476307..c0ef3a4 100644
> --- a/kernel/user.c
> +++ b/kernel/user.c
> @@ -20,9 +20,9 @@
>  
>  struct user_namespace init_user_ns = {
>  	.kref = {
> -		.refcount	= ATOMIC_INIT(2),
> +		.refcount	= ATOMIC_INIT(1),
>  	},
> -	.root_user = &root_user,
> +	.creator = &root_user,
>  };
>  EXPORT_SYMBOL_GPL(init_user_ns);
>  
> @@ -48,12 +48,14 @@ static struct kmem_cache *uid_cachep;
>   */
>  static DEFINE_SPINLOCK(uidhash_lock);
>  
> +/* root_user.__count is 2, 1 for init task cred, 1 for init_user_ns->creator */
>  struct user_struct root_user = {
> -	.__count	= ATOMIC_INIT(1),
> +	.__count	= ATOMIC_INIT(2),
>  	.processes	= ATOMIC_INIT(1),
>  	.files		= ATOMIC_INIT(0),
>  	.sigpending	= ATOMIC_INIT(0),
>  	.locked_shm     = 0,
> +	.user_ns	= &init_user_ns,
>  #ifdef CONFIG_USER_SCHED
>  	.tg		= &init_task_group,
>  #endif
> @@ -314,12 +316,13 @@ done:
>   * IRQ state (as stored in flags) is restored and uidhash_lock released
>   * upon function exit.
>   */
> -static inline void free_user(struct user_struct *up, unsigned long flags)
> +static void free_user(struct user_struct *up, unsigned long flags)
>  {
>  	/* restore back the count */
>  	atomic_inc(&up->__count);
>  	spin_unlock_irqrestore(&uidhash_lock, flags);
>  
> +	put_user_ns(up->user_ns);
>  	INIT_WORK(&up->work, remove_user_sysfs_dir);
>  	schedule_work(&up->work);
>  }
> @@ -335,13 +338,14 @@ static inline void uids_mutex_unlock(voi
>   * IRQ state (as stored in flags) is restored and uidhash_lock released
>   * upon function exit.
>   */
> -static inline void free_user(struct user_struct *up, unsigned long flags)
> +static void free_user(struct user_struct *up, unsigned long flags)
>  {
>  	uid_hash_remove(up);
>  	spin_unlock_irqrestore(&uidhash_lock, flags);
>  	sched_destroy_user(up);
>  	key_put(up->uid_keyring);
>  	key_put(up->session_keyring);
> +	put_user_ns(up->user_ns);
>  	kmem_cache_free(uid_cachep, up);
>  }
>  
> @@ -357,7 +361,7 @@ struct user_struct *find_user(uid_t uid)
>  {
>  	struct user_struct *ret;
>  	unsigned long flags;
> -	struct user_namespace *ns = current->nsproxy->user_ns;
> +	struct user_namespace *ns = current_user()->user_ns;
>  
>  	spin_lock_irqsave(&uidhash_lock, flags);
>  	ret = uid_hash_find(uid, uidhashentry(ns, uid));
> @@ -404,6 +408,8 @@ struct user_struct *alloc_uid(struct use
>  		if (sched_create_user(new) < 0)
>  			goto out_free_user;
>  
> +		new->user_ns = get_user_ns(ns);
> +
>  		if (uids_user_create(new))
>  			goto out_destoy_sched;
>  
> @@ -427,7 +433,6 @@ struct user_struct *alloc_uid(struct use
>  			up = new;
>  		}
>  		spin_unlock_irq(&uidhash_lock);
> -
>  	}
>  
>  	uids_mutex_unlock();
> @@ -436,6 +441,7 @@ struct user_struct *alloc_uid(struct use
>  
>  out_destoy_sched:
>  	sched_destroy_user(new);
> +	put_user_ns(new->user_ns);
>  out_free_user:
>  	kmem_cache_free(uid_cachep, new);
>  out_unlock:
> @@ -443,33 +449,6 @@ out_unlock:
>  	return NULL;
>  }
>  
> -#ifdef CONFIG_USER_NS
> -void release_uids(struct user_namespace *ns)
> -{
> -	int i;
> -	unsigned long flags;
> -	struct hlist_head *head;
> -	struct hlist_node *nd;
> -
> -	spin_lock_irqsave(&uidhash_lock, flags);
> -	/*
> -	 * collapse the chains so that the user_struct-s will
> -	 * be still alive, but not in hashes. subsequent free_uid()
> -	 * will free them.
> -	 */
> -	for (i = 0; i < UIDHASH_SZ; i++) {
> -		head = ns->uidhash_table + i;
> -		while (!hlist_empty(head)) {
> -			nd = head->first;
> -			hlist_del_init(nd);
> -		}
> -	}
> -	spin_unlock_irqrestore(&uidhash_lock, flags);
> -
> -	free_uid(ns->root_user);
> -}
> -#endif
> -
>  static int __init uid_cache_init(void)
>  {
>  	int n;
> diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
> index 0d9c51d..53b164b 100644
> --- a/kernel/user_namespace.c
> +++ b/kernel/user_namespace.c
> @@ -9,70 +9,57 @@
>  #include <linux/nsproxy.h>
>  #include <linux/slab.h>
>  #include <linux/user_namespace.h>
> +#include <linux/cred.h>
>  
>  /*
> - * Clone a new ns copying an original user ns, setting refcount to 1
> - * @old_ns: namespace to clone
> - * Return NULL on error (failure to kmalloc), new ns otherwise
> + * Create a new user namespace, deriving the creator from the user in the
> + * passed credentials, and replacing that user with the new root user for the
> + * new namespace.
> + *
> + * This is called by copy_creds(), which will finish setting the target task's
> + * credentials.
>   */
> -static struct user_namespace *clone_user_ns(struct user_namespace *old_ns)
> +int create_user_ns(struct cred *new)
>  {
>  	struct user_namespace *ns;
> -	struct user_struct *new_user;
> -	struct cred *new;
> +	struct user_struct *root_user;
>  	int n;
>  
>  	ns = kmalloc(sizeof(struct user_namespace), GFP_KERNEL);
>  	if (!ns)
> -		return ERR_PTR(-ENOMEM);
> +		return -ENOMEM;
>  
>  	kref_init(&ns->kref);
>  
>  	for (n = 0; n < UIDHASH_SZ; ++n)
>  		INIT_HLIST_HEAD(ns->uidhash_table + n);
>  
> -	/* Insert new root user.  */
> -	ns->root_user = alloc_uid(ns, 0);
> -	if (!ns->root_user) {
> +	/* Alloc new root user.  */
> +	root_user = alloc_uid(ns, 0);
> +	if (!root_user) {
>  		kfree(ns);
> -		return ERR_PTR(-ENOMEM);
> +		return -ENOMEM;
>  	}
>  
> -	/* Reset current->user with a new one */
> -	new_user = alloc_uid(ns, current_uid());
> -	if (!new_user) {
> -		free_uid(ns->root_user);
> -		kfree(ns);
> -		return ERR_PTR(-ENOMEM);
> -	}
> -
> -	/* Install the new user */
> -	new = prepare_creds();
> -	if (!new) {
> -		free_uid(new_user);
> -		free_uid(ns->root_user);
> -		kfree(ns);
> -	}
> -	free_uid(new->user);
> -	new->user = new_user;
> -	commit_creds(new);
> -	return ns;
> -}
> -
> -struct user_namespace * copy_user_ns(int flags, struct user_namespace *old_ns)
> -{
> -	struct user_namespace *new_ns;
> -
> -	BUG_ON(!old_ns);
> -	get_user_ns(old_ns);
> -
> -	if (!(flags & CLONE_NEWUSER))
> -		return old_ns;
> +	/* set the new root user in the credentials under preparation */
> +	ns->creator = new->user;
> +	new->user = root_user;
> +	new->uid = new->euid = new->suid = new->fsuid = 0;
> +	new->gid = new->egid = new->sgid = new->fsgid = 0;
> +	put_group_info(new->group_info);
> +	new->group_info = get_group_info(&init_groups);
> +	key_put(new->thread_keyring);
> +#ifdef CONFIG_KEYS
> +	new->thread_keyring = NULL;
> +	key_put(new->request_key_auth);
> +	new->request_key_auth = NULL;
> +#endif
> +	/* tgcred will be cleared in our caller bc CLONE_THREAD won't be set */
>  
> -	new_ns = clone_user_ns(old_ns);
> +	/* alloc_uid() incremented the userns refcount.  Just set it to 1 */
> +	kref_set(&ns->kref, 1);
>  
> -	put_user_ns(old_ns);
> -	return new_ns;
> +	return 0;
>  }
>  
>  void free_user_ns(struct kref *kref)
> @@ -80,7 +67,7 @@ void free_user_ns(struct kref *kref)
>  	struct user_namespace *ns;
>  
>  	ns = container_of(kref, struct user_namespace, kref);
> -	release_uids(ns);
> +	free_uid(ns->creator);
>  	kfree(ns);
>  }
>  EXPORT_SYMBOL(free_user_ns);
> -- 
> 1.1.6
> 

-- 
James Morris
<jmorris@...ei.org>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ