lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87wqubc58b.fsf@xmission.com>
Date:	Thu, 14 Feb 2013 06:58:12 -0800
From:	ebiederm@...ssion.com (Eric W. Biederman)
To:	Glauber Costa <glommer@...allels.com>
Cc:	Serge Hallyn <serge.hallyn@...ntu.com>,
	<linux-kernel@...r.kernel.org>,
	<containers@...ts.linux-foundation.org>,
	Andrew Morton <akpm@...ux-foundation.org>
Subject: Re: [PATCH] kernel: allow reboots from user_ns

Glauber Costa <glommer@...allels.com> writes:

> On 02/14/2013 06:27 PM, Serge Hallyn wrote:
>> Quoting Glauber Costa (glommer@...allels.com):
>>> Reboot support for pid namespaces is already implemented and it works
>>> well. However, in most containers the tasks will join all namespaces,
>>> including the now supported user namespace. In that situation, we will
>>> fail the "capable" test and won't be able to reboot.
>>>
>>> The proposed solution is to allow reboots for CAP_SYS_BOOT processes
>>> in the user namespace that owns the pid namespace.
>>>
>>> Signed-off-by: Glauber Costa <glommer@...allels.com>
>> 
>> Note Li Zefan sent this identical patch last year.  It's in my own
>> built userns kernel, and definately required :)
>> 
> I didn't see that, and using Linus' master my stop container scripts
> stopped working after I started using Eric's userns...

The patch has been sitting in my for-next branch for quite a while
just waiting for the merge window.

Eric

commit 923c7538236564c46ee80c253a416705321f13e3
Author: Li Zefan <lizefan@...wei.com>
Date:   Thu Dec 27 11:39:12 2012 +0800

    userns: Allow unprivileged reboot
    
    In a container with its own pid namespace and user namespace, rebooting
    the system won't reboot the host, but terminate all the processes in
    it and thus have the container shutdown, so it's safe.
    
    Signed-off-by: Li Zefan <lizefan@...wei.com>
    Signed-off-by: Eric W. Biederman <ebiederm@...ssion.com>

diff --git a/kernel/sys.c b/kernel/sys.c
index 265b376..24d1ef5 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -433,11 +433,12 @@ static DEFINE_MUTEX(reboot_mutex);
 SYSCALL_DEFINE4(reboot, int, magic1, int, magic2, unsigned int, cmd,
                void __user *, arg)
 {
+       struct pid_namespace *pid_ns = task_active_pid_ns(current);
        char buffer[256];
        int ret = 0;
 
        /* We only trust the superuser with rebooting the system. */
-       if (!capable(CAP_SYS_BOOT))
+       if (!ns_capable(pid_ns->user_ns, CAP_SYS_BOOT))
                return -EPERM;
 
        /* For safety, we require "magic" arguments. */
@@ -453,7 +454,7 @@ SYSCALL_DEFINE4(reboot, int, magic1, int, magic2, unsigned int, cmd,
         * pid_namespace, the command is handled by reboot_pid_ns() which will
         * call do_exit().
         */
-       ret = reboot_pid_ns(task_active_pid_ns(current), cmd);
+       ret = reboot_pid_ns(pid_ns, cmd);
        if (ret)
                return ret;
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ