lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <87sj4q7bbg.fsf@xmission.com>
Date:	Wed, 20 Feb 2013 16:36:03 -0800
From:	ebiederm@...ssion.com (Eric W. Biederman)
To:	Linus Torvalds <torvalds@...ux-foundation.org>
Cc:	Linux Containers <containers@...ts.linux-foundation.org>,
	<linux-kernel@...r.kernel.org>,
	"Serge E. Hallyn" <serge@...lyn.com>
Subject: [GIT PULL] user namespace and namespace infrastructure changes for 3.9


Linus,

Please pull the for-linus git tree from:

   git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git for-linus

   HEAD: 139321c65c0584cd65c4c87a5eb3fdb4fdbd0e19 cifs: Enable building with user namespaces enabled.

   This tree is against v3.8-rc1 with the first few bug-fix commits
   already merged into v3.8.

This set of changes starts with a few small enhnacements to the user
namespace.  reboot support, allowing more arbitrary mappings, and
support for mounting devpts, ramfs, tmpfs, and mqueuefs as just the user
namespace root.

I do my best to document that if you care about limiting your
unprivileged users that when you have the user namespace support enabled
you will need to enable memory control groups.

There is a minor bug fix to prevent overflowing the stack if someone
creates way too many user namespaces.

The bulk of the changes are a continuation of the kuid/kgid push down
work through the filesystems.  These changes make using uids and gids
typesafe which ensures that these filesystems are safe to use when
multiple user namespaces are in use.  The filesystems converted for 3.9
are ceph, 9p, afs, ocfs2, gfs2, ncpfs, nfs, nfsd, and cifs.  The changes
for these filesystems were a little more involved so I split the changes
into smaller hopefully obviously correct changes.

XFS is the only filesystem that remains.  I was hoping I could get that
in this release so that user namespace support would be enabled with an
allyesconfig or an allmodconfig but it looks like the xfs changes need
another couple of days before it they are ready.

Eric W. Biederman (91):
      userns: Avoid recursion in put_user_ns
      userns: Allow any uid or gid mappings that don't overlap.
      userns: Recommend use of memory control groups.
      userns: Allow the userns root to mount of devpts
      userns: Allow the userns root to mount ramfs.
      userns: Allow the userns root to mount tmpfs.
      ceph: Only allow mounts in the initial network namespace
      ceph: Translate between uid and gids in cap messages and kuids and kgids
      ceph: Translate inode uid and gid attributes to/from kuids and kgids.
      ceph: Convert struct ceph_mds_request to use kuid_t and kgid_t
      ceph: Convert kuids and kgids before printing them.
      ceph: Enable building when user namespaces are enabled.
      9p: Add 'u' and 'g' format specifies for kuids and kgids
      9p: Transmit kuid and kgid values
      9p: Modify the stat structures to use kuid_t and kgid_t
      9p: Modify struct 9p_fid to use a kuid_t not a uid_t
      9p: Modify struct v9fs_session_info to use a kuids and kgids
      9p: Modify v9fs_get_fsgid_for_create to return a kgid
      9p: Allow building 9p with user namespaces enabled.
      afs: Remove unused structure afs_store_status
      afs: Only allow mounting afs in the intial network namespace
      afs: Support interacting with multiple user namespaces
      coda: Restrict coda messages to the initial pid namespace
      coda: Restrict coda messages to the initial user namespace
      coda: Cache permisions in struct coda_inode_info in a kuid_t.
      coda: Allow coda to be built when user namespace support is enabled
      ocfs2: Handle kuids and kgids in acl/xattr conversions.
      ocfs2: convert between kuids and kgids and DLM locks
      ocfs2: Convert uid and gids between in core and on disk inodes
      ocfs2: For tracing report the uid and gid values in the initial user namespace
      ocfs2: Compare kuids and kgids using uid_eq and gid_eq
      ocfs2: Enable building with user namespaces enabled
      gfs2: Remove improper checks in gfs2_set_dqblk.
      gfs2: Split NO_QUOTA_CHANGE inot NO_UID_QUTOA_CHANGE and NO_GID_QUTOA_CHANGE
      gfs2: Report quotas in the caller's user namespace.
      gfs2: Introduce qd2index
      gfs2: Modify struct gfs2_quota_change_host to use struct kqid
      gfs2: Modify qdsb_get to take a struct kqid
      gfs2: Convert gfs2_quota_refresh to take a kqid
      gfs2: Store qd_id in struct gfs2_quota_data as a struct kqid
      gfs2: Remove the QUOTA_USER and QUOTA_GROUP defines
      gfs2: Use kuid_t and kgid_t types where appropriate.
      gfs2: Use uid_eq and gid_eq where appropriate
      gfs2: Convert uids and gids between dinodes and vfs inodes.
      gfs2: Enable building with user namespaces enabled
      ncpfs: Support interacting with multiple user namespaces
      nfs_common: Update the translation between nfsv3 acls linux posix acls
      sunrpc: Use userns friendly constants.
      sunrpc: Use kuid_t and kgid_t where appropriate
      sunrpc: Use uid_eq and gid_eq where appropriate
      sunrpc: Simplify auth_unix now that everything is a kgid_t
      sunrpc: Convert kuids and kgids to uids and gids for printing
      sunrpc: Use gid_valid to test for gid != INVALID_GID
      sunrpc: Update gss uid to security context mapping.
      sunrpc: Update svcgss xdr handle to rpsec_contect cache
      sunrpc: Hash uids by first computing their value in the initial userns
      sunrpc: Properly encode kuids and kgids in RPC_AUTH_UNIX credentials
      sunrpc: Properly encode kuids and kgids in auth.unix.gid rpc pipe upcalls.
      sunrpc: Properly decode kuids and kgids in RPC_AUTH_UNIX credentials
      nfs: Pass GLOBAL_ROOT_UID and GLOBAL_ROOT_GID to keyring alloc
      nfs: Convert struct nfs_fattr to Use kuid_t and kgid_t
      nfs: Convert idmap to use kuids and kgids
      nfs: Convert nfs2xdr to use kuids and kgids
      nfs: Convert nfs3xdr to use kuids and kgids
      nfs: Convert nfs4xdr to use kuids and kgids
      nfs: kuid and kgid conversions for nfs/inode.c
      nfs: Enable building with user namespaces enabled.
      nfsd: Remove declaration of nonexistent nfs4_acl_permisison
      nfsd: idmap use u32 not uid_t as the intermediate type
      nfsd: Convert idmap to use kuids and kgids
      nfsd: Remove nfsd_luid, nfsd_lgid, nfsd_ruid and nfsd_rgid
      nfsd: Convert nfs3xdr to use kuids and kgids
      nfsd: Convert nfsxdr to use kuids and kgids
      nfsd: Handle kuids and kgids in the nfs4acl to posix_acl conversion
      nfsd: Modify nfsd4_cb_sec to use kuids and kgids
      nfsd: Store ex_anon_uid and ex_anon_gid as kuids and kgids
      nfsd: Properly compare and initialize kuids and kgids
      nfsd: Enable building with user namespaces enabled.
      cifs: Override unmappable incoming uids and gids
      cifs: Use BUILD_BUG_ON to validate uids and gids are the same size
      cifs: Pass GLOBAL_ROOT_UID and GLOBAL_ROOT_GID to keyring_alloc
      cifs: Use kuids and kgids SID to uid/gid mapping
      cifs: Convert from a kuid before printing current_fsuid
      cifs: Modify struct cifs_unix_set_info_args to hold a kuid_t and a kgid_t
      cifs: Convert struct tcon_link to use a kuid.
      cifs: Convert struct cifs_fattr to use kuid and kgids
      cifs: Convert struct cifsFileInfo to use a kuid
      cifs: Modify struct smb_vol to use kuids and kgids
      cifs: Convert struct cifs_sb_info to use kuids and kgids
      cifs: Convert struct cifs_ses to use a kuid_t and a kgid_t
      cifs: Enable building with user namespaces enabled.

Gao feng (1):
      userns: Allow the unprivileged users to mount mqueue fs

Li Zefan (1):
      userns: Allow unprivileged reboot

 Documentation/namespaces/resource-control.txt |   14 +++
 fs/9p/fid.c                                   |   17 ++--
 fs/9p/v9fs.c                                  |   34 +++++--
 fs/9p/v9fs.h                                  |   10 +-
 fs/9p/vfs_inode.c                             |    6 +-
 fs/9p/vfs_inode_dotl.c                        |   10 +-
 fs/afs/afs.h                                  |   11 +--
 fs/afs/fsclient.c                             |   14 ++-
 fs/afs/inode.c                                |    6 +-
 fs/afs/super.c                                |    6 +
 fs/ceph/caps.c                                |   17 ++--
 fs/ceph/inode.c                               |   23 +++--
 fs/ceph/mds_client.c                          |    4 +-
 fs/ceph/mds_client.h                          |    4 +-
 fs/ceph/super.h                               |    4 +-
 fs/cifs/cifs_fs_sb.h                          |    8 +-
 fs/cifs/cifs_spnego.c                         |    6 +-
 fs/cifs/cifsacl.c                             |   47 ++++++---
 fs/cifs/cifsfs.c                              |   14 ++-
 fs/cifs/cifsglob.h                            |   22 ++--
 fs/cifs/cifspdu.h                             |    1 -
 fs/cifs/cifsproto.h                           |    9 +-
 fs/cifs/cifssmb.c                             |   10 ++-
 fs/cifs/connect.c                             |   66 +++++++++---
 fs/cifs/dir.c                                 |   18 ++--
 fs/cifs/file.c                                |    8 +-
 fs/cifs/inode.c                               |   50 ++++++----
 fs/cifs/misc.c                                |    2 +-
 fs/coda/cache.c                               |    4 +-
 fs/coda/coda_fs_i.h                           |    2 +-
 fs/coda/coda_linux.c                          |    8 +-
 fs/coda/inode.c                               |    6 +-
 fs/coda/psdev.c                               |    7 ++
 fs/coda/upcall.c                              |   10 +-
 fs/devpts/inode.c                             |   18 +++
 fs/gfs2/acl.c                                 |    2 +-
 fs/gfs2/bmap.c                                |    2 +-
 fs/gfs2/dir.c                                 |    2 +-
 fs/gfs2/glops.c                               |    4 +-
 fs/gfs2/incore.h                              |    3 +-
 fs/gfs2/inode.c                               |   32 +++---
 fs/gfs2/quota.c                               |  138 ++++++++++---------------
 fs/gfs2/quota.h                               |   15 ++--
 fs/gfs2/super.c                               |    6 +-
 fs/gfs2/sys.c                                 |   14 ++-
 fs/gfs2/xattr.c                               |    4 +-
 fs/ncpfs/inode.c                              |   55 ++++++----
 fs/ncpfs/ioctl.c                              |   25 +++--
 fs/ncpfs/ncp_fs_sb.h                          |    6 +-
 fs/nfs/idmap.c                                |   53 +++++++---
 fs/nfs/inode.c                                |   12 +-
 fs/nfs/nfs2xdr.c                              |   19 +++-
 fs/nfs/nfs3xdr.c                              |   18 +++-
 fs/nfs/nfs4xdr.c                              |   16 ++--
 fs/nfs_common/nfsacl.c                        |   41 +++++---
 fs/nfsd/acl.h                                 |    2 -
 fs/nfsd/auth.c                                |   12 +-
 fs/nfsd/auth.h                                |    6 -
 fs/nfsd/export.c                              |   22 +++--
 fs/nfsd/idmap.h                               |    8 +-
 fs/nfsd/nfs3xdr.c                             |   14 ++-
 fs/nfsd/nfs4acl.c                             |   63 ++++++++---
 fs/nfsd/nfs4idmap.c                           |   38 +++++--
 fs/nfsd/nfs4recover.c                         |    4 +-
 fs/nfsd/nfs4state.c                           |    6 +-
 fs/nfsd/nfs4xdr.c                             |   54 ++++++----
 fs/nfsd/nfsxdr.c                              |   14 ++-
 fs/nfsd/state.h                               |    4 +-
 fs/nfsd/vfs.c                                 |    8 +-
 fs/ocfs2/acl.c                                |   31 +++++-
 fs/ocfs2/dlmglue.c                            |    8 +-
 fs/ocfs2/file.c                               |   11 +-
 fs/ocfs2/inode.c                              |   12 +-
 fs/ocfs2/namei.c                              |    4 +-
 fs/ocfs2/refcounttree.c                       |    2 +-
 fs/ramfs/inode.c                              |    1 +
 include/linux/coda_psdev.h                    |    2 +-
 include/linux/nfs4.h                          |    6 +-
 include/linux/nfs_idmap.h                     |    9 +-
 include/linux/nfs_xdr.h                       |    4 +-
 include/linux/nfsd/export.h                   |    4 +-
 include/linux/sunrpc/auth.h                   |    7 +-
 include/linux/sunrpc/svcauth.h                |    4 +-
 include/linux/user_namespace.h                |   10 +-
 include/net/9p/9p.h                           |   14 ++--
 include/net/9p/client.h                       |   12 +-
 init/Kconfig                                  |   20 ++---
 ipc/mqueue.c                                  |    1 +
 kernel/sys.c                                  |    5 +-
 kernel/user.c                                 |    4 +-
 kernel/user_namespace.c                       |   62 +++++++++---
 mm/shmem.c                                    |    2 +
 net/9p/client.c                               |   43 +++++---
 net/9p/protocol.c                             |   49 ++++++++-
 net/ceph/ceph_common.c                        |    5 +
 net/sunrpc/auth.c                             |    6 +-
 net/sunrpc/auth_generic.c                     |   16 ++--
 net/sunrpc/auth_gss/auth_gss.c                |   45 +++++---
 net/sunrpc/auth_gss/svcauth_gss.c             |   18 +++-
 net/sunrpc/auth_unix.c                        |   36 +++----
 net/sunrpc/svcauth_unix.c                     |   43 +++++---
 101 files changed, 1058 insertions(+), 656 deletions(-)
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ