[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-id: <1438334936.2081.6.camel@samsung.com>
Date: Fri, 31 Jul 2015 11:28:56 +0200
From: Lukasz Pawelczyk <l.pawelczyk@...sung.com>
To: "Serge E. Hallyn" <serge@...lyn.com>
Cc: "Eric W. Biederman" <ebiederm@...ssion.com>,
Al Viro <viro@...iv.linux.org.uk>,
Alexey Dobriyan <adobriyan@...il.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Andy Lutomirski <luto@...capital.net>,
Arnd Bergmann <arnd@...db.de>,
Casey Schaufler <casey@...aufler-ca.com>,
David Howells <dhowells@...hat.com>,
Eric Dumazet <edumazet@...gle.com>,
Eric Paris <eparis@...isplace.org>,
Fabian Frederick <fabf@...net.be>,
Greg KH <gregkh@...uxfoundation.org>,
James Morris <james.l.morris@...cle.com>,
Jiri Slaby <jslaby@...e.com>, Joe Perches <joe@...ches.com>,
John Johansen <john.johansen@...onical.com>,
Jonathan Corbet <corbet@....net>,
Kees Cook <keescook@...omium.org>,
Mauro Carvalho Chehab <mchehab@....samsung.com>,
NeilBrown <neilb@...e.de>, Oleg Nesterov <oleg@...hat.com>,
Paul Moore <paul@...l-moore.com>,
Stephen Smalley <sds@...ho.nsa.gov>,
Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>,
Zefan Li <lizefan@...wei.com>, linux-doc@...r.kernel.org,
linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org, selinux@...ho.nsa.gov,
havner@...il.com
Subject: Re: [PATCH v3 01/11] user_ns: 3 new LSM hooks for user namespace
operations
On czw, 2015-07-30 at 16:30 -0500, Serge E. Hallyn wrote:
> On Fri, Jul 24, 2015 at 12:04:35PM +0200, Lukasz Pawelczyk wrote:
> > @@ -969,6 +982,7 @@ static int userns_install(struct nsproxy
> > *nsproxy, struct ns_common *ns)
> > {
> > struct user_namespace *user_ns = to_user_ns(ns);
> > struct cred *cred;
> > + int err;
> >
> > /* Don't allow gaining capabilities by reentering
> > * the same user namespace.
> > @@ -986,6 +1000,10 @@ static int userns_install(struct nsproxy
> > *nsproxy, struct ns_common *ns)
> > if (!ns_capable(user_ns, CAP_SYS_ADMIN))
> > return -EPERM;
> >
> > + err = security_userns_setns(nsproxy, user_ns);
> > + if (err)
> > + return err;
>
> So at this point the LSM thinks current is in the new ns. If
> prepare_creds() fails below, should it be informed of that?
> (Or am I over-thinking this?)
>
> > +
> > cred = prepare_creds();
> > if (!cred)
> > return -ENOMEM;
Hmm, the use case for this hook I had in mind was just to allow or
disallow the operation based on the information passed in arguments.
Not to register the current in any way so LSM can think it is or isn't
in the new namespace.
I think that any other LSM check that would like to know in what
namespace the current is, would just check that from current's creds.
Not use some stale and duplicated information the above hook could have
registered.
I see no reason for this hook to change the LSM state, only to answer
the question: allowed/disallowed (eventually return an error cause it
is unable to give an answer which falls into the disallow category).
--
Lukasz Pawelczyk
Samsung R&D Institute Poland
Samsung Electronics
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists