diff options
| author | Eric W. Biederman <ebiederm@xmission.com> | 2012-02-07 19:54:11 -0500 |
|---|---|---|
| committer | Eric W. Biederman <ebiederm@xmission.com> | 2012-09-07 01:17:20 -0400 |
| commit | 1efdb69b0bb41dec8ee3e2cac0a0f167837d0919 (patch) | |
| tree | a9eb64c44d773e7b4fead20a7bfa9a354abf3bfa /ipc/shm.c | |
| parent | 9582d90196aa879e6acf866f02a1adead08707b5 (diff) | |
userns: Convert ipc to use kuid and kgid where appropriate
- Store the ipc owner and creator with a kuid
- Store the ipc group and the crators group with a kgid.
- Add error handling to ipc_update_perms, allowing it to
fail if the uids and gids can not be converted to kuids
or kgids.
- Modify the proc files to display the ipc creator and
owner in the user namespace of the opener of the proc file.
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Diffstat (limited to 'ipc/shm.c')
| -rw-r--r-- | ipc/shm.c | 19 |
1 files changed, 11 insertions, 8 deletions
| @@ -758,7 +758,9 @@ static int shmctl_down(struct ipc_namespace *ns, int shmid, int cmd, | |||
| 758 | do_shm_rmid(ns, ipcp); | 758 | do_shm_rmid(ns, ipcp); |
| 759 | goto out_up; | 759 | goto out_up; |
| 760 | case IPC_SET: | 760 | case IPC_SET: |
| 761 | ipc_update_perm(&shmid64.shm_perm, ipcp); | 761 | err = ipc_update_perm(&shmid64.shm_perm, ipcp); |
| 762 | if (err) | ||
| 763 | goto out_unlock; | ||
| 762 | shp->shm_ctim = get_seconds(); | 764 | shp->shm_ctim = get_seconds(); |
| 763 | break; | 765 | break; |
| 764 | default: | 766 | default: |
| @@ -893,10 +895,10 @@ SYSCALL_DEFINE3(shmctl, int, shmid, int, cmd, struct shmid_ds __user *, buf) | |||
| 893 | audit_ipc_obj(&(shp->shm_perm)); | 895 | audit_ipc_obj(&(shp->shm_perm)); |
| 894 | 896 | ||
| 895 | if (!ns_capable(ns->user_ns, CAP_IPC_LOCK)) { | 897 | if (!ns_capable(ns->user_ns, CAP_IPC_LOCK)) { |
| 896 | uid_t euid = current_euid(); | 898 | kuid_t euid = current_euid(); |
| 897 | err = -EPERM; | 899 | err = -EPERM; |
| 898 | if (euid != shp->shm_perm.uid && | 900 | if (!uid_eq(euid, shp->shm_perm.uid) && |
| 899 | euid != shp->shm_perm.cuid) | 901 | !uid_eq(euid, shp->shm_perm.cuid)) |
| 900 | goto out_unlock; | 902 | goto out_unlock; |
| 901 | if (cmd == SHM_LOCK && !rlimit(RLIMIT_MEMLOCK)) | 903 | if (cmd == SHM_LOCK && !rlimit(RLIMIT_MEMLOCK)) |
| 902 | goto out_unlock; | 904 | goto out_unlock; |
| @@ -1220,6 +1222,7 @@ SYSCALL_DEFINE1(shmdt, char __user *, shmaddr) | |||
| 1220 | #ifdef CONFIG_PROC_FS | 1222 | #ifdef CONFIG_PROC_FS |
| 1221 | static int sysvipc_shm_proc_show(struct seq_file *s, void *it) | 1223 | static int sysvipc_shm_proc_show(struct seq_file *s, void *it) |
| 1222 | { | 1224 | { |
| 1225 | struct user_namespace *user_ns = seq_user_ns(s); | ||
| 1223 | struct shmid_kernel *shp = it; | 1226 | struct shmid_kernel *shp = it; |
| 1224 | unsigned long rss = 0, swp = 0; | 1227 | unsigned long rss = 0, swp = 0; |
| 1225 | 1228 | ||
| @@ -1242,10 +1245,10 @@ static int sysvipc_shm_proc_show(struct seq_file *s, void *it) | |||
| 1242 | shp->shm_cprid, | 1245 | shp->shm_cprid, |
| 1243 | shp->shm_lprid, | 1246 | shp->shm_lprid, |
| 1244 | shp->shm_nattch, | 1247 | shp->shm_nattch, |
| 1245 | shp->shm_perm.uid, | 1248 | from_kuid_munged(user_ns, shp->shm_perm.uid), |
| 1246 | shp->shm_perm.gid, | 1249 | from_kgid_munged(user_ns, shp->shm_perm.gid), |
| 1247 | shp->shm_perm.cuid, | 1250 | from_kuid_munged(user_ns, shp->shm_perm.cuid), |
| 1248 | shp->shm_perm.cgid, | 1251 | from_kgid_munged(user_ns, shp->shm_perm.cgid), |
| 1249 | shp->shm_atim, | 1252 | shp->shm_atim, |
| 1250 | shp->shm_dtim, | 1253 | shp->shm_dtim, |
| 1251 | shp->shm_ctim, | 1254 | shp->shm_ctim, |