diff options
| author | Eric W. Biederman <ebiederm@xmission.com> | 2012-02-09 11:48:21 -0500 |
|---|---|---|
| committer | Eric W. Biederman <ebiederm@xmission.com> | 2012-05-15 17:59:28 -0400 |
| commit | dcb0f22282e680ee5202ab7574ce78beb3803a9f (patch) | |
| tree | dce64929607bc1cc79b08e9c207c27792988ff39 | |
| parent | 08cefc7ab839cf3ece44b8033968a4732eac06d8 (diff) | |
userns: Convert proc to use kuid/kgid where appropriate
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
| -rw-r--r-- | fs/proc/array.c | 10 | ||||
| -rw-r--r-- | fs/proc/base.c | 16 | ||||
| -rw-r--r-- | fs/proc/inode.c | 4 | ||||
| -rw-r--r-- | fs/proc/root.c | 2 | ||||
| -rw-r--r-- | include/linux/pid_namespace.h | 2 | ||||
| -rw-r--r-- | include/linux/proc_fs.h | 4 | ||||
| -rw-r--r-- | init/Kconfig | 1 |
7 files changed, 22 insertions, 17 deletions
diff --git a/fs/proc/array.c b/fs/proc/array.c index 36a0a9192ece..dc4c5a7b9ece 100644 --- a/fs/proc/array.c +++ b/fs/proc/array.c | |||
| @@ -191,8 +191,14 @@ static inline void task_state(struct seq_file *m, struct pid_namespace *ns, | |||
| 191 | task_tgid_nr_ns(p, ns), | 191 | task_tgid_nr_ns(p, ns), |
| 192 | pid_nr_ns(pid, ns), | 192 | pid_nr_ns(pid, ns), |
| 193 | ppid, tpid, | 193 | ppid, tpid, |
| 194 | cred->uid, cred->euid, cred->suid, cred->fsuid, | 194 | from_kuid_munged(user_ns, cred->uid), |
| 195 | cred->gid, cred->egid, cred->sgid, cred->fsgid); | 195 | from_kuid_munged(user_ns, cred->euid), |
| 196 | from_kuid_munged(user_ns, cred->suid), | ||
| 197 | from_kuid_munged(user_ns, cred->fsuid), | ||
| 198 | from_kgid_munged(user_ns, cred->gid), | ||
| 199 | from_kgid_munged(user_ns, cred->egid), | ||
| 200 | from_kgid_munged(user_ns, cred->sgid), | ||
| 201 | from_kgid_munged(user_ns, cred->fsgid)); | ||
| 196 | 202 | ||
| 197 | task_lock(p); | 203 | task_lock(p); |
| 198 | if (p->files) | 204 | if (p->files) |
diff --git a/fs/proc/base.c b/fs/proc/base.c index 2ee514c7e64a..c47904994b78 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c | |||
| @@ -1562,8 +1562,8 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat) | |||
| 1562 | generic_fillattr(inode, stat); | 1562 | generic_fillattr(inode, stat); |
| 1563 | 1563 | ||
| 1564 | rcu_read_lock(); | 1564 | rcu_read_lock(); |
| 1565 | stat->uid = 0; | 1565 | stat->uid = GLOBAL_ROOT_UID; |
| 1566 | stat->gid = 0; | 1566 | stat->gid = GLOBAL_ROOT_GID; |
| 1567 | task = pid_task(proc_pid(inode), PIDTYPE_PID); | 1567 | task = pid_task(proc_pid(inode), PIDTYPE_PID); |
| 1568 | if (task) { | 1568 | if (task) { |
| 1569 | if (!has_pid_permissions(pid, task, 2)) { | 1569 | if (!has_pid_permissions(pid, task, 2)) { |
| @@ -1623,8 +1623,8 @@ int pid_revalidate(struct dentry *dentry, struct nameidata *nd) | |||
| 1623 | inode->i_gid = cred->egid; | 1623 | inode->i_gid = cred->egid; |
| 1624 | rcu_read_unlock(); | 1624 | rcu_read_unlock(); |
| 1625 | } else { | 1625 | } else { |
| 1626 | inode->i_uid = 0; | 1626 | inode->i_uid = GLOBAL_ROOT_UID; |
| 1627 | inode->i_gid = 0; | 1627 | inode->i_gid = GLOBAL_ROOT_GID; |
| 1628 | } | 1628 | } |
| 1629 | inode->i_mode &= ~(S_ISUID | S_ISGID); | 1629 | inode->i_mode &= ~(S_ISUID | S_ISGID); |
| 1630 | security_task_to_inode(task, inode); | 1630 | security_task_to_inode(task, inode); |
| @@ -1811,8 +1811,8 @@ static int tid_fd_revalidate(struct dentry *dentry, struct nameidata *nd) | |||
| 1811 | inode->i_gid = cred->egid; | 1811 | inode->i_gid = cred->egid; |
| 1812 | rcu_read_unlock(); | 1812 | rcu_read_unlock(); |
| 1813 | } else { | 1813 | } else { |
| 1814 | inode->i_uid = 0; | 1814 | inode->i_uid = GLOBAL_ROOT_UID; |
| 1815 | inode->i_gid = 0; | 1815 | inode->i_gid = GLOBAL_ROOT_GID; |
| 1816 | } | 1816 | } |
| 1817 | inode->i_mode &= ~(S_ISUID | S_ISGID); | 1817 | inode->i_mode &= ~(S_ISUID | S_ISGID); |
| 1818 | security_task_to_inode(task, inode); | 1818 | security_task_to_inode(task, inode); |
| @@ -2061,8 +2061,8 @@ static int map_files_d_revalidate(struct dentry *dentry, struct nameidata *nd) | |||
| 2061 | inode->i_gid = cred->egid; | 2061 | inode->i_gid = cred->egid; |
| 2062 | rcu_read_unlock(); | 2062 | rcu_read_unlock(); |
| 2063 | } else { | 2063 | } else { |
| 2064 | inode->i_uid = 0; | 2064 | inode->i_uid = GLOBAL_ROOT_UID; |
| 2065 | inode->i_gid = 0; | 2065 | inode->i_gid = GLOBAL_ROOT_GID; |
| 2066 | } | 2066 | } |
| 2067 | security_task_to_inode(task, inode); | 2067 | security_task_to_inode(task, inode); |
| 2068 | status = 1; | 2068 | status = 1; |
diff --git a/fs/proc/inode.c b/fs/proc/inode.c index 205c92280838..554ecc54799f 100644 --- a/fs/proc/inode.c +++ b/fs/proc/inode.c | |||
| @@ -108,8 +108,8 @@ static int proc_show_options(struct seq_file *seq, struct dentry *root) | |||
| 108 | struct super_block *sb = root->d_sb; | 108 | struct super_block *sb = root->d_sb; |
| 109 | struct pid_namespace *pid = sb->s_fs_info; | 109 | struct pid_namespace *pid = sb->s_fs_info; |
| 110 | 110 | ||
| 111 | if (pid->pid_gid) | 111 | if (!gid_eq(pid->pid_gid, GLOBAL_ROOT_GID)) |
| 112 | seq_printf(seq, ",gid=%lu", (unsigned long)pid->pid_gid); | 112 | seq_printf(seq, ",gid=%u", from_kgid_munged(&init_user_ns, pid->pid_gid)); |
| 113 | if (pid->hide_pid != 0) | 113 | if (pid->hide_pid != 0) |
| 114 | seq_printf(seq, ",hidepid=%u", pid->hide_pid); | 114 | seq_printf(seq, ",hidepid=%u", pid->hide_pid); |
| 115 | 115 | ||
diff --git a/fs/proc/root.c b/fs/proc/root.c index 46a15d8a29ca..df4e4561dbbf 100644 --- a/fs/proc/root.c +++ b/fs/proc/root.c | |||
| @@ -67,7 +67,7 @@ static int proc_parse_options(char *options, struct pid_namespace *pid) | |||
| 67 | case Opt_gid: | 67 | case Opt_gid: |
| 68 | if (match_int(&args[0], &option)) | 68 | if (match_int(&args[0], &option)) |
| 69 | return 0; | 69 | return 0; |
| 70 | pid->pid_gid = option; | 70 | pid->pid_gid = make_kgid(current_user_ns(), option); |
| 71 | break; | 71 | break; |
| 72 | case Opt_hidepid: | 72 | case Opt_hidepid: |
| 73 | if (match_int(&args[0], &option)) | 73 | if (match_int(&args[0], &option)) |
diff --git a/include/linux/pid_namespace.h b/include/linux/pid_namespace.h index b067bd8c49d0..00474b047145 100644 --- a/include/linux/pid_namespace.h +++ b/include/linux/pid_namespace.h | |||
| @@ -31,7 +31,7 @@ struct pid_namespace { | |||
| 31 | #ifdef CONFIG_BSD_PROCESS_ACCT | 31 | #ifdef CONFIG_BSD_PROCESS_ACCT |
| 32 | struct bsd_acct_struct *bacct; | 32 | struct bsd_acct_struct *bacct; |
| 33 | #endif | 33 | #endif |
| 34 | gid_t pid_gid; | 34 | kgid_t pid_gid; |
| 35 | int hide_pid; | 35 | int hide_pid; |
| 36 | int reboot; /* group exit code if this pidns was rebooted */ | 36 | int reboot; /* group exit code if this pidns was rebooted */ |
| 37 | }; | 37 | }; |
diff --git a/include/linux/proc_fs.h b/include/linux/proc_fs.h index 85c507306239..3fd2e871ff1b 100644 --- a/include/linux/proc_fs.h +++ b/include/linux/proc_fs.h | |||
| @@ -52,8 +52,8 @@ struct proc_dir_entry { | |||
| 52 | unsigned int low_ino; | 52 | unsigned int low_ino; |
| 53 | umode_t mode; | 53 | umode_t mode; |
| 54 | nlink_t nlink; | 54 | nlink_t nlink; |
| 55 | uid_t uid; | 55 | kuid_t uid; |
| 56 | gid_t gid; | 56 | kgid_t gid; |
| 57 | loff_t size; | 57 | loff_t size; |
| 58 | const struct inode_operations *proc_iops; | 58 | const struct inode_operations *proc_iops; |
| 59 | /* | 59 | /* |
diff --git a/init/Kconfig b/init/Kconfig index 0e7d30ba8ebb..7bebe91367c5 100644 --- a/init/Kconfig +++ b/init/Kconfig | |||
| @@ -948,7 +948,6 @@ config UIDGID_CONVERTED | |||
| 948 | depends on NTFS_FS = n | 948 | depends on NTFS_FS = n |
| 949 | depends on OCFS2_FS = n | 949 | depends on OCFS2_FS = n |
| 950 | depends on OMFS_FS = n | 950 | depends on OMFS_FS = n |
| 951 | depends on PROC_FS = n | ||
| 952 | depends on PROC_SYSCTL = n | 951 | depends on PROC_SYSCTL = n |
| 953 | depends on QNX4FS_FS = n | 952 | depends on QNX4FS_FS = n |
| 954 | depends on QNX6FS_FS = n | 953 | depends on QNX6FS_FS = n |