diff options
| author | Eric W. Biederman <ebiederm@xmission.com> | 2012-02-07 19:48:16 -0500 |
|---|---|---|
| committer | Eric W. Biederman <ebiederm@xmission.com> | 2012-09-06 22:37:10 -0400 |
| commit | 9582d90196aa879e6acf866f02a1adead08707b5 (patch) | |
| tree | aca09890296a7f51c6da530841388d392cb01d90 | |
| parent | 7dc05881b64792e0ea41293e9595cc962a716225 (diff) | |
userns: Convert process event connector to handle kuids and kgids
- Only allow asking for events from the initial user and pid namespace,
where we generate the events in.
- Convert kuids and kgids into the initial user namespace to report
them via the process event connector.
Cc: David Miller <davem@davemloft.net>
Acked-by: Evgeniy Polyakov <zbr@ioremap.net>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
| -rw-r--r-- | drivers/connector/cn_proc.c | 18 | ||||
| -rw-r--r-- | init/Kconfig | 1 |
2 files changed, 14 insertions, 5 deletions
diff --git a/drivers/connector/cn_proc.c b/drivers/connector/cn_proc.c index 3e92b7d3fcd2..fce2000eec31 100644 --- a/drivers/connector/cn_proc.c +++ b/drivers/connector/cn_proc.c | |||
| @@ -30,6 +30,7 @@ | |||
| 30 | #include <linux/gfp.h> | 30 | #include <linux/gfp.h> |
| 31 | #include <linux/ptrace.h> | 31 | #include <linux/ptrace.h> |
| 32 | #include <linux/atomic.h> | 32 | #include <linux/atomic.h> |
| 33 | #include <linux/pid_namespace.h> | ||
| 33 | 34 | ||
| 34 | #include <asm/unaligned.h> | 35 | #include <asm/unaligned.h> |
| 35 | 36 | ||
| @@ -127,11 +128,11 @@ void proc_id_connector(struct task_struct *task, int which_id) | |||
| 127 | rcu_read_lock(); | 128 | rcu_read_lock(); |
| 128 | cred = __task_cred(task); | 129 | cred = __task_cred(task); |
| 129 | if (which_id == PROC_EVENT_UID) { | 130 | if (which_id == PROC_EVENT_UID) { |
| 130 | ev->event_data.id.r.ruid = cred->uid; | 131 | ev->event_data.id.r.ruid = from_kuid_munged(&init_user_ns, cred->uid); |
| 131 | ev->event_data.id.e.euid = cred->euid; | 132 | ev->event_data.id.e.euid = from_kuid_munged(&init_user_ns, cred->euid); |
| 132 | } else if (which_id == PROC_EVENT_GID) { | 133 | } else if (which_id == PROC_EVENT_GID) { |
| 133 | ev->event_data.id.r.rgid = cred->gid; | 134 | ev->event_data.id.r.rgid = from_kgid_munged(&init_user_ns, cred->gid); |
| 134 | ev->event_data.id.e.egid = cred->egid; | 135 | ev->event_data.id.e.egid = from_kgid_munged(&init_user_ns, cred->egid); |
| 135 | } else { | 136 | } else { |
| 136 | rcu_read_unlock(); | 137 | rcu_read_unlock(); |
| 137 | return; | 138 | return; |
| @@ -303,6 +304,15 @@ static void cn_proc_mcast_ctl(struct cn_msg *msg, | |||
| 303 | if (msg->len != sizeof(*mc_op)) | 304 | if (msg->len != sizeof(*mc_op)) |
| 304 | return; | 305 | return; |
| 305 | 306 | ||
| 307 | /* | ||
| 308 | * Events are reported with respect to the initial pid | ||
| 309 | * and user namespaces so ignore requestors from | ||
| 310 | * other namespaces. | ||
| 311 | */ | ||
| 312 | if ((current_user_ns() != &init_user_ns) || | ||
| 313 | (task_active_pid_ns(current) != &init_pid_ns)) | ||
| 314 | return; | ||
| 315 | |||
| 306 | mc_op = (enum proc_cn_mcast_op *)msg->data; | 316 | mc_op = (enum proc_cn_mcast_op *)msg->data; |
| 307 | switch (*mc_op) { | 317 | switch (*mc_op) { |
| 308 | case PROC_CN_MCAST_LISTEN: | 318 | case PROC_CN_MCAST_LISTEN: |
diff --git a/init/Kconfig b/init/Kconfig index 071dbb4928ef..7d4422c92cca 100644 --- a/init/Kconfig +++ b/init/Kconfig | |||
| @@ -938,7 +938,6 @@ config UIDGID_CONVERTED | |||
| 938 | depends on QUOTACTL = n | 938 | depends on QUOTACTL = n |
| 939 | depends on BSD_PROCESS_ACCT = n | 939 | depends on BSD_PROCESS_ACCT = n |
| 940 | depends on DRM = n | 940 | depends on DRM = n |
| 941 | depends on PROC_EVENTS = n | ||
| 942 | 941 | ||
| 943 | # Networking | 942 | # Networking |
| 944 | depends on NET_9P = n | 943 | depends on NET_9P = n |