aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEric W. Biederman <ebiederm@xmission.com>2011-11-17 00:59:43 -0500
committerEric W. Biederman <ebiederm@xmission.com>2012-04-07 19:55:52 -0400
commitaeb3ae9da9b50a386b22af786d19b623e8d9f0fa (patch)
tree3db9772ea99c931914bec7ded51f896f1d2e24ec
parent0093ccb68f3753c0ba4d74c89d7e0f444b8d6123 (diff)
userns: Add an explicit reference to the parent user namespace
I am about to remove the struct user_namespace reference from struct user_struct. So keep an explicit track of the parent user namespace. Take advantage of this new reference and replace instances of user_ns->creator->user_ns with user_ns->parent. Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
-rw-r--r--include/linux/user_namespace.h1
-rw-r--r--kernel/user_namespace.c13
-rw-r--r--security/commoncap.c2
3 files changed, 8 insertions, 8 deletions
diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h
index faf467944baf..dc2d85a76376 100644
--- a/include/linux/user_namespace.h
+++ b/include/linux/user_namespace.h
@@ -12,6 +12,7 @@
12struct user_namespace { 12struct user_namespace {
13 struct kref kref; 13 struct kref kref;
14 struct hlist_head uidhash_table[UIDHASH_SZ]; 14 struct hlist_head uidhash_table[UIDHASH_SZ];
15 struct user_namespace *parent;
15 struct user_struct *creator; 16 struct user_struct *creator;
16 struct work_struct destroyer; 17 struct work_struct destroyer;
17}; 18};
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
index 58bb8781a778..c15e533d6bc5 100644
--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
@@ -45,6 +45,7 @@ int create_user_ns(struct cred *new)
45 } 45 }
46 46
47 /* set the new root user in the credentials under preparation */ 47 /* set the new root user in the credentials under preparation */
48 ns->parent = parent_ns;
48 ns->creator = new->user; 49 ns->creator = new->user;
49 new->user = root_user; 50 new->user = root_user;
50 new->uid = new->euid = new->suid = new->fsuid = 0; 51 new->uid = new->euid = new->suid = new->fsuid = 0;
@@ -60,8 +61,6 @@ int create_user_ns(struct cred *new)
60 /* Leave the reference to our user_ns with the new cred */ 61 /* Leave the reference to our user_ns with the new cred */
61 new->user_ns = ns; 62 new->user_ns = ns;
62 63
63 put_user_ns(parent_ns);
64
65 return 0; 64 return 0;
66} 65}
67 66
@@ -72,10 +71,12 @@ int create_user_ns(struct cred *new)
72 */ 71 */
73static void free_user_ns_work(struct work_struct *work) 72static void free_user_ns_work(struct work_struct *work)
74{ 73{
75 struct user_namespace *ns = 74 struct user_namespace *parent, *ns =
76 container_of(work, struct user_namespace, destroyer); 75 container_of(work, struct user_namespace, destroyer);
76 parent = ns->parent;
77 free_uid(ns->creator); 77 free_uid(ns->creator);
78 kmem_cache_free(user_ns_cachep, ns); 78 kmem_cache_free(user_ns_cachep, ns);
79 put_user_ns(parent);
79} 80}
80 81
81void free_user_ns(struct kref *kref) 82void free_user_ns(struct kref *kref)
@@ -99,8 +100,7 @@ uid_t user_ns_map_uid(struct user_namespace *to, const struct cred *cred, uid_t
99 /* Is cred->user the creator of the target user_ns 100 /* Is cred->user the creator of the target user_ns
100 * or the creator of one of it's parents? 101 * or the creator of one of it's parents?
101 */ 102 */
102 for ( tmp = to; tmp != &init_user_ns; 103 for ( tmp = to; tmp != &init_user_ns; tmp = tmp->parent ) {
103 tmp = tmp->creator->user_ns ) {
104 if (cred->user == tmp->creator) { 104 if (cred->user == tmp->creator) {
105 return (uid_t)0; 105 return (uid_t)0;
106 } 106 }
@@ -120,8 +120,7 @@ gid_t user_ns_map_gid(struct user_namespace *to, const struct cred *cred, gid_t
120 /* Is cred->user the creator of the target user_ns 120 /* Is cred->user the creator of the target user_ns
121 * or the creator of one of it's parents? 121 * or the creator of one of it's parents?
122 */ 122 */
123 for ( tmp = to; tmp != &init_user_ns; 123 for ( tmp = to; tmp != &init_user_ns; tmp = tmp->parent ) {
124 tmp = tmp->creator->user_ns ) {
125 if (cred->user == tmp->creator) { 124 if (cred->user == tmp->creator) {
126 return (gid_t)0; 125 return (gid_t)0;
127 } 126 }
diff --git a/security/commoncap.c b/security/commoncap.c
index 8b3e10e2eac7..435d074853f3 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -92,7 +92,7 @@ int cap_capable(const struct cred *cred, struct user_namespace *targ_ns,
92 *If you have a capability in a parent user ns, then you have 92 *If you have a capability in a parent user ns, then you have
93 * it over all children user namespaces as well. 93 * it over all children user namespaces as well.
94 */ 94 */
95 targ_ns = targ_ns->creator->user_ns; 95 targ_ns = targ_ns->parent;
96 } 96 }
97 97
98 /* We never get here */ 98 /* We never get here */