aboutsummaryrefslogtreecommitdiffstats
path: root/fs/ecryptfs/messaging.c
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2008-12-28 14:43:54 -0500
committerLinus Torvalds <torvalds@linux-foundation.org>2008-12-28 14:43:54 -0500
commitbb26c6c29b7cc9f39e491b074b09f3c284738d36 (patch)
treec7867af2bb4ff0feae889183efcd4d79b0f9a325 /fs/ecryptfs/messaging.c
parente14e61e967f2b3bdf23f05e4ae5b9aa830151a44 (diff)
parentcbacc2c7f066a1e01b33b0e27ae5efbf534bc2db (diff)
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: (105 commits) SELinux: don't check permissions for kernel mounts security: pass mount flags to security_sb_kern_mount() SELinux: correctly detect proc filesystems of the form "proc/foo" Audit: Log TIOCSTI user namespaces: document CFS behavior user namespaces: require cap_set{ug}id for CLONE_NEWUSER user namespaces: let user_ns be cloned with fairsched CRED: fix sparse warnings User namespaces: use the current_user_ns() macro User namespaces: set of cleanups (v2) nfsctl: add headers for credentials coda: fix creds reference capabilities: define get_vfs_caps_from_disk when file caps are not enabled CRED: Allow kernel services to override LSM settings for task actions CRED: Add a kernel_service object class to SELinux CRED: Differentiate objective and effective subjective credentials on a task CRED: Documentation CRED: Use creds in file structs CRED: Prettify commoncap.c CRED: Make execve() take advantage of copy-on-write credentials ...
Diffstat (limited to 'fs/ecryptfs/messaging.c')
-rw-r--r--fs/ecryptfs/messaging.c27
1 files changed, 14 insertions, 13 deletions
diff --git a/fs/ecryptfs/messaging.c b/fs/ecryptfs/messaging.c
index c6983978a31e..6913f727624d 100644
--- a/fs/ecryptfs/messaging.c
+++ b/fs/ecryptfs/messaging.c
@@ -360,7 +360,8 @@ int ecryptfs_process_response(struct ecryptfs_message *msg, uid_t euid,
360 struct ecryptfs_msg_ctx *msg_ctx; 360 struct ecryptfs_msg_ctx *msg_ctx;
361 size_t msg_size; 361 size_t msg_size;
362 struct nsproxy *nsproxy; 362 struct nsproxy *nsproxy;
363 struct user_namespace *current_user_ns; 363 struct user_namespace *tsk_user_ns;
364 uid_t ctx_euid;
364 int rc; 365 int rc;
365 366
366 if (msg->index >= ecryptfs_message_buf_len) { 367 if (msg->index >= ecryptfs_message_buf_len) {
@@ -384,9 +385,9 @@ int ecryptfs_process_response(struct ecryptfs_message *msg, uid_t euid,
384 mutex_unlock(&ecryptfs_daemon_hash_mux); 385 mutex_unlock(&ecryptfs_daemon_hash_mux);
385 goto wake_up; 386 goto wake_up;
386 } 387 }
387 current_user_ns = nsproxy->user_ns; 388 tsk_user_ns = __task_cred(msg_ctx->task)->user->user_ns;
388 rc = ecryptfs_find_daemon_by_euid(&daemon, msg_ctx->task->euid, 389 ctx_euid = task_euid(msg_ctx->task);
389 current_user_ns); 390 rc = ecryptfs_find_daemon_by_euid(&daemon, ctx_euid, tsk_user_ns);
390 rcu_read_unlock(); 391 rcu_read_unlock();
391 mutex_unlock(&ecryptfs_daemon_hash_mux); 392 mutex_unlock(&ecryptfs_daemon_hash_mux);
392 if (rc) { 393 if (rc) {
@@ -394,28 +395,28 @@ int ecryptfs_process_response(struct ecryptfs_message *msg, uid_t euid,
394 printk(KERN_WARNING "%s: User [%d] received a " 395 printk(KERN_WARNING "%s: User [%d] received a "
395 "message response from process [0x%p] but does " 396 "message response from process [0x%p] but does "
396 "not have a registered daemon\n", __func__, 397 "not have a registered daemon\n", __func__,
397 msg_ctx->task->euid, pid); 398 ctx_euid, pid);
398 goto wake_up; 399 goto wake_up;
399 } 400 }
400 if (msg_ctx->task->euid != euid) { 401 if (ctx_euid != euid) {
401 rc = -EBADMSG; 402 rc = -EBADMSG;
402 printk(KERN_WARNING "%s: Received message from user " 403 printk(KERN_WARNING "%s: Received message from user "
403 "[%d]; expected message from user [%d]\n", __func__, 404 "[%d]; expected message from user [%d]\n", __func__,
404 euid, msg_ctx->task->euid); 405 euid, ctx_euid);
405 goto unlock; 406 goto unlock;
406 } 407 }
407 if (current_user_ns != user_ns) { 408 if (tsk_user_ns != user_ns) {
408 rc = -EBADMSG; 409 rc = -EBADMSG;
409 printk(KERN_WARNING "%s: Received message from user_ns " 410 printk(KERN_WARNING "%s: Received message from user_ns "
410 "[0x%p]; expected message from user_ns [0x%p]\n", 411 "[0x%p]; expected message from user_ns [0x%p]\n",
411 __func__, user_ns, nsproxy->user_ns); 412 __func__, user_ns, tsk_user_ns);
412 goto unlock; 413 goto unlock;
413 } 414 }
414 if (daemon->pid != pid) { 415 if (daemon->pid != pid) {
415 rc = -EBADMSG; 416 rc = -EBADMSG;
416 printk(KERN_ERR "%s: User [%d] sent a message response " 417 printk(KERN_ERR "%s: User [%d] sent a message response "
417 "from an unrecognized process [0x%p]\n", 418 "from an unrecognized process [0x%p]\n",
418 __func__, msg_ctx->task->euid, pid); 419 __func__, ctx_euid, pid);
419 goto unlock; 420 goto unlock;
420 } 421 }
421 if (msg_ctx->state != ECRYPTFS_MSG_CTX_STATE_PENDING) { 422 if (msg_ctx->state != ECRYPTFS_MSG_CTX_STATE_PENDING) {
@@ -464,14 +465,14 @@ ecryptfs_send_message_locked(char *data, int data_len, u8 msg_type,
464 struct ecryptfs_msg_ctx **msg_ctx) 465 struct ecryptfs_msg_ctx **msg_ctx)
465{ 466{
466 struct ecryptfs_daemon *daemon; 467 struct ecryptfs_daemon *daemon;
468 uid_t euid = current_euid();
467 int rc; 469 int rc;
468 470
469 rc = ecryptfs_find_daemon_by_euid(&daemon, current->euid, 471 rc = ecryptfs_find_daemon_by_euid(&daemon, euid, current_user_ns());
470 current->nsproxy->user_ns);
471 if (rc || !daemon) { 472 if (rc || !daemon) {
472 rc = -ENOTCONN; 473 rc = -ENOTCONN;
473 printk(KERN_ERR "%s: User [%d] does not have a daemon " 474 printk(KERN_ERR "%s: User [%d] does not have a daemon "
474 "registered\n", __func__, current->euid); 475 "registered\n", __func__, euid);
475 goto out; 476 goto out;
476 } 477 }
477 mutex_lock(&ecryptfs_msg_ctx_lists_mux); 478 mutex_lock(&ecryptfs_msg_ctx_lists_mux);
generated by cgit v1.2.2 (git 2.25.0) at 2025-05-10 13:38:04 -0400