diff options
| author | Eric W. Biederman <ebiederm@xmission.com> | 2012-09-11 01:39:43 -0400 |
|---|---|---|
| committer | Eric W. Biederman <ebiederm@xmission.com> | 2012-09-17 21:08:54 -0400 |
| commit | e1760bd5ffae8cb98cffb030ee8e631eba28f3d8 (patch) | |
| tree | 4694a60b407c418bf7de4b97355dc3bd0e6c6559 /fs/proc/base.c | |
| parent | ca57ec0f00c3f139c41bf6b0a5b9bcc95bbb2ad7 (diff) | |
userns: Convert the audit loginuid to be a kuid
Always store audit loginuids in type kuid_t.
Print loginuids by converting them into uids in the appropriate user
namespace, and then printing the resulting uid.
Modify audit_get_loginuid to return a kuid_t.
Modify audit_set_loginuid to take a kuid_t.
Modify /proc/<pid>/loginuid on read to convert the loginuid into the
user namespace of the opener of the file.
Modify /proc/<pid>/loginud on write to convert the loginuid
rom the user namespace of the opener of the file.
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Eric Paris <eparis@redhat.com>
Cc: Paul Moore <paul@paul-moore.com> ?
Cc: David Miller <davem@davemloft.net>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Diffstat (limited to 'fs/proc/base.c')
| -rw-r--r-- | fs/proc/base.c | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/fs/proc/base.c b/fs/proc/base.c index 1b6c84cbdb73..138cff4b05dd 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c | |||
| @@ -1089,7 +1089,8 @@ static ssize_t proc_loginuid_read(struct file * file, char __user * buf, | |||
| 1089 | if (!task) | 1089 | if (!task) |
| 1090 | return -ESRCH; | 1090 | return -ESRCH; |
| 1091 | length = scnprintf(tmpbuf, TMPBUFLEN, "%u", | 1091 | length = scnprintf(tmpbuf, TMPBUFLEN, "%u", |
| 1092 | audit_get_loginuid(task)); | 1092 | from_kuid(file->f_cred->user_ns, |
| 1093 | audit_get_loginuid(task))); | ||
| 1093 | put_task_struct(task); | 1094 | put_task_struct(task); |
| 1094 | return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); | 1095 | return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); |
| 1095 | } | 1096 | } |
| @@ -1101,6 +1102,7 @@ static ssize_t proc_loginuid_write(struct file * file, const char __user * buf, | |||
| 1101 | char *page, *tmp; | 1102 | char *page, *tmp; |
| 1102 | ssize_t length; | 1103 | ssize_t length; |
| 1103 | uid_t loginuid; | 1104 | uid_t loginuid; |
| 1105 | kuid_t kloginuid; | ||
| 1104 | 1106 | ||
| 1105 | rcu_read_lock(); | 1107 | rcu_read_lock(); |
| 1106 | if (current != pid_task(proc_pid(inode), PIDTYPE_PID)) { | 1108 | if (current != pid_task(proc_pid(inode), PIDTYPE_PID)) { |
| @@ -1130,7 +1132,13 @@ static ssize_t proc_loginuid_write(struct file * file, const char __user * buf, | |||
| 1130 | goto out_free_page; | 1132 | goto out_free_page; |
| 1131 | 1133 | ||
| 1132 | } | 1134 | } |
| 1133 | length = audit_set_loginuid(loginuid); | 1135 | kloginuid = make_kuid(file->f_cred->user_ns, loginuid); |
| 1136 | if (!uid_valid(kloginuid)) { | ||
| 1137 | length = -EINVAL; | ||
| 1138 | goto out_free_page; | ||
| 1139 | } | ||
| 1140 | |||
| 1141 | length = audit_set_loginuid(kloginuid); | ||
| 1134 | if (likely(length == 0)) | 1142 | if (likely(length == 0)) |
| 1135 | length = count; | 1143 | length = count; |
| 1136 | 1144 | ||