diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2013-03-28 16:43:46 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2013-03-28 16:43:46 -0400 |
| commit | 2c3de1c2d7d68c6ba4c1ecd82c68285f34d9609e (patch) | |
| tree | 6a09ce761173a966718f9009514dcc90bd9947b7 /include | |
| parent | 9064171268d838b8f283fe111ef086b9479d059a (diff) | |
| parent | 87a8ebd637dafc255070f503909a053cf0d98d3f (diff) | |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
Pull userns fixes from Eric W Biederman:
"The bulk of the changes are fixing the worst consequences of the user
namespace design oversight in not considering what happens when one
namespace starts off as a clone of another namespace, as happens with
the mount namespace.
The rest of the changes are just plain bug fixes.
Many thanks to Andy Lutomirski for pointing out many of these issues."
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace:
userns: Restrict when proc and sysfs can be mounted
ipc: Restrict mounting the mqueue filesystem
vfs: Carefully propogate mounts across user namespaces
vfs: Add a mount flag to lock read only bind mounts
userns: Don't allow creation if the user is chrooted
yama: Better permission check for ptraceme
pid: Handle the exit of a multi-threaded init.
scm: Require CAP_SYS_ADMIN over the current pidns to spoof pids.
Diffstat (limited to 'include')
| -rw-r--r-- | include/linux/fs_struct.h | 2 | ||||
| -rw-r--r-- | include/linux/mount.h | 2 | ||||
| -rw-r--r-- | include/linux/user_namespace.h | 4 |
3 files changed, 8 insertions, 0 deletions
diff --git a/include/linux/fs_struct.h b/include/linux/fs_struct.h index 729eded4b24f..2b93a9a5a1e6 100644 --- a/include/linux/fs_struct.h +++ b/include/linux/fs_struct.h | |||
| @@ -50,4 +50,6 @@ static inline void get_fs_root_and_pwd(struct fs_struct *fs, struct path *root, | |||
| 50 | spin_unlock(&fs->lock); | 50 | spin_unlock(&fs->lock); |
| 51 | } | 51 | } |
| 52 | 52 | ||
| 53 | extern bool current_chrooted(void); | ||
| 54 | |||
| 53 | #endif /* _LINUX_FS_STRUCT_H */ | 55 | #endif /* _LINUX_FS_STRUCT_H */ |
diff --git a/include/linux/mount.h b/include/linux/mount.h index d7029f4a191a..73005f9957ea 100644 --- a/include/linux/mount.h +++ b/include/linux/mount.h | |||
| @@ -47,6 +47,8 @@ struct mnt_namespace; | |||
| 47 | 47 | ||
| 48 | #define MNT_INTERNAL 0x4000 | 48 | #define MNT_INTERNAL 0x4000 |
| 49 | 49 | ||
| 50 | #define MNT_LOCK_READONLY 0x400000 | ||
| 51 | |||
| 50 | struct vfsmount { | 52 | struct vfsmount { |
| 51 | struct dentry *mnt_root; /* root of the mounted tree */ | 53 | struct dentry *mnt_root; /* root of the mounted tree */ |
| 52 | struct super_block *mnt_sb; /* pointer to superblock */ | 54 | struct super_block *mnt_sb; /* pointer to superblock */ |
diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h index 4ce009324933..b6b215f13b45 100644 --- a/include/linux/user_namespace.h +++ b/include/linux/user_namespace.h | |||
| @@ -26,6 +26,8 @@ struct user_namespace { | |||
| 26 | kuid_t owner; | 26 | kuid_t owner; |
| 27 | kgid_t group; | 27 | kgid_t group; |
| 28 | unsigned int proc_inum; | 28 | unsigned int proc_inum; |
| 29 | bool may_mount_sysfs; | ||
| 30 | bool may_mount_proc; | ||
| 29 | }; | 31 | }; |
| 30 | 32 | ||
| 31 | extern struct user_namespace init_user_ns; | 33 | extern struct user_namespace init_user_ns; |
| @@ -82,4 +84,6 @@ static inline void put_user_ns(struct user_namespace *ns) | |||
| 82 | 84 | ||
| 83 | #endif | 85 | #endif |
| 84 | 86 | ||
| 87 | void update_mnt_policy(struct user_namespace *userns); | ||
| 88 | |||
| 85 | #endif /* _LINUX_USER_H */ | 89 | #endif /* _LINUX_USER_H */ |