userns: Add negative depends on entries to avoid building code that is userns unsafe

Add a new internal Kconfig option UIDGID_CONVERTED that is true when the selected
Kconfig options have been converted to be user namespace safe, and guard
USER_NS and guard the UIDGID_STRICT_TYPE_CHECK options with it.

This keeps innocent kernel users from having the choice to enable
the user namespace in the cases where it is known not to work.

Most of the rest of the conversions are simple and straight forward but
their sheer number means it is good not to count on having them all done
and reviwed before thinking of merging this code.

Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>

1 files changed, 131 insertions, 0 deletions

diff --git a/init/Kconfig b/init/Kconfig
index 86cf760893b3..3349670149dc 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -828,7 +828,9 @@ config IPC_NS
 config USER_NS
         bool "User namespace (EXPERIMENTAL)"
         depends on EXPERIMENTAL
+        depends on UIDGID_CONVERTED
         select UIDGID_STRICT_TYPE_CHECKS
+
         default n
         help
           This allows containers, i.e. vservers, to use user namespaces
@@ -853,8 +855,137 @@ config NET_NS
 
 endif # NAMESPACES
 
+config UIDGID_CONVERTED
+        # True if all of the selected software conmponents are known
+        # to have uid_t and gid_t converted to kuid_t and kgid_t
+        # where appropriate and are otherwise safe to use with
+        # the user namespace.
+        bool
+        default y
+
+        # List of kernel pieces that need user namespace work
+        # Features
+        depends on BINFMT_ELF = n
+        depends on BINFMT_ELF_FDPIC = n
+        depends on UNIX98_PTYS = n
+        depends on CGROUPS = n
+        depends on MIGRATION = n
+        depends on NUMA = n
+        depends on SYSVIPC = n
+        depends on IMA = n
+        depends on EVM = n
+        depends on KEYS = n
+        depends on AUDIT = n
+        depends on AUDITSYSCALL = n
+        depends on TASKSTATS = n
+        depends on TRACING = n
+        depends on FS_POSIX_ACL = n
+        depends on QUOTA = n
+        depends on QUOTACTL = n
+        depends on DEBUG_CREDENTIALS = n
+        depends on BSD_PROCESS_ACCT = n
+        depends on DRM = n
+        depends on PROC_EVENTS = n
+
+        # Networking
+        depends on NET = n
+        depends on NET_9P = n
+        depends on IPX = n
+        depends on PHONET = n
+        depends on NET_CLS_FLOW = n
+        depends on NETFILTER_XT_MATCH_OWNER = n
+        depends on NETFILTER_XT_MATCH_RECENT = n
+        depends on NETFILTER_XT_TARGET_LOG = n
+        depends on NETFILTER_NETLINK_LOG = n
+        depends on INET = n
+        depends on IPV6 = n
+        depends on IP_SCTP = n
+        depends on AF_RXRPC = n
+        depends on LLC2 = n
+        depends on NET_KEY = n
+        depends on INET_DIAG = n
+        depends on DNS_RESOLVER = n
+        depends on AX25 = n
+        depends on ATALK = n
+
+        # Filesystems
+        depends on USB_DEVICEFS = n
+        depends on USB_GADGETFS = n
+        depends on USB_FUNCTIONFS = n
+        depends on DEVTMPFS = n
+        depends on XENFS = n
+
+        depends on 9P_FS = n
+        depends on ADFS_FS = n
+        depends on AFFS_FS = n
+        depends on AFS_FS = n
+        depends on AUTOFS4_FS = n
+        depends on BEFS_FS = n
+        depends on BFS_FS = n
+        depends on BTRFS_FS = n
+        depends on CEPH_FS = n
+        depends on CIFS = n
+        depends on CODA_FS = n
+        depends on CONFIGFS_FS = n
+        depends on CRAMFS = n
+        depends on DEBUG_FS = n
+        depends on ECRYPT_FS = n
+        depends on EFS_FS = n
+        depends on EXOFS_FS = n
+        depends on EXT2_FS = n
+        depends on EXT3_FS = n
+        depends on EXT4_FS = n
+        depends on FAT_FS = n
+        depends on FUSE_FS = n
+        depends on GFS2_FS = n
+        depends on HFS_FS = n
+        depends on HFSPLUS_FS = n
+        depends on HPFS_FS = n
+        depends on HUGETLBFS = n
+        depends on ISO9660_FS = n
+        depends on JFFS2_FS = n
+        depends on JFS_FS = n
+        depends on LOGFS = n
+        depends on MINIX_FS = n
+        depends on NCP_FS = n
+        depends on NFSD = n
+        depends on NFS_FS = n
+        depends on NILFS2_FS = n
+        depends on NTFS_FS = n
+        depends on OCFS2_FS = n
+        depends on OMFS_FS = n
+        depends on PROC_FS = n
+        depends on PROC_SYSCTL = n
+        depends on QNX4FS_FS = n
+        depends on QNX6FS_FS = n
+        depends on REISERFS_FS = n
+        depends on SQUASHFS = n
+        depends on SYSFS = n
+        depends on SYSV_FS = n
+        depends on TMPFS = n
+        depends on UBIFS_FS = n
+        depends on UDF_FS = n
+        depends on UFS_FS = n
+        depends on VXFS_FS = n
+        depends on XFS_FS = n
+
+        depends on !UML || HOSTFS = n
+
+        # The rare drivers that won't build
+        depends on AIRO = n
+        depends on AIRO_CS = n
+        depends on TUN = n
+        depends on INFINIBAND_QIB = n
+        depends on BLK_DEV_LOOP = n
+        depends on ANDROID_BINDER_IPC = n
+
+        # Security modules
+        depends on SECURITY_TOMOYO = n
+        depends on SECURITY_APPARMOR = n
+
 config UIDGID_STRICT_TYPE_CHECKS
         bool "Require conversions between uid/gids and their internal representation"
+        depends on UIDGID_CONVERTED
         default n
         help
          While the nececessary conversions are being added to all subsystems this option allows