aboutsummaryrefslogtreecommitdiffstats
path: root/init
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2013-02-25 19:00:49 -0500
committerLinus Torvalds <torvalds@linux-foundation.org>2013-02-25 19:00:49 -0500
commit94f2f14234178f118545a0be60a6371ddeb229b7 (patch)
tree313af6e9e255e9060fc24c836cd71ce712502b17 /init
parent8d168f71551ec2a6528d01d0389b7a73c091e3e7 (diff)
parent139321c65c0584cd65c4c87a5eb3fdb4fdbd0e19 (diff)
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
Pull user namespace and namespace infrastructure changes from Eric W Biederman: "This set of changes starts with a few small enhnacements to the user namespace. reboot support, allowing more arbitrary mappings, and support for mounting devpts, ramfs, tmpfs, and mqueuefs as just the user namespace root. I do my best to document that if you care about limiting your unprivileged users that when you have the user namespace support enabled you will need to enable memory control groups. There is a minor bug fix to prevent overflowing the stack if someone creates way too many user namespaces. The bulk of the changes are a continuation of the kuid/kgid push down work through the filesystems. These changes make using uids and gids typesafe which ensures that these filesystems are safe to use when multiple user namespaces are in use. The filesystems converted for 3.9 are ceph, 9p, afs, ocfs2, gfs2, ncpfs, nfs, nfsd, and cifs. The changes for these filesystems were a little more involved so I split the changes into smaller hopefully obviously correct changes. XFS is the only filesystem that remains. I was hoping I could get that in this release so that user namespace support would be enabled with an allyesconfig or an allmodconfig but it looks like the xfs changes need another couple of days before it they are ready." * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace: (93 commits) cifs: Enable building with user namespaces enabled. cifs: Convert struct cifs_ses to use a kuid_t and a kgid_t cifs: Convert struct cifs_sb_info to use kuids and kgids cifs: Modify struct smb_vol to use kuids and kgids cifs: Convert struct cifsFileInfo to use a kuid cifs: Convert struct cifs_fattr to use kuid and kgids cifs: Convert struct tcon_link to use a kuid. cifs: Modify struct cifs_unix_set_info_args to hold a kuid_t and a kgid_t cifs: Convert from a kuid before printing current_fsuid cifs: Use kuids and kgids SID to uid/gid mapping cifs: Pass GLOBAL_ROOT_UID and GLOBAL_ROOT_GID to keyring_alloc cifs: Use BUILD_BUG_ON to validate uids and gids are the same size cifs: Override unmappable incoming uids and gids nfsd: Enable building with user namespaces enabled. nfsd: Properly compare and initialize kuids and kgids nfsd: Store ex_anon_uid and ex_anon_gid as kuids and kgids nfsd: Modify nfsd4_cb_sec to use kuids and kgids nfsd: Handle kuids and kgids in the nfs4acl to posix_acl conversion nfsd: Convert nfsxdr to use kuids and kgids nfsd: Convert nfs3xdr to use kuids and kgids ...
Diffstat (limited to 'init')
-rw-r--r--init/Kconfig20
1 files changed, 7 insertions, 13 deletions
diff --git a/init/Kconfig b/init/Kconfig
index 968c539f0ac3..0a5e80fb9ba2 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1032,6 +1032,13 @@ config USER_NS
1032 help 1032 help
1033 This allows containers, i.e. vservers, to use user namespaces 1033 This allows containers, i.e. vservers, to use user namespaces
1034 to provide different user info for different servers. 1034 to provide different user info for different servers.
1035
1036 When user namespaces are enabled in the kernel it is
1037 recommended that the MEMCG and MEMCG_KMEM options also be
1038 enabled and that user-space use the memory control groups to
1039 limit the amount of memory a memory unprivileged users can
1040 use.
1041
1035 If unsure, say N. 1042 If unsure, say N.
1036 1043
1037config PID_NS 1044config PID_NS
@@ -1060,20 +1067,7 @@ config UIDGID_CONVERTED
1060 bool 1067 bool
1061 default y 1068 default y
1062 1069
1063 # Networking
1064 depends on NET_9P = n
1065
1066 # Filesystems 1070 # Filesystems
1067 depends on 9P_FS = n
1068 depends on AFS_FS = n
1069 depends on CEPH_FS = n
1070 depends on CIFS = n
1071 depends on CODA_FS = n
1072 depends on GFS2_FS = n
1073 depends on NCP_FS = n
1074 depends on NFSD = n
1075 depends on NFS_FS = n
1076 depends on OCFS2_FS = n
1077 depends on XFS_FS = n 1071 depends on XFS_FS = n
1078 1072
1079config UIDGID_STRICT_TYPE_CHECKS 1073config UIDGID_STRICT_TYPE_CHECKS