diff options
| author | Serge E. Hallyn <serge@hallyn.com> | 2011-03-23 19:43:24 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2011-03-23 22:47:08 -0400 |
| commit | b0e77598f87107001a00b8a4ece9c95e4254ccc4 (patch) | |
| tree | 2738276570e4faa7c92a64521c192f04dca93801 /ipc/shm.c | |
| parent | b515498f5bb5f38fc0e390b4ff7d00b6077de127 (diff) | |
userns: user namespaces: convert several capable() calls
CAP_IPC_OWNER and CAP_IPC_LOCK can be checked against current_user_ns(),
because the resource comes from current's own ipc namespace.
setuid/setgid are to uids in own namespace, so again checks can be against
current_user_ns().
Changelog:
Jan 11: Use task_ns_capable() in place of sched_capable().
Jan 11: Use nsown_capable() as suggested by Bastian Blank.
Jan 11: Clarify (hopefully) some logic in futex and sched.c
Feb 15: use ns_capable for ipc, not nsown_capable
Feb 23: let copy_ipcs handle setting ipc_ns->user_ns
Feb 23: pass ns down rather than taking it from current
[akpm@linux-foundation.org: coding-style fixes]
Signed-off-by: Serge E. Hallyn <serge.hallyn@canonical.com>
Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
Acked-by: Daniel Lezcano <daniel.lezcano@free.fr>
Acked-by: David Howells <dhowells@redhat.com>
Cc: James Morris <jmorris@namei.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'ipc/shm.c')
| -rw-r--r-- | ipc/shm.c | 9 |
1 files changed, 5 insertions, 4 deletions
| @@ -623,7 +623,8 @@ static int shmctl_down(struct ipc_namespace *ns, int shmid, int cmd, | |||
| 623 | return -EFAULT; | 623 | return -EFAULT; |
| 624 | } | 624 | } |
| 625 | 625 | ||
| 626 | ipcp = ipcctl_pre_down(&shm_ids(ns), shmid, cmd, &shmid64.shm_perm, 0); | 626 | ipcp = ipcctl_pre_down(ns, &shm_ids(ns), shmid, cmd, |
| 627 | &shmid64.shm_perm, 0); | ||
| 627 | if (IS_ERR(ipcp)) | 628 | if (IS_ERR(ipcp)) |
| 628 | return PTR_ERR(ipcp); | 629 | return PTR_ERR(ipcp); |
| 629 | 630 | ||
| @@ -737,7 +738,7 @@ SYSCALL_DEFINE3(shmctl, int, shmid, int, cmd, struct shmid_ds __user *, buf) | |||
| 737 | result = 0; | 738 | result = 0; |
| 738 | } | 739 | } |
| 739 | err = -EACCES; | 740 | err = -EACCES; |
| 740 | if (ipcperms (&shp->shm_perm, S_IRUGO)) | 741 | if (ipcperms(ns, &shp->shm_perm, S_IRUGO)) |
| 741 | goto out_unlock; | 742 | goto out_unlock; |
| 742 | err = security_shm_shmctl(shp, cmd); | 743 | err = security_shm_shmctl(shp, cmd); |
| 743 | if (err) | 744 | if (err) |
| @@ -773,7 +774,7 @@ SYSCALL_DEFINE3(shmctl, int, shmid, int, cmd, struct shmid_ds __user *, buf) | |||
| 773 | 774 | ||
| 774 | audit_ipc_obj(&(shp->shm_perm)); | 775 | audit_ipc_obj(&(shp->shm_perm)); |
| 775 | 776 | ||
| 776 | if (!capable(CAP_IPC_LOCK)) { | 777 | if (!ns_capable(ns->user_ns, CAP_IPC_LOCK)) { |
| 777 | uid_t euid = current_euid(); | 778 | uid_t euid = current_euid(); |
| 778 | err = -EPERM; | 779 | err = -EPERM; |
| 779 | if (euid != shp->shm_perm.uid && | 780 | if (euid != shp->shm_perm.uid && |
| @@ -888,7 +889,7 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr) | |||
| 888 | } | 889 | } |
| 889 | 890 | ||
| 890 | err = -EACCES; | 891 | err = -EACCES; |
| 891 | if (ipcperms(&shp->shm_perm, acc_mode)) | 892 | if (ipcperms(ns, &shp->shm_perm, acc_mode)) |
| 892 | goto out_unlock; | 893 | goto out_unlock; |
| 893 | 894 | ||
| 894 | err = security_shm_shmat(shp, shmaddr, shmflg); | 895 | err = security_shm_shmat(shp, shmaddr, shmflg); |