diff options
| author | Eric W. Biederman <ebiederm@xmission.com> | 2012-02-08 10:00:08 -0500 |
|---|---|---|
| committer | Eric W. Biederman <ebiederm@xmission.com> | 2012-05-03 06:28:38 -0400 |
| commit | 078de5f706ece36afd73bb4b8283314132d2dfdf (patch) | |
| tree | 0dee00713f9cb5e2516260a66b8df99ef7d03e4d /kernel/sys.c | |
| parent | ae2975bc3476243b45a1e2344236d7920c268f38 (diff) | |
userns: Store uid and gid values in struct cred with kuid_t and kgid_t types
cred.h and a few trivial users of struct cred are changed. The rest of the users
of struct cred are left for other patches as there are too many changes to make
in one go and leave the change reviewable. If the user namespace is disabled and
CONFIG_UIDGID_STRICT_TYPE_CHECKS are disabled the code will contiue to compile
and behave correctly.
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Diffstat (limited to 'kernel/sys.c')
| -rw-r--r-- | kernel/sys.c | 26 |
1 files changed, 9 insertions, 17 deletions
diff --git a/kernel/sys.c b/kernel/sys.c index f0c43b4b6657..39962818c008 100644 --- a/kernel/sys.c +++ b/kernel/sys.c | |||
| @@ -175,7 +175,6 @@ SYSCALL_DEFINE3(setpriority, int, which, int, who, int, niceval) | |||
| 175 | const struct cred *cred = current_cred(); | 175 | const struct cred *cred = current_cred(); |
| 176 | int error = -EINVAL; | 176 | int error = -EINVAL; |
| 177 | struct pid *pgrp; | 177 | struct pid *pgrp; |
| 178 | kuid_t cred_uid; | ||
| 179 | kuid_t uid; | 178 | kuid_t uid; |
| 180 | 179 | ||
| 181 | if (which > PRIO_USER || which < PRIO_PROCESS) | 180 | if (which > PRIO_USER || which < PRIO_PROCESS) |
| @@ -209,22 +208,19 @@ SYSCALL_DEFINE3(setpriority, int, which, int, who, int, niceval) | |||
| 209 | } while_each_pid_thread(pgrp, PIDTYPE_PGID, p); | 208 | } while_each_pid_thread(pgrp, PIDTYPE_PGID, p); |
| 210 | break; | 209 | break; |
| 211 | case PRIO_USER: | 210 | case PRIO_USER: |
| 212 | cred_uid = make_kuid(cred->user_ns, cred->uid); | ||
| 213 | uid = make_kuid(cred->user_ns, who); | 211 | uid = make_kuid(cred->user_ns, who); |
| 214 | user = cred->user; | 212 | user = cred->user; |
| 215 | if (!who) | 213 | if (!who) |
| 216 | uid = cred_uid; | 214 | uid = cred->uid; |
| 217 | else if (!uid_eq(uid, cred_uid) && | 215 | else if (!uid_eq(uid, cred->uid) && |
| 218 | !(user = find_user(uid))) | 216 | !(user = find_user(uid))) |
| 219 | goto out_unlock; /* No processes for this user */ | 217 | goto out_unlock; /* No processes for this user */ |
| 220 | 218 | ||
| 221 | do_each_thread(g, p) { | 219 | do_each_thread(g, p) { |
| 222 | const struct cred *tcred = __task_cred(p); | 220 | if (uid_eq(task_uid(p), uid)) |
| 223 | kuid_t tcred_uid = make_kuid(tcred->user_ns, tcred->uid); | ||
| 224 | if (uid_eq(tcred_uid, uid)) | ||
| 225 | error = set_one_prio(p, niceval, error); | 221 | error = set_one_prio(p, niceval, error); |
| 226 | } while_each_thread(g, p); | 222 | } while_each_thread(g, p); |
| 227 | if (!uid_eq(uid, cred_uid)) | 223 | if (!uid_eq(uid, cred->uid)) |
| 228 | free_uid(user); /* For find_user() */ | 224 | free_uid(user); /* For find_user() */ |
| 229 | break; | 225 | break; |
| 230 | } | 226 | } |
| @@ -248,7 +244,6 @@ SYSCALL_DEFINE2(getpriority, int, which, int, who) | |||
| 248 | const struct cred *cred = current_cred(); | 244 | const struct cred *cred = current_cred(); |
| 249 | long niceval, retval = -ESRCH; | 245 | long niceval, retval = -ESRCH; |
| 250 | struct pid *pgrp; | 246 | struct pid *pgrp; |
| 251 | kuid_t cred_uid; | ||
| 252 | kuid_t uid; | 247 | kuid_t uid; |
| 253 | 248 | ||
| 254 | if (which > PRIO_USER || which < PRIO_PROCESS) | 249 | if (which > PRIO_USER || which < PRIO_PROCESS) |
| @@ -280,25 +275,22 @@ SYSCALL_DEFINE2(getpriority, int, which, int, who) | |||
| 280 | } while_each_pid_thread(pgrp, PIDTYPE_PGID, p); | 275 | } while_each_pid_thread(pgrp, PIDTYPE_PGID, p); |
| 281 | break; | 276 | break; |
| 282 | case PRIO_USER: | 277 | case PRIO_USER: |
| 283 | cred_uid = make_kuid(cred->user_ns, cred->uid); | ||
| 284 | uid = make_kuid(cred->user_ns, who); | 278 | uid = make_kuid(cred->user_ns, who); |
| 285 | user = cred->user; | 279 | user = cred->user; |
| 286 | if (!who) | 280 | if (!who) |
| 287 | uid = cred_uid; | 281 | uid = cred->uid; |
| 288 | else if (!uid_eq(uid, cred_uid) && | 282 | else if (!uid_eq(uid, cred->uid) && |
| 289 | !(user = find_user(uid))) | 283 | !(user = find_user(uid))) |
| 290 | goto out_unlock; /* No processes for this user */ | 284 | goto out_unlock; /* No processes for this user */ |
| 291 | 285 | ||
| 292 | do_each_thread(g, p) { | 286 | do_each_thread(g, p) { |
| 293 | const struct cred *tcred = __task_cred(p); | 287 | if (uid_eq(task_uid(p), uid)) { |
| 294 | kuid_t tcred_uid = make_kuid(tcred->user_ns, tcred->uid); | ||
| 295 | if (uid_eq(tcred_uid, uid)) { | ||
| 296 | niceval = 20 - task_nice(p); | 288 | niceval = 20 - task_nice(p); |
| 297 | if (niceval > retval) | 289 | if (niceval > retval) |
| 298 | retval = niceval; | 290 | retval = niceval; |
| 299 | } | 291 | } |
| 300 | } while_each_thread(g, p); | 292 | } while_each_thread(g, p); |
| 301 | if (!uid_eq(uid, cred_uid)) | 293 | if (!uid_eq(uid, cred->uid)) |
| 302 | free_uid(user); /* for find_user() */ | 294 | free_uid(user); /* for find_user() */ |
| 303 | break; | 295 | break; |
| 304 | } | 296 | } |
| @@ -641,7 +633,7 @@ static int set_user(struct cred *new) | |||
| 641 | { | 633 | { |
| 642 | struct user_struct *new_user; | 634 | struct user_struct *new_user; |
| 643 | 635 | ||
| 644 | new_user = alloc_uid(make_kuid(new->user_ns, new->uid)); | 636 | new_user = alloc_uid(new->uid); |
| 645 | if (!new_user) | 637 | if (!new_user) |
| 646 | return -EAGAIN; | 638 | return -EAGAIN; |
| 647 | 639 | ||