diff options
| author | Eric W. Biederman <ebiederm@xmission.com> | 2011-11-17 00:59:43 -0500 |
|---|---|---|
| committer | Eric W. Biederman <ebiederm@xmission.com> | 2012-04-07 19:55:52 -0400 |
| commit | aeb3ae9da9b50a386b22af786d19b623e8d9f0fa (patch) | |
| tree | 3db9772ea99c931914bec7ded51f896f1d2e24ec /kernel/user_namespace.c | |
| parent | 0093ccb68f3753c0ba4d74c89d7e0f444b8d6123 (diff) | |
userns: Add an explicit reference to the parent user namespace
I am about to remove the struct user_namespace reference from struct user_struct.
So keep an explicit track of the parent user namespace.
Take advantage of this new reference and replace instances of user_ns->creator->user_ns
with user_ns->parent.
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Diffstat (limited to 'kernel/user_namespace.c')
| -rw-r--r-- | kernel/user_namespace.c | 13 |
1 files changed, 6 insertions, 7 deletions
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c index 58bb8781a778..c15e533d6bc5 100644 --- a/kernel/user_namespace.c +++ b/kernel/user_namespace.c | |||
| @@ -45,6 +45,7 @@ int create_user_ns(struct cred *new) | |||
| 45 | } | 45 | } |
| 46 | 46 | ||
| 47 | /* set the new root user in the credentials under preparation */ | 47 | /* set the new root user in the credentials under preparation */ |
| 48 | ns->parent = parent_ns; | ||
| 48 | ns->creator = new->user; | 49 | ns->creator = new->user; |
| 49 | new->user = root_user; | 50 | new->user = root_user; |
| 50 | new->uid = new->euid = new->suid = new->fsuid = 0; | 51 | new->uid = new->euid = new->suid = new->fsuid = 0; |
| @@ -60,8 +61,6 @@ int create_user_ns(struct cred *new) | |||
| 60 | /* Leave the reference to our user_ns with the new cred */ | 61 | /* Leave the reference to our user_ns with the new cred */ |
| 61 | new->user_ns = ns; | 62 | new->user_ns = ns; |
| 62 | 63 | ||
| 63 | put_user_ns(parent_ns); | ||
| 64 | |||
| 65 | return 0; | 64 | return 0; |
| 66 | } | 65 | } |
| 67 | 66 | ||
| @@ -72,10 +71,12 @@ int create_user_ns(struct cred *new) | |||
| 72 | */ | 71 | */ |
| 73 | static void free_user_ns_work(struct work_struct *work) | 72 | static void free_user_ns_work(struct work_struct *work) |
| 74 | { | 73 | { |
| 75 | struct user_namespace *ns = | 74 | struct user_namespace *parent, *ns = |
| 76 | container_of(work, struct user_namespace, destroyer); | 75 | container_of(work, struct user_namespace, destroyer); |
| 76 | parent = ns->parent; | ||
| 77 | free_uid(ns->creator); | 77 | free_uid(ns->creator); |
| 78 | kmem_cache_free(user_ns_cachep, ns); | 78 | kmem_cache_free(user_ns_cachep, ns); |
| 79 | put_user_ns(parent); | ||
| 79 | } | 80 | } |
| 80 | 81 | ||
| 81 | void free_user_ns(struct kref *kref) | 82 | void free_user_ns(struct kref *kref) |
| @@ -99,8 +100,7 @@ uid_t user_ns_map_uid(struct user_namespace *to, const struct cred *cred, uid_t | |||
| 99 | /* Is cred->user the creator of the target user_ns | 100 | /* Is cred->user the creator of the target user_ns |
| 100 | * or the creator of one of it's parents? | 101 | * or the creator of one of it's parents? |
| 101 | */ | 102 | */ |
| 102 | for ( tmp = to; tmp != &init_user_ns; | 103 | for ( tmp = to; tmp != &init_user_ns; tmp = tmp->parent ) { |
| 103 | tmp = tmp->creator->user_ns ) { | ||
| 104 | if (cred->user == tmp->creator) { | 104 | if (cred->user == tmp->creator) { |
| 105 | return (uid_t)0; | 105 | return (uid_t)0; |
| 106 | } | 106 | } |
| @@ -120,8 +120,7 @@ gid_t user_ns_map_gid(struct user_namespace *to, const struct cred *cred, gid_t | |||
| 120 | /* Is cred->user the creator of the target user_ns | 120 | /* Is cred->user the creator of the target user_ns |
| 121 | * or the creator of one of it's parents? | 121 | * or the creator of one of it's parents? |
| 122 | */ | 122 | */ |
| 123 | for ( tmp = to; tmp != &init_user_ns; | 123 | for ( tmp = to; tmp != &init_user_ns; tmp = tmp->parent ) { |
| 124 | tmp = tmp->creator->user_ns ) { | ||
| 125 | if (cred->user == tmp->creator) { | 124 | if (cred->user == tmp->creator) { |
| 126 | return (gid_t)0; | 125 | return (gid_t)0; |
| 127 | } | 126 | } |