diff options
| author | Serge E. Hallyn <serue@us.ibm.com> | 2007-07-16 02:41:01 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2007-07-16 12:05:47 -0400 |
| commit | 77ec739d8d0979477fc91f530403805afa2581a4 (patch) | |
| tree | 0cefb80a7ff8d57a8f735954fdeb88e9efbaf05c /kernel | |
| parent | acce292c82d4d82d35553b928df2b0597c3a9c78 (diff) | |
user namespace: add unshare
This patch enables the unshare of user namespaces.
It adds a new clone flag CLONE_NEWUSER and implements copy_user_ns() which
resets the current user_struct and adds a new root user (uid == 0)
For now, unsharing the user namespace allows a process to reset its
user_struct accounting and uid 0 in the new user namespace should be contained
using appropriate means, for instance selinux
The plan, when the full support is complete (all uid checks covered), is to
keep the original user's rights in the original namespace, and let a process
become uid 0 in the new namespace, with full capabilities to the new
namespace.
Signed-off-by: Serge E. Hallyn <serue@us.ibm.com>
Signed-off-by: Cedric Le Goater <clg@fr.ibm.com>
Acked-by: Pavel Emelianov <xemul@openvz.org>
Cc: Herbert Poetzl <herbert@13thfloor.at>
Cc: Kirill Korotaev <dev@sw.ru>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Cc: Chris Wright <chrisw@sous-sol.org>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Cc: James Morris <jmorris@namei.org>
Cc: Andrew Morgan <agm@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'kernel')
| -rw-r--r-- | kernel/fork.c | 2 | ||||
| -rw-r--r-- | kernel/nsproxy.c | 5 | ||||
| -rw-r--r-- | kernel/user_namespace.c | 46 |
3 files changed, 49 insertions, 4 deletions
diff --git a/kernel/fork.c b/kernel/fork.c index 13cf0978780a..7c5c5888e00a 100644 --- a/kernel/fork.c +++ b/kernel/fork.c | |||
| @@ -1606,7 +1606,7 @@ asmlinkage long sys_unshare(unsigned long unshare_flags) | |||
| 1606 | err = -EINVAL; | 1606 | err = -EINVAL; |
| 1607 | if (unshare_flags & ~(CLONE_THREAD|CLONE_FS|CLONE_NEWNS|CLONE_SIGHAND| | 1607 | if (unshare_flags & ~(CLONE_THREAD|CLONE_FS|CLONE_NEWNS|CLONE_SIGHAND| |
| 1608 | CLONE_VM|CLONE_FILES|CLONE_SYSVSEM| | 1608 | CLONE_VM|CLONE_FILES|CLONE_SYSVSEM| |
| 1609 | CLONE_NEWUTS|CLONE_NEWIPC)) | 1609 | CLONE_NEWUTS|CLONE_NEWIPC|CLONE_NEWUSER)) |
| 1610 | goto bad_unshare_out; | 1610 | goto bad_unshare_out; |
| 1611 | 1611 | ||
| 1612 | if ((err = unshare_thread(unshare_flags))) | 1612 | if ((err = unshare_thread(unshare_flags))) |
diff --git a/kernel/nsproxy.c b/kernel/nsproxy.c index 895e3a3f2044..5aa28e219487 100644 --- a/kernel/nsproxy.c +++ b/kernel/nsproxy.c | |||
| @@ -117,7 +117,7 @@ int copy_namespaces(int flags, struct task_struct *tsk) | |||
| 117 | 117 | ||
| 118 | get_nsproxy(old_ns); | 118 | get_nsproxy(old_ns); |
| 119 | 119 | ||
| 120 | if (!(flags & (CLONE_NEWNS | CLONE_NEWUTS | CLONE_NEWIPC))) | 120 | if (!(flags & (CLONE_NEWNS | CLONE_NEWUTS | CLONE_NEWIPC | CLONE_NEWUSER))) |
| 121 | return 0; | 121 | return 0; |
| 122 | 122 | ||
| 123 | if (!capable(CAP_SYS_ADMIN)) { | 123 | if (!capable(CAP_SYS_ADMIN)) { |
| @@ -161,7 +161,8 @@ int unshare_nsproxy_namespaces(unsigned long unshare_flags, | |||
| 161 | { | 161 | { |
| 162 | int err = 0; | 162 | int err = 0; |
| 163 | 163 | ||
| 164 | if (!(unshare_flags & (CLONE_NEWNS | CLONE_NEWUTS | CLONE_NEWIPC))) | 164 | if (!(unshare_flags & (CLONE_NEWNS | CLONE_NEWUTS | CLONE_NEWIPC | |
| 165 | CLONE_NEWUSER))) | ||
| 165 | return 0; | 166 | return 0; |
| 166 | 167 | ||
| 167 | if (!capable(CAP_SYS_ADMIN)) | 168 | if (!capable(CAP_SYS_ADMIN)) |
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c index 3d7964209774..89a27e8b17fb 100644 --- a/kernel/user_namespace.c +++ b/kernel/user_namespace.c | |||
| @@ -21,6 +21,45 @@ EXPORT_SYMBOL_GPL(init_user_ns); | |||
| 21 | 21 | ||
| 22 | #ifdef CONFIG_USER_NS | 22 | #ifdef CONFIG_USER_NS |
| 23 | 23 | ||
| 24 | /* | ||
| 25 | * Clone a new ns copying an original user ns, setting refcount to 1 | ||
| 26 | * @old_ns: namespace to clone | ||
| 27 | * Return NULL on error (failure to kmalloc), new ns otherwise | ||
| 28 | */ | ||
| 29 | static struct user_namespace *clone_user_ns(struct user_namespace *old_ns) | ||
| 30 | { | ||
| 31 | struct user_namespace *ns; | ||
| 32 | struct user_struct *new_user; | ||
| 33 | int n; | ||
| 34 | |||
| 35 | ns = kmalloc(sizeof(struct user_namespace), GFP_KERNEL); | ||
| 36 | if (!ns) | ||
| 37 | return NULL; | ||
| 38 | |||
| 39 | kref_init(&ns->kref); | ||
| 40 | |||
| 41 | for (n = 0; n < UIDHASH_SZ; ++n) | ||
| 42 | INIT_LIST_HEAD(ns->uidhash_table + n); | ||
| 43 | |||
| 44 | /* Insert new root user. */ | ||
| 45 | ns->root_user = alloc_uid(ns, 0); | ||
| 46 | if (!ns->root_user) { | ||
| 47 | kfree(ns); | ||
| 48 | return NULL; | ||
| 49 | } | ||
| 50 | |||
| 51 | /* Reset current->user with a new one */ | ||
| 52 | new_user = alloc_uid(ns, current->uid); | ||
| 53 | if (!new_user) { | ||
| 54 | free_uid(ns->root_user); | ||
| 55 | kfree(ns); | ||
| 56 | return NULL; | ||
| 57 | } | ||
| 58 | |||
| 59 | switch_uid(new_user); | ||
| 60 | return ns; | ||
| 61 | } | ||
| 62 | |||
| 24 | struct user_namespace * copy_user_ns(int flags, struct user_namespace *old_ns) | 63 | struct user_namespace * copy_user_ns(int flags, struct user_namespace *old_ns) |
| 25 | { | 64 | { |
| 26 | struct user_namespace *new_ns; | 65 | struct user_namespace *new_ns; |
| @@ -28,7 +67,12 @@ struct user_namespace * copy_user_ns(int flags, struct user_namespace *old_ns) | |||
| 28 | BUG_ON(!old_ns); | 67 | BUG_ON(!old_ns); |
| 29 | get_user_ns(old_ns); | 68 | get_user_ns(old_ns); |
| 30 | 69 | ||
| 31 | new_ns = old_ns; | 70 | if (!(flags & CLONE_NEWUSER)) |
| 71 | return old_ns; | ||
| 72 | |||
| 73 | new_ns = clone_user_ns(old_ns); | ||
| 74 | |||
| 75 | put_user_ns(old_ns); | ||
| 32 | return new_ns; | 76 | return new_ns; |
| 33 | } | 77 | } |
| 34 | 78 | ||