diff options
| author | Serge E. Hallyn <serge@hallyn.com> | 2011-03-23 19:43:18 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2011-03-23 22:47:03 -0400 |
| commit | bb96a6f50be27390dc959ff67d9ea0ea0cfbe177 (patch) | |
| tree | 478253434235baeb1e4760a25c0a0f01293fbb8a /kernel | |
| parent | 3486740a4f32a6a466f5ac931654d154790ba648 (diff) | |
userns: allow sethostname in a container
Changelog:
Feb 23: let clone_uts_ns() handle setting uts->user_ns
To do so we need to pass in the task_struct who'll
get the utsname, so we can get its user_ns.
Feb 23: As per Oleg's coment, just pass in tsk, instead of two
of its members.
Signed-off-by: Serge E. Hallyn <serge.hallyn@canonical.com>
Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
Acked-by: Daniel Lezcano <daniel.lezcano@free.fr>
Acked-by: David Howells <dhowells@redhat.com>
Cc: James Morris <jmorris@namei.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'kernel')
| -rw-r--r-- | kernel/nsproxy.c | 7 | ||||
| -rw-r--r-- | kernel/sys.c | 2 | ||||
| -rw-r--r-- | kernel/utsname.c | 12 |
3 files changed, 9 insertions, 12 deletions
diff --git a/kernel/nsproxy.c b/kernel/nsproxy.c index 034dc2ed13ac..b97fc9d04ddf 100644 --- a/kernel/nsproxy.c +++ b/kernel/nsproxy.c | |||
| @@ -69,16 +69,11 @@ static struct nsproxy *create_new_namespaces(unsigned long flags, | |||
| 69 | goto out_ns; | 69 | goto out_ns; |
| 70 | } | 70 | } |
| 71 | 71 | ||
| 72 | new_nsp->uts_ns = copy_utsname(flags, tsk->nsproxy->uts_ns); | 72 | new_nsp->uts_ns = copy_utsname(flags, tsk); |
| 73 | if (IS_ERR(new_nsp->uts_ns)) { | 73 | if (IS_ERR(new_nsp->uts_ns)) { |
| 74 | err = PTR_ERR(new_nsp->uts_ns); | 74 | err = PTR_ERR(new_nsp->uts_ns); |
| 75 | goto out_uts; | 75 | goto out_uts; |
| 76 | } | 76 | } |
| 77 | if (new_nsp->uts_ns != tsk->nsproxy->uts_ns) { | ||
| 78 | put_user_ns(new_nsp->uts_ns->user_ns); | ||
| 79 | new_nsp->uts_ns->user_ns = task_cred_xxx(tsk, user)->user_ns; | ||
| 80 | get_user_ns(new_nsp->uts_ns->user_ns); | ||
| 81 | } | ||
| 82 | 77 | ||
| 83 | new_nsp->ipc_ns = copy_ipcs(flags, tsk->nsproxy->ipc_ns); | 78 | new_nsp->ipc_ns = copy_ipcs(flags, tsk->nsproxy->ipc_ns); |
| 84 | if (IS_ERR(new_nsp->ipc_ns)) { | 79 | if (IS_ERR(new_nsp->ipc_ns)) { |
diff --git a/kernel/sys.c b/kernel/sys.c index 1ad48b3b9068..5761c53e19e3 100644 --- a/kernel/sys.c +++ b/kernel/sys.c | |||
| @@ -1181,7 +1181,7 @@ SYSCALL_DEFINE2(sethostname, char __user *, name, int, len) | |||
| 1181 | int errno; | 1181 | int errno; |
| 1182 | char tmp[__NEW_UTS_LEN]; | 1182 | char tmp[__NEW_UTS_LEN]; |
| 1183 | 1183 | ||
| 1184 | if (!capable(CAP_SYS_ADMIN)) | 1184 | if (!ns_capable(current->nsproxy->uts_ns->user_ns, CAP_SYS_ADMIN)) |
| 1185 | return -EPERM; | 1185 | return -EPERM; |
| 1186 | if (len < 0 || len > __NEW_UTS_LEN) | 1186 | if (len < 0 || len > __NEW_UTS_LEN) |
| 1187 | return -EINVAL; | 1187 | return -EINVAL; |
diff --git a/kernel/utsname.c b/kernel/utsname.c index a7b3a8d1ad24..44646179eaba 100644 --- a/kernel/utsname.c +++ b/kernel/utsname.c | |||
| @@ -31,7 +31,8 @@ static struct uts_namespace *create_uts_ns(void) | |||
| 31 | * @old_ns: namespace to clone | 31 | * @old_ns: namespace to clone |
| 32 | * Return NULL on error (failure to kmalloc), new ns otherwise | 32 | * Return NULL on error (failure to kmalloc), new ns otherwise |
| 33 | */ | 33 | */ |
| 34 | static struct uts_namespace *clone_uts_ns(struct uts_namespace *old_ns) | 34 | static struct uts_namespace *clone_uts_ns(struct task_struct *tsk, |
| 35 | struct uts_namespace *old_ns) | ||
| 35 | { | 36 | { |
| 36 | struct uts_namespace *ns; | 37 | struct uts_namespace *ns; |
| 37 | 38 | ||
| @@ -41,8 +42,7 @@ static struct uts_namespace *clone_uts_ns(struct uts_namespace *old_ns) | |||
| 41 | 42 | ||
| 42 | down_read(&uts_sem); | 43 | down_read(&uts_sem); |
| 43 | memcpy(&ns->name, &old_ns->name, sizeof(ns->name)); | 44 | memcpy(&ns->name, &old_ns->name, sizeof(ns->name)); |
| 44 | ns->user_ns = old_ns->user_ns; | 45 | ns->user_ns = get_user_ns(task_cred_xxx(tsk, user)->user_ns); |
| 45 | get_user_ns(ns->user_ns); | ||
| 46 | up_read(&uts_sem); | 46 | up_read(&uts_sem); |
| 47 | return ns; | 47 | return ns; |
| 48 | } | 48 | } |
| @@ -53,8 +53,10 @@ static struct uts_namespace *clone_uts_ns(struct uts_namespace *old_ns) | |||
| 53 | * utsname of this process won't be seen by parent, and vice | 53 | * utsname of this process won't be seen by parent, and vice |
| 54 | * versa. | 54 | * versa. |
| 55 | */ | 55 | */ |
| 56 | struct uts_namespace *copy_utsname(unsigned long flags, struct uts_namespace *old_ns) | 56 | struct uts_namespace *copy_utsname(unsigned long flags, |
| 57 | struct task_struct *tsk) | ||
| 57 | { | 58 | { |
| 59 | struct uts_namespace *old_ns = tsk->nsproxy->uts_ns; | ||
| 58 | struct uts_namespace *new_ns; | 60 | struct uts_namespace *new_ns; |
| 59 | 61 | ||
| 60 | BUG_ON(!old_ns); | 62 | BUG_ON(!old_ns); |
| @@ -63,7 +65,7 @@ struct uts_namespace *copy_utsname(unsigned long flags, struct uts_namespace *ol | |||
| 63 | if (!(flags & CLONE_NEWUTS)) | 65 | if (!(flags & CLONE_NEWUTS)) |
| 64 | return old_ns; | 66 | return old_ns; |
| 65 | 67 | ||
| 66 | new_ns = clone_uts_ns(old_ns); | 68 | new_ns = clone_uts_ns(tsk, old_ns); |
| 67 | 69 | ||
| 68 | put_uts_ns(old_ns); | 70 | put_uts_ns(old_ns); |
| 69 | return new_ns; | 71 | return new_ns; |