diff options
| author | Eric W. Biederman <ebiederm@xmission.com> | 2012-08-02 07:25:10 -0400 |
|---|---|---|
| committer | Eric W. Biederman <ebiederm@xmission.com> | 2012-11-19 08:57:31 -0500 |
| commit | 49f4d8b93ccf9454284b6f524b96c66d8d7fbccc (patch) | |
| tree | 06540b59a9d302687fd0519239729c1612d0e2b7 /kernel | |
| parent | ae06c7c83fc6e97ba247a261921c101960f3d28f (diff) | |
pidns: Capture the user namespace and filter ns_last_pid
- Capture the the user namespace that creates the pid namespace
- Use that user namespace to test if it is ok to write to
/proc/sys/kernel/ns_last_pid.
Zhao Hongjiang <zhaohongjiang@huawei.com> noticed I was missing a put_user_ns
in when destroying a pid_ns. I have foloded his patch into this one
so that bisects will work properly.
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Diffstat (limited to 'kernel')
| -rw-r--r-- | kernel/nsproxy.c | 2 | ||||
| -rw-r--r-- | kernel/pid.c | 1 | ||||
| -rw-r--r-- | kernel/pid_namespace.c | 17 |
3 files changed, 14 insertions, 6 deletions
diff --git a/kernel/nsproxy.c b/kernel/nsproxy.c index 7e1c3de1ce45..ca27d2c5264d 100644 --- a/kernel/nsproxy.c +++ b/kernel/nsproxy.c | |||
| @@ -84,7 +84,7 @@ static struct nsproxy *create_new_namespaces(unsigned long flags, | |||
| 84 | goto out_ipc; | 84 | goto out_ipc; |
| 85 | } | 85 | } |
| 86 | 86 | ||
| 87 | new_nsp->pid_ns = copy_pid_ns(flags, task_active_pid_ns(tsk)); | 87 | new_nsp->pid_ns = copy_pid_ns(flags, task_cred_xxx(tsk, user_ns), task_active_pid_ns(tsk)); |
| 88 | if (IS_ERR(new_nsp->pid_ns)) { | 88 | if (IS_ERR(new_nsp->pid_ns)) { |
| 89 | err = PTR_ERR(new_nsp->pid_ns); | 89 | err = PTR_ERR(new_nsp->pid_ns); |
| 90 | goto out_pid; | 90 | goto out_pid; |
diff --git a/kernel/pid.c b/kernel/pid.c index aebd4f5aaf41..2a624f1486e1 100644 --- a/kernel/pid.c +++ b/kernel/pid.c | |||
| @@ -78,6 +78,7 @@ struct pid_namespace init_pid_ns = { | |||
| 78 | .last_pid = 0, | 78 | .last_pid = 0, |
| 79 | .level = 0, | 79 | .level = 0, |
| 80 | .child_reaper = &init_task, | 80 | .child_reaper = &init_task, |
| 81 | .user_ns = &init_user_ns, | ||
| 81 | }; | 82 | }; |
| 82 | EXPORT_SYMBOL_GPL(init_pid_ns); | 83 | EXPORT_SYMBOL_GPL(init_pid_ns); |
| 83 | 84 | ||
diff --git a/kernel/pid_namespace.c b/kernel/pid_namespace.c index 7b07cc0dfb75..b2604950aa50 100644 --- a/kernel/pid_namespace.c +++ b/kernel/pid_namespace.c | |||
| @@ -10,6 +10,7 @@ | |||
| 10 | 10 | ||
| 11 | #include <linux/pid.h> | 11 | #include <linux/pid.h> |
| 12 | #include <linux/pid_namespace.h> | 12 | #include <linux/pid_namespace.h> |
| 13 | #include <linux/user_namespace.h> | ||
| 13 | #include <linux/syscalls.h> | 14 | #include <linux/syscalls.h> |
| 14 | #include <linux/err.h> | 15 | #include <linux/err.h> |
| 15 | #include <linux/acct.h> | 16 | #include <linux/acct.h> |
| @@ -74,7 +75,8 @@ err_alloc: | |||
| 74 | /* MAX_PID_NS_LEVEL is needed for limiting size of 'struct pid' */ | 75 | /* MAX_PID_NS_LEVEL is needed for limiting size of 'struct pid' */ |
| 75 | #define MAX_PID_NS_LEVEL 32 | 76 | #define MAX_PID_NS_LEVEL 32 |
| 76 | 77 | ||
| 77 | static struct pid_namespace *create_pid_namespace(struct pid_namespace *parent_pid_ns) | 78 | static struct pid_namespace *create_pid_namespace(struct user_namespace *user_ns, |
| 79 | struct pid_namespace *parent_pid_ns) | ||
| 78 | { | 80 | { |
| 79 | struct pid_namespace *ns; | 81 | struct pid_namespace *ns; |
| 80 | unsigned int level = parent_pid_ns->level + 1; | 82 | unsigned int level = parent_pid_ns->level + 1; |
| @@ -102,6 +104,7 @@ static struct pid_namespace *create_pid_namespace(struct pid_namespace *parent_p | |||
| 102 | kref_init(&ns->kref); | 104 | kref_init(&ns->kref); |
| 103 | ns->level = level; | 105 | ns->level = level; |
| 104 | ns->parent = get_pid_ns(parent_pid_ns); | 106 | ns->parent = get_pid_ns(parent_pid_ns); |
| 107 | ns->user_ns = get_user_ns(user_ns); | ||
| 105 | 108 | ||
| 106 | set_bit(0, ns->pidmap[0].page); | 109 | set_bit(0, ns->pidmap[0].page); |
| 107 | atomic_set(&ns->pidmap[0].nr_free, BITS_PER_PAGE - 1); | 110 | atomic_set(&ns->pidmap[0].nr_free, BITS_PER_PAGE - 1); |
| @@ -117,6 +120,7 @@ static struct pid_namespace *create_pid_namespace(struct pid_namespace *parent_p | |||
| 117 | 120 | ||
| 118 | out_put_parent_pid_ns: | 121 | out_put_parent_pid_ns: |
| 119 | put_pid_ns(parent_pid_ns); | 122 | put_pid_ns(parent_pid_ns); |
| 123 | put_user_ns(user_ns); | ||
| 120 | out_free_map: | 124 | out_free_map: |
| 121 | kfree(ns->pidmap[0].page); | 125 | kfree(ns->pidmap[0].page); |
| 122 | out_free: | 126 | out_free: |
| @@ -131,16 +135,18 @@ static void destroy_pid_namespace(struct pid_namespace *ns) | |||
| 131 | 135 | ||
| 132 | for (i = 0; i < PIDMAP_ENTRIES; i++) | 136 | for (i = 0; i < PIDMAP_ENTRIES; i++) |
| 133 | kfree(ns->pidmap[i].page); | 137 | kfree(ns->pidmap[i].page); |
| 138 | put_user_ns(ns->user_ns); | ||
| 134 | kmem_cache_free(pid_ns_cachep, ns); | 139 | kmem_cache_free(pid_ns_cachep, ns); |
| 135 | } | 140 | } |
| 136 | 141 | ||
| 137 | struct pid_namespace *copy_pid_ns(unsigned long flags, struct pid_namespace *old_ns) | 142 | struct pid_namespace *copy_pid_ns(unsigned long flags, |
| 143 | struct user_namespace *user_ns, struct pid_namespace *old_ns) | ||
| 138 | { | 144 | { |
| 139 | if (!(flags & CLONE_NEWPID)) | 145 | if (!(flags & CLONE_NEWPID)) |
| 140 | return get_pid_ns(old_ns); | 146 | return get_pid_ns(old_ns); |
| 141 | if (flags & (CLONE_THREAD|CLONE_PARENT)) | 147 | if (flags & (CLONE_THREAD|CLONE_PARENT)) |
| 142 | return ERR_PTR(-EINVAL); | 148 | return ERR_PTR(-EINVAL); |
| 143 | return create_pid_namespace(old_ns); | 149 | return create_pid_namespace(user_ns, old_ns); |
| 144 | } | 150 | } |
| 145 | 151 | ||
| 146 | static void free_pid_ns(struct kref *kref) | 152 | static void free_pid_ns(struct kref *kref) |
| @@ -239,9 +245,10 @@ void zap_pid_ns_processes(struct pid_namespace *pid_ns) | |||
| 239 | static int pid_ns_ctl_handler(struct ctl_table *table, int write, | 245 | static int pid_ns_ctl_handler(struct ctl_table *table, int write, |
| 240 | void __user *buffer, size_t *lenp, loff_t *ppos) | 246 | void __user *buffer, size_t *lenp, loff_t *ppos) |
| 241 | { | 247 | { |
| 248 | struct pid_namespace *pid_ns = task_active_pid_ns(current); | ||
| 242 | struct ctl_table tmp = *table; | 249 | struct ctl_table tmp = *table; |
| 243 | 250 | ||
| 244 | if (write && !capable(CAP_SYS_ADMIN)) | 251 | if (write && !ns_capable(pid_ns->user_ns, CAP_SYS_ADMIN)) |
| 245 | return -EPERM; | 252 | return -EPERM; |
| 246 | 253 | ||
| 247 | /* | 254 | /* |
| @@ -250,7 +257,7 @@ static int pid_ns_ctl_handler(struct ctl_table *table, int write, | |||
| 250 | * it should synchronize its usage with external means. | 257 | * it should synchronize its usage with external means. |
| 251 | */ | 258 | */ |
| 252 | 259 | ||
| 253 | tmp.data = ¤t->nsproxy->pid_ns->last_pid; | 260 | tmp.data = &pid_ns->last_pid; |
| 254 | return proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); | 261 | return proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); |
| 255 | } | 262 | } |
| 256 | 263 | ||