aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorPavel Emelyanov <xemul@openvz.org>2007-10-19 02:40:14 -0400
committerLinus Torvalds <torvalds@woody.linux-foundation.org>2007-10-19 14:53:40 -0400
commitb488893a390edfe027bae7a46e9af8083e740668 (patch)
treec469a7f99ad01005a73011c029eb5e5d15454559 /net
parent3eb07c8c8adb6f0572baba844ba2d9e501654316 (diff)
pid namespaces: changes to show virtual ids to user
This is the largest patch in the set. Make all (I hope) the places where the pid is shown to or get from user operate on the virtual pids. The idea is: - all in-kernel data structures must store either struct pid itself or the pid's global nr, obtained with pid_nr() call; - when seeking the task from kernel code with the stored id one should use find_task_by_pid() call that works with global pids; - when showing pid's numerical value to the user the virtual one should be used, but however when one shows task's pid outside this task's namespace the global one is to be used; - when getting the pid from userspace one need to consider this as the virtual one and use appropriate task/pid-searching functions. [akpm@linux-foundation.org: build fix] [akpm@linux-foundation.org: nuther build fix] [akpm@linux-foundation.org: yet nuther build fix] [akpm@linux-foundation.org: remove unneeded casts] Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: Alexey Dobriyan <adobriyan@openvz.org> Cc: Sukadev Bhattiprolu <sukadev@us.ibm.com> Cc: Oleg Nesterov <oleg@tv-sign.ru> Cc: Paul Menage <menage@google.com> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'net')
-rw-r--r--net/core/scm.c4
-rw-r--r--net/unix/af_unix.c6
2 files changed, 6 insertions, 4 deletions
diff --git a/net/core/scm.c b/net/core/scm.c
index 530bee8d9ed9..100ba6d9d478 100644
--- a/net/core/scm.c
+++ b/net/core/scm.c
@@ -24,6 +24,8 @@
24#include <linux/interrupt.h> 24#include <linux/interrupt.h>
25#include <linux/netdevice.h> 25#include <linux/netdevice.h>
26#include <linux/security.h> 26#include <linux/security.h>
27#include <linux/pid.h>
28#include <linux/nsproxy.h>
27 29
28#include <asm/system.h> 30#include <asm/system.h>
29#include <asm/uaccess.h> 31#include <asm/uaccess.h>
@@ -42,7 +44,7 @@
42 44
43static __inline__ int scm_check_creds(struct ucred *creds) 45static __inline__ int scm_check_creds(struct ucred *creds)
44{ 46{
45 if ((creds->pid == current->tgid || capable(CAP_SYS_ADMIN)) && 47 if ((creds->pid == task_tgid_vnr(current) || capable(CAP_SYS_ADMIN)) &&
46 ((creds->uid == current->uid || creds->uid == current->euid || 48 ((creds->uid == current->uid || creds->uid == current->euid ||
47 creds->uid == current->suid) || capable(CAP_SETUID)) && 49 creds->uid == current->suid) || capable(CAP_SETUID)) &&
48 ((creds->gid == current->gid || creds->gid == current->egid || 50 ((creds->gid == current->gid || creds->gid == current->egid ||
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index 6996cba5aa96..9163ec526c2a 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -483,7 +483,7 @@ static int unix_listen(struct socket *sock, int backlog)
483 sk->sk_max_ack_backlog = backlog; 483 sk->sk_max_ack_backlog = backlog;
484 sk->sk_state = TCP_LISTEN; 484 sk->sk_state = TCP_LISTEN;
485 /* set credentials so connect can copy them */ 485 /* set credentials so connect can copy them */
486 sk->sk_peercred.pid = current->tgid; 486 sk->sk_peercred.pid = task_tgid_vnr(current);
487 sk->sk_peercred.uid = current->euid; 487 sk->sk_peercred.uid = current->euid;
488 sk->sk_peercred.gid = current->egid; 488 sk->sk_peercred.gid = current->egid;
489 err = 0; 489 err = 0;
@@ -1133,7 +1133,7 @@ restart:
1133 unix_peer(newsk) = sk; 1133 unix_peer(newsk) = sk;
1134 newsk->sk_state = TCP_ESTABLISHED; 1134 newsk->sk_state = TCP_ESTABLISHED;
1135 newsk->sk_type = sk->sk_type; 1135 newsk->sk_type = sk->sk_type;
1136 newsk->sk_peercred.pid = current->tgid; 1136 newsk->sk_peercred.pid = task_tgid_vnr(current);
1137 newsk->sk_peercred.uid = current->euid; 1137 newsk->sk_peercred.uid = current->euid;
1138 newsk->sk_peercred.gid = current->egid; 1138 newsk->sk_peercred.gid = current->egid;
1139 newu = unix_sk(newsk); 1139 newu = unix_sk(newsk);
@@ -1194,7 +1194,7 @@ static int unix_socketpair(struct socket *socka, struct socket *sockb)
1194 sock_hold(skb); 1194 sock_hold(skb);
1195 unix_peer(ska)=skb; 1195 unix_peer(ska)=skb;
1196 unix_peer(skb)=ska; 1196 unix_peer(skb)=ska;
1197 ska->sk_peercred.pid = skb->sk_peercred.pid = current->tgid; 1197 ska->sk_peercred.pid = skb->sk_peercred.pid = task_tgid_vnr(current);
1198 ska->sk_peercred.uid = skb->sk_peercred.uid = current->euid; 1198 ska->sk_peercred.uid = skb->sk_peercred.uid = current->euid;
1199 ska->sk_peercred.gid = skb->sk_peercred.gid = current->egid; 1199 ska->sk_peercred.gid = skb->sk_peercred.gid = current->egid;
1200 1200