aboutsummaryrefslogtreecommitdiffstats
path: root/security/yama/yama_lsm.c
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2012-12-17 18:44:47 -0500
committerLinus Torvalds <torvalds@linux-foundation.org>2012-12-17 18:44:47 -0500
commit6a2b60b17b3e48a418695a94bd2420f6ab32e519 (patch)
tree54b7792fa68b8890f710fa6398b6ba8626a039a8 /security/yama/yama_lsm.c
parent9228ff90387e276ad67b10c0eb525c9d6a57d5e9 (diff)
parent98f842e675f96ffac96e6c50315790912b2812be (diff)
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
Pull user namespace changes from Eric Biederman: "While small this set of changes is very significant with respect to containers in general and user namespaces in particular. The user space interface is now complete. This set of changes adds support for unprivileged users to create user namespaces and as a user namespace root to create other namespaces. The tyranny of supporting suid root preventing unprivileged users from using cool new kernel features is broken. This set of changes completes the work on setns, adding support for the pid, user, mount namespaces. This set of changes includes a bunch of basic pid namespace cleanups/simplifications. Of particular significance is the rework of the pid namespace cleanup so it no longer requires sending out tendrils into all kinds of unexpected cleanup paths for operation. At least one case of broken error handling is fixed by this cleanup. The files under /proc/<pid>/ns/ have been converted from regular files to magic symlinks which prevents incorrect caching by the VFS, ensuring the files always refer to the namespace the process is currently using and ensuring that the ptrace_mayaccess permission checks are always applied. The files under /proc/<pid>/ns/ have been given stable inode numbers so it is now possible to see if different processes share the same namespaces. Through the David Miller's net tree are changes to relax many of the permission checks in the networking stack to allowing the user namespace root to usefully use the networking stack. Similar changes for the mount namespace and the pid namespace are coming through my tree. Two small changes to add user namespace support were commited here adn in David Miller's -net tree so that I could complete the work on the /proc/<pid>/ns/ files in this tree. Work remains to make it safe to build user namespaces and 9p, afs, ceph, cifs, coda, gfs2, ncpfs, nfs, nfsd, ocfs2, and xfs so the Kconfig guard remains in place preventing that user namespaces from being built when any of those filesystems are enabled. Future design work remains to allow root users outside of the initial user namespace to mount more than just /proc and /sys." * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace: (38 commits) proc: Usable inode numbers for the namespace file descriptors. proc: Fix the namespace inode permission checks. proc: Generalize proc inode allocation userns: Allow unprivilged mounts of proc and sysfs userns: For /proc/self/{uid,gid}_map derive the lower userns from the struct file procfs: Print task uids and gids in the userns that opened the proc file userns: Implement unshare of the user namespace userns: Implent proc namespace operations userns: Kill task_user_ns userns: Make create_new_namespaces take a user_ns parameter userns: Allow unprivileged use of setns. userns: Allow unprivileged users to create new namespaces userns: Allow setting a userns mapping to your current uid. userns: Allow chown and setgid preservation userns: Allow unprivileged users to create user namespaces. userns: Ignore suid and sgid on binaries if the uid or gid can not be mapped userns: fix return value on mntns_install() failure vfs: Allow unprivileged manipulation of the mount namespace. vfs: Only support slave subtrees across different user namespaces vfs: Add a user namespace reference from struct mnt_namespace ...
Diffstat (limited to 'security/yama/yama_lsm.c')
-rw-r--r--security/yama/yama_lsm.c12
1 files changed, 9 insertions, 3 deletions
diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c
index 2663145d1197..23414b93771f 100644
--- a/security/yama/yama_lsm.c
+++ b/security/yama/yama_lsm.c
@@ -298,14 +298,18 @@ int yama_ptrace_access_check(struct task_struct *child,
298 /* No additional restrictions. */ 298 /* No additional restrictions. */
299 break; 299 break;
300 case YAMA_SCOPE_RELATIONAL: 300 case YAMA_SCOPE_RELATIONAL:
301 rcu_read_lock();
301 if (!task_is_descendant(current, child) && 302 if (!task_is_descendant(current, child) &&
302 !ptracer_exception_found(current, child) && 303 !ptracer_exception_found(current, child) &&
303 !ns_capable(task_user_ns(child), CAP_SYS_PTRACE)) 304 !ns_capable(__task_cred(child)->user_ns, CAP_SYS_PTRACE))
304 rc = -EPERM; 305 rc = -EPERM;
306 rcu_read_unlock();
305 break; 307 break;
306 case YAMA_SCOPE_CAPABILITY: 308 case YAMA_SCOPE_CAPABILITY:
307 if (!ns_capable(task_user_ns(child), CAP_SYS_PTRACE)) 309 rcu_read_lock();
310 if (!ns_capable(__task_cred(child)->user_ns, CAP_SYS_PTRACE))
308 rc = -EPERM; 311 rc = -EPERM;
312 rcu_read_unlock();
309 break; 313 break;
310 case YAMA_SCOPE_NO_ATTACH: 314 case YAMA_SCOPE_NO_ATTACH:
311 default: 315 default:
@@ -343,8 +347,10 @@ int yama_ptrace_traceme(struct task_struct *parent)
343 /* Only disallow PTRACE_TRACEME on more aggressive settings. */ 347 /* Only disallow PTRACE_TRACEME on more aggressive settings. */
344 switch (ptrace_scope) { 348 switch (ptrace_scope) {
345 case YAMA_SCOPE_CAPABILITY: 349 case YAMA_SCOPE_CAPABILITY:
346 if (!ns_capable(task_user_ns(parent), CAP_SYS_PTRACE)) 350 rcu_read_lock();
351 if (!ns_capable(__task_cred(parent)->user_ns, CAP_SYS_PTRACE))
347 rc = -EPERM; 352 rc = -EPERM;
353 rcu_read_unlock();
348 break; 354 break;
349 case YAMA_SCOPE_NO_ATTACH: 355 case YAMA_SCOPE_NO_ATTACH:
350 rc = -EPERM; 356 rc = -EPERM;