diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2012-12-18 13:55:28 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2012-12-18 13:55:28 -0500 |
| commit | a2faf2fc534f57ba26bc4d613795236ed4f5fb1c (patch) | |
| tree | d75c4daadb469c8f08c498532fbf1fff68879e69 /security | |
| parent | 4351654e3ddf86a04966163dce4def586303e5cc (diff) | |
| parent | 5155040ed349950e16c093ba8e65ad534994df2a (diff) | |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
Pull (again) user namespace infrastructure changes from Eric Biederman:
"Those bugs, those darn embarrasing bugs just want don't want to get
fixed.
Linus I just updated my mirror of your kernel.org tree and it appears
you successfully pulled everything except the last 4 commits that fix
those embarrasing bugs.
When you get a chance can you please repull my branch"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace:
userns: Fix typo in description of the limitation of userns_install
userns: Add a more complete capability subset test to commit_creds
userns: Require CAP_SYS_ADMIN for most uses of setns.
Fix cap_capable to only allow owners in the parent user namespace to have caps.
Diffstat (limited to 'security')
| -rw-r--r-- | security/commoncap.c | 25 |
1 files changed, 17 insertions, 8 deletions
diff --git a/security/commoncap.c b/security/commoncap.c index 6dbae4650abe..7ee08c756d6b 100644 --- a/security/commoncap.c +++ b/security/commoncap.c | |||
| @@ -76,24 +76,33 @@ int cap_netlink_send(struct sock *sk, struct sk_buff *skb) | |||
| 76 | int cap_capable(const struct cred *cred, struct user_namespace *targ_ns, | 76 | int cap_capable(const struct cred *cred, struct user_namespace *targ_ns, |
| 77 | int cap, int audit) | 77 | int cap, int audit) |
| 78 | { | 78 | { |
| 79 | for (;;) { | 79 | struct user_namespace *ns = targ_ns; |
| 80 | /* The owner of the user namespace has all caps. */ | ||
| 81 | if (targ_ns != &init_user_ns && uid_eq(targ_ns->owner, cred->euid)) | ||
| 82 | return 0; | ||
| 83 | 80 | ||
| 81 | /* See if cred has the capability in the target user namespace | ||
| 82 | * by examining the target user namespace and all of the target | ||
| 83 | * user namespace's parents. | ||
| 84 | */ | ||
| 85 | for (;;) { | ||
| 84 | /* Do we have the necessary capabilities? */ | 86 | /* Do we have the necessary capabilities? */ |
| 85 | if (targ_ns == cred->user_ns) | 87 | if (ns == cred->user_ns) |
| 86 | return cap_raised(cred->cap_effective, cap) ? 0 : -EPERM; | 88 | return cap_raised(cred->cap_effective, cap) ? 0 : -EPERM; |
| 87 | 89 | ||
| 88 | /* Have we tried all of the parent namespaces? */ | 90 | /* Have we tried all of the parent namespaces? */ |
| 89 | if (targ_ns == &init_user_ns) | 91 | if (ns == &init_user_ns) |
| 90 | return -EPERM; | 92 | return -EPERM; |
| 91 | 93 | ||
| 94 | /* | ||
| 95 | * The owner of the user namespace in the parent of the | ||
| 96 | * user namespace has all caps. | ||
| 97 | */ | ||
| 98 | if ((ns->parent == cred->user_ns) && uid_eq(ns->owner, cred->euid)) | ||
| 99 | return 0; | ||
| 100 | |||
| 92 | /* | 101 | /* |
| 93 | *If you have a capability in a parent user ns, then you have | 102 | * If you have a capability in a parent user ns, then you have |
| 94 | * it over all children user namespaces as well. | 103 | * it over all children user namespaces as well. |
| 95 | */ | 104 | */ |
| 96 | targ_ns = targ_ns->parent; | 105 | ns = ns->parent; |
| 97 | } | 106 | } |
| 98 | 107 | ||
| 99 | /* We never get here */ | 108 | /* We never get here */ |