1 files changed, 131 insertions, 0 deletions
diff --git a/init/Kconfig b/init/Kconfig
index 86cf760893b3..3349670149dc 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -828,7 +828,9 @@ config IPC_NS
 config USER_NS
        bool "User namespace (EXPERIMENTAL)"
        depends on EXPERIMENTAL
+        depends on UIDGID_CONVERTED
        select UIDGID_STRICT_TYPE_CHECKS
        default n
        help
          This allows containers, i.e. vservers, to use user namespaces
@@ -853,8 +855,137 @@ config NET_NS
 endif # NAMESPACES
+config UIDGID_CONVERTED
+        # True if all of the selected software conmponents are known
+        # to have uid_t and gid_t converted to kuid_t and kgid_t
+        # where appropriate and are otherwise safe to use with
+        # the user namespace.
+        bool
+        default y
+        # List of kernel pieces that need user namespace work
+        # Features
+        depends on BINFMT_ELF = n
+        depends on BINFMT_ELF_FDPIC = n
+        depends on UNIX98_PTYS = n
+        depends on CGROUPS = n
+        depends on MIGRATION = n
+        depends on NUMA = n
+        depends on SYSVIPC = n
+        depends on IMA = n
+        depends on EVM = n
+        depends on KEYS = n
+        depends on AUDIT = n
+        depends on AUDITSYSCALL = n
+        depends on TASKSTATS = n
+        depends on TRACING = n
+        depends on FS_POSIX_ACL = n
+        depends on QUOTA = n
+        depends on QUOTACTL = n
+        depends on DEBUG_CREDENTIALS = n
+        depends on BSD_PROCESS_ACCT = n
+        depends on DRM = n
+        depends on PROC_EVENTS = n
+        # Networking
+        depends on NET = n
+        depends on NET_9P = n
+        depends on IPX = n
+        depends on PHONET = n
+        depends on NET_CLS_FLOW = n
+        depends on NETFILTER_XT_MATCH_OWNER = n
+        depends on NETFILTER_XT_MATCH_RECENT = n
+        depends on NETFILTER_XT_TARGET_LOG = n
+        depends on NETFILTER_NETLINK_LOG = n
+        depends on INET = n
+        depends on IPV6 = n
+        depends on IP_SCTP = n
+        depends on AF_RXRPC = n
+        depends on LLC2 = n
+        depends on NET_KEY = n
+        depends on INET_DIAG = n
+        depends on DNS_RESOLVER = n
+        depends on AX25 = n
+        depends on ATALK = n
+        # Filesystems
+        depends on USB_DEVICEFS = n
+        depends on USB_GADGETFS = n
+        depends on USB_FUNCTIONFS = n
+        depends on DEVTMPFS = n
+        depends on XENFS = n
+        depends on 9P_FS = n
+        depends on ADFS_FS = n
+        depends on AFFS_FS = n
+        depends on AFS_FS = n
+        depends on AUTOFS4_FS = n
+        depends on BEFS_FS = n
+        depends on BFS_FS = n
+        depends on BTRFS_FS = n
+        depends on CEPH_FS = n
+        depends on CIFS = n
+        depends on CODA_FS = n
+        depends on CONFIGFS_FS = n
+        depends on CRAMFS = n
+        depends on DEBUG_FS = n
+        depends on ECRYPT_FS = n
+        depends on EFS_FS = n
+        depends on EXOFS_FS = n
+        depends on EXT2_FS = n
+        depends on EXT3_FS = n
+        depends on EXT4_FS = n
+        depends on FAT_FS = n
+        depends on FUSE_FS = n
+        depends on GFS2_FS = n
+        depends on HFS_FS = n
+        depends on HFSPLUS_FS = n
+        depends on HPFS_FS = n
+        depends on HUGETLBFS = n
+        depends on ISO9660_FS = n
+        depends on JFFS2_FS = n
+        depends on JFS_FS = n
+        depends on LOGFS = n
+        depends on MINIX_FS = n
+        depends on NCP_FS = n
+        depends on NFSD = n
+        depends on NFS_FS = n
+        depends on NILFS2_FS = n
+        depends on NTFS_FS = n
+        depends on OCFS2_FS = n
+        depends on OMFS_FS = n
+        depends on PROC_FS = n
+        depends on PROC_SYSCTL = n
+        depends on QNX4FS_FS = n
+        depends on QNX6FS_FS = n
+        depends on REISERFS_FS = n
+        depends on SQUASHFS = n
+        depends on SYSFS = n
+        depends on SYSV_FS = n
+        depends on TMPFS = n
+        depends on UBIFS_FS = n
+        depends on UDF_FS = n
+        depends on UFS_FS = n
+        depends on VXFS_FS = n
+        depends on XFS_FS = n
+        depends on !UML || HOSTFS = n
+        # The rare drivers that won't build
+        depends on AIRO = n
+        depends on AIRO_CS = n
+        depends on TUN = n
+        depends on INFINIBAND_QIB = n
+        depends on BLK_DEV_LOOP = n
+        depends on ANDROID_BINDER_IPC = n
+        # Security modules
+        depends on SECURITY_TOMOYO = n
+        depends on SECURITY_APPARMOR = n
 config UIDGID_STRICT_TYPE_CHECKS
        bool "Require conversions between uid/gids and their internal representation"
+        depends on UIDGID_CONVERTED
        default n
        help
         While the nececessary conversions are being added to all subsystems this option allows

diff --git a/init/Kconfig b/init/Kconfig index 86cf760893b3..3349670149dc 100644 --- a/init/Kconfig +++ b/init/Kconfig
@@ -828,7 +828,9 @@ config IPC_NS
828	config USER_NS	828	config USER_NS
829	bool "User namespace (EXPERIMENTAL)"	829	bool "User namespace (EXPERIMENTAL)"
830	depends on EXPERIMENTAL	830	depends on EXPERIMENTAL
		831	depends on UIDGID_CONVERTED
831	select UIDGID_STRICT_TYPE_CHECKS	832	select UIDGID_STRICT_TYPE_CHECKS
		833
832	default n	834	default n
833	help	835	help
834	This allows containers, i.e. vservers, to use user namespaces	836	This allows containers, i.e. vservers, to use user namespaces
@@ -853,8 +855,137 @@ config NET_NS
853		855
854	endif # NAMESPACES	856	endif # NAMESPACES
855		857
		858	config UIDGID_CONVERTED
		859	# True if all of the selected software conmponents are known
		860	# to have uid_t and gid_t converted to kuid_t and kgid_t
		861	# where appropriate and are otherwise safe to use with
		862	# the user namespace.
		863	bool
		864	default y
		865
		866	# List of kernel pieces that need user namespace work
		867	# Features
		868	depends on BINFMT_ELF = n
		869	depends on BINFMT_ELF_FDPIC = n
		870	depends on UNIX98_PTYS = n
		871	depends on CGROUPS = n
		872	depends on MIGRATION = n
		873	depends on NUMA = n
		874	depends on SYSVIPC = n
		875	depends on IMA = n
		876	depends on EVM = n
		877	depends on KEYS = n
		878	depends on AUDIT = n
		879	depends on AUDITSYSCALL = n
		880	depends on TASKSTATS = n
		881	depends on TRACING = n
		882	depends on FS_POSIX_ACL = n
		883	depends on QUOTA = n
		884	depends on QUOTACTL = n
		885	depends on DEBUG_CREDENTIALS = n
		886	depends on BSD_PROCESS_ACCT = n
		887	depends on DRM = n
		888	depends on PROC_EVENTS = n
		889
		890	# Networking
		891	depends on NET = n
		892	depends on NET_9P = n
		893	depends on IPX = n
		894	depends on PHONET = n
		895	depends on NET_CLS_FLOW = n
		896	depends on NETFILTER_XT_MATCH_OWNER = n
		897	depends on NETFILTER_XT_MATCH_RECENT = n
		898	depends on NETFILTER_XT_TARGET_LOG = n
		899	depends on NETFILTER_NETLINK_LOG = n
		900	depends on INET = n
		901	depends on IPV6 = n
		902	depends on IP_SCTP = n
		903	depends on AF_RXRPC = n
		904	depends on LLC2 = n
		905	depends on NET_KEY = n
		906	depends on INET_DIAG = n
		907	depends on DNS_RESOLVER = n
		908	depends on AX25 = n
		909	depends on ATALK = n
		910
		911	# Filesystems
		912	depends on USB_DEVICEFS = n
		913	depends on USB_GADGETFS = n
		914	depends on USB_FUNCTIONFS = n
		915	depends on DEVTMPFS = n
		916	depends on XENFS = n
		917
		918	depends on 9P_FS = n
		919	depends on ADFS_FS = n
		920	depends on AFFS_FS = n
		921	depends on AFS_FS = n
		922	depends on AUTOFS4_FS = n
		923	depends on BEFS_FS = n
		924	depends on BFS_FS = n
		925	depends on BTRFS_FS = n
		926	depends on CEPH_FS = n
		927	depends on CIFS = n
		928	depends on CODA_FS = n
		929	depends on CONFIGFS_FS = n
		930	depends on CRAMFS = n
		931	depends on DEBUG_FS = n
		932	depends on ECRYPT_FS = n
		933	depends on EFS_FS = n
		934	depends on EXOFS_FS = n
		935	depends on EXT2_FS = n
		936	depends on EXT3_FS = n
		937	depends on EXT4_FS = n
		938	depends on FAT_FS = n
		939	depends on FUSE_FS = n
		940	depends on GFS2_FS = n
		941	depends on HFS_FS = n
		942	depends on HFSPLUS_FS = n
		943	depends on HPFS_FS = n
		944	depends on HUGETLBFS = n
		945	depends on ISO9660_FS = n
		946	depends on JFFS2_FS = n
		947	depends on JFS_FS = n
		948	depends on LOGFS = n
		949	depends on MINIX_FS = n
		950	depends on NCP_FS = n
		951	depends on NFSD = n
		952	depends on NFS_FS = n
		953	depends on NILFS2_FS = n
		954	depends on NTFS_FS = n
		955	depends on OCFS2_FS = n
		956	depends on OMFS_FS = n
		957	depends on PROC_FS = n
		958	depends on PROC_SYSCTL = n
		959	depends on QNX4FS_FS = n
		960	depends on QNX6FS_FS = n
		961	depends on REISERFS_FS = n
		962	depends on SQUASHFS = n
		963	depends on SYSFS = n
		964	depends on SYSV_FS = n
		965	depends on TMPFS = n
		966	depends on UBIFS_FS = n
		967	depends on UDF_FS = n
		968	depends on UFS_FS = n
		969	depends on VXFS_FS = n
		970	depends on XFS_FS = n
		971
		972	depends on !UML \|\| HOSTFS = n
		973
		974	# The rare drivers that won't build
		975	depends on AIRO = n
		976	depends on AIRO_CS = n
		977	depends on TUN = n
		978	depends on INFINIBAND_QIB = n
		979	depends on BLK_DEV_LOOP = n
		980	depends on ANDROID_BINDER_IPC = n
		981
		982	# Security modules
		983	depends on SECURITY_TOMOYO = n
		984	depends on SECURITY_APPARMOR = n
		985
856	config UIDGID_STRICT_TYPE_CHECKS	986	config UIDGID_STRICT_TYPE_CHECKS
857	bool "Require conversions between uid/gids and their internal representation"	987	bool "Require conversions between uid/gids and their internal representation"
		988	depends on UIDGID_CONVERTED
858	default n	989	default n
859	help	990	help
860	While the nececessary conversions are being added to all subsystems this option allows	991	While the nececessary conversions are being added to all subsystems this option allows