1 files changed, 129 insertions, 1 deletions
diff --git a/init/Kconfig b/init/Kconfig
index a30fe085940e..ccb5248474c2 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -873,7 +873,10 @@ config IPC_NS
 config USER_NS
        bool "User namespace (EXPERIMENTAL)"
        depends on EXPERIMENTAL
-        default y
+        depends on UIDGID_CONVERTED
+        select UIDGID_STRICT_TYPE_CHECKS
+        default n
        help
          This allows containers, i.e. vservers, to use user namespaces
          to provide different user info for different servers.
@@ -897,6 +900,131 @@ config NET_NS
 endif # NAMESPACES
+config UIDGID_CONVERTED
+        # True if all of the selected software conmponents are known
+        # to have uid_t and gid_t converted to kuid_t and kgid_t
+        # where appropriate and are otherwise safe to use with
+        # the user namespace.
+        bool
+        default y
+        # List of kernel pieces that need user namespace work
+        # Features
+        depends on SYSVIPC = n
+        depends on IMA = n
+        depends on EVM = n
+        depends on KEYS = n
+        depends on AUDIT = n
+        depends on AUDITSYSCALL = n
+        depends on TASKSTATS = n
+        depends on TRACING = n
+        depends on FS_POSIX_ACL = n
+        depends on QUOTA = n
+        depends on QUOTACTL = n
+        depends on DEBUG_CREDENTIALS = n
+        depends on BSD_PROCESS_ACCT = n
+        depends on DRM = n
+        depends on PROC_EVENTS = n
+        # Networking
+        depends on NET = n
+        depends on NET_9P = n
+        depends on IPX = n
+        depends on PHONET = n
+        depends on NET_CLS_FLOW = n
+        depends on NETFILTER_XT_MATCH_OWNER = n
+        depends on NETFILTER_XT_MATCH_RECENT = n
+        depends on NETFILTER_XT_TARGET_LOG = n
+        depends on NETFILTER_NETLINK_LOG = n
+        depends on INET = n
+        depends on IPV6 = n
+        depends on IP_SCTP = n
+        depends on AF_RXRPC = n
+        depends on LLC2 = n
+        depends on NET_KEY = n
+        depends on INET_DIAG = n
+        depends on DNS_RESOLVER = n
+        depends on AX25 = n
+        depends on ATALK = n
+        # Filesystems
+        depends on USB_DEVICEFS = n
+        depends on USB_GADGETFS = n
+        depends on USB_FUNCTIONFS = n
+        depends on DEVTMPFS = n
+        depends on XENFS = n
+        depends on 9P_FS = n
+        depends on ADFS_FS = n
+        depends on AFFS_FS = n
+        depends on AFS_FS = n
+        depends on AUTOFS4_FS = n
+        depends on BEFS_FS = n
+        depends on BFS_FS = n
+        depends on BTRFS_FS = n
+        depends on CEPH_FS = n
+        depends on CIFS = n
+        depends on CODA_FS = n
+        depends on CONFIGFS_FS = n
+        depends on CRAMFS = n
+        depends on DEBUG_FS = n
+        depends on ECRYPT_FS = n
+        depends on EFS_FS = n
+        depends on EXOFS_FS = n
+        depends on FAT_FS = n
+        depends on FUSE_FS = n
+        depends on GFS2_FS = n
+        depends on HFS_FS = n
+        depends on HFSPLUS_FS = n
+        depends on HPFS_FS = n
+        depends on HUGETLBFS = n
+        depends on ISO9660_FS = n
+        depends on JFFS2_FS = n
+        depends on JFS_FS = n
+        depends on LOGFS = n
+        depends on MINIX_FS = n
+        depends on NCP_FS = n
+        depends on NFSD = n
+        depends on NFS_FS = n
+        depends on NILFS2_FS = n
+        depends on NTFS_FS = n
+        depends on OCFS2_FS = n
+        depends on OMFS_FS = n
+        depends on QNX4FS_FS = n
+        depends on QNX6FS_FS = n
+        depends on REISERFS_FS = n
+        depends on SQUASHFS = n
+        depends on SYSV_FS = n
+        depends on UBIFS_FS = n
+        depends on UDF_FS = n
+        depends on UFS_FS = n
+        depends on VXFS_FS = n
+        depends on XFS_FS = n
+        depends on !UML || HOSTFS = n
+        # The rare drivers that won't build
+        depends on AIRO = n
+        depends on AIRO_CS = n
+        depends on TUN = n
+        depends on INFINIBAND_QIB = n
+        depends on BLK_DEV_LOOP = n
+        depends on ANDROID_BINDER_IPC = n
+        # Security modules
+        depends on SECURITY_TOMOYO = n
+        depends on SECURITY_APPARMOR = n
+config UIDGID_STRICT_TYPE_CHECKS
+        bool "Require conversions between uid/gids and their internal representation"
+        depends on UIDGID_CONVERTED
+        default n
+        help
+         While the nececessary conversions are being added to all subsystems this option allows
+         the code to continue to build for unconverted subsystems.
+         Say Y here if you want the strict type checking enabled
 config SCHED_AUTOGROUP
        bool "Automatic process group scheduling"
        select EVENTFD

diff --git a/init/Kconfig b/init/Kconfig index a30fe085940e..ccb5248474c2 100644 --- a/init/Kconfig +++ b/init/Kconfig
@@ -873,7 +873,10 @@ config IPC_NS
873	config USER_NS	873	config USER_NS
874	bool "User namespace (EXPERIMENTAL)"	874	bool "User namespace (EXPERIMENTAL)"
875	depends on EXPERIMENTAL	875	depends on EXPERIMENTAL
876	default y	876	depends on UIDGID_CONVERTED
		877	select UIDGID_STRICT_TYPE_CHECKS
		878
		879	default n
877	help	880	help
878	This allows containers, i.e. vservers, to use user namespaces	881	This allows containers, i.e. vservers, to use user namespaces
879	to provide different user info for different servers.	882	to provide different user info for different servers.
@@ -897,6 +900,131 @@ config NET_NS
897		900
898	endif # NAMESPACES	901	endif # NAMESPACES
899		902
		903	config UIDGID_CONVERTED
		904	# True if all of the selected software conmponents are known
		905	# to have uid_t and gid_t converted to kuid_t and kgid_t
		906	# where appropriate and are otherwise safe to use with
		907	# the user namespace.
		908	bool
		909	default y
		910
		911	# List of kernel pieces that need user namespace work
		912	# Features
		913	depends on SYSVIPC = n
		914	depends on IMA = n
		915	depends on EVM = n
		916	depends on KEYS = n
		917	depends on AUDIT = n
		918	depends on AUDITSYSCALL = n
		919	depends on TASKSTATS = n
		920	depends on TRACING = n
		921	depends on FS_POSIX_ACL = n
		922	depends on QUOTA = n
		923	depends on QUOTACTL = n
		924	depends on DEBUG_CREDENTIALS = n
		925	depends on BSD_PROCESS_ACCT = n
		926	depends on DRM = n
		927	depends on PROC_EVENTS = n
		928
		929	# Networking
		930	depends on NET = n
		931	depends on NET_9P = n
		932	depends on IPX = n
		933	depends on PHONET = n
		934	depends on NET_CLS_FLOW = n
		935	depends on NETFILTER_XT_MATCH_OWNER = n
		936	depends on NETFILTER_XT_MATCH_RECENT = n
		937	depends on NETFILTER_XT_TARGET_LOG = n
		938	depends on NETFILTER_NETLINK_LOG = n
		939	depends on INET = n
		940	depends on IPV6 = n
		941	depends on IP_SCTP = n
		942	depends on AF_RXRPC = n
		943	depends on LLC2 = n
		944	depends on NET_KEY = n
		945	depends on INET_DIAG = n
		946	depends on DNS_RESOLVER = n
		947	depends on AX25 = n
		948	depends on ATALK = n
		949
		950	# Filesystems
		951	depends on USB_DEVICEFS = n
		952	depends on USB_GADGETFS = n
		953	depends on USB_FUNCTIONFS = n
		954	depends on DEVTMPFS = n
		955	depends on XENFS = n
		956
		957	depends on 9P_FS = n
		958	depends on ADFS_FS = n
		959	depends on AFFS_FS = n
		960	depends on AFS_FS = n
		961	depends on AUTOFS4_FS = n
		962	depends on BEFS_FS = n
		963	depends on BFS_FS = n
		964	depends on BTRFS_FS = n
		965	depends on CEPH_FS = n
		966	depends on CIFS = n
		967	depends on CODA_FS = n
		968	depends on CONFIGFS_FS = n
		969	depends on CRAMFS = n
		970	depends on DEBUG_FS = n
		971	depends on ECRYPT_FS = n
		972	depends on EFS_FS = n
		973	depends on EXOFS_FS = n
		974	depends on FAT_FS = n
		975	depends on FUSE_FS = n
		976	depends on GFS2_FS = n
		977	depends on HFS_FS = n
		978	depends on HFSPLUS_FS = n
		979	depends on HPFS_FS = n
		980	depends on HUGETLBFS = n
		981	depends on ISO9660_FS = n
		982	depends on JFFS2_FS = n
		983	depends on JFS_FS = n
		984	depends on LOGFS = n
		985	depends on MINIX_FS = n
		986	depends on NCP_FS = n
		987	depends on NFSD = n
		988	depends on NFS_FS = n
		989	depends on NILFS2_FS = n
		990	depends on NTFS_FS = n
		991	depends on OCFS2_FS = n
		992	depends on OMFS_FS = n
		993	depends on QNX4FS_FS = n
		994	depends on QNX6FS_FS = n
		995	depends on REISERFS_FS = n
		996	depends on SQUASHFS = n
		997	depends on SYSV_FS = n
		998	depends on UBIFS_FS = n
		999	depends on UDF_FS = n
		1000	depends on UFS_FS = n
		1001	depends on VXFS_FS = n
		1002	depends on XFS_FS = n
		1003
		1004	depends on !UML \|\| HOSTFS = n
		1005
		1006	# The rare drivers that won't build
		1007	depends on AIRO = n
		1008	depends on AIRO_CS = n
		1009	depends on TUN = n
		1010	depends on INFINIBAND_QIB = n
		1011	depends on BLK_DEV_LOOP = n
		1012	depends on ANDROID_BINDER_IPC = n
		1013
		1014	# Security modules
		1015	depends on SECURITY_TOMOYO = n
		1016	depends on SECURITY_APPARMOR = n
		1017
		1018	config UIDGID_STRICT_TYPE_CHECKS
		1019	bool "Require conversions between uid/gids and their internal representation"
		1020	depends on UIDGID_CONVERTED
		1021	default n
		1022	help
		1023	While the nececessary conversions are being added to all subsystems this option allows
		1024	the code to continue to build for unconverted subsystems.
		1025
		1026	Say Y here if you want the strict type checking enabled
		1027
900	config SCHED_AUTOGROUP	1028	config SCHED_AUTOGROUP
901	bool "Automatic process group scheduling"	1029	bool "Automatic process group scheduling"
902	select EVENTFD	1030	select EVENTFD