Commit 18b6e041 authored by Serge Hallyn's avatar Serge Hallyn Committed by Serge E. Hallyn
Browse files

User namespaces: set of cleanups (v2) 



The user_ns is moved from nsproxy to user_struct, so that a struct
cred by itself is sufficient to determine access (which it otherwise
would not be).  Corresponding ecryptfs fixes (by David Howells) are
here as well.

Fix refcounting.  The following rules now apply:
        1. The task pins the user struct.
        2. The user struct pins its user namespace.
        3. The user namespace pins the struct user which created it.

User namespaces are cloned during copy_creds().  Unsharing a new user_ns
is no longer possible.  (We could re-add that, but it'll cause code
duplication and doesn't seem useful if PAM doesn't need to clone user
namespaces).

When a user namespace is created, its first user (uid 0) gets empty
keyrings and a clean group_info.

This incorporates a previous patch by David Howells.  Here
is his original patch description:

>I suggest adding the attached incremental patch.  It makes the following
>changes:
>
> (1) Provides a current_user_ns() macro to wrap accesses to current's user
>     namespace.
>
> (2) Fixes eCryptFS.
>
> (3) Renames create_new_userns() to create_user_ns() to be more consistent
>     with the other associated functions and because the 'new' in the name is
>     superfluous.
>
> (4) Moves the argument and permission checks made for CLONE_NEWUSER to the
>     beginning of do_fork() so that they're done prior to making any attempts
>     at allocation.
>
> (5) Calls create_user_ns() after prepare_creds(), and gives it the new creds
>     to fill in rather than have it return the new root user.  I don't imagine
>     the new root user being used for anything other than filling in a cred
>     struct.
>
>     This also permits me to get rid of a get_uid() and a free_uid(), as the
>     reference the creds were holding on the old user_struct can just be
>     transferred to the new namespace's creator pointer.
>
> (6) Makes create_user_ns() reset the UIDs and GIDs of the creds under
>     preparation rather than doing it in copy_creds().
>
>David

>Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>

Changelog:
	Oct 20: integrate dhowells comments
		1. leave thread_keyring alone
		2. use current_user_ns() in set_user()

Signed-off-by: default avatarSerge Hallyn <serue@us.ibm.com>
parent 9789cfe2

fs/ecryptfs/messaging.c

+6 −7
Original line number Diff line number Diff line
@@ -360,7 +360,7 @@ int ecryptfs_process_response(struct ecryptfs_message *msg, uid_t euid, 
	struct ecryptfs_msg_ctx *msg_ctx;

	size_t msg_size;

	struct nsproxy *nsproxy;

	struct user_namespace *current_user_ns;

	struct user_namespace *tsk_user_ns;

	uid_t ctx_euid;

	int rc;
@@ -385,9 +385,9 @@ int ecryptfs_process_response(struct ecryptfs_message *msg, uid_t euid, 
		mutex_unlock(&ecryptfs_daemon_hash_mux);

		goto wake_up;

	}

	current_user_ns = nsproxy->user_ns;

	tsk_user_ns = __task_cred(msg_ctx->task)->user->user_ns;

	ctx_euid = task_euid(msg_ctx->task);

	rc = ecryptfs_find_daemon_by_euid(&daemon, ctx_euid, current_user_ns);

	rc = ecryptfs_find_daemon_by_euid(&daemon, ctx_euid, tsk_user_ns);

	rcu_read_unlock();

	mutex_unlock(&ecryptfs_daemon_hash_mux);

	if (rc) {
@@ -405,11 +405,11 @@ int ecryptfs_process_response(struct ecryptfs_message *msg, uid_t euid, 
		       euid, ctx_euid);

		goto unlock;

	}

	if (current_user_ns != user_ns) {

	if (tsk_user_ns != user_ns) {

		rc = -EBADMSG;

		printk(KERN_WARNING "%s: Received message from user_ns "

		       "[0x%p]; expected message from user_ns [0x%p]\n",

		       __func__, user_ns, nsproxy->user_ns);

		       __func__, user_ns, tsk_user_ns);

		goto unlock;

	}

	if (daemon->pid != pid) {
@@ -468,8 +468,7 @@ ecryptfs_send_message_locked(char *data, int data_len, u8 msg_type, 
	uid_t euid = current_euid();

	int rc;



	rc = ecryptfs_find_daemon_by_euid(&daemon, euid,

					  current->nsproxy->user_ns);

	rc = ecryptfs_find_daemon_by_euid(&daemon, euid, current_user_ns());

	if (rc || !daemon) {

		rc = -ENOTCONN;

		printk(KERN_ERR "%s: User [%d] does not have a daemon "

fs/ecryptfs/miscdev.c

+7 −12
Original line number Diff line number Diff line
@@ -47,8 +47,7 @@ ecryptfs_miscdev_poll(struct file *file, poll_table *pt) 


	mutex_lock(&ecryptfs_daemon_hash_mux);

	/* TODO: Just use file->private_data? */

	rc = ecryptfs_find_daemon_by_euid(&daemon, euid,

					  current->nsproxy->user_ns);

	rc = ecryptfs_find_daemon_by_euid(&daemon, euid, current_user_ns());

	BUG_ON(rc || !daemon);

	mutex_lock(&daemon->mux);

	mutex_unlock(&ecryptfs_daemon_hash_mux);
@@ -95,11 +94,9 @@ ecryptfs_miscdev_open(struct inode *inode, struct file *file) 
		       "count; rc = [%d]\n", __func__, rc);

		goto out_unlock_daemon_list;

	}

	rc = ecryptfs_find_daemon_by_euid(&daemon, euid,

					  current->nsproxy->user_ns);

	rc = ecryptfs_find_daemon_by_euid(&daemon, euid, current_user_ns());

	if (rc || !daemon) {

		rc = ecryptfs_spawn_daemon(&daemon, euid,

					   current->nsproxy->user_ns,

		rc = ecryptfs_spawn_daemon(&daemon, euid, current_user_ns(),

					   task_pid(current));

		if (rc) {

			printk(KERN_ERR "%s: Error attempting to spawn daemon; "
@@ -153,8 +150,7 @@ ecryptfs_miscdev_release(struct inode *inode, struct file *file) 
	int rc;



	mutex_lock(&ecryptfs_daemon_hash_mux);

	rc = ecryptfs_find_daemon_by_euid(&daemon, euid,

					  current->nsproxy->user_ns);

	rc = ecryptfs_find_daemon_by_euid(&daemon, euid, current_user_ns());

	BUG_ON(rc || !daemon);

	mutex_lock(&daemon->mux);

	BUG_ON(daemon->pid != task_pid(current));
@@ -254,8 +250,7 @@ ecryptfs_miscdev_read(struct file *file, char __user *buf, size_t count, 


	mutex_lock(&ecryptfs_daemon_hash_mux);

	/* TODO: Just use file->private_data? */

	rc = ecryptfs_find_daemon_by_euid(&daemon, euid,

					  current->nsproxy->user_ns);

	rc = ecryptfs_find_daemon_by_euid(&daemon, euid, current_user_ns());

	BUG_ON(rc || !daemon);

	mutex_lock(&daemon->mux);

	if (daemon->flags & ECRYPTFS_DAEMON_ZOMBIE) {
@@ -295,7 +290,7 @@ check_list: 
		goto check_list;

	}

	BUG_ON(euid != daemon->euid);

	BUG_ON(current->nsproxy->user_ns != daemon->user_ns);

	BUG_ON(current_user_ns() != daemon->user_ns);

	BUG_ON(task_pid(current) != daemon->pid);

	msg_ctx = list_first_entry(&daemon->msg_ctx_out_queue,

				   struct ecryptfs_msg_ctx, daemon_out_list);
@@ -468,7 +463,7 @@ ecryptfs_miscdev_write(struct file *file, const char __user *buf, 
			goto out_free;

		}

		rc = ecryptfs_miscdev_response(&data[i], packet_size,

					       euid, current->nsproxy->user_ns,

					       euid, current_user_ns(),

					       task_pid(current), seq);

		if (rc)

			printk(KERN_WARNING "%s: Failed to deliver miscdev "

include/linux/cred.h

+2 −0
Original line number Diff line number Diff line
@@ -60,6 +60,7 @@ do { \ 
} while (0)



extern struct group_info *groups_alloc(int);

extern struct group_info init_groups;

extern void groups_free(struct group_info *);

extern int set_current_groups(struct group_info *);

extern int set_groups(struct cred *, struct group_info *);
@@ -315,6 +316,7 @@ static inline void put_cred(const struct cred *_cred) 
#define current_fsgid() 	(current_cred_xxx(fsgid))

#define current_cap()		(current_cred_xxx(cap_effective))

#define current_user()		(current_cred_xxx(user))

#define current_user_ns()	(current_cred_xxx(user)->user_ns)

#define current_security()	(current_cred_xxx(security))



#define current_uid_gid(_uid, _gid)		\

include/linux/init_task.h

+0 −1
Original line number Diff line number Diff line
@@ -57,7 +57,6 @@ extern struct nsproxy init_nsproxy; 
	.mnt_ns		= NULL,						\

	INIT_NET_NS(net_ns)                                             \

	INIT_IPC_NS(ipc_ns)						\

	.user_ns	= &init_user_ns,				\

}



#define INIT_SIGHAND(sighand) {						\

include/linux/nsproxy.h

+0 −1
Original line number Diff line number Diff line
@@ -27,7 +27,6 @@ struct nsproxy { 
	struct ipc_namespace *ipc_ns;

	struct mnt_namespace *mnt_ns;

	struct pid_namespace *pid_ns;

	struct user_namespace *user_ns;

	struct net 	     *net_ns;

};

extern struct nsproxy init_nsproxy;

CRA Git | Maintained and supported by SUSTech CRA and CCSE