tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
userns xt_recent: Specify the owner/group of ip_list_perms in the initial user namespace
xt_recent creates a bunch of proc files and initializes their uid
and gids to the values of ip_list_uid and ip_list_gid. When
initialize those proc files convert those values to kuids so they
can continue to reside on the /proc inode.
Cc: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: Patrick McHardy <kaber@trash.net>
Cc: Jan Engelhardt <jengelh@medozas.de>
Acked-by: David S. Miller <davem@davemloft.net>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
+11
-3
-1
init/Kconfig
-1
init/Kconfig
+11
-2
net/netfilter/xt_recent.c
+11
-2
net/netfilter/xt_recent.c
···
317
317
struct recent_table *t;
318
318
#ifdef CONFIG_PROC_FS
319
319
struct proc_dir_entry *pde;
320
+
kuid_t uid;
321
+
kgid_t gid;
320
322
#endif
321
323
unsigned int i;
322
324
int ret = -EINVAL;
···
374
372
for (i = 0; i < ip_list_hash_size; i++)
375
373
INIT_LIST_HEAD(&t->iphash[i]);
376
374
#ifdef CONFIG_PROC_FS
375
+
uid = make_kuid(&init_user_ns, ip_list_uid);
376
+
gid = make_kgid(&init_user_ns, ip_list_gid);
377
+
if (!uid_valid(uid) || !gid_valid(gid)) {
378
+
kfree(t);
379
+
ret = -EINVAL;
380
+
goto out;
381
+
}
377
382
pde = proc_create_data(t->name, ip_list_perms, recent_net->xt_recent,
378
383
&recent_mt_fops, t);
379
384
if (pde == NULL) {
···
388
379
ret = -ENOMEM;
389
380
goto out;
390
381
}
391
-
pde->uid = ip_list_uid;
392
-
pde->gid = ip_list_gid;
382
+
pde->uid = uid;
383
+
pde->gid = gid;
393
384
#endif
394
385
spin_lock_bh(&recent_lock);
395
386
list_add_tail(&t->list, &recent_net->tables);