userns: Convert proc to use kuid/kgid where appropriate

tjh.dev / kernel

fork atom

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

fork atom

userns: Convert proc to use kuid/kgid where appropriate

Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>

Eric W. Biederman 14 years ago dcb0f222 08cefc7a

+22 -17

7 changed files

expand all

proc

array.c

base.c

inode.c

root.c

include

linux

pid_namespace.h

proc_fs.h

init

Kconfig

+8 -2

fs/proc/array.c

··· 191 191 task_tgid_nr_ns(p, ns), 192 192 pid_nr_ns(pid, ns), 193 193 ppid, tpid, 194 - cred->uid, cred->euid, cred->suid, cred->fsuid, 195 - cred->gid, cred->egid, cred->sgid, cred->fsgid); 194 + from_kuid_munged(user_ns, cred->uid), 195 + from_kuid_munged(user_ns, cred->euid), 196 + from_kuid_munged(user_ns, cred->suid), 197 + from_kuid_munged(user_ns, cred->fsuid), 198 + from_kgid_munged(user_ns, cred->gid), 199 + from_kgid_munged(user_ns, cred->egid), 200 + from_kgid_munged(user_ns, cred->sgid), 201 + from_kgid_munged(user_ns, cred->fsgid)); 196 202 197 203 task_lock(p); 198 204 if (p->files)

+8 -8

fs/proc/base.c

··· 1562 1562 generic_fillattr(inode, stat); 1563 1563 1564 1564 rcu_read_lock(); 1565 - stat->uid = 0; 1566 - stat->gid = 0; 1565 + stat->uid = GLOBAL_ROOT_UID; 1566 + stat->gid = GLOBAL_ROOT_GID; 1567 1567 task = pid_task(proc_pid(inode), PIDTYPE_PID); 1568 1568 if (task) { 1569 1569 if (!has_pid_permissions(pid, task, 2)) { ··· 1623 1623 inode->i_gid = cred->egid; 1624 1624 rcu_read_unlock(); 1625 1625 } else { 1626 - inode->i_uid = 0; 1627 - inode->i_gid = 0; 1626 + inode->i_uid = GLOBAL_ROOT_UID; 1627 + inode->i_gid = GLOBAL_ROOT_GID; 1628 1628 } 1629 1629 inode->i_mode &= ~(S_ISUID | S_ISGID); 1630 1630 security_task_to_inode(task, inode); ··· 1811 1811 inode->i_gid = cred->egid; 1812 1812 rcu_read_unlock(); 1813 1813 } else { 1814 - inode->i_uid = 0; 1815 - inode->i_gid = 0; 1814 + inode->i_uid = GLOBAL_ROOT_UID; 1815 + inode->i_gid = GLOBAL_ROOT_GID; 1816 1816 } 1817 1817 inode->i_mode &= ~(S_ISUID | S_ISGID); 1818 1818 security_task_to_inode(task, inode); ··· 2061 2061 inode->i_gid = cred->egid; 2062 2062 rcu_read_unlock(); 2063 2063 } else { 2064 - inode->i_uid = 0; 2065 - inode->i_gid = 0; 2064 + inode->i_uid = GLOBAL_ROOT_UID; 2065 + inode->i_gid = GLOBAL_ROOT_GID; 2066 2066 } 2067 2067 security_task_to_inode(task, inode); 2068 2068 status = 1;

+2 -2

fs/proc/inode.c

··· 108 108 struct super_block *sb = root->d_sb; 109 109 struct pid_namespace *pid = sb->s_fs_info; 110 110 111 - if (pid->pid_gid) 112 - seq_printf(seq, ",gid=%lu", (unsigned long)pid->pid_gid); 111 + if (!gid_eq(pid->pid_gid, GLOBAL_ROOT_GID)) 112 + seq_printf(seq, ",gid=%u", from_kgid_munged(&init_user_ns, pid->pid_gid)); 113 113 if (pid->hide_pid != 0) 114 114 seq_printf(seq, ",hidepid=%u", pid->hide_pid); 115 115

+1 -1

fs/proc/root.c

··· 67 67 case Opt_gid: 68 68 if (match_int(&args[0], &option)) 69 69 return 0; 70 - pid->pid_gid = option; 70 + pid->pid_gid = make_kgid(current_user_ns(), option); 71 71 break; 72 72 case Opt_hidepid: 73 73 if (match_int(&args[0], &option))

+1 -1

include/linux/pid_namespace.h

··· 31 31 #ifdef CONFIG_BSD_PROCESS_ACCT 32 32 struct bsd_acct_struct *bacct; 33 33 #endif 34 - gid_t pid_gid; 34 + kgid_t pid_gid; 35 35 int hide_pid; 36 36 int reboot; /* group exit code if this pidns was rebooted */ 37 37 };

+2 -2

include/linux/proc_fs.h

··· 52 52 unsigned int low_ino; 53 53 umode_t mode; 54 54 nlink_t nlink; 55 - uid_t uid; 56 - gid_t gid; 55 + kuid_t uid; 56 + kgid_t gid; 57 57 loff_t size; 58 58 const struct inode_operations *proc_iops; 59 59 /*

-1

init/Kconfig

··· 948 948 depends on NTFS_FS = n 949 949 depends on OCFS2_FS = n 950 950 depends on OMFS_FS = n 951 - depends on PROC_FS = n 952 951 depends on PROC_SYSCTL = n 953 952 depends on QNX4FS_FS = n 954 953 depends on QNX6FS_FS = n