Re: [PATCH RFC] User namespaces: general cleanups

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Serge E. Hallyn" <serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
To: David Howells <dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
Cc: Linux Containers
	<containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org>,
	"Eric W. Biederman"
	<ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
Subject: Re: [PATCH RFC] User namespaces: general cleanups
Date: Mon, 13 Oct 2008 11:01:44 -0500	[thread overview]
Message-ID: <20081013160144.GA10359@us.ibm.com> (raw)
In-Reply-To: <30854.1223633214-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>

Quoting David Howells (dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org):
> Serge E. Hallyn <serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org> wrote:
> 
> > +		new->uid = new->euid = new->suid = new->fsuid = 0;
> > +		new->gid = new->egid = new->sgid = new->fsgid = 0;
> 
> Should the supplementary groups be zapped too?  Do the GIDs therein still have
> meaning in the new user namespace?
> 
> Note also that eCryptFS is broken by your patch. 
> 
> I suggest adding the attached incremental patch.  It makes the following
> changes:
> 
>  (1) Provides a current_user_ns() macro to wrap accesses to current's user
>      namespace.
> 
>  (2) Fixes eCryptFS.
> 
>  (3) Renames create_new_userns() to create_user_ns() to be more consistent
>      with the other associated functions and because the 'new' in the name is
>      superfluous.
> 
>  (4) Moves the argument and permission checks made for CLONE_NEWUSER to the
>      beginning of do_fork() so that they're done prior to making any attempts
>      at allocation.
> 
>  (5) Calls create_user_ns() after prepare_creds(), and gives it the new creds
>      to fill in rather than have it return the new root user.  I don't imagine
>      the new root user being used for anything other than filling in a cred
>      struct.
> 
>      This also permits me to get rid of a get_uid() and a free_uid(), as the
>      reference the creds were holding on the old user_struct can just be
>      transferred to the new namespace's creator pointer.
> 
>  (6) Makes create_user_ns() reset the UIDs and GIDs of the creds under
>      preparation rather than doing it in copy_creds().

Hmm, with this patch, with CONFIG_KEYS=y users in child user_namespaces
never get freed.  Ones in the init_user_ns do, and with CONFIG_KEYS=n,
those in child user_namespaces do as well.

I don't see anything obvious in copy_creds() that would cause this...

(also, when CONFIG_KEYS=n, then the enomem label in copy_creds() is
unused - it might be kind of ugly to put just those two lines under
#ifdef, though)

-serge

next prev parent reply	other threads:[~2008-10-13 16:01 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-10-10  1:19 [PATCH RFC] User namespaces: general cleanups Serge E. Hallyn
     [not found] ` <20081010011917.GA8046-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-10-10 10:06   ` David Howells
     [not found]     ` <30854.1223633214-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2008-10-10 17:06       ` Serge E. Hallyn
2008-10-13 16:01       ` Serge E. Hallyn [this message]
     [not found]         ` <20081013160144.GA10359-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-10-13 21:41           ` Serge E. Hallyn
2008-10-14 17:50           ` David Howells
     [not found]             ` <29703.1224006618-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2008-10-14 21:43               ` Serge E. Hallyn
     [not found]             ` <20081014214327.GA28545-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-10-14 21:47               ` David Howells
     [not found]         ` <20081013214108.GA4701-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-10-13 23:10           ` David Howells
     [not found]             ` <5306.1223939456-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2008-10-14 14:33               ` Serge E. Hallyn
2008-10-10 12:58 ` Keys and namespaces David Howells
     [not found]   ` <414.1223643503-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2008-10-10 16:46     ` Serge E. Hallyn
2008-10-10 22:30     ` Eric W. Biederman
     [not found]       ` <m1hc7k13s2.fsf-B27657KtZYmhTnVgQlOflh2eb7JE58TQ@public.gmane.org>
2008-10-13 16:27         ` Serge E. Hallyn

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20081013160144.GA10359@us.ibm.com \
    --to=serue-r/jw6+rmf7hqt0dzr+alfa@public.gmane.org \
    --cc=containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org \
    --cc=dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
    --cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.