From: Kirill Korotaev <dev@sw.ru>
To: Cedric Le Goater <clg@fr.ibm.com>
Cc: linux-kernel@vger.kernel.org, Andrew Morton <akpm@osdl.org>,
Pavel Emelianov <xemul@openvz.org>,
Kirill Korotaev <dev@openvz.org>, Andrey Savochkin <saw@sw.ru>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Herbert Poetzl <herbert@13thfloor.at>,
Sam Vilain <sam.vilain@catalyst.net.nz>,
"Serge E. Hallyn" <serue@us.ibm.com>,
Dave Hansen <haveblue@us.ibm.com>
Subject: Re: [PATCH -mm 7/7] forbid the use of the unshare syscall on ipc namespaces
Date: Tue, 11 Jul 2006 18:10:53 +0400 [thread overview]
Message-ID: <44B3B16D.8050100@sw.ru> (raw)
In-Reply-To: <20060711075433.856729000@localhost.localdomain>
This patch looks as an overkill for me.
If you really care about things you describe, you can forbid unsharing in cases:
1.
undo_list = tsk->sysvsem.undo_list;
if (undo_list)
REFUSE_UNSHARE;
2. vma exists with vma->vm_ops == &shm_vm_ops;
3. file opened with f_op == &shm_file_operations
I also dislike exec() operation for such sort of things since you can have no executable
at hands due to changed fs namespace.
Thanks,
Kirill
> This patch forbids the use of the unshare() syscall on ipc namespaces.
>
> The purpose of this restriction is to protect the system from
> inconsistencies when the namespace is unshared. e.g. shared memory ids
> will be removed but not the memory mappings, semaphore ids will be
> removed but the semundos not cleared.
>
>
> Signed-off-by: Cedric Le Goater <clg@fr.ibm.com>
> Cc: Andrew Morton <akpm@osdl.org>
> Cc: Pavel Emelianov <xemul@openvz.org>
> Cc: Kirill Korotaev <dev@openvz.org>
> Cc: Andrey Savochkin <saw@sw.ru>
> Cc: Eric W. Biederman <ebiederm@xmission.com>
> Cc: Herbert Poetzl <herbert@13thfloor.at>
> Cc: Sam Vilain <sam.vilain@catalyst.net.nz>
> Cc: Serge E. Hallyn <serue@us.ibm.com>
> Cc: Dave Hansen <haveblue@us.ibm.com>
>
> ---
> kernel/fork.c | 23 +++++------------------
> 1 file changed, 5 insertions(+), 18 deletions(-)
>
> Index: 2.6.18-rc1-mm1/kernel/fork.c
> ===================================================================
> --- 2.6.18-rc1-mm1.orig/kernel/fork.c
> +++ 2.6.18-rc1-mm1/kernel/fork.c
> @@ -1604,7 +1604,6 @@ asmlinkage long sys_unshare(unsigned lon
> struct sem_undo_list *new_ulist = NULL;
> struct nsproxy *new_nsproxy = NULL, *old_nsproxy = NULL;
> struct uts_namespace *uts, *new_uts = NULL;
> - struct ipc_namespace *ipc, *new_ipc = NULL;
>
> check_unshare_flags(&unshare_flags);
>
> @@ -1612,12 +1611,12 @@ asmlinkage long sys_unshare(unsigned lon
> err = -EINVAL;
> if (unshare_flags & ~(CLONE_THREAD|CLONE_FS|CLONE_NEWNS|CLONE_SIGHAND|
> CLONE_VM|CLONE_FILES|CLONE_SYSVSEM|
> - CLONE_NEWUTS|CLONE_NEWIPC))
> + CLONE_NEWUTS))
> goto bad_unshare_out;
>
> /* Also return -EINVAL for all unsharable namespaces. May be a
> * -EACCES would be more appropriate ? */
> - if (unshare_flags & CLONE_NEWUSER)
> + if (unshare_flags & (CLONE_NEWUSER|CLONE_NEWIPC))
> goto bad_unshare_out;
>
> if ((err = unshare_thread(unshare_flags)))
> @@ -1636,20 +1635,18 @@ asmlinkage long sys_unshare(unsigned lon
> goto bad_unshare_cleanup_fd;
> if ((err = unshare_utsname(unshare_flags, &new_uts)))
> goto bad_unshare_cleanup_semundo;
> - if ((err = unshare_ipcs(unshare_flags, &new_ipc)))
> - goto bad_unshare_cleanup_uts;
>
> - if (new_ns || new_uts || new_ipc) {
> + if (new_ns || new_uts) {
> old_nsproxy = current->nsproxy;
> new_nsproxy = dup_namespaces(old_nsproxy);
> if (!new_nsproxy) {
> err = -ENOMEM;
> - goto bad_unshare_cleanup_ipc;
> + goto bad_unshare_cleanup_uts;
> }
> }
>
> if (new_fs || new_ns || new_sigh || new_mm || new_fd || new_ulist ||
> - new_uts || new_ipc) {
> + new_uts) {
>
> task_lock(current);
>
> @@ -1697,22 +1694,12 @@ asmlinkage long sys_unshare(unsigned lon
> new_uts = uts;
> }
>
> - if (new_ipc) {
> - ipc = current->nsproxy->ipc_ns;
> - current->nsproxy->ipc_ns = new_ipc;
> - new_ipc = ipc;
> - }
> -
> task_unlock(current);
> }
>
> if (new_nsproxy)
> put_nsproxy(new_nsproxy);
>
> -bad_unshare_cleanup_ipc:
> - if (new_ipc)
> - put_ipc_ns(new_ipc);
> -
> bad_unshare_cleanup_uts:
> if (new_uts)
> put_uts_ns(new_uts);
>
> --
>
next prev parent reply other threads:[~2006-07-11 14:11 UTC|newest]
Thread overview: 104+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-07-11 7:50 [PATCH -mm 0/7] execns syscall and user namespace Cedric Le Goater
2006-07-11 7:50 ` [PATCH -mm 1/7] add execns syscall core routine Cedric Le Goater
2006-07-11 7:50 ` [PATCH -mm 2/7] add execns syscall to s390 Cedric Le Goater
2006-07-11 13:44 ` Martin Schwidefsky
2006-07-11 13:44 ` Martin Schwidefsky
2006-07-11 14:44 ` Cedric Le Goater
2006-07-11 14:54 ` Martin Schwidefsky
2006-07-11 15:43 ` Cedric Le Goater
2006-07-11 7:50 ` [PATCH -mm 3/7] add execns syscall to x86_64 Cedric Le Goater
2006-07-11 7:50 ` [PATCH -mm 4/7] add execns syscall to i386 Cedric Le Goater
2006-07-11 7:50 ` [PATCH -mm 5/7] add user namespace Cedric Le Goater
2006-07-11 16:39 ` Kirill Korotaev
2006-07-11 17:38 ` Cedric Le Goater
2006-07-12 11:21 ` Kirill Korotaev
2006-07-13 16:01 ` Cedric Le Goater
2006-07-12 3:33 ` Eric W. Biederman
2006-07-12 11:13 ` Kirill Korotaev
2006-07-12 18:10 ` Eric W. Biederman
2006-07-13 17:00 ` Cedric Le Goater
2006-07-13 18:07 ` Eric W. Biederman
2006-07-13 18:21 ` Eric W. Biederman
2006-07-13 18:31 ` Dave Hansen
2006-07-13 18:54 ` Eric W. Biederman
2006-07-12 3:46 ` Eric W. Biederman
2006-07-12 12:05 ` Herbert Poetzl
2006-07-12 17:09 ` Eric W. Biederman
2006-07-12 14:00 ` Cedric Le Goater
2006-07-12 17:24 ` Eric W. Biederman
2006-07-13 17:36 ` Cedric Le Goater
2006-07-13 17:47 ` Serge E. Hallyn
2006-07-13 18:14 ` Eric W. Biederman
2006-07-13 18:29 ` Dave Hansen
2006-07-13 19:02 ` Eric W. Biederman
2006-07-13 20:03 ` Dave Hansen
2006-07-14 3:45 ` Eric W. Biederman
2006-07-14 14:28 ` Dave Hansen
2006-07-14 15:13 ` Eric W. Biederman
2006-07-14 16:29 ` Serge E. Hallyn
2006-07-14 16:49 ` Eric W. Biederman
2006-07-14 16:55 ` Dave Hansen
2006-07-14 17:08 ` Serge E. Hallyn
2006-07-14 17:19 ` Dave Hansen
2006-07-14 17:36 ` Eric W. Biederman
2006-07-14 18:15 ` Trond Myklebust
2006-07-14 18:40 ` Eric W. Biederman
2006-07-14 21:04 ` Trond Myklebust
2006-07-15 4:09 ` Eric W. Biederman
2006-07-15 4:35 ` Kyle Moffett
2006-07-15 12:35 ` Eric W. Biederman
2006-07-15 13:25 ` Kyle Moffett
2006-07-15 15:54 ` Dave Hansen
2006-07-15 17:01 ` Trond Myklebust
2006-07-15 23:29 ` Eric W. Biederman
2006-07-16 16:18 ` Dave Hansen
2006-07-14 17:14 ` Eric W. Biederman
2006-07-16 8:36 ` Kirill Korotaev
2006-07-16 10:08 ` Eric W. Biederman
2006-07-14 17:05 ` Serge E. Hallyn
2006-07-14 17:50 ` Kyle Moffett
2006-07-15 11:33 ` Serge E. Hallyn
2006-07-14 17:56 ` Eric W. Biederman
2006-07-14 16:35 ` Dave Hansen
2006-07-13 21:41 ` Serge E. Hallyn
2006-07-14 3:52 ` Eric W. Biederman
2006-07-14 14:02 ` Serge E. Hallyn
2006-07-14 14:50 ` Eric W. Biederman
2006-07-14 16:39 ` Serge E. Hallyn
2006-07-14 17:18 ` Eric W. Biederman
2006-07-14 17:24 ` Dave Hansen
2006-07-14 18:06 ` Eric W. Biederman
2006-07-14 18:42 ` Dave Hansen
2006-07-14 19:07 ` Eric W. Biederman
2006-07-13 17:59 ` Eric W. Biederman
2006-07-13 21:22 ` Serge E. Hallyn
2006-07-14 3:50 ` Eric W. Biederman
2006-07-14 14:17 ` Serge E. Hallyn
2006-07-14 15:05 ` Eric W. Biederman
2006-07-14 16:46 ` Serge E. Hallyn
2006-07-14 16:58 ` Eric W. Biederman
2006-07-14 15:43 ` Kyle Moffett
2006-07-14 16:13 ` Eric W. Biederman
2006-07-11 7:50 ` [PATCH -mm 6/7] add the user namespace to the execns syscall Cedric Le Goater
2006-07-11 7:50 ` [PATCH -mm 7/7] forbid the use of the unshare syscall on ipc namespaces Cedric Le Goater
2006-07-11 14:10 ` Kirill Korotaev [this message]
2006-07-11 15:06 ` Cedric Le Goater
2006-07-11 8:02 ` [PATCH -mm 0/7] execns syscall and user namespace Arjan van de Ven
2006-07-11 8:42 ` Cedric Le Goater
2006-07-11 18:12 ` H. Peter Anvin
2006-07-11 18:26 ` Cedric Le Goater
2006-07-11 18:28 ` H. Peter Anvin
2006-07-11 19:50 ` Ulrich Drepper
2006-07-11 21:50 ` Cedric Le Goater
2006-07-11 21:57 ` H. Peter Anvin
2006-07-12 0:16 ` Ulrich Drepper
2006-07-12 0:25 ` H. Peter Anvin
2006-07-12 0:28 ` H. Peter Anvin
2006-07-11 20:22 ` Eric W. Biederman
2006-07-11 21:28 ` Cedric Le Goater
2006-07-12 3:24 ` Eric W. Biederman
2006-07-12 13:05 ` Cedric Le Goater
2006-07-12 16:56 ` Eric W. Biederman
2006-07-13 16:13 ` Cedric Le Goater
2006-07-12 11:11 ` Kirill Korotaev
2006-07-12 13:10 ` Cedric Le Goater
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=44B3B16D.8050100@sw.ru \
--to=dev@sw.ru \
--cc=akpm@osdl.org \
--cc=clg@fr.ibm.com \
--cc=dev@openvz.org \
--cc=ebiederm@xmission.com \
--cc=haveblue@us.ibm.com \
--cc=herbert@13thfloor.at \
--cc=linux-kernel@vger.kernel.org \
--cc=sam.vilain@catalyst.net.nz \
--cc=saw@sw.ru \
--cc=serue@us.ibm.com \
--cc=xemul@openvz.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.