From: Gao feng <gaofeng-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
To: Rui Xiang <rui.xiang-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
Cc: containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org,
serge.hallyn-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
libo.chen-hv44wF8Li93QT0dZR+AlfA@public.gmane.org,
ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org,
akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org
Subject: Re: [PATCH 7/9] syslog_ns: implement function for creating syslog ns
Date: Mon, 29 Jul 2013 18:39:44 +0800 [thread overview]
Message-ID: <51F64670.9080109@cn.fujitsu.com> (raw)
In-Reply-To: <1375065080-26740-8-git-send-email-rui.xiang-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
On 07/29/2013 10:31 AM, Rui Xiang wrote:
> Add create_syslog_ns function to create a new ns. We
> must create a user_ns before create a new syslog ns.
> And then tie the new syslog_ns to current user_ns
> instead of original syslog_ns which comes from
> parent user_ns.
>
> Add a new syslog flag SYSLOG_ACTION_NEW_NS to implement
> a new command(11) of __NR_syslog system call. Through
> that command, we can create a new syslog ns in user
> space.
>
> Signed-off-by: Rui Xiang <rui.xiang-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
> ---
> include/linux/syslog.h | 2 ++
> kernel/printk.c | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++
> 2 files changed, 54 insertions(+)
>
> diff --git a/include/linux/syslog.h b/include/linux/syslog.h
> index fbf0cb6..df57c21 100644
> --- a/include/linux/syslog.h
> +++ b/include/linux/syslog.h
> @@ -46,6 +46,8 @@
> #define SYSLOG_ACTION_SIZE_UNREAD 9
> /* Return size of the log buffer */
> #define SYSLOG_ACTION_SIZE_BUFFER 10
> +/* Create a new syslog ns */
> +#define SYSLOG_ACTION_NEW_NS 11
>
> #define SYSLOG_FROM_READER 0
> #define SYSLOG_FROM_PROC 1
> diff --git a/kernel/printk.c b/kernel/printk.c
> index fd2d600..6b561db 100644
> --- a/kernel/printk.c
> +++ b/kernel/printk.c
> @@ -384,6 +384,10 @@ static int check_syslog_permissions(int type, bool from_file,
> || type == SYSLOG_ACTION_CONSOLE_LEVEL)
> ns = &init_syslog_ns;
>
> + /* create a new syslog ns */
> + if (type == SYSLOG_ACTION_NEW_NS)
> + return 0;
> +
> if (syslog_action_restricted(type, ns)) {
> if (ns_capable(ns->owner, CAP_SYSLOG))
> return 0;
> @@ -1131,6 +1135,51 @@ static int syslog_print_all(char __user *buf, int size, bool clear,
> return len;
> }
>
> +static int create_syslog_ns(void)
> +{
> + struct user_namespace *userns = current_user_ns();
> + struct syslog_namespace *oldns, *newns;
> + int err;
> +
> + /*
> + * syslog ns belongs to a user ns. So you can only unshare your
> + * user_ns if you share a user_ns with your parent userns
> + */
> + if (userns == &init_user_ns ||
> + userns->syslog_ns != userns->parent->syslog_ns)
> + return -EINVAL;
> +
> + if (!ns_capable(userns, CAP_SYSLOG))
> + return -EPERM;
> +
> + err = -ENOMEM;
> + oldns = userns->syslog_ns;
> + newns = kzalloc(sizeof(*newns), GFP_ATOMIC);
> + if (!newns)
> + goto out;
> + newns->log_buf_len = __LOG_BUF_LEN;
> + newns->log_buf = kzalloc(newns->log_buf_len, GFP_ATOMIC);
> + if (!newns->log_buf)
> + goto out;
> +
> + newns->owner = get_user_ns(userns);
> + raw_spin_lock_init(&(newns->logbuf_lock));
> + newns->logbuf_cpu = UINT_MAX;
> + newns->dmesg_restrict = oldns->dmesg_restrict;
> + put_syslog_ns(oldns);
> + kref_init(&newns->kref);
> + userns->syslog_ns = newns;
seems like user namespace references the syslog_ns and syslog_ns references
user namespace too? how do you deal with the release?
> + newns = NULL;
> +
> + err = 0;
> +out:
> + if (newns) {
> + kfree(newns->log_buf);
> + kfree(newns);
> + }
> + return err;
> +}
> +
> int do_syslog(int type, char __user *buf, int len, bool from_file,
> struct syslog_namespace *ns)
> {
> @@ -1254,6 +1303,9 @@ int do_syslog(int type, char __user *buf, int len, bool from_file,
> case SYSLOG_ACTION_SIZE_BUFFER:
> error = ns->log_buf_len;
> break;
> + case SYSLOG_ACTION_NEW_NS:
> + error = create_syslog_ns();
> + break;
> default:
> error = -EINVAL;
> break;
>
WARNING: multiple messages have this Message-ID (diff)
From: Gao feng <gaofeng@cn.fujitsu.com>
To: Rui Xiang <rui.xiang@huawei.com>
Cc: containers@lists.linux-foundation.org,
linux-kernel@vger.kernel.org, serge.hallyn@ubuntu.com,
ebiederm@xmission.com, akpm@linux-foundation.org,
libo.chen@huawei.com
Subject: Re: [PATCH 7/9] syslog_ns: implement function for creating syslog ns
Date: Mon, 29 Jul 2013 18:39:44 +0800 [thread overview]
Message-ID: <51F64670.9080109@cn.fujitsu.com> (raw)
In-Reply-To: <1375065080-26740-8-git-send-email-rui.xiang@huawei.com>
On 07/29/2013 10:31 AM, Rui Xiang wrote:
> Add create_syslog_ns function to create a new ns. We
> must create a user_ns before create a new syslog ns.
> And then tie the new syslog_ns to current user_ns
> instead of original syslog_ns which comes from
> parent user_ns.
>
> Add a new syslog flag SYSLOG_ACTION_NEW_NS to implement
> a new command(11) of __NR_syslog system call. Through
> that command, we can create a new syslog ns in user
> space.
>
> Signed-off-by: Rui Xiang <rui.xiang@huawei.com>
> ---
> include/linux/syslog.h | 2 ++
> kernel/printk.c | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++
> 2 files changed, 54 insertions(+)
>
> diff --git a/include/linux/syslog.h b/include/linux/syslog.h
> index fbf0cb6..df57c21 100644
> --- a/include/linux/syslog.h
> +++ b/include/linux/syslog.h
> @@ -46,6 +46,8 @@
> #define SYSLOG_ACTION_SIZE_UNREAD 9
> /* Return size of the log buffer */
> #define SYSLOG_ACTION_SIZE_BUFFER 10
> +/* Create a new syslog ns */
> +#define SYSLOG_ACTION_NEW_NS 11
>
> #define SYSLOG_FROM_READER 0
> #define SYSLOG_FROM_PROC 1
> diff --git a/kernel/printk.c b/kernel/printk.c
> index fd2d600..6b561db 100644
> --- a/kernel/printk.c
> +++ b/kernel/printk.c
> @@ -384,6 +384,10 @@ static int check_syslog_permissions(int type, bool from_file,
> || type == SYSLOG_ACTION_CONSOLE_LEVEL)
> ns = &init_syslog_ns;
>
> + /* create a new syslog ns */
> + if (type == SYSLOG_ACTION_NEW_NS)
> + return 0;
> +
> if (syslog_action_restricted(type, ns)) {
> if (ns_capable(ns->owner, CAP_SYSLOG))
> return 0;
> @@ -1131,6 +1135,51 @@ static int syslog_print_all(char __user *buf, int size, bool clear,
> return len;
> }
>
> +static int create_syslog_ns(void)
> +{
> + struct user_namespace *userns = current_user_ns();
> + struct syslog_namespace *oldns, *newns;
> + int err;
> +
> + /*
> + * syslog ns belongs to a user ns. So you can only unshare your
> + * user_ns if you share a user_ns with your parent userns
> + */
> + if (userns == &init_user_ns ||
> + userns->syslog_ns != userns->parent->syslog_ns)
> + return -EINVAL;
> +
> + if (!ns_capable(userns, CAP_SYSLOG))
> + return -EPERM;
> +
> + err = -ENOMEM;
> + oldns = userns->syslog_ns;
> + newns = kzalloc(sizeof(*newns), GFP_ATOMIC);
> + if (!newns)
> + goto out;
> + newns->log_buf_len = __LOG_BUF_LEN;
> + newns->log_buf = kzalloc(newns->log_buf_len, GFP_ATOMIC);
> + if (!newns->log_buf)
> + goto out;
> +
> + newns->owner = get_user_ns(userns);
> + raw_spin_lock_init(&(newns->logbuf_lock));
> + newns->logbuf_cpu = UINT_MAX;
> + newns->dmesg_restrict = oldns->dmesg_restrict;
> + put_syslog_ns(oldns);
> + kref_init(&newns->kref);
> + userns->syslog_ns = newns;
seems like user namespace references the syslog_ns and syslog_ns references
user namespace too? how do you deal with the release?
> + newns = NULL;
> +
> + err = 0;
> +out:
> + if (newns) {
> + kfree(newns->log_buf);
> + kfree(newns);
> + }
> + return err;
> +}
> +
> int do_syslog(int type, char __user *buf, int len, bool from_file,
> struct syslog_namespace *ns)
> {
> @@ -1254,6 +1303,9 @@ int do_syslog(int type, char __user *buf, int len, bool from_file,
> case SYSLOG_ACTION_SIZE_BUFFER:
> error = ns->log_buf_len;
> break;
> + case SYSLOG_ACTION_NEW_NS:
> + error = create_syslog_ns();
> + break;
> default:
> error = -EINVAL;
> break;
>
next prev parent reply other threads:[~2013-07-29 10:39 UTC|newest]
Thread overview: 65+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-07-29 2:31 [PATCH 0/9] Add namespace support for syslog v2 Rui Xiang
2013-07-29 2:31 ` [PATCH 1/9] syslog_ns: add syslog_namespace and put/get_syslog_ns Rui Xiang
[not found] ` <1375065080-26740-2-git-send-email-rui.xiang-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2013-07-29 9:40 ` Gu Zheng
2013-07-29 9:40 ` Gu Zheng
[not found] ` <51F6388B.8000308-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2013-07-29 11:47 ` Rui Xiang
2013-07-29 11:47 ` Rui Xiang
[not found] ` <51F65636.6080505-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2013-07-30 0:46 ` Gu Zheng
2013-07-30 0:46 ` Gu Zheng
2013-07-29 2:31 ` [PATCH 3/9] syslog_ns: add init syslog_ns for global syslog Rui Xiang
2013-07-29 2:31 ` [PATCH 4/9] syslog_ns: make syslog handling per namespace Rui Xiang
[not found] ` <1375065080-26740-5-git-send-email-rui.xiang-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2013-07-29 9:50 ` Gu Zheng
2013-07-29 9:50 ` Gu Zheng
2013-08-01 1:36 ` Gao feng
2013-08-01 1:36 ` Gao feng
[not found] ` <51F9BBAB.1080306-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2013-08-01 3:10 ` Rui Xiang
2013-08-01 3:10 ` Rui Xiang
[not found] ` <51F9D1A2.406-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2013-08-01 5:38 ` Gao feng
2013-08-01 5:38 ` Gao feng
[not found] ` <51F9F452.9060308-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2013-08-01 6:29 ` Rui Xiang
2013-08-01 6:29 ` Rui Xiang
2013-07-29 2:31 ` [PATCH 5/9] syslog_ns: make permisiion check per user namespace Rui Xiang
2013-07-29 2:31 ` [PATCH 6/9] syslog_ns: use init syslog_ns for console action Rui Xiang
2013-07-29 2:31 ` [PATCH 8/9] syslog_ns: implement ns_printk for specific syslog_ns Rui Xiang
[not found] ` <1375065080-26740-9-git-send-email-rui.xiang-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2013-07-29 10:37 ` Gu Zheng
2013-07-29 10:37 ` Gu Zheng
[not found] ` <51F645E4.9070507-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2013-07-29 12:17 ` Rui Xiang
2013-07-29 12:17 ` Rui Xiang
[not found] ` <1375065080-26740-1-git-send-email-rui.xiang-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2013-07-29 2:31 ` [PATCH 1/9] syslog_ns: add syslog_namespace and put/get_syslog_ns Rui Xiang
2013-07-29 2:31 ` [PATCH 2/9] syslog_ns: add syslog_ns into user_namespace Rui Xiang
2013-07-29 2:31 ` Rui Xiang
[not found] ` <1375065080-26740-3-git-send-email-rui.xiang-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2013-07-29 9:46 ` Gu Zheng
2013-07-29 9:46 ` Gu Zheng
[not found] ` <51F639FB.304-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2013-07-29 9:54 ` Gao feng
2013-07-29 9:54 ` Gao feng
[not found] ` <51F63BD2.6090902-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2013-07-29 9:56 ` Gu Zheng
2013-07-29 9:56 ` Gu Zheng
2013-07-29 2:31 ` [PATCH 3/9] syslog_ns: add init syslog_ns for global syslog Rui Xiang
2013-07-29 2:31 ` [PATCH 4/9] syslog_ns: make syslog handling per namespace Rui Xiang
2013-07-29 2:31 ` [PATCH 5/9] syslog_ns: make permisiion check per user namespace Rui Xiang
2013-07-29 2:31 ` [PATCH 6/9] syslog_ns: use init syslog_ns for console action Rui Xiang
2013-07-29 2:31 ` [PATCH 7/9] syslog_ns: implement function for creating syslog ns Rui Xiang
2013-07-29 2:31 ` Rui Xiang
[not found] ` <1375065080-26740-8-git-send-email-rui.xiang-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2013-07-29 10:25 ` Gu Zheng
2013-07-29 10:25 ` Gu Zheng
[not found] ` <51F64313.4010700-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2013-07-30 3:39 ` Rui Xiang
2013-07-30 3:39 ` Rui Xiang
[not found] ` <51F73555.1020204-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2013-07-30 3:42 ` Gu Zheng
2013-07-30 3:42 ` Gu Zheng
2013-07-29 10:39 ` Gao feng [this message]
2013-07-29 10:39 ` Gao feng
2013-07-29 2:31 ` [PATCH 8/9] syslog_ns: implement ns_printk for specific syslog_ns Rui Xiang
2013-07-29 2:31 ` [PATCH 9/9] netfilter: use ns_printk in iptable context Rui Xiang
2013-07-29 9:33 ` [PATCH 0/9] Add namespace support for syslog v2 Gu Zheng
2013-07-29 9:33 ` Gu Zheng
2013-07-29 18:58 ` Eric W. Biederman
2013-07-29 18:58 ` Eric W. Biederman
[not found] ` <87wqo9urao.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2013-07-30 2:11 ` Rui Xiang
2013-07-30 2:11 ` Rui Xiang
2013-07-30 6:05 ` Bruno Prémont
2013-07-30 6:05 ` Bruno Prémont
2013-07-29 2:31 ` [PATCH 9/9] netfilter: use ns_printk in iptable context Rui Xiang
[not found] ` <1375065080-26740-10-git-send-email-rui.xiang-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2013-07-29 9:48 ` Gao feng
2013-07-29 9:48 ` Gao feng
[not found] ` <51F63A88.4090405-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2013-07-29 12:37 ` Rui Xiang
2013-07-29 12:37 ` Rui Xiang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=51F64670.9080109@cn.fujitsu.com \
--to=gaofeng-bthxqxjhjhxqfuhtdcdx3a@public.gmane.org \
--cc=akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=libo.chen-hv44wF8Li93QT0dZR+AlfA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=rui.xiang-hv44wF8Li93QT0dZR+AlfA@public.gmane.org \
--cc=serge.hallyn-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.