From: ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org (Eric W. Biederman)
To: Linus Torvalds
<torvalds-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>
Cc: linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Linux Containers
<containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org>,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: [GIT PULL] namespace updates for v3.17-rc1
Date: Tue, 05 Aug 2014 17:57:31 -0700 [thread overview]
Message-ID: <87fvhav3ic.fsf@x220.int.ebiederm.org> (raw)
Linus,
Please pull the for-linus branch from the git tree:
git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git for-linus
HEAD: 344470cac42e887e68cfb5bdfa6171baf27f1eb5 proc: Point /proc/mounts at /proc/thread-self/mounts instead of /proc/self/mounts
This is a bunch of small changes built against 3.16-rc6. The most
significant change for users is the first patch which makes setns
drmatically faster by removing unneded rcu handling.
The next chunk of changes are so that "mount -o remount,.." will not
allow the user namespace root to drop flags on a mount set by the system
wide root. Aks this forces read-only mounts to stay read-only, no-dev
mounts to stay no-dev, no-suid mounts to stay no-suid, no-exec mounts to
stay no exec and it prevents unprivileged users from messing with a
mounts atime settings. I have included my test case as the last patch
in this series so people performing backports can verify this change
works correctly.
The next change fixes a bug in NFS that was discovered while auditing
nsproxy users for the first optimization. Today you can oops the kernel
by reading /proc/fs/nfsfs/{servers,volumes} if you are clever with pid
namespaces. I rebased and fixed the build of the !CONFIG_NFS_FS case
yesterday when a build bot caught my typo. Given that no one to my
knowledge bases anything on my tree fixing the typo in place seems more
responsible that requiring a typo-fix to be backported as well.
The last change is a small semantic cleanup introducing
/proc/thread-self and pointing /proc/mounts and /proc/net at it. This
prevents several kinds of problemantic corner cases. It is a
user-visible change so it has a minute chance of causing regressions so
the change to /proc/mounts and /proc/net are individual one line commits
that can be trivially reverted. Unfortunately I lost and could not find
the email of the original reporter so he is not credited. From at least
one perspective this change to /proc/net is a refgression fix to allow
pthread /proc/net uses that were broken by the introduction of the network
namespace.
Eric
Eric W. Biederman (11):
namespaces: Use task_lock and not rcu to protect nsproxy
mnt: Only change user settable mount flags in remount
mnt: Move the test for MNT_LOCK_READONLY from change_mount_flags into do_remount
mnt: Correct permission checks in do_remount
mnt: Change the default remount atime from relatime to the existing value
mnt: Add tests for unprivileged remount cases that have found to be faulty
NFS: Fix /proc/fs/nfsfs/servers and /proc/fs/nfsfs/volumes
proc: Have net show up under /proc/<tgid>/task/<tid>
proc: Implement /proc/thread-self to point at the directory of the current thread
proc: Point /proc/net at /proc/thread-self/net instead of /proc/self/net
proc: Point /proc/mounts at /proc/thread-self/mounts instead of /proc/self/mounts
fs/namespace.c | 65 +++++-
fs/nfs/client.c | 95 ++++----
fs/nfs/inode.c | 3 +-
fs/nfs/internal.h | 9 +
fs/nfs/netns.h | 3 +
fs/proc/Makefile | 1 +
fs/proc/base.c | 18 +-
fs/proc/inode.c | 7 +-
fs/proc/internal.h | 6 +
fs/proc/proc_net.c | 6 +-
fs/proc/root.c | 5 +-
fs/proc/thread_self.c | 85 ++++++++
fs/proc_namespace.c | 8 +-
include/linux/mount.h | 9 +-
include/linux/nsproxy.h | 16 +-
include/linux/pid_namespace.h | 1 +
ipc/namespace.c | 6 +-
kernel/nsproxy.c | 15 +-
kernel/utsname.c | 6 +-
net/core/net_namespace.c | 10 +-
tools/testing/selftests/Makefile | 1 +
tools/testing/selftests/mount/Makefile | 17 ++
.../selftests/mount/unprivileged-remount-test.c | 242 +++++++++++++++++++++
23 files changed, 537 insertions(+), 97 deletions(-)
WARNING: multiple messages have this Message-ID (diff)
From: ebiederm@xmission.com (Eric W. Biederman)
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Linux Containers <containers@lists.linux-foundation.org>,
<linux-fsdevel@vger.kernel.org>, <linux-kernel@vger.kernel.org>
Subject: [GIT PULL] namespace updates for v3.17-rc1
Date: Tue, 05 Aug 2014 17:57:31 -0700 [thread overview]
Message-ID: <87fvhav3ic.fsf@x220.int.ebiederm.org> (raw)
Linus,
Please pull the for-linus branch from the git tree:
git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git for-linus
HEAD: 344470cac42e887e68cfb5bdfa6171baf27f1eb5 proc: Point /proc/mounts at /proc/thread-self/mounts instead of /proc/self/mounts
This is a bunch of small changes built against 3.16-rc6. The most
significant change for users is the first patch which makes setns
drmatically faster by removing unneded rcu handling.
The next chunk of changes are so that "mount -o remount,.." will not
allow the user namespace root to drop flags on a mount set by the system
wide root. Aks this forces read-only mounts to stay read-only, no-dev
mounts to stay no-dev, no-suid mounts to stay no-suid, no-exec mounts to
stay no exec and it prevents unprivileged users from messing with a
mounts atime settings. I have included my test case as the last patch
in this series so people performing backports can verify this change
works correctly.
The next change fixes a bug in NFS that was discovered while auditing
nsproxy users for the first optimization. Today you can oops the kernel
by reading /proc/fs/nfsfs/{servers,volumes} if you are clever with pid
namespaces. I rebased and fixed the build of the !CONFIG_NFS_FS case
yesterday when a build bot caught my typo. Given that no one to my
knowledge bases anything on my tree fixing the typo in place seems more
responsible that requiring a typo-fix to be backported as well.
The last change is a small semantic cleanup introducing
/proc/thread-self and pointing /proc/mounts and /proc/net at it. This
prevents several kinds of problemantic corner cases. It is a
user-visible change so it has a minute chance of causing regressions so
the change to /proc/mounts and /proc/net are individual one line commits
that can be trivially reverted. Unfortunately I lost and could not find
the email of the original reporter so he is not credited. From at least
one perspective this change to /proc/net is a refgression fix to allow
pthread /proc/net uses that were broken by the introduction of the network
namespace.
Eric
Eric W. Biederman (11):
namespaces: Use task_lock and not rcu to protect nsproxy
mnt: Only change user settable mount flags in remount
mnt: Move the test for MNT_LOCK_READONLY from change_mount_flags into do_remount
mnt: Correct permission checks in do_remount
mnt: Change the default remount atime from relatime to the existing value
mnt: Add tests for unprivileged remount cases that have found to be faulty
NFS: Fix /proc/fs/nfsfs/servers and /proc/fs/nfsfs/volumes
proc: Have net show up under /proc/<tgid>/task/<tid>
proc: Implement /proc/thread-self to point at the directory of the current thread
proc: Point /proc/net at /proc/thread-self/net instead of /proc/self/net
proc: Point /proc/mounts at /proc/thread-self/mounts instead of /proc/self/mounts
fs/namespace.c | 65 +++++-
fs/nfs/client.c | 95 ++++----
fs/nfs/inode.c | 3 +-
fs/nfs/internal.h | 9 +
fs/nfs/netns.h | 3 +
fs/proc/Makefile | 1 +
fs/proc/base.c | 18 +-
fs/proc/inode.c | 7 +-
fs/proc/internal.h | 6 +
fs/proc/proc_net.c | 6 +-
fs/proc/root.c | 5 +-
fs/proc/thread_self.c | 85 ++++++++
fs/proc_namespace.c | 8 +-
include/linux/mount.h | 9 +-
include/linux/nsproxy.h | 16 +-
include/linux/pid_namespace.h | 1 +
ipc/namespace.c | 6 +-
kernel/nsproxy.c | 15 +-
kernel/utsname.c | 6 +-
net/core/net_namespace.c | 10 +-
tools/testing/selftests/Makefile | 1 +
tools/testing/selftests/mount/Makefile | 17 ++
.../selftests/mount/unprivileged-remount-test.c | 242 +++++++++++++++++++++
23 files changed, 537 insertions(+), 97 deletions(-)
next reply other threads:[~2014-08-06 0:57 UTC|newest]
Thread overview: 67+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-08-06 0:57 Eric W. Biederman [this message]
2014-08-06 0:57 ` [GIT PULL] namespace updates for v3.17-rc1 Eric W. Biederman
[not found] ` <87fvhav3ic.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2014-08-06 4:46 ` Stephen Rothwell
2014-08-06 4:46 ` Stephen Rothwell
2014-08-06 4:46 ` Stephen Rothwell
[not found] ` <20140806144643.45e5dab8-3FnU+UHB4dNDw9hX6IcOSA@public.gmane.org>
2014-08-06 5:16 ` Eric W. Biederman
2014-08-06 5:16 ` Eric W. Biederman
[not found] ` <87lhr2tcyx.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2014-08-06 6:06 ` Stephen Rothwell
2014-08-06 6:06 ` Stephen Rothwell
2014-08-06 6:06 ` Stephen Rothwell
[not found] ` <20140806160608.218b6944-3FnU+UHB4dNDw9hX6IcOSA@public.gmane.org>
2014-08-06 6:30 ` Eric W. Biederman
2014-08-06 6:30 ` Eric W. Biederman
2014-08-07 13:28 ` Theodore Ts'o
2014-08-07 13:28 ` Theodore Ts'o
2014-08-13 2:46 ` Andy Lutomirski
2014-08-13 2:46 ` Andy Lutomirski
[not found] ` <53EAD180.4010906-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org>
2014-08-13 4:17 ` Eric W. Biederman
2014-08-13 4:17 ` Eric W. Biederman
[not found] ` <87sil1nhut.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2014-08-13 4:38 ` Andy Lutomirski
2014-08-13 4:38 ` Andy Lutomirski
2014-08-13 4:45 ` Kenton Varda
[not found] ` <CAOP=4widH1rMZ1O=hzAT+M_8exdzRPA8pJ+wH29AQ9L0ogu9nw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-08-13 10:24 ` Eric W. Biederman
2014-08-13 10:24 ` Eric W. Biederman
2014-08-15 18:41 ` Andy Lutomirski
[not found] ` <87tx5ghekp.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2014-08-13 17:03 ` Andy Lutomirski
2014-08-13 17:03 ` Andy Lutomirski
[not found] ` <CALCETrWT_p1-5nkiAjWoeta19fkO3rDiJe9_mhRVqF8x1zXv2A-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-08-14 0:03 ` [PATCH] fs: Remove implicit nodev for new mounts in non-root userns Andy Lutomirski
2014-08-14 0:03 ` Andy Lutomirski
[not found] ` <2686c32f00b14148379e8cfee9c028c794d4aa1a.1407974494.git.luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org>
2014-08-15 19:05 ` Serge Hallyn
2014-08-15 20:16 ` Serge Hallyn
2014-08-28 1:35 ` Andy Lutomirski
2014-08-15 19:05 ` Serge Hallyn
2014-08-15 19:16 ` Andy Lutomirski
2014-08-15 19:16 ` Andy Lutomirski
[not found] ` <CALCETrVKq1Fxnsd9jKDi5_fcKfCJxBZ1w-zGXD3FR-pF-jLsmQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-08-15 19:37 ` Serge Hallyn
2014-08-15 19:37 ` Serge Hallyn
2014-08-15 19:56 ` Andy Lutomirski
2014-08-15 19:56 ` Andy Lutomirski
[not found] ` <CALCETrWB0qBiyfJbapFnjxoNyNvS+aHvgc_eob3fC1j=cv+v5w-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-08-15 20:16 ` Serge Hallyn
2014-08-15 20:16 ` Serge Hallyn
2014-08-15 20:16 ` Serge Hallyn
2014-08-28 1:35 ` Andy Lutomirski
2014-08-15 18:41 ` [GIT PULL] namespace updates for v3.17-rc1 Andy Lutomirski
2014-08-20 15:06 ` Richard Weinberger
2014-08-20 15:06 ` Richard Weinberger
[not found] ` <CAFLxGvwi-iJRyfwv8v9fcRkiSu2d-az8W55xMPbp_d8wQKmwjg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-08-21 4:53 ` Eric W. Biederman
2014-08-21 4:53 ` Eric W. Biederman
[not found] ` <87vbpm4f4y.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2014-08-21 6:29 ` Richard Weinberger
2014-08-21 13:12 ` Christoph Hellwig
2014-08-21 13:12 ` Christoph Hellwig
[not found] ` <20140821131257.GA4264-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org>
2014-08-21 13:22 ` Richard Weinberger
2014-08-21 13:22 ` Richard Weinberger
[not found] ` <53F5F2AD.5010607-/L3Ra7n9ekc@public.gmane.org>
2014-08-21 14:09 ` Eric W. Biederman
2014-08-21 14:09 ` Eric W. Biederman
[not found] ` <87k362vsr5.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2014-09-03 21:18 ` Richard Weinberger
2014-09-03 21:18 ` Richard Weinberger
2014-11-25 23:15 ` Richard Weinberger
2014-11-25 23:15 ` Richard Weinberger
[not found] ` <CAFLxGvzyhHC+QF-bFfp-yNBpCkS3JJ+RAr+5iCj0k_su9wJbGw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-11-29 16:58 ` Richard Weinberger
2014-11-29 16:58 ` Richard Weinberger
2014-08-21 13:43 ` Eric W. Biederman
2014-08-21 13:43 ` Eric W. Biederman
2014-08-21 6:29 ` Richard Weinberger
[not found] ` <53F591E7.3010509-/L3Ra7n9ekc@public.gmane.org>
2014-08-21 7:24 ` Richard Weinberger
2014-08-21 7:24 ` Richard Weinberger
[not found] ` <53F59EC7.6060107-/L3Ra7n9ekc@public.gmane.org>
2014-08-21 13:54 ` Eric W. Biederman
2014-08-21 13:54 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87fvhav3ic.fsf@x220.int.ebiederm.org \
--to=ebiederm-as9lmozglivwk0htik3j/w@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=torvalds-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.