From: ebiederm@xmission.com (Eric W. Biederman)
To: <linux-kernel@vger.kernel.org>
Cc: <netdev@vger.kernel.org>, <linux-fsdevel@vger.kernel.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
David Miller <davem@davemloft.net>
Subject: [REVIEW][PATCH 0/15] userns subsystem conversions
Date: Sat, 25 Aug 2012 16:54:59 -0700 [thread overview]
Message-ID: <87lih2h6i4.fsf@xmission.com> (raw)
This patchset updates all of the major linux subsystems that use uids
and gids to store them in kuid_t and kgid_t types.
This update allows some of the subsystems to work in all user namespaces
while other subsystems were updated to only work in the initial user
namespace.
kuid_t and kgid_t values have been pushed as deeply into the code as
possible to allow type checking to find as many problems as possible.
In a couple of cases this involved taking an implicit union stored in
an unsigned int and making it an explicit union.
This patchset is based on 3.6-rc1 and strictly against:
git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git for-next
My intention after these patches have been reviewed is to add them to my
non-rebasing for-next branch of my user namespace tree and to merge
these changes into 3.7.
I had hoped when I converted the core kernel that I would have removed
the interactions between subsystems and would be able to merge these
changes independently through maintainer trees in a timely fashion, but
there are just enough dependencies and interactions that the changes
really all need to be in one tree to make these changes testable/usable.
Once these changes hit my for-next branch I won't be rebasing them so
if a maintainer wants to merge them to avoid conflicts feel free.
The biggest cross subystem change this round is probably the change
to have audit_get_loginuid return a kuid_t, but it certainly isn't
the only cross subsystem change.
Eric W. Biederman (15):
userns: Enable building of pf_key sockets when user namespace support is enabled.
userns: Make credential debugging user namespace safe.
userns: Convert security/keys to the new userns infrastructure
userns: net: Call key_alloc with GLOBAL_ROOT_UID, GLOBAL_ROOT_GID instead of 0, 0
userns: Convert ipc to use kuid and kgid where appropriate
userns: Convert audit to use kuid and kgid where appropriate
userns: Convert taskstats to handle the user and pid namespaces.
userns: Convert bsd process accounting to use kuid and kgid where appropriate
userns: Convert process event connector to handle kuids and kgids
userns: Convert debugfs to use kuid/kgid where appropriate.
userns: Teach trace to use from_kuid
userns: Convert drm to use kuid and kgid and struct pid where appropriate
userns: Add basic quota support
userns: Convert vfs posix_acl support to use kuid and kgid where appripriate.
userns: Convert configfs to use kuid and kgid where appropriate
drivers/connector/cn_proc.c | 18 +++-
drivers/gpu/drm/drm_fops.c | 3 +-
drivers/gpu/drm/drm_info.c | 5 +-
drivers/gpu/drm/drm_ioctl.c | 4 +-
drivers/tty/tty_audit.c | 16 ++--
fs/9p/acl.c | 8 +-
fs/btrfs/acl.c | 8 +-
fs/configfs/inode.c | 4 +-
fs/debugfs/inode.c | 26 +++--
fs/ext2/acl.c | 32 ++++--
fs/ext3/acl.c | 32 ++++--
fs/ext4/acl.c | 31 ++++--
fs/generic_acl.c | 4 +-
fs/gfs2/acl.c | 14 ++--
fs/gfs2/quota.c | 44 +++++---
fs/jffs2/acl.c | 4 +-
fs/jfs/acl.c | 4 +-
fs/jfs/xattr.c | 4 +-
fs/nfs/nfs3acl.c | 4 +-
fs/nfsd/vfs.c | 8 +-
fs/ocfs2/acl.c | 4 +-
fs/ocfs2/file.c | 6 +-
fs/ocfs2/quota_global.c | 34 +++++--
fs/ocfs2/quota_local.c | 12 ++-
fs/posix_acl.c | 30 +++---
fs/proc/base.c | 12 ++-
fs/quota/dquot.c | 43 ++++----
fs/quota/netlink.c | 11 ++-
fs/quota/quota.c | 44 +++++---
fs/quota/quota_tree.c | 20 +++-
fs/quota/quota_v1.c | 8 +-
fs/quota/quota_v2.c | 14 ++-
drivers/connector/cn_proc.c | 18 +++-
drivers/gpu/drm/drm_fops.c | 3 +-
drivers/gpu/drm/drm_info.c | 5 +-
drivers/gpu/drm/drm_ioctl.c | 4 +-
drivers/tty/tty_audit.c | 16 ++--
fs/9p/acl.c | 8 +-
fs/btrfs/acl.c | 8 +-
fs/configfs/inode.c | 4 +-
fs/debugfs/inode.c | 26 +++--
fs/ext2/acl.c | 32 ++++--
fs/ext3/acl.c | 32 ++++--
fs/ext4/acl.c | 31 ++++--
fs/generic_acl.c | 4 +-
fs/gfs2/acl.c | 14 ++--
fs/gfs2/quota.c | 44 +++++---
fs/jffs2/acl.c | 4 +-
fs/jfs/acl.c | 4 +-
fs/jfs/xattr.c | 4 +-
fs/nfs/nfs3acl.c | 4 +-
fs/nfsd/vfs.c | 8 +-
fs/ocfs2/acl.c | 4 +-
fs/ocfs2/file.c | 6 +-
fs/ocfs2/quota_global.c | 34 +++++--
fs/ocfs2/quota_local.c | 12 ++-
fs/posix_acl.c | 30 +++---
fs/proc/base.c | 12 ++-
fs/quota/dquot.c | 43 ++++----
fs/quota/netlink.c | 11 ++-
fs/quota/quota.c | 44 +++++---
fs/quota/quota_tree.c | 20 +++-
fs/quota/quota_v1.c | 8 +-
fs/quota/quota_v2.c | 14 ++-
fs/reiserfs/xattr_acl.c | 4 +-
fs/xattr.c | 7 ++
fs/xattr_acl.c | 96 +++++++++++++++--
fs/xfs/xfs_acl.c | 4 +-
fs/xfs/xfs_quotaops.c | 18 ++--
fs/xfs/xfs_trans_dquot.c | 8 +-
include/drm/drmP.h | 4 +-
include/linux/audit.h | 12 ++-
include/linux/init_task.h | 2 +-
include/linux/ipc.h | 9 +-
include/linux/key.h | 9 +-
include/linux/posix_acl.h | 8 ++-
include/linux/posix_acl_xattr.h | 18 +++-
include/linux/quota.h | 91 +++++++++++++++-
include/linux/quotaops.h | 18 +++-
include/linux/sched.h | 2 +-
include/linux/tsacct_kern.h | 8 +-
include/linux/tty.h | 4 +-
include/net/netlabel.h | 2 +-
include/net/xfrm.h | 23 ++--
init/Kconfig | 18 ---
ipc/msg.c | 14 ++-
ipc/sem.c | 13 ++-
ipc/shm.c | 19 ++--
ipc/util.c | 35 ++++---
ipc/util.h | 2 +-
kernel/acct.c | 4 +-
kernel/audit.c | 42 +++++---
kernel/audit.h | 4 +-
kernel/audit_watch.c | 2 +-
kernel/auditfilter.c | 142 +++++++++++++++++++++----
kernel/auditsc.c | 214 +++++++++++++++++++------------------
kernel/cred.c | 10 ++-
kernel/taskstats.c | 23 +++-
kernel/trace/trace.c | 3 +-
kernel/trace/trace.h | 2 +-
kernel/tsacct.c | 12 ++-
net/core/dev.c | 2 +-
net/dns_resolver/dns_key.c | 3 +-
net/netlabel/netlabel_unlabeled.c | 2 +-
net/netlabel/netlabel_user.c | 2 +-
net/rxrpc/ar-key.c | 6 +-
net/xfrm/xfrm_policy.c | 8 +-
net/xfrm/xfrm_state.c | 6 +-
net/xfrm/xfrm_user.c | 12 +-
security/keys/internal.h | 6 +-
security/keys/key.c | 23 ++---
security/keys/keyctl.c | 50 +++++----
security/keys/keyring.c | 4 +-
security/keys/permission.c | 14 +--
security/keys/proc.c | 44 ++++----
security/keys/process_keys.c | 15 ++--
security/keys/request_key.c | 6 +-
85 files changed, 1056 insertions(+), 564 deletions(-)
next reply other threads:[~2012-08-25 23:54 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-08-25 23:54 Eric W. Biederman [this message]
2012-08-25 23:58 ` [REVIEW][PATCH 01/15] userns: Enable building of pf_key sockets when user namespace support is enabled Eric W. Biederman
2012-08-25 23:59 ` [REVIEW][PATCH 02/15] userns: Make credential debugging user namespace safe Eric W. Biederman
2012-08-25 23:59 ` [REVIEW][PATCH 03/15] userns: Convert security/keys to the new userns infrastructure Eric W. Biederman
2012-08-26 0:00 ` [REVIEW][PATCH 04/15] userns: net: Call key_alloc with GLOBAL_ROOT_UID, GLOBAL_ROOT_GID instead of 0, 0 Eric W. Biederman
2012-08-26 0:00 ` Eric W. Biederman
2012-08-26 0:00 ` [REVIEW][PATCH 05/15] userns: Convert ipc to use kuid and kgid where appropriate Eric W. Biederman
2012-08-26 0:01 ` [REVIEW][PATCH 07/15] userns: Convert taskstats to handle the user and pid namespaces Eric W. Biederman
2012-08-26 0:02 ` [REVIEW][PATCH 09/15] userns: Convert process event connector to handle kuids and kgids Eric W. Biederman
2012-08-26 12:33 ` Evgeniy Polyakov
2012-08-26 13:43 ` Eric W. Biederman
2012-08-26 0:03 ` [REVIEW][PATCH 10/15] userns: Convert debugfs to use kuid/kgid where appropriate Eric W. Biederman
2012-09-05 21:09 ` Greg Kroah-Hartman
2012-08-26 0:04 ` [REVIEW][PATCH 11/15] userns: Teach trace to use from_kuid Eric W. Biederman
2012-08-26 0:18 ` Steven Rostedt
2012-08-26 0:28 ` Eric W. Biederman
2012-08-26 0:05 ` [REVIEW][PATCH 12/15] userns: Convert drm to use kuid and kgid and struct pid where appropriate Eric W. Biederman
2012-08-26 0:05 ` Eric W. Biederman
2012-09-13 1:31 ` Dave Airlie
2012-09-13 2:14 ` Eric W. Biederman
2012-09-13 3:29 ` Dave Airlie
2012-08-26 0:07 ` [REVIEW][PATCH 15/15] userns: Convert configfs to use kuid and kgid " Eric W. Biederman
2012-08-26 13:00 ` [PATCH 06/15] userns: Convert audit " Eric W. Biederman
[not found] ` <9E0E8AAC-9548-4009-AE29-D368244D8EEA@dubeyko.com>
2012-08-26 14:25 ` [REVIEW][PATCH 0/15] userns subsystem conversions Eric W. Biederman
[not found] ` <87harqecvk.fsf@xmission.com>
2012-08-27 8:50 ` [Cluster-devel] [REVIEW][PATCH 13/15] userns: Add basic quota support Jan Kara
2012-08-27 8:50 ` Jan Kara
2012-08-27 8:50 ` Jan Kara
2012-08-27 15:54 ` Eric W. Biederman
2012-08-27 15:54 ` Eric W. Biederman
2012-08-28 0:12 ` [PATCH] userns: Add basic quota support v2 Eric W. Biederman
2012-08-28 9:05 ` Jan Kara
2012-08-28 9:44 ` Boaz Harrosh
2012-08-28 17:34 ` Eric W. Biederman
2012-08-28 17:36 ` [PATCH] userns: Add basic quota support v3 Eric W. Biederman
2012-08-28 17:51 ` [PATCH] userns: Add basic quota support v2 Jan Kara
2012-08-28 19:09 ` [PATCH] userns: Add basic quota support v4 Eric W. Biederman
2012-08-29 2:10 ` Dave Chinner
2012-08-29 9:31 ` Eric W. Biederman
2012-08-31 1:17 ` Dave Chinner
2012-09-05 5:20 ` Eric W. Biederman
2012-09-20 1:28 ` Eric W. Biederman
2012-08-27 8:58 ` [Cluster-devel] [REVIEW][PATCH 13/15] userns: Add basic quota support Steven Whitehouse
2012-08-27 8:58 ` Steven Whitehouse
2012-08-27 8:58 ` Steven Whitehouse
2012-08-27 8:58 ` Steven Whitehouse
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87lih2h6i4.fsf@xmission.com \
--to=ebiederm@xmission.com \
--cc=davem@davemloft.net \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=serge@hallyn.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.