From mboxrd@z Thu Jan 1 00:00:00 1970 From: ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org (Eric W. Biederman) Subject: [GIT PULL] namespace related changes for 4.10-rc1 Date: Mon, 12 Dec 2016 13:27:19 +1300 Message-ID: <87wpf6t2jc.fsf@xmission.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org Errors-To: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org To: Linus Torvalds Cc: Linux Containers , linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org List-Id: containers.vger.kernel.org Linus, Please pull the for-linus branch from the git tree: git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git for-linus HEAD: 19339c251607a3defc7f089511ce8561936fee45 Revert "evm: Translate user/group ids relative to s_user_ns when computing HMAC" After a lot of discussion and work we have finally reachanged a basic understanding of what is necessary to make unprivileged mounts safe in the presence of EVM and IMA xattrs which the last commit in this series reflects. While technically it is a revert the comments it adds are important for people not getting confused in the future. Clearing up that confusion allows us to seriously work on unprivileged mounts of fuse in the next development cycle. The rest of the fixes in this set are in the intersection of user namespaces, ptrace, and exec. I started with the first fix which started a feedback cycle of finding additional issues during review and fixing them. Culiminating in a fix for a bug that has been present since at least Linux v1.0. Potentially these fixes were candidates during for being merged during the rc cycle, and are certainly backport candidates but enough little things turned up during review and testing that I decided they should be handled as part of the normal development process just to be certain there were not any great surprises when it came time to backport some of these fixes. Eric W. Biederman (5): mm: Add a user_ns owner to mm_struct and fix ptrace permission checks ptrace: Capture the ptracer's creds not PT_PTRACE_CAP ptrace: Don't allow accessing an undumpable mm exec: Ensure mm->user_ns contains the execed files Revert "evm: Translate user/group ids relative to s_user_ns when computing HMAC" arch/alpha/kernel/ptrace.c | 2 +- arch/blackfin/kernel/ptrace.c | 4 +-- arch/cris/arch-v32/kernel/ptrace.c | 2 +- arch/ia64/kernel/ptrace.c | 2 +- arch/mips/kernel/ptrace32.c | 4 +-- arch/powerpc/kernel/ptrace32.c | 4 +-- fs/exec.c | 21 +++++++++-- include/linux/capability.h | 2 ++ include/linux/mm.h | 2 ++ include/linux/mm_types.h | 1 + include/linux/ptrace.h | 4 ++- include/linux/sched.h | 1 + kernel/capability.c | 36 +++++++++++++++++-- kernel/fork.c | 9 +++-- kernel/ptrace.c | 70 ++++++++++++++++++++++++++----------- mm/init-mm.c | 2 ++ mm/memory.c | 2 +- mm/nommu.c | 2 +- security/integrity/evm/evm_crypto.c | 12 +++++-- 19 files changed, 139 insertions(+), 43 deletions(-) Eric From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932238AbcLLAaV (ORCPT ); Sun, 11 Dec 2016 19:30:21 -0500 Received: from out03.mta.xmission.com ([166.70.13.233]:37086 "EHLO out03.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754005AbcLLAaU (ORCPT ); Sun, 11 Dec 2016 19:30:20 -0500 From: ebiederm@xmission.com (Eric W. Biederman) To: Linus Torvalds Cc: Linux Containers , Date: Mon, 12 Dec 2016 13:27:19 +1300 Message-ID: <87wpf6t2jc.fsf@xmission.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-XM-SPF: eid=1cGEVW-0005fJ-Fh;;;mid=<87wpf6t2jc.fsf@xmission.com>;;;hst=in02.mta.xmission.com;;;ip=101.100.131.98;;;frm=ebiederm@xmission.com;;;spf=neutral X-XM-AID: U2FsdGVkX1+FVgvdJ3/qUeclfqxFrhnwdstvHyUD8Dg= X-SA-Exim-Connect-IP: 101.100.131.98 X-SA-Exim-Mail-From: ebiederm@xmission.com X-Spam-Report: * -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP * 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% * [score: 0.5000] * -0.0 DCC_CHECK_NEGATIVE Not listed in DCC * [sa04 1397; Body=1 Fuz1=1 Fuz2=1] * 1.2 XMSubMetaSxObfu_03 Obfuscated Sexy Noun-People * 0.0 T_TooManySym_01 4+ unique symbols in subject * 1.0 XMSubMetaSx_00 1+ Sexy Words X-Spam-DCC: XMission; sa04 1397; Body=1 Fuz1=1 Fuz2=1 X-Spam-Combo: **;Linus Torvalds X-Spam-Relay-Country: X-Spam-Timing: total 279 ms - load_scoreonly_sql: 0.06 (0.0%), signal_user_changed: 4.4 (1.6%), b_tie_ro: 3.0 (1.1%), parse: 1.29 (0.5%), extract_message_metadata: 6 (2.0%), get_uri_detail_list: 2.9 (1.0%), tests_pri_-1000: 6 (2.1%), tests_pri_-950: 1.82 (0.7%), tests_pri_-900: 1.48 (0.5%), tests_pri_-400: 29 (10.3%), check_bayes: 27 (9.8%), b_tokenize: 9 (3.3%), b_tok_get_all: 9 (3.2%), b_comp_prob: 3.0 (1.1%), b_tok_touch_all: 3.7 (1.3%), b_finish: 0.80 (0.3%), tests_pri_0: 213 (76.4%), check_dkim_signature: 0.56 (0.2%), check_dkim_adsp: 3.1 (1.1%), tests_pri_500: 4.0 (1.4%), rewrite_mail: 0.00 (0.0%) Subject: [GIT PULL] namespace related changes for 4.10-rc1 X-Spam-Flag: No X-SA-Exim-Version: 4.2.1 (built Thu, 05 May 2016 13:38:54 -0600) X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Linus, Please pull the for-linus branch from the git tree: git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git for-linus HEAD: 19339c251607a3defc7f089511ce8561936fee45 Revert "evm: Translate user/group ids relative to s_user_ns when computing HMAC" After a lot of discussion and work we have finally reachanged a basic understanding of what is necessary to make unprivileged mounts safe in the presence of EVM and IMA xattrs which the last commit in this series reflects. While technically it is a revert the comments it adds are important for people not getting confused in the future. Clearing up that confusion allows us to seriously work on unprivileged mounts of fuse in the next development cycle. The rest of the fixes in this set are in the intersection of user namespaces, ptrace, and exec. I started with the first fix which started a feedback cycle of finding additional issues during review and fixing them. Culiminating in a fix for a bug that has been present since at least Linux v1.0. Potentially these fixes were candidates during for being merged during the rc cycle, and are certainly backport candidates but enough little things turned up during review and testing that I decided they should be handled as part of the normal development process just to be certain there were not any great surprises when it came time to backport some of these fixes. Eric W. Biederman (5): mm: Add a user_ns owner to mm_struct and fix ptrace permission checks ptrace: Capture the ptracer's creds not PT_PTRACE_CAP ptrace: Don't allow accessing an undumpable mm exec: Ensure mm->user_ns contains the execed files Revert "evm: Translate user/group ids relative to s_user_ns when computing HMAC" arch/alpha/kernel/ptrace.c | 2 +- arch/blackfin/kernel/ptrace.c | 4 +-- arch/cris/arch-v32/kernel/ptrace.c | 2 +- arch/ia64/kernel/ptrace.c | 2 +- arch/mips/kernel/ptrace32.c | 4 +-- arch/powerpc/kernel/ptrace32.c | 4 +-- fs/exec.c | 21 +++++++++-- include/linux/capability.h | 2 ++ include/linux/mm.h | 2 ++ include/linux/mm_types.h | 1 + include/linux/ptrace.h | 4 ++- include/linux/sched.h | 1 + kernel/capability.c | 36 +++++++++++++++++-- kernel/fork.c | 9 +++-- kernel/ptrace.c | 70 ++++++++++++++++++++++++++----------- mm/init-mm.c | 2 ++ mm/memory.c | 2 +- mm/nommu.c | 2 +- security/integrity/evm/evm_crypto.c | 12 +++++-- 19 files changed, 139 insertions(+), 43 deletions(-) Eric