From: sukadev-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org
To: "Eric W. Biederman" <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
Cc: Linux Containers
<containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org>,
Andrew Morton
<akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>,
Oleg Nesterov <oleg-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>,
Pavel Emelyanov <xemul-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
Subject: Re: [PATCH 3/9] pid: Implement ns_of_pid.
Date: Wed, 12 Dec 2007 19:28:27 -0800 [thread overview]
Message-ID: <20071213032827.GA1433@us.ibm.com> (raw)
In-Reply-To: <m1ve73s7vr.fsf-T1Yj925okcoyDheHMi7gv2pdwda3JcWeAL8bYrjMMd8@public.gmane.org>
Eric W. Biederman [ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org] wrote:
| sukadev-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org writes:
|
| >
| > My patch refers to this function as pid_active_pid_ns() - I have
| > been meaning to send that out on top of your signals patch.
| > Since a pid has many namespaces, we have been using 'active pid ns'
| > to refer to this ns.
|
| Currently we don't ask for any of the others, and the namespace
| the pid came from is special. That fundamentally is the namespace
| of the pid. The rest byproducts of being in that pid namespace,
| as we could derive them by walking the namespace's parent list.
|
| > Even your next patch modifies task_active_pid_ns() to use this.
| > So can we rename this functio to pid_active_pid_ns() ?
|
| I'd be more inclined to rename task_active_pid_ns to task_pid_ns.
|
| And to rename pid_in_pid_ns that Pavel has issues with to pid_in_ns.
|
| When I read active_pid_ns I wonder what the other namespaces are
| that we are distinguishing this from. They do exist in the
| implementation but so far it is a complete don't care.
Well, there are interfaces like pid_nr_ns() and pid_in_ns() and
task_in_pid_ns() that imply existence of other namespaces and
for that reason we added 'active' in the name.
But I am fine with the terse name and of course we should remove
the the 'active' in task_active_pid_ns() also.
|
| So I expect being as terse as we can while still conveying all of the
| relevant information is the most maintainable long term.
|
| Eric
I did some initial testing on your patchset (minus patch 5) and noticed
that it seems to be missing the patch to address kill -1 semantics
(here is the earlier version).
---
This patch implements task_in_pid_ns and uses it to limit cap_set_all
and sys_kill(-1,) to only those tasks in the current pid namespace.
Without this we have a setup for a very nasty surprise.
Signed-off-by: Eric W. Biederman <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
---
include/linux/pid_namespace.h | 2 ++
kernel/capability.c | 3 +++
kernel/pid.c | 11 +++++++++++
kernel/signal.c | 5 ++++-
4 files changed, 20 insertions(+), 1 deletions(-)
diff --git a/include/linux/pid_namespace.h b/include/linux/pid_namespace.h
index 0227e68..b454678 100644
--- a/include/linux/pid_namespace.h
+++ b/include/linux/pid_namespace.h
@@ -78,4 +78,6 @@ static inline struct task_struct *task_child_reaper(struct task_struct *tsk)
return tsk->nsproxy->pid_ns->child_reaper;
}
+extern int task_in_pid_ns(struct task_struct *tsk, struct pid_namespace *ns);
+
#endif /* _LINUX_PID_NS_H */
diff --git a/kernel/capability.c b/kernel/capability.c
index efbd9cd..a801016 100644
--- a/kernel/capability.c
+++ b/kernel/capability.c
@@ -125,6 +125,7 @@ static inline int cap_set_all(kernel_cap_t *effective,
kernel_cap_t *inheritable,
kernel_cap_t *permitted)
{
+ struct pid_namespace *pid_ns = current->nsproxy->pid_ns;
struct task_struct *g, *target;
int ret = -EPERM;
int found = 0;
@@ -132,6 +133,8 @@ static inline int cap_set_all(kernel_cap_t *effective,
do_each_thread(g, target) {
if (target == current || is_container_init(target->group_leader))
continue;
+ if (!task_in_pid_ns(target, pid_ns))
+ continue;
found = 1;
if (security_capset_check(target, effective, inheritable,
permitted))
diff --git a/kernel/pid.c b/kernel/pid.c
index f815455..1c332ca 100644
--- a/kernel/pid.c
+++ b/kernel/pid.c
@@ -430,6 +430,17 @@ struct pid *find_get_pid(pid_t nr)
return pid;
}
+static int pid_in_pid_ns(struct pid *pid, struct pid_namespace *ns)
+{
+ return pid && (ns->level <= pid->level) &&
+ pid->numbers[ns->level].ns == ns;
+}
+
+int task_in_pid_ns(struct task_struct *task, struct pid_namespace *ns)
+{
+ return pid_in_pid_ns(task_pid(task), ns);
+}
+
pid_t pid_nr_ns(struct pid *pid, struct pid_namespace *ns)
{
struct upid *upid;
diff --git a/kernel/signal.c b/kernel/signal.c
index 1200630..8f5a31f 100644
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -1147,10 +1147,13 @@ static int kill_something_info(int sig, struct siginfo *info, int pid)
} else if (pid == -1) {
int retval = 0, count = 0;
struct task_struct * p;
+ struct pid_namespace *ns = current->nsproxy->pid_ns;
read_lock(&tasklist_lock);
for_each_process(p) {
- if (p->pid > 1 && !same_thread_group(p, current)) {
+ if (!is_container_init(p) &&
+ !same_thread_group(p, current) &&
+ task_in_pid_ns(p, ns)) {
int err = group_send_sig_info(sig, info, p);
++count;
if (err != -EPERM)
--
1.5.3.rc6.17.g1911
next prev parent reply other threads:[~2007-12-13 3:28 UTC|newest]
Thread overview: 52+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-12-12 12:38 [PATCH 0/9] Core pid namespace enhancements Eric W. Biederman
[not found] ` <m13au8ytos.fsf-T1Yj925okcoyDheHMi7gv2pdwda3JcWeAL8bYrjMMd8@public.gmane.org>
2007-12-12 12:40 ` [PATCH 1/9] sig: Fix mqueue pid Eric W. Biederman
[not found] ` <m1y7c0xezt.fsf-T1Yj925okcoyDheHMi7gv2pdwda3JcWeAL8bYrjMMd8@public.gmane.org>
2007-12-12 12:42 ` [PATCH 2/9] sig: Fix SI_USER si_pid Eric W. Biederman
[not found] ` <m1tzmoxexb.fsf_-_-T1Yj925okcoyDheHMi7gv2pdwda3JcWeAL8bYrjMMd8@public.gmane.org>
2007-12-12 12:44 ` [PATCH 3/9] pid: Implement ns_of_pid Eric W. Biederman
[not found] ` <m1prxcxeum.fsf_-_-T1Yj925okcoyDheHMi7gv2pdwda3JcWeAL8bYrjMMd8@public.gmane.org>
2007-12-12 12:46 ` [PATCH 4/9] pid: Generalize task_active_pid_ns Eric W. Biederman
[not found] ` <m1lk80xeps.fsf_-_-T1Yj925okcoyDheHMi7gv2pdwda3JcWeAL8bYrjMMd8@public.gmane.org>
2007-12-12 12:48 ` [PATCH 5/9] pid: Update pid_vnr to use task_active_pid_ns Eric W. Biederman
[not found] ` <m1hcioxenh.fsf_-_-T1Yj925okcoyDheHMi7gv2pdwda3JcWeAL8bYrjMMd8@public.gmane.org>
2007-12-12 12:49 ` [PATCH 6/9] pid: Implement pid_in_pid_ns Eric W. Biederman
[not found] ` <m1d4tcxelu.fsf_-_-T1Yj925okcoyDheHMi7gv2pdwda3JcWeAL8bYrjMMd8@public.gmane.org>
2007-12-12 12:52 ` [PATCH 7/9] sig: Handle pid namespace crossing when sending signals Eric W. Biederman
[not found] ` <m18x40xeg6.fsf_-_-T1Yj925okcoyDheHMi7gv2pdwda3JcWeAL8bYrjMMd8@public.gmane.org>
2007-12-12 12:57 ` [PATCH 8/9] signal: Drop signals before sending them to init Eric W. Biederman
[not found] ` <m13au8xe8m.fsf_-_-T1Yj925okcoyDheHMi7gv2pdwda3JcWeAL8bYrjMMd8@public.gmane.org>
2007-12-12 12:58 ` [PATCH 9/9] signal: Ignore signals sent to the pid namespace init Eric W. Biederman
[not found] ` <m1y7c0vzm4.fsf_-_-T1Yj925okcoyDheHMi7gv2pdwda3JcWeAL8bYrjMMd8@public.gmane.org>
2007-12-12 13:09 ` [PATCH 0/4] pid namespace infrastructure cleanups Eric W. Biederman
[not found] ` <m1odcwvz3d.fsf_-_-T1Yj925okcoyDheHMi7gv2pdwda3JcWeAL8bYrjMMd8@public.gmane.org>
2007-12-12 13:27 ` [PATCH 1/4] pidns: Remove the child_reaper special case from de_thread Eric W. Biederman
[not found] ` <m1ir34vyaj.fsf_-_-T1Yj925okcoyDheHMi7gv2pdwda3JcWeAL8bYrjMMd8@public.gmane.org>
2007-12-12 13:30 ` [PATCH 2/4] proc: Simplify proc_get_sb Eric W. Biederman
[not found] ` <m1ejdsvy54.fsf_-_-T1Yj925okcoyDheHMi7gv2pdwda3JcWeAL8bYrjMMd8@public.gmane.org>
2007-12-12 13:31 ` [PATCH 3/4] proc: Remove the unnecessary global proc_mnt Eric W. Biederman
[not found] ` <m1abogvy39.fsf_-_-T1Yj925okcoyDheHMi7gv2pdwda3JcWeAL8bYrjMMd8@public.gmane.org>
2007-12-12 13:33 ` [PATCH 4/4] pid: Move all of the pid_namespace logic into copy_pid_ns Eric W. Biederman
[not found] ` <m163z4vxzs.fsf_-_-T1Yj925okcoyDheHMi7gv2pdwda3JcWeAL8bYrjMMd8@public.gmane.org>
2007-12-12 13:46 ` [PATCH 0/4] Properly handle talking to all processes in a pid namespace Eric W. Biederman
[not found] ` <m11w9svxeb.fsf_-_-T1Yj925okcoyDheHMi7gv2pdwda3JcWeAL8bYrjMMd8@public.gmane.org>
2007-12-12 13:49 ` [PATCH 1/4] signal: Introduce kill_pid_ns_info Eric W. Biederman
[not found] ` <m1ve74uio4.fsf_-_-T1Yj925okcoyDheHMi7gv2pdwda3JcWeAL8bYrjMMd8@public.gmane.org>
2007-12-12 13:50 ` [PATCH 2/4] pid: Make next_pidmap static again Eric W. Biederman
[not found] ` <m1r6hsuime.fsf_-_-T1Yj925okcoyDheHMi7gv2pdwda3JcWeAL8bYrjMMd8@public.gmane.org>
2007-12-12 13:52 ` [PATCH 3/4] Fix the indentation in cap_set_all to use tabs Eric W. Biederman
[not found] ` <m1mysguijx.fsf_-_-T1Yj925okcoyDheHMi7gv2pdwda3JcWeAL8bYrjMMd8@public.gmane.org>
2007-12-12 13:56 ` [PATCH 4/4] pid: Limit cap_set_all to the current pid namespace Eric W. Biederman
2007-12-12 16:09 ` [PATCH 1/4] signal: Introduce kill_pid_ns_info Pavel Emelyanov
2007-12-12 13:42 ` [PATCH 2/4] proc: Simplify proc_get_sb Pavel Emelyanov
[not found] ` <475FE53D.6050408-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2007-12-12 14:06 ` Eric W. Biederman
2007-12-13 16:28 ` [PATCH 9/9] signal: Ignore signals sent to the pid namespace init Oleg Nesterov
[not found] ` <20071213162811.GC219-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-12-13 18:16 ` Eric W. Biederman
[not found] ` <m1aboesbnu.fsf-T1Yj925okcoyDheHMi7gv2pdwda3JcWeAL8bYrjMMd8@public.gmane.org>
2007-12-13 18:33 ` Eric W. Biederman
[not found] ` <m13au6savt.fsf-T1Yj925okcoyDheHMi7gv2pdwda3JcWeAL8bYrjMMd8@public.gmane.org>
2007-12-18 8:37 ` Eric W. Biederman
2007-12-12 19:00 ` [PATCH 8/9] signal: Drop signals before sending them to init Serge E. Hallyn
[not found] ` <20071212190042.GA22469-6s5zFf/epYLPQpwDFJZrxKsjOiXwFzmk@public.gmane.org>
2007-12-12 19:33 ` Eric W. Biederman
2007-12-13 16:25 ` Oleg Nesterov
[not found] ` <20071213162502.GB219-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-12-13 17:50 ` Eric W. Biederman
[not found] ` <m1bq8uscu4.fsf-T1Yj925okcoyDheHMi7gv2pdwda3JcWeAL8bYrjMMd8@public.gmane.org>
2007-12-13 18:18 ` Oleg Nesterov
[not found] ` <20071213181802.GA486-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-12-13 18:50 ` Eric W. Biederman
[not found] ` <m1y7byqvj2.fsf-T1Yj925okcoyDheHMi7gv2pdwda3JcWeAL8bYrjMMd8@public.gmane.org>
2007-12-16 15:52 ` Oleg Nesterov
[not found] ` <20071216155244.GA216-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-12-18 4:06 ` Eric W. Biederman
[not found] ` <m1ir2wd4tf.fsf-T1Yj925okcoyDheHMi7gv2pdwda3JcWeAL8bYrjMMd8@public.gmane.org>
2007-12-18 12:22 ` Oleg Nesterov
[not found] ` <20071218122241.GA307-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-12-18 13:36 ` Eric W. Biederman
[not found] ` <m1prx49lag.fsf-T1Yj925okcoyDheHMi7gv2pdwda3JcWeAL8bYrjMMd8@public.gmane.org>
2007-12-18 15:30 ` Oleg Nesterov
[not found] ` <20071218153007.GA437-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-12-18 21:34 ` Eric W. Biederman
[not found] ` <m18x3radr1.fsf-T1Yj925okcoyDheHMi7gv2pdwda3JcWeAL8bYrjMMd8@public.gmane.org>
2007-12-19 13:42 ` Oleg Nesterov
2007-12-12 13:33 ` [PATCH 6/9] pid: Implement pid_in_pid_ns Pavel Emelyanov
2007-12-12 13:28 ` [PATCH 5/9] pid: Update pid_vnr to use task_active_pid_ns Pavel Emelyanov
[not found] ` <475FE201.7060104-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2007-12-12 14:20 ` Eric W. Biederman
2007-12-13 16:01 ` [PATCH 4/9] pid: Generalize task_active_pid_ns Oleg Nesterov
[not found] ` <20071213160128.GA219-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-12-13 16:22 ` Eric W. Biederman
[not found] ` <m1mysesgxc.fsf-T1Yj925okcoyDheHMi7gv2pdwda3JcWeAL8bYrjMMd8@public.gmane.org>
2007-12-13 17:07 ` Oleg Nesterov
2007-12-13 0:59 ` [PATCH 3/9] pid: Implement ns_of_pid sukadev-r/Jw6+rmf7HQT0dZR+AlfA
[not found] ` <20071213005945.GB27896-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2007-12-13 1:25 ` Eric W. Biederman
[not found] ` <m1ve73s7vr.fsf-T1Yj925okcoyDheHMi7gv2pdwda3JcWeAL8bYrjMMd8@public.gmane.org>
2007-12-13 3:28 ` sukadev-r/Jw6+rmf7HQT0dZR+AlfA [this message]
[not found] ` <20071213032827.GA1433-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2007-12-15 0:35 ` sukadev-r/Jw6+rmf7HQT0dZR+AlfA
2007-12-12 13:24 ` [PATCH 1/9] sig: Fix mqueue pid Pavel Emelyanov
2007-12-18 0:52 ` [PATCH 0/9] Core pid namespace enhancements sukadev-r/Jw6+rmf7HQT0dZR+AlfA
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20071213032827.GA1433@us.ibm.com \
--to=sukadev-r/jw6+rmf7hqt0dzr+alfa@public.gmane.org \
--cc=akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org \
--cc=containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=oleg-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org \
--cc=xemul-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox