From: "Serge E. Hallyn" <serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
To: David Howells <dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
"Eric W. Biederman"
<ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
Cc: Linux Containers <containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org>
Subject: [PATCH 1/3] keys: distinguish per-uid keys in different namespaces
Date: Thu, 11 Dec 2008 17:23:46 -0600 [thread overview]
Message-ID: <20081211232346.GA8447@us.ibm.com> (raw)
In-Reply-To: <20081211232323.GA8343-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
per-uid keys were looked by uid only. Use the user namespace
to distinguish the same uid in different namespaces.
This does not address key_permission. So a task can for instance
try to join a keyring owned by the same uid in another namespace.
That will be handled by a separate patch.
Signed-off-by: Serge E. Hallyn <serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
---
kernel/user.c | 2 +-
security/keys/internal.h | 4 +++-
security/keys/key.c | 11 +++++++++--
security/keys/keyctl.c | 2 +-
security/keys/process_keys.c | 2 ++
security/keys/request_key.c | 2 +-
6 files changed, 17 insertions(+), 6 deletions(-)
diff --git a/kernel/user.c b/kernel/user.c
index 6608a3d..fe326a6 100644
--- a/kernel/user.c
+++ b/kernel/user.c
@@ -20,7 +20,7 @@
struct user_namespace init_user_ns = {
.kref = {
- .refcount = ATOMIC_INIT(1),
+ .refcount = ATOMIC_INIT(2),
},
.creator = &root_user,
};
diff --git a/security/keys/internal.h b/security/keys/internal.h
index 81932ab..9fb679c 100644
--- a/security/keys/internal.h
+++ b/security/keys/internal.h
@@ -53,6 +53,7 @@ struct key_user {
atomic_t nkeys; /* number of keys */
atomic_t nikeys; /* number of instantiated keys */
uid_t uid;
+ struct user_namespace *user_ns;
int qnkeys; /* number of keys allocated to this user */
int qnbytes; /* number of bytes allocated to this user */
};
@@ -61,7 +62,8 @@ extern struct rb_root key_user_tree;
extern spinlock_t key_user_lock;
extern struct key_user root_key_user;
-extern struct key_user *key_user_lookup(uid_t uid);
+extern struct key_user *key_user_lookup(uid_t uid,
+ struct user_namespace *user_ns);
extern void key_user_put(struct key_user *user);
/*
diff --git a/security/keys/key.c b/security/keys/key.c
index f76c8a5..4a1297d 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -18,6 +18,7 @@
#include <linux/workqueue.h>
#include <linux/random.h>
#include <linux/err.h>
+#include <linux/user_namespace.h>
#include "internal.h"
static struct kmem_cache *key_jar;
@@ -60,7 +61,7 @@ void __key_check(const struct key *key)
* get the key quota record for a user, allocating a new record if one doesn't
* already exist
*/
-struct key_user *key_user_lookup(uid_t uid)
+struct key_user *key_user_lookup(uid_t uid, struct user_namespace *user_ns)
{
struct key_user *candidate = NULL, *user;
struct rb_node *parent = NULL;
@@ -79,6 +80,10 @@ struct key_user *key_user_lookup(uid_t uid)
p = &(*p)->rb_left;
else if (uid > user->uid)
p = &(*p)->rb_right;
+ else if (user_ns < user->user_ns)
+ p = &(*p)->rb_left;
+ else if (user_ns > user->user_ns)
+ p = &(*p)->rb_right;
else
goto found;
}
@@ -106,6 +111,7 @@ struct key_user *key_user_lookup(uid_t uid)
atomic_set(&candidate->nkeys, 0);
atomic_set(&candidate->nikeys, 0);
candidate->uid = uid;
+ candidate->user_ns = get_user_ns(user_ns);
candidate->qnkeys = 0;
candidate->qnbytes = 0;
spin_lock_init(&candidate->lock);
@@ -136,6 +142,7 @@ void key_user_put(struct key_user *user)
if (atomic_dec_and_lock(&user->usage, &key_user_lock)) {
rb_erase(&user->node, &key_user_tree);
spin_unlock(&key_user_lock);
+ put_user_ns(user->user_ns);
kfree(user);
}
@@ -234,7 +241,7 @@ struct key *key_alloc(struct key_type *type, const char *desc,
quotalen = desclen + type->def_datalen;
/* get hold of the key tracking for this user */
- user = key_user_lookup(uid);
+ user = key_user_lookup(uid, cred->user->user_ns);
if (!user)
goto no_memory_1;
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index 7c72baa..db4c029 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -725,7 +725,7 @@ long keyctl_chown_key(key_serial_t id, uid_t uid, gid_t gid)
/* change the UID */
if (uid != (uid_t) -1 && uid != key->uid) {
ret = -ENOMEM;
- newowner = key_user_lookup(uid);
+ newowner = key_user_lookup(uid, current_user_ns());
if (!newowner)
goto error_put;
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
index 2f5d89e..276d278 100644
--- a/security/keys/process_keys.c
+++ b/security/keys/process_keys.c
@@ -17,6 +17,7 @@
#include <linux/fs.h>
#include <linux/err.h>
#include <linux/mutex.h>
+#include <linux/user_namespace.h>
#include <asm/uaccess.h>
#include "internal.h"
@@ -34,6 +35,7 @@ struct key_user root_key_user = {
.nkeys = ATOMIC_INIT(2),
.nikeys = ATOMIC_INIT(2),
.uid = 0,
+ .user_ns = &init_user_ns,
};
/*****************************************************************************/
diff --git a/security/keys/request_key.c b/security/keys/request_key.c
index 0e04f72..22a3158 100644
--- a/security/keys/request_key.c
+++ b/security/keys/request_key.c
@@ -365,7 +365,7 @@ static struct key *construct_key_and_link(struct key_type *type,
kenter("");
- user = key_user_lookup(current_fsuid());
+ user = key_user_lookup(current_fsuid(), current_user_ns());
if (!user)
return ERR_PTR(-ENOMEM);
--
1.5.4.3
next prev parent reply other threads:[~2008-12-11 23:23 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-12-11 23:23 [PATCH 0/3] keys: play nicely with user namespaces Serge E. Hallyn
[not found] ` <20081211232323.GA8343-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-12-11 23:23 ` Serge E. Hallyn [this message]
2008-12-11 23:23 ` [PATCH 2/3] keys: consider user namespace in key_permission Serge E. Hallyn
2008-12-11 23:24 ` [PATCH 3/3] keys: skip keys from another user namespace Serge E. Hallyn
2008-12-12 12:51 ` [PATCH 0/3] keys: play nicely with user namespaces David Howells
[not found] ` <3507.1229086294-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2008-12-12 14:17 ` Serge E. Hallyn
[not found] ` <20081212141707.GB9571-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-12-12 15:57 ` David Howells
[not found] ` <25987.1229097458-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2008-12-12 16:22 ` Serge E. Hallyn
2008-12-17 23:55 ` Serge E. Hallyn
[not found] ` <20081212162220.GA15520-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-12-12 16:42 ` David Howells
[not found] ` <26177.1229100126-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2008-12-12 17:33 ` Serge E. Hallyn
[not found] ` <20081212173312.GA19085-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-12-12 18:38 ` David Howells
[not found] ` <28464.1229107090-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2008-12-12 19:31 ` Serge E. Hallyn
[not found] ` <20081217235536.GA932-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-12-18 1:03 ` David Howells
2008-12-18 13:46 ` David Howells
[not found] ` <3547.1229607983-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2008-12-18 17:46 ` Serge E. Hallyn
[not found] ` <20081218174613.GA13968-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-12-19 0:56 ` David Howells
[not found] ` <7376.1229648192-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2008-12-19 1:45 ` Serge E. Hallyn
[not found] ` <20081219014555.GA25688-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-12-19 2:30 ` David Howells
[not found] ` <7658.1229653824-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2008-12-19 9:07 ` Eric W. Biederman
[not found] ` <m1r6447csx.fsf-B27657KtZYmhTnVgQlOflh2eb7JE58TQ@public.gmane.org>
2008-12-19 11:17 ` David Howells
[not found] ` <10350.1229685462-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2008-12-19 14:37 ` Serge E. Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20081211232346.GA8447@us.ibm.com \
--to=serue-r/jw6+rmf7hqt0dzr+alfa@public.gmane.org \
--cc=containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org \
--cc=dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox