Re: Keyrings, user namespaces and the user_struct

Linux Container Development
 help / color / mirror / Atom feed

From: ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org (Eric W. Biederman)
To: David Howells <dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
Cc: containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org,
	oleg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
	eparis-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
	luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org,
	James Bottomley
	<James.Bottomley-d9PhHud1JfjCXq6kfMZ53/egYHeGw8Jk@public.gmane.org>,
	linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
	keyrings-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
	simo-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org
Subject: Re: Keyrings, user namespaces and the user_struct
Date: Tue, 25 Oct 2016 23:45:25 -0500	[thread overview]
Message-ID: <87y41bvhui.fsf@xmission.com> (raw)
In-Reply-To: <18846.1477416621-S6HVgzuS8uM4Awkfq6JHfwNdhmdF6hFW@public.gmane.org> (David Howells's message of "Tue, 25 Oct 2016 18:30:21 +0100")

David Howells <dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> writes:

> James Bottomley <James.Bottomley-d9PhHud1JfjCXq6kfMZ53/egYHeGw8Jk@public.gmane.org> wrote:
>
>> > There's another possibility here - since user_namespaces are 
>> > hierarchical, does it make sense to let a process see keys that are 
>> > in an ancestral namespace?
>> 
>> I think that should be the decision of the owner.  If you're creating a
>> userns to de-privilege the next user, likely you don't want this, but
>> if you're creating a userns to enhance it, then you do.
>
> Maybe the simplest is to put a 'stop here' flag on a user_namespace.  Then
> when we look to see if a key is in the caller's namespace, we go up the tree
> until we hit the flag.  If you don't find the key's ns within the caller's
> permitted subtree, you don't get to see the key.

Let me just say we already have all of that (in a much nicer format) by
limiting the set of keys we can access to the set of users visible in
the user namespace.

Eric

next prev parent reply	other threads:[~2016-10-26  4:45 UTC|newest]

Thread overview: 30+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <20161026143856.GL3334@pc.thejh.net>
     [not found] ` <CALCETrU0PqNYmWx70pugkhj-kAD5DSzSi3swhK+v12WMYZYUZA@mail.gmail.com>
     [not found]   ` <17576.1477412418@warthog.procyon.org.uk>
     [not found]     ` <17576.1477412418-S6HVgzuS8uM4Awkfq6JHfwNdhmdF6hFW@public.gmane.org>
2016-10-25 16:41       ` Keyrings, user namespaces and the user_struct Jann Horn
2016-10-25 16:49       ` James Bottomley
2016-10-25 16:53       ` David Howells
     [not found]         ` <1477414605.3079.40.camel@HansenPartnership.com>
     [not found]           ` <1477414605.3079.40.camel-d9PhHud1JfjCXq6kfMZ53/egYHeGw8Jk@public.gmane.org>
2016-10-25 17:06             ` Jann Horn
2016-10-25 17:30             ` David Howells
     [not found]           ` <20161025170602.GB24481@laptop.thejh.net>
     [not found]             ` <20161025170602.GB24481-GiL72Q0nGm9Crx9znvW9yA@public.gmane.org>
2016-10-25 18:05               ` James Bottomley
     [not found]             ` <1477418708.3079.52.camel@HansenPartnership.com>
     [not found]               ` <1477418708.3079.52.camel-d9PhHud1JfjCXq6kfMZ53/egYHeGw8Jk@public.gmane.org>
2016-10-25 18:17                 ` Jann Horn
     [not found]                   ` <20161025181735.GC24481-GiL72Q0nGm9Crx9znvW9yA@public.gmane.org>
2016-10-25 18:21                     ` James Bottomley
2016-10-25 19:34                     ` Andy Lutomirski
     [not found]                   ` <20947.1477428095@warthog.procyon.org.uk>
     [not found]                     ` <20947.1477428095-S6HVgzuS8uM4Awkfq6JHfwNdhmdF6hFW@public.gmane.org>
2016-10-25 20:51                       ` James Bottomley
2016-10-26  5:54                       ` Eric W. Biederman
     [not found]                         ` <87shrju031.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2016-10-26  6:48                           ` Eric W. Biederman
     [not found]                   ` <CALCETrU0PqNYmWx70pugkhj-kAD5DSzSi3swhK+v12WMYZYUZA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-10-25 20:41                     ` David Howells
2016-10-26 14:34                     ` David Howells
     [not found]                       ` <9243.1477492490-S6HVgzuS8uM4Awkfq6JHfwNdhmdF6hFW@public.gmane.org>
2016-10-26 14:38                         ` Jann Horn
     [not found]                       ` <20161026143856.GL3334-J1fxOzX/cBvk1uMJSBkQmQ@public.gmane.org>
2016-10-26 14:48                         ` David Howells
     [not found]                           ` <9610.1477493338-S6HVgzuS8uM4Awkfq6JHfwNdhmdF6hFW@public.gmane.org>
2016-10-26 18:10                             ` Eric W. Biederman
     [not found]                           ` <87mvhrrng3.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2016-10-26 18:35                             ` David Howells
     [not found]                           ` <3677.1477506925-S6HVgzuS8uM4Awkfq6JHfwNdhmdF6hFW@public.gmane.org>
2016-10-27 16:11                             ` David Howells
2016-10-27 16:18                             ` Eric W. Biederman
     [not found]         ` <18846.1477416621@warthog.procyon.org.uk>
     [not found]           ` <18846.1477416621-S6HVgzuS8uM4Awkfq6JHfwNdhmdF6hFW@public.gmane.org>
2016-10-25 18:13             ` James Bottomley
     [not found]               ` <1477419204.3079.60.camel-d9PhHud1JfjCXq6kfMZ53/egYHeGw8Jk@public.gmane.org>
2016-10-25 18:22                 ` Jann Horn
     [not found]               ` <20161025182206.GD24481@laptop.thejh.net>
     [not found]                 ` <20161025182206.GD24481-GiL72Q0nGm9Crx9znvW9yA@public.gmane.org>
2016-10-25 18:25                   ` James Bottomley
2016-10-26  4:45             ` Eric W. Biederman [this message]
     [not found]           ` <87y41bvhui.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2016-10-26  7:37             ` David Howells
     [not found]         ` <18335.1477414412-S6HVgzuS8uM4Awkfq6JHfwNdhmdF6hFW@public.gmane.org>
2016-10-25 16:56           ` James Bottomley
2016-10-26  7:18           ` José Bollo
2016-10-26  4:38       ` Eric W. Biederman
2016-10-26 11:43       ` David Howells
2016-10-25 16:20 David Howells

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87y41bvhui.fsf@xmission.com \
    --to=ebiederm-as9lmozglivwk0htik3j/w@public.gmane.org \
    --cc=James.Bottomley-d9PhHud1JfjCXq6kfMZ53/egYHeGw8Jk@public.gmane.org \
    --cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
    --cc=dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
    --cc=eparis-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
    --cc=keyrings-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
    --cc=linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
    --cc=luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org \
    --cc=oleg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
    --cc=simo-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox