From: Andrey Vagin <avagin-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
To: linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Cc: linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Andrey Vagin <avagin-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>,
Oleg Nesterov <oleg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
Andrew Morton
<akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>,
Cyrill Gorcunov
<gorcunov-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>,
Pavel Emelyanov <xemul-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>,
Roger Luethi <rl-7uj+XXdSDtwfv37vnLkPlQ@public.gmane.org>,
Arnd Bergmann <arnd-r2nGTMty4D4@public.gmane.org>,
Arnaldo Carvalho de Melo
<acme-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>,
David Ahern <dsahern-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
Andy Lutomirski <luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org>,
Pavel Odintsov
<pavel.odintsov-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
Subject: [PATCH 07/24] task_diag: add a new group to get process credentials
Date: Mon, 6 Jul 2015 11:47:08 +0300 [thread overview]
Message-ID: <1436172445-6979-8-git-send-email-avagin@openvz.org> (raw)
In-Reply-To: <1436172445-6979-1-git-send-email-avagin-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
A response is represented by the task_diag_creds structure:
struct task_diag_creds {
struct task_diag_caps cap_inheritable;
struct task_diag_caps cap_permitted;
struct task_diag_caps cap_effective;
struct task_diag_caps cap_bset;
__u32 uid;
__u32 euid;
__u32 suid;
__u32 fsuid;
__u32 gid;
__u32 egid;
__u32 sgid;
__u32 fsgid;
};
This group is optional and it's filled only if show_flags contains
TASK_DIAG_SHOW_CRED.
Signed-off-by: Andrey Vagin <avagin-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
---
include/uapi/linux/task_diag.h | 22 ++++++++++++++++++
kernel/taskdiag.c | 53 ++++++++++++++++++++++++++++++++++++++++++
2 files changed, 75 insertions(+)
diff --git a/include/uapi/linux/task_diag.h b/include/uapi/linux/task_diag.h
index 3a1e6c4..0e659d6 100644
--- a/include/uapi/linux/task_diag.h
+++ b/include/uapi/linux/task_diag.h
@@ -7,6 +7,7 @@
enum {
/* optional attributes which can be specified in show_flags */
TASK_DIAG_BASE = 0,
+ TASK_DIAG_CRED,
/* other attributes */
TASK_DIAG_PID = 64, /* u32 */
@@ -16,6 +17,7 @@ enum {
};
#define TASK_DIAG_SHOW_BASE (1ULL << TASK_DIAG_BASE)
+#define TASK_DIAG_SHOW_CRED (1ULL << TASK_DIAG_CRED)
enum {
TASK_DIAG_RUNNING,
@@ -40,6 +42,26 @@ struct task_diag_base {
char comm[TASK_DIAG_COMM_LEN];
};
+struct task_diag_caps {
+ __u32 cap[_LINUX_CAPABILITY_U32S_3];
+};
+
+struct task_diag_creds {
+ struct task_diag_caps cap_inheritable;
+ struct task_diag_caps cap_permitted;
+ struct task_diag_caps cap_effective;
+ struct task_diag_caps cap_bset;
+
+ __u32 uid;
+ __u32 euid;
+ __u32 suid;
+ __u32 fsuid;
+ __u32 gid;
+ __u32 egid;
+ __u32 sgid;
+ __u32 fsgid;
+};
+
#define TASK_DIAG_DUMP_ALL 0
struct task_diag_pid {
diff --git a/kernel/taskdiag.c b/kernel/taskdiag.c
index 5771baf..5123e12 100644
--- a/kernel/taskdiag.c
+++ b/kernel/taskdiag.c
@@ -16,6 +16,9 @@ static size_t taskdiag_packet_size(u64 show_flags)
if (show_flags & TASK_DIAG_SHOW_BASE)
size += nla_total_size(sizeof(struct task_diag_base));
+ if (show_flags & TASK_DIAG_SHOW_CRED)
+ size += nla_total_size(sizeof(struct task_diag_creds));
+
return size;
}
@@ -83,6 +86,48 @@ static int fill_task_base(struct task_struct *p, struct sk_buff *skb)
return 0;
}
+static inline void caps2diag(struct task_diag_caps *diag, const kernel_cap_t *cap)
+{
+ int i;
+
+ for (i = 0; i < _LINUX_CAPABILITY_U32S_3; i++)
+ diag->cap[i] = cap->cap[i];
+}
+
+static int fill_creds(struct task_struct *p, struct sk_buff *skb)
+{
+ struct user_namespace *user_ns = current_user_ns();
+ struct task_diag_creds *diag_cred;
+ const struct cred *cred;
+ struct nlattr *attr;
+
+ attr = nla_reserve(skb, TASK_DIAG_CRED, sizeof(struct task_diag_creds));
+ if (!attr)
+ return -EMSGSIZE;
+
+ diag_cred = nla_data(attr);
+
+ cred = get_task_cred(p);
+
+ caps2diag(&diag_cred->cap_inheritable, &cred->cap_inheritable);
+ caps2diag(&diag_cred->cap_permitted, &cred->cap_permitted);
+ caps2diag(&diag_cred->cap_effective, &cred->cap_effective);
+ caps2diag(&diag_cred->cap_bset, &cred->cap_bset);
+
+ diag_cred->uid = from_kuid_munged(user_ns, cred->uid);
+ diag_cred->euid = from_kuid_munged(user_ns, cred->euid);
+ diag_cred->suid = from_kuid_munged(user_ns, cred->suid);
+ diag_cred->fsuid = from_kuid_munged(user_ns, cred->fsuid);
+ diag_cred->gid = from_kgid_munged(user_ns, cred->gid);
+ diag_cred->egid = from_kgid_munged(user_ns, cred->egid);
+ diag_cred->sgid = from_kgid_munged(user_ns, cred->sgid);
+ diag_cred->fsgid = from_kgid_munged(user_ns, cred->fsgid);
+
+ put_cred(cred);
+
+ return 0;
+}
+
static int task_diag_fill(struct task_struct *tsk, struct sk_buff *skb,
u64 show_flags, u32 portid, u32 seq,
struct netlink_callback *cb)
@@ -115,6 +160,14 @@ static int task_diag_fill(struct task_struct *tsk, struct sk_buff *skb,
i++;
}
+ if (show_flags & TASK_DIAG_SHOW_CRED) {
+ if (i >= n)
+ err = fill_creds(tsk, skb);
+ if (err)
+ goto err;
+ i++;
+ }
+
genlmsg_end(skb, reply);
if (cb)
cb->args[2] = 0;
--
2.1.0
next prev parent reply other threads:[~2015-07-06 8:47 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-06 8:47 [PATCH 0/24] kernel: add a netlink interface to get information about processes (v2) Andrey Vagin
[not found] ` <1436172445-6979-1-git-send-email-avagin-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2015-07-06 8:47 ` [PATCH 01/24] kernel: define taststats commands in the one place Andrey Vagin
2015-07-06 8:47 ` [PATCH 02/24] kernel: add a netlink interface to get information about tasks (v2) Andrey Vagin
2015-07-06 8:47 ` [PATCH 03/24] kernel: make taskstats available from all net namespaces Andrey Vagin
2015-07-06 8:47 ` [PATCH 04/24] kernel: move next_tgid from fs/proc Andrey Vagin
2015-07-06 8:47 ` [PATCH 05/24] task_diag: add ability to get information about all tasks Andrey Vagin
2015-07-06 8:47 ` [PATCH 06/24] task_diag: add ability to split per-task data on a few netlink messages Andrey Vagin
2015-07-06 8:47 ` Andrey Vagin [this message]
2015-07-06 8:47 ` [PATCH 08/24] proc: pick out a function to iterate task children Andrey Vagin
[not found] ` <1436172445-6979-9-git-send-email-avagin-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2015-07-14 18:02 ` Oleg Nesterov
[not found] ` <20150714180235.GB8088-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2015-07-17 15:57 ` Andrew Vagin
[not found] ` <20150717155728.GB6685-wo1vFcy6AUs@public.gmane.org>
2015-07-18 21:22 ` Oleg Nesterov
2015-07-06 8:47 ` [PATCH 09/24] proc: move task_next_child() from fs/proc Andrey Vagin
2015-07-06 8:47 ` [PATCH 10/24] task_diag: add ability to dump children (v2) Andrey Vagin
2015-07-06 8:47 ` [PATCH 11/24] task_diag: add a new group to get task statistics Andrey Vagin
2015-07-06 8:47 ` [PATCH 17/24] task_diag: add ability to dump theads Andrey Vagin
2015-07-06 8:47 ` [PATCH 24/24] task_diag: Enhance fork tool to spawn threads Andrey Vagin
2015-11-24 15:18 ` [PATCH 0/24] kernel: add a netlink interface to get information about processes (v2) Andrew Vagin
[not found] ` <20151124151811.GA16393-wo1vFcy6AUs@public.gmane.org>
2015-12-03 23:20 ` Andy Lutomirski
2015-12-03 23:43 ` Arnd Bergmann
2015-12-14 8:05 ` Andrew Vagin
[not found] ` <CALCETrUzOBybH0-rcgvzMNazjadZpuxkBZLkoUDY30X_-cqBzg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-12-14 7:52 ` Andrew Vagin
2015-12-14 22:38 ` Andy Lutomirski
[not found] ` <CALCETrU_MtDa3p64R5bLx4BU5mKTDD0iEgtA4nLRHPfS2JbhOQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-12-15 15:53 ` Andrew Vagin
[not found] ` <20151215155358.GC24236-wo1vFcy6AUs@public.gmane.org>
2015-12-15 16:43 ` Andy Lutomirski
2015-07-06 8:47 ` [PATCH 12/24] task_diag: add a new group to get tasks memory mappings (v2) Andrey Vagin
[not found] ` <1436172445-6979-13-git-send-email-avagin-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2015-07-14 18:08 ` Oleg Nesterov
[not found] ` <20150714180857.GC8088-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2015-07-15 2:02 ` David Ahern
2015-07-06 8:47 ` [PATCH 13/24] task_diag: shows memory consumption for " Andrey Vagin
2015-07-06 8:47 ` [PATCH 14/24] task_diag: add a marcos to enumirate memory mappings Andrey Vagin
2015-07-06 8:47 ` [PATCH 15/24] proc: give task_struct instead of pid into first_tid Andrey Vagin
2015-07-14 18:11 ` Oleg Nesterov
2015-07-06 8:47 ` [PATCH 16/24] proc: move first_tid and next_tid out of proc Andrey Vagin
2015-07-06 8:47 ` [PATCH 18/24] task_diag: add ability to handle one task in a continious mode Andrey Vagin
2015-07-06 8:47 ` [PATCH 19/24] task_diag: Add option to dump all threads for all tasks Andrey Vagin
2015-07-06 8:47 ` [PATCH 20/24] task_diag: Only add VMAs for thread_group leader Andrey Vagin
[not found] ` <1436172445-6979-21-git-send-email-avagin-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2015-07-14 17:47 ` Oleg Nesterov
2015-07-15 2:01 ` David Ahern
[not found] ` <55A5BF0F.7090808-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2015-07-15 13:31 ` Oleg Nesterov
2015-07-06 8:47 ` [PATCH 21/24] task diag: Add support for TGID attribute Andrey Vagin
2015-07-06 8:47 ` [PATCH 22/24] Documentation: add documentation for task_diag Andrey Vagin
2015-07-06 8:47 ` [PATCH 23/24] selftest: check the task_diag functinonality Andrey Vagin
2015-07-06 17:10 ` [PATCH 0/24] kernel: add a netlink interface to get information about processes (v2) Andy Lutomirski
2015-07-07 15:43 ` Andrew Vagin
[not found] ` <20150707154345.GA1593-wo1vFcy6AUs@public.gmane.org>
2015-07-07 15:56 ` Andy Lutomirski
2015-07-07 16:17 ` David Ahern
2015-07-07 16:24 ` Andy Lutomirski
[not found] ` <CALCETrWRT--XO6jYyno_i0nUZEoRuq3S5_n-qFRSt2rmkd3jMQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-07-07 16:41 ` David Ahern
2015-07-08 16:10 ` Andrew Vagin
2015-07-08 17:39 ` Andy Lutomirski
2015-07-08 22:49 ` Andrey Vagin
[not found] ` <CANaxB-yMKGWJ1r0GMR9VfAq_xHn6bTjYmkDXST4suNNqu4GVjA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-07-08 23:48 ` Andy Lutomirski
2015-07-07 16:25 ` Arnaldo Carvalho de Melo
[not found] ` <20150707162552.GM3326-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
2015-07-07 16:27 ` Andy Lutomirski
[not found] ` <CALCETrWEXRif4pFUzVJq1T=KWKvd=tbEDf-vpr5MJtVK1_RWYA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-07-07 16:56 ` David Ahern
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1436172445-6979-8-git-send-email-avagin@openvz.org \
--to=avagin-gefaqzzx7r8dnm+yrofe0a@public.gmane.org \
--cc=acme-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
--cc=akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org \
--cc=arnd-r2nGTMty4D4@public.gmane.org \
--cc=dsahern-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=gorcunov-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org \
--cc=linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org \
--cc=oleg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=pavel.odintsov-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=rl-7uj+XXdSDtwfv37vnLkPlQ@public.gmane.org \
--cc=xemul-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).