From: "Serge E. Hallyn" <serge@hallyn.com>
To: "Eric W. Beiderman" <ebiederm@xmission.com>
Cc: linux-kernel@vger.kernel.org,
Linux Containers <containers@lists.linux-foundation.org>,
Cyrill Gorcunov <gorcunov@openvz.org>,
linux-security-module@vger.kernel.org,
Al Viro <viro@ZenIV.linux.org.uk>,
linux-fsdevel@vger.kernel.org,
Andrew Morton <akpm@linux-foundation.org>,
Linus Torvalds <torvalds@linux-foundation.org>
Subject: Re: [PATCH 19/43] userns: Store uid and gid values in struct cred with kuid_t and kgid_t types
Date: Wed, 18 Apr 2012 18:49:43 +0000 [thread overview]
Message-ID: <20120418184943.GD4984@mail.hallyn.com> (raw)
In-Reply-To: <1333862139-31737-19-git-send-email-ebiederm@xmission.com>
Quoting Eric W. Beiderman (ebiederm@xmission.com):
> From: Eric W. Biederman <ebiederm@xmission.com>
>
> cred.h and a few trivial users of struct cred are changed. The rest of the users
> of struct cred are left for other patches as there are too many changes to make
> in one go and leave the change reviewable. If the user namespace is disabled and
> CONFIG_UIDGID_STRICT_TYPE_CHECKS are disabled the code will contiue to compile
> and behave correctly.
>
> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
> ---
> arch/x86/mm/fault.c | 2 +-
> fs/ioprio.c | 8 ++------
> include/linux/cred.h | 16 ++++++++--------
> include/linux/user_namespace.h | 8 ++++----
> kernel/cred.c | 36 ++++++++++++++++++++++--------------
> kernel/signal.c | 14 ++++++++------
> kernel/sys.c | 26 +++++++++-----------------
> kernel/user_namespace.c | 4 ++--
> mm/oom_kill.c | 4 ++--
> security/commoncap.c | 3 +--
> 10 files changed, 59 insertions(+), 62 deletions(-)
>
> diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
> index 3ecfd1a..76dcd9d 100644
> --- a/arch/x86/mm/fault.c
> +++ b/arch/x86/mm/fault.c
> @@ -582,7 +582,7 @@ show_fault_oops(struct pt_regs *regs, unsigned long error_code,
> pte_t *pte = lookup_address(address, &level);
>
> if (pte && pte_present(*pte) && !pte_exec(*pte))
> - printk(nx_warning, current_uid());
> + printk(nx_warning, from_kuid(&init_user_ns, current_uid()));
> }
>
> printk(KERN_ALERT "BUG: unable to handle kernel ");
> diff --git a/fs/ioprio.c b/fs/ioprio.c
> index 8e35e96..2072e41 100644
> --- a/fs/ioprio.c
> +++ b/fs/ioprio.c
> @@ -123,9 +123,7 @@ SYSCALL_DEFINE3(ioprio_set, int, which, int, who, int, ioprio)
> break;
>
> do_each_thread(g, p) {
> - const struct cred *tcred = __task_cred(p);
> - kuid_t tcred_uid = make_kuid(tcred->user_ns, tcred->uid);
> - if (!uid_eq(tcred_uid, uid))
> + if (!uid_eq(task_uid(p), uid))
> continue;
> ret = set_task_ioprio(p, ioprio);
> if (ret)
> @@ -220,9 +218,7 @@ SYSCALL_DEFINE2(ioprio_get, int, which, int, who)
> break;
>
> do_each_thread(g, p) {
> - const struct cred *tcred = __task_cred(p);
> - kuid_t tcred_uid = make_kuid(tcred->user_ns, tcred->uid);
> - if (!uid_eq(tcred_uid, user->uid))
> + if (!uid_eq(task_uid(p), user->uid))
> continue;
> tmpio = get_task_ioprio(p);
> if (tmpio < 0)
> diff --git a/include/linux/cred.h b/include/linux/cred.h
> index 0ab3cda..fac0579 100644
> --- a/include/linux/cred.h
> +++ b/include/linux/cred.h
> @@ -123,14 +123,14 @@ struct cred {
> #define CRED_MAGIC 0x43736564
> #define CRED_MAGIC_DEAD 0x44656144
> #endif
> - uid_t uid; /* real UID of the task */
> - gid_t gid; /* real GID of the task */
> - uid_t suid; /* saved UID of the task */
> - gid_t sgid; /* saved GID of the task */
> - uid_t euid; /* effective UID of the task */
> - gid_t egid; /* effective GID of the task */
> - uid_t fsuid; /* UID for VFS ops */
> - gid_t fsgid; /* GID for VFS ops */
> + kuid_t uid; /* real UID of the task */
> + kgid_t gid; /* real GID of the task */
> + kuid_t suid; /* saved UID of the task */
> + kgid_t sgid; /* saved GID of the task */
> + kuid_t euid; /* effective UID of the task */
> + kgid_t egid; /* effective GID of the task */
> + kuid_t fsuid; /* UID for VFS ops */
> + kgid_t fsgid; /* GID for VFS ops */
> unsigned securebits; /* SUID-less security management */
> kernel_cap_t cap_inheritable; /* caps our children can inherit */
> kernel_cap_t cap_permitted; /* caps we're permitted */
> diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h
> index 4c9846d..a2c6145 100644
> --- a/include/linux/user_namespace.h
> +++ b/include/linux/user_namespace.h
> @@ -70,15 +70,15 @@ static inline void put_user_ns(struct user_namespace *ns)
> #endif
>
> static inline uid_t user_ns_map_uid(struct user_namespace *to,
> - const struct cred *cred, uid_t uid)
> + const struct cred *cred, kuid_t uid)
> {
> - return from_kuid_munged(to, make_kuid(cred->user_ns, uid));
> + return from_kuid_munged(to, uid);
> }
>
> static inline gid_t user_ns_map_gid(struct user_namespace *to,
> - const struct cred *cred, gid_t gid)
> + const struct cred *cred, kgid_t gid)
> {
> - return from_kgid_munged(to, make_kgid(cred->user_ns, gid));
> + return from_kgid_munged(to, gid);
> }
>
> #endif /* _LINUX_USER_H */
> diff --git a/kernel/cred.c b/kernel/cred.c
> index 7a0d806..eddc5e2 100644
> --- a/kernel/cred.c
> +++ b/kernel/cred.c
> @@ -49,6 +49,14 @@ struct cred init_cred = {
> .subscribers = ATOMIC_INIT(2),
> .magic = CRED_MAGIC,
> #endif
> + .uid = GLOBAL_ROOT_UID,
> + .gid = GLOBAL_ROOT_GID,
> + .suid = GLOBAL_ROOT_UID,
> + .sgid = GLOBAL_ROOT_GID,
> + .euid = GLOBAL_ROOT_UID,
> + .egid = GLOBAL_ROOT_GID,
> + .fsuid = GLOBAL_ROOT_UID,
> + .fsgid = GLOBAL_ROOT_GID,
> .securebits = SECUREBITS_DEFAULT,
> .cap_inheritable = CAP_EMPTY_SET,
> .cap_permitted = CAP_FULL_SET,
> @@ -488,10 +496,10 @@ int commit_creds(struct cred *new)
> get_cred(new); /* we will require a ref for the subj creds too */
>
> /* dumpability changes */
> - if (old->euid != new->euid ||
> - old->egid != new->egid ||
> - old->fsuid != new->fsuid ||
> - old->fsgid != new->fsgid ||
> + if (!uid_eq(old->euid, new->euid) ||
> + !gid_eq(old->egid, new->egid) ||
> + !uid_eq(old->fsuid, new->fsuid) ||
> + !gid_eq(old->fsgid, new->fsgid) ||
> !cap_issubset(new->cap_permitted, old->cap_permitted)) {
> if (task->mm)
> set_dumpable(task->mm, suid_dumpable);
> @@ -500,9 +508,9 @@ int commit_creds(struct cred *new)
> }
>
> /* alter the thread keyring */
> - if (new->fsuid != old->fsuid)
> + if (!uid_eq(new->fsuid, old->fsuid))
> key_fsuid_changed(task);
> - if (new->fsgid != old->fsgid)
> + if (!gid_eq(new->fsgid, old->fsgid))
> key_fsgid_changed(task);
>
> /* do it
> @@ -519,16 +527,16 @@ int commit_creds(struct cred *new)
> alter_cred_subscribers(old, -2);
>
> /* send notifications */
> - if (new->uid != old->uid ||
> - new->euid != old->euid ||
> - new->suid != old->suid ||
> - new->fsuid != old->fsuid)
> + if (!uid_eq(new->uid, old->uid) ||
> + !uid_eq(new->euid, old->euid) ||
> + !uid_eq(new->suid, old->suid) ||
> + !uid_eq(new->fsuid, old->fsuid))
> proc_id_connector(task, PROC_EVENT_UID);
>
> - if (new->gid != old->gid ||
> - new->egid != old->egid ||
> - new->sgid != old->sgid ||
> - new->fsgid != old->fsgid)
> + if (!gid_eq(new->gid, old->gid) ||
> + !gid_eq(new->egid, old->egid) ||
> + !gid_eq(new->sgid, old->sgid) ||
> + !gid_eq(new->fsgid, old->fsgid))
> proc_id_connector(task, PROC_EVENT_GID);
>
> /* release the old obj and subj refs both */
> diff --git a/kernel/signal.c b/kernel/signal.c
> index e2c5d84..2734dc9 100644
> --- a/kernel/signal.c
> +++ b/kernel/signal.c
> @@ -1038,8 +1038,10 @@ static inline void userns_fixup_signal_uid(struct siginfo *info, struct task_str
> if (SI_FROMKERNEL(info))
> return;
>
> - info->si_uid = user_ns_map_uid(task_cred_xxx(t, user_ns),
> - current_cred(), info->si_uid);
> + rcu_read_lock();
> + info->si_uid = from_kuid_munged(task_cred_xxx(t, user_ns),
> + make_kuid(current_user_ns(), info->si_uid));
> + rcu_read_unlock();
> }
> #else
> static inline void userns_fixup_signal_uid(struct siginfo *info, struct task_struct *t)
> @@ -1106,7 +1108,7 @@ static int __send_signal(int sig, struct siginfo *info, struct task_struct *t,
> q->info.si_code = SI_USER;
> q->info.si_pid = task_tgid_nr_ns(current,
> task_active_pid_ns(t));
> - q->info.si_uid = current_uid();
> + q->info.si_uid = from_kuid_munged(current_user_ns(), current_uid());
> break;
> case (unsigned long) SEND_SIG_PRIV:
> q->info.si_signo = sig;
> @@ -1973,7 +1975,7 @@ static void ptrace_do_notify(int signr, int exit_code, int why)
> info.si_signo = signr;
> info.si_code = exit_code;
> info.si_pid = task_pid_vnr(current);
> - info.si_uid = current_uid();
> + info.si_uid = from_kuid_munged(current_user_ns(), current_uid());
>
> /* Let the debugger run. */
> ptrace_stop(exit_code, why, 1, &info);
> @@ -2828,7 +2830,7 @@ SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)
> info.si_errno = 0;
> info.si_code = SI_USER;
> info.si_pid = task_tgid_vnr(current);
> - info.si_uid = current_uid();
> + info.si_uid = from_kuid_munged(current_user_ns(), current_uid());
>
> return kill_something_info(sig, &info, pid);
> }
> @@ -2871,7 +2873,7 @@ static int do_tkill(pid_t tgid, pid_t pid, int sig)
> info.si_errno = 0;
> info.si_code = SI_TKILL;
> info.si_pid = task_tgid_vnr(current);
> - info.si_uid = current_uid();
> + info.si_uid = from_kuid_munged(current_user_ns(), current_uid());
>
> return do_send_specific(tgid, pid, sig, &info);
> }
> diff --git a/kernel/sys.c b/kernel/sys.c
> index f0c43b4..3996281 100644
> --- a/kernel/sys.c
> +++ b/kernel/sys.c
> @@ -175,7 +175,6 @@ SYSCALL_DEFINE3(setpriority, int, which, int, who, int, niceval)
> const struct cred *cred = current_cred();
> int error = -EINVAL;
> struct pid *pgrp;
> - kuid_t cred_uid;
> kuid_t uid;
>
> if (which > PRIO_USER || which < PRIO_PROCESS)
> @@ -209,22 +208,19 @@ SYSCALL_DEFINE3(setpriority, int, which, int, who, int, niceval)
> } while_each_pid_thread(pgrp, PIDTYPE_PGID, p);
> break;
> case PRIO_USER:
> - cred_uid = make_kuid(cred->user_ns, cred->uid);
> uid = make_kuid(cred->user_ns, who);
> user = cred->user;
> if (!who)
> - uid = cred_uid;
> - else if (!uid_eq(uid, cred_uid) &&
> + uid = cred->uid;
> + else if (!uid_eq(uid, cred->uid) &&
> !(user = find_user(uid)))
> goto out_unlock; /* No processes for this user */
>
> do_each_thread(g, p) {
> - const struct cred *tcred = __task_cred(p);
> - kuid_t tcred_uid = make_kuid(tcred->user_ns, tcred->uid);
> - if (uid_eq(tcred_uid, uid))
> + if (uid_eq(task_uid(p), uid))
> error = set_one_prio(p, niceval, error);
> } while_each_thread(g, p);
> - if (!uid_eq(uid, cred_uid))
> + if (!uid_eq(uid, cred->uid))
> free_uid(user); /* For find_user() */
> break;
> }
> @@ -248,7 +244,6 @@ SYSCALL_DEFINE2(getpriority, int, which, int, who)
> const struct cred *cred = current_cred();
> long niceval, retval = -ESRCH;
> struct pid *pgrp;
> - kuid_t cred_uid;
> kuid_t uid;
>
> if (which > PRIO_USER || which < PRIO_PROCESS)
> @@ -280,25 +275,22 @@ SYSCALL_DEFINE2(getpriority, int, which, int, who)
> } while_each_pid_thread(pgrp, PIDTYPE_PGID, p);
> break;
> case PRIO_USER:
> - cred_uid = make_kuid(cred->user_ns, cred->uid);
> uid = make_kuid(cred->user_ns, who);
> user = cred->user;
> if (!who)
> - uid = cred_uid;
> - else if (!uid_eq(uid, cred_uid) &&
> + uid = cred->uid;
> + else if (!uid_eq(uid, cred->uid) &&
> !(user = find_user(uid)))
> goto out_unlock; /* No processes for this user */
>
> do_each_thread(g, p) {
> - const struct cred *tcred = __task_cred(p);
> - kuid_t tcred_uid = make_kuid(tcred->user_ns, tcred->uid);
> - if (uid_eq(tcred_uid, uid)) {
> + if (uid_eq(task_uid(p), uid)) {
> niceval = 20 - task_nice(p);
> if (niceval > retval)
> retval = niceval;
> }
> } while_each_thread(g, p);
> - if (!uid_eq(uid, cred_uid))
> + if (!uid_eq(uid, cred->uid))
> free_uid(user); /* for find_user() */
> break;
> }
> @@ -641,7 +633,7 @@ static int set_user(struct cred *new)
> {
> struct user_struct *new_user;
>
> - new_user = alloc_uid(make_kuid(new->user_ns, new->uid));
> + new_user = alloc_uid(new->uid);
> if (!new_user)
> return -EAGAIN;
>
> diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
> index 9991bac..0683dbf 100644
> --- a/kernel/user_namespace.c
> +++ b/kernel/user_namespace.c
> @@ -36,8 +36,8 @@ static bool new_idmap_permitted(struct user_namespace *ns, int cap_setid,
> int create_user_ns(struct cred *new)
> {
> struct user_namespace *ns, *parent_ns = new->user_ns;
> - kuid_t owner = make_kuid(new->user_ns, new->euid);
> - kgid_t group = make_kgid(new->user_ns, new->egid);
> + kuid_t owner = new->euid;
> + kgid_t group = new->egid;
>
> /* The creator needs a mapping in the parent user namespace
> * or else we won't be able to reasonably tell userspace who
> diff --git a/mm/oom_kill.c b/mm/oom_kill.c
> index 46bf2ed5..9f09a1f 100644
> --- a/mm/oom_kill.c
> +++ b/mm/oom_kill.c
> @@ -410,8 +410,8 @@ static void dump_tasks(const struct mem_cgroup *memcg, const nodemask_t *nodemas
> }
>
> pr_info("[%5d] %5d %5d %8lu %8lu %3u %3d %5d %s\n",
> - task->pid, task_uid(task), task->tgid,
> - task->mm->total_vm, get_mm_rss(task->mm),
> + task->pid, from_kuid(&init_user_ns, task_uid(task)),
> + task->tgid, task->mm->total_vm, get_mm_rss(task->mm),
> task_cpu(task), task->signal->oom_adj,
> task->signal->oom_score_adj, task->comm);
> task_unlock(task);
> diff --git a/security/commoncap.c b/security/commoncap.c
> index f2399d8..dbd465a 100644
> --- a/security/commoncap.c
> +++ b/security/commoncap.c
> @@ -77,8 +77,7 @@ int cap_capable(const struct cred *cred, struct user_namespace *targ_ns,
> {
> for (;;) {
> /* The owner of the user namespace has all caps. */
> - if (targ_ns != &init_user_ns && uid_eq(targ_ns->owner,
> - make_kuid(cred->user_ns, cred->euid)))
> + if (targ_ns != &init_user_ns && uid_eq(targ_ns->owner, cred->euid))
> return 0;
>
> /* Do we have the necessary capabilities? */
> --
> 1.7.2.5
>
> _______________________________________________
> Containers mailing list
> Containers@lists.linux-foundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/containers
next prev parent reply other threads:[~2012-04-18 18:49 UTC|newest]
Thread overview: 102+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-04-08 5:10 [REVIEW][PATCH 0/43] Completing the user namespace Eric W. Biederman
2012-04-08 5:15 ` [PATCH 21/43] userns: Convert sched_set_affinity and sched_set_scheduler's permission checks "Eric W. Beiderman
2012-04-18 18:50 ` Serge E. Hallyn
2012-04-08 5:15 ` [PATCH 27/43] userns: Use uid_eq gid_eq helpers when comparing kuids and kgids in the vfs "Eric W. Beiderman
[not found] ` <1333862139-31737-27-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-04-18 19:02 ` Serge E. Hallyn
2012-04-21 0:05 ` Eric W. Biederman
2012-04-18 19:03 ` Serge E. Hallyn
[not found] ` <20120418190337.GE5186-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2012-04-21 0:58 ` Eric W. Biederman
2012-04-24 17:41 ` Serge E. Hallyn
[not found] ` <m1sjfx2950.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2012-04-26 0:11 ` Serge E. Hallyn
[not found] ` <20120426001101.GA10308-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2012-04-26 5:33 ` Eric W. Biederman
[not found] ` <m11unyn70b.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2012-04-08 5:14 ` [PATCH 01/43] vfs: Don't allow a user namespace root to make device nodes "Eric W. Beiderman
2012-04-08 5:14 ` [PATCH 02/43] userns: Kill bogus declaration of function release_uids "Eric W. Beiderman
2012-04-08 5:14 ` [PATCH 03/43] userns: Replace netlink uses of cap_raised with capable "Eric W. Beiderman
2012-04-08 5:15 ` [PATCH 04/43] userns: Remove unnecessary cast to struct user_struct when copying cred->user "Eric W. Beiderman
2012-04-08 5:15 ` [PATCH 05/43] cred: Add forward declaration of init_user_ns in all cases "Eric W. Beiderman
2012-04-08 5:15 ` [PATCH 06/43] userns: Use cred->user_ns instead of cred->user->user_ns "Eric W. Beiderman
2012-04-08 5:15 ` [PATCH 07/43] cred: Refcount the user_ns pointed to by the cred "Eric W. Beiderman
2012-04-08 5:15 ` [PATCH 08/43] userns: Add an explicit reference to the parent user namespace "Eric W. Beiderman
2012-04-08 5:15 ` [PATCH 09/43] mqueue: Explicitly capture the user namespace to send the notification to "Eric W. Beiderman
2012-04-08 5:15 ` [PATCH 10/43] userns: Deprecate and rename the user_namespace reference in the user_struct "Eric W. Beiderman
2012-04-08 5:15 ` [PATCH 11/43] userns: Start out with a full set of capabilities "Eric W. Beiderman
2012-04-08 5:15 ` [PATCH 12/43] userns: Replace the hard to write inode_userns with inode_capable "Eric W. Beiderman
2012-04-08 5:15 ` [PATCH 13/43] userns: Add kuid_t and kgid_t and associated infrastructure in uidgid.h "Eric W. Beiderman
2012-04-08 5:15 ` [PATCH 14/43] userns: Add a Kconfig option to enforce strict kuid and kgid type checks "Eric W. Beiderman
2012-04-08 5:15 ` [PATCH 15/43] userns: Disassociate user_struct from the user_namespace "Eric W. Beiderman
2012-04-08 5:15 ` [PATCH 16/43] userns: Simplify the user_namespace by making userns->creator a kuid "Eric W. Beiderman
2012-04-18 18:48 ` Serge E. Hallyn
2012-04-20 22:58 ` Eric W. Biederman
[not found] ` <m1aa266meh.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2012-04-24 17:33 ` Serge E. Hallyn
[not found] ` <20120424173347.GA14017-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2012-04-24 19:41 ` Eric W. Biederman
[not found] ` <m14ns8lxyc.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2012-04-24 20:23 ` Serge E. Hallyn
2012-04-26 9:09 ` Eric W. Biederman
[not found] ` <m1ehradfl3.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2012-04-26 16:21 ` Serge E. Hallyn
2012-04-08 5:15 ` [PATCH 17/43] userns: Rework the user_namespace adding uid/gid mapping support "Eric W. Beiderman
[not found] ` <1333862139-31737-17-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-04-18 18:49 ` Serge E. Hallyn
2012-04-08 5:15 ` [PATCH 18/43] userns: Convert group_info values from gid_t to kgid_t "Eric W. Beiderman
2012-04-18 18:49 ` Serge E. Hallyn
[not found] ` <20120418184936.GC4984-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2012-04-20 23:05 ` Eric W. Biederman
2012-04-08 5:15 ` [PATCH 19/43] userns: Store uid and gid values in struct cred with kuid_t and kgid_t types "Eric W. Beiderman
2012-04-18 18:49 ` Serge E. Hallyn [this message]
2012-04-08 5:15 ` [PATCH 20/43] userns: Replace user_ns_map_uid and user_ns_map_gid with from_kuid and from_kgid "Eric W. Beiderman
2012-04-18 18:49 ` Serge E. Hallyn
2012-04-08 5:15 ` [PATCH 22/43] userns: Convert capabilities related permsion checks "Eric W. Beiderman
2012-04-18 18:51 ` Serge E. Hallyn
[not found] ` <20120418185106.GG4984-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2012-04-20 23:18 ` Eric W. Biederman
2012-04-08 5:15 ` [PATCH 23/43] userns: Convert setting and getting uid and gid system calls to use kuid and kgid "Eric W. Beiderman
[not found] ` <1333862139-31737-23-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-04-26 16:20 ` Serge E. Hallyn
2012-04-08 5:15 ` [PATCH 24/43] userns: Convert ptrace, kill, set_priority permission checks to work with kuids and kgids "Eric W. Beiderman
2012-04-18 18:56 ` Serge E. Hallyn
[not found] ` <20120418185610.GA5186-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2012-04-20 23:51 ` Eric W. Biederman
2012-04-08 5:15 ` [PATCH 25/43] userns: Store uid and gid types in vfs structures with kuid_t and kgid_t types "Eric W. Beiderman
2012-04-18 18:57 ` Serge E. Hallyn
2012-04-08 5:15 ` [PATCH 26/43] userns: Convert in_group_p and in_egroup_p to use kgid_t "Eric W. Beiderman
2012-04-18 18:58 ` Serge E. Hallyn
2012-04-08 5:15 ` [PATCH 28/43] userns: Convert user specfied uids and gids in chown into kuids and kgid "Eric W. Beiderman
[not found] ` <1333862139-31737-28-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-04-18 19:03 ` Serge E. Hallyn
2012-04-08 5:15 ` [PATCH 29/43] userns: Convert stat to return values mapped from kuids and kgids "Eric W. Beiderman
2012-04-18 19:03 ` Serge E. Hallyn
2012-04-08 5:15 ` [PATCH 30/43] userns: Fail exec for suid and sgid binaries with ids outside our user namespace "Eric W. Beiderman
2012-04-18 19:05 ` Serge E. Hallyn
2012-04-18 19:09 ` Serge E. Hallyn
[not found] ` <20120418190927.GK5186-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2012-04-24 2:28 ` Eric W. Biederman
[not found] ` <m1ehrdrhgr.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2012-04-24 15:10 ` Serge Hallyn
2012-04-08 5:15 ` [PATCH 31/43] userns: Teach inode_capable to understand inodes whose uids map to other namespaces "Eric W. Beiderman
[not found] ` <1333862139-31737-31-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-04-18 19:06 ` Serge E. Hallyn
2012-04-08 5:15 ` [PATCH 32/43] userns: signal remove unnecessary map_cred_ns "Eric W. Beiderman
2012-04-18 19:07 ` Serge E. Hallyn
2012-04-08 5:15 ` [PATCH 33/43] userns: Convert binary formats to use kuid/kgid where appropriate "Eric W. Beiderman
2012-04-18 19:10 ` Serge E. Hallyn
2012-04-24 2:44 ` Eric W. Biederman
2012-04-08 5:15 ` [PATCH 34/43] userns: Convert devpts " "Eric W. Beiderman
2012-04-08 5:15 ` [PATCH 35/43] userns: Convert ext2 " "Eric W. Beiderman
2012-05-11 23:20 ` Please include user-namespace.git in linux-next Eric W. Biederman
[not found] ` <m1likyz4mh.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2012-05-13 23:35 ` Stephen Rothwell
2012-04-08 5:15 ` [PATCH 36/43] userns: Convert ext3 to use kuid/kgid where appropriate "Eric W. Beiderman
2012-04-08 5:15 ` [PATCH 37/43] userns: Convert ext4 to user " "Eric W. Beiderman
2012-04-08 5:15 ` [PATCH 38/43] userns: Convert proc to use " "Eric W. Beiderman
2012-04-08 5:15 ` [PATCH 39/43] userns: Convert sysctl permission checks to use kuid and kgids "Eric W. Beiderman
2012-04-08 5:15 ` [PATCH 40/43] userns: Convert sysfs to use kgid/kuid where appropriate "Eric W. Beiderman
2012-04-08 5:15 ` [PATCH 41/43] userns: Convert tmpfs to use kuid and kgid " "Eric W. Beiderman
2012-04-08 5:15 ` [PATCH 42/43] userns: Convert cgroup permission checks to use uid_eq "Eric W. Beiderman
2012-04-08 5:15 ` [PATCH 43/43] userns: Convert the move_pages, and migrate_pages " "Eric W. Beiderman
2012-04-08 14:54 ` [REVIEW][PATCH 0/43] Completing the user namespace Serge Hallyn
2012-04-08 17:40 ` richard -rw- weinberger
[not found] ` <CAFLxGvwyx6S6+eZtR=UNSQe_O+W7oZW=GosseL54HGpjtYGXjg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2012-04-08 21:30 ` Eric W. Biederman
[not found] ` <m1iph9ewsy.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2012-04-08 22:04 ` richard -rw- weinberger
2012-04-08 22:52 ` Eric W. Biederman
2012-04-10 19:01 ` Andy Lutomirski
2012-04-10 21:59 ` Eric W. Biederman
2012-04-10 22:15 ` Andrew Lutomirski
2012-04-10 23:01 ` Markus Gutschke
2012-04-11 0:04 ` Eric W. Biederman
2012-04-10 23:50 ` Eric W. Biederman
2012-04-10 23:56 ` Andrew Lutomirski
2012-04-11 1:01 ` Eric W. Biederman
2012-04-11 1:00 ` Andrew Lutomirski
2012-04-11 1:14 ` Eric W. Biederman
2012-04-11 1:22 ` Andrew Lutomirski
2012-04-11 4:37 ` Serge Hallyn
2012-04-11 4:33 ` Serge Hallyn
2012-04-11 4:16 ` Serge Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120418184943.GD4984@mail.hallyn.com \
--to=serge@hallyn.com \
--cc=akpm@linux-foundation.org \
--cc=containers@lists.linux-foundation.org \
--cc=ebiederm@xmission.com \
--cc=gorcunov@openvz.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=viro@ZenIV.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).