From: Kirill Korotaev <dev@sw.ru>
To: Cedric Le Goater <clg@fr.ibm.com>
Cc: linux-kernel@vger.kernel.org, Andrew Morton <akpm@osdl.org>,
Pavel Emelianov <xemul@openvz.org>,
Kirill Korotaev <dev@openvz.org>, Andrey Savochkin <saw@sw.ru>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Herbert Poetzl <herbert@13thfloor.at>,
Sam Vilain <sam.vilain@catalyst.net.nz>,
"Serge E. Hallyn" <serue@us.ibm.com>,
Dave Hansen <haveblue@us.ibm.com>
Subject: Re: [PATCH -mm 7/7] forbid the use of the unshare syscall on ipc namespaces
Date: Tue, 11 Jul 2006 18:10:53 +0400 [thread overview]
Message-ID: <44B3B16D.8050100@sw.ru> (raw)
In-Reply-To: <20060711075433.856729000@localhost.localdomain>
This patch looks as an overkill for me.
If you really care about things you describe, you can forbid unsharing in cases:
1.
undo_list = tsk->sysvsem.undo_list;
if (undo_list)
REFUSE_UNSHARE;
2. vma exists with vma->vm_ops == &shm_vm_ops;
3. file opened with f_op == &shm_file_operations
I also dislike exec() operation for such sort of things since you can have no executable
at hands due to changed fs namespace.
Thanks,
Kirill
> This patch forbids the use of the unshare() syscall on ipc namespaces.
>
> The purpose of this restriction is to protect the system from
> inconsistencies when the namespace is unshared. e.g. shared memory ids
> will be removed but not the memory mappings, semaphore ids will be
> removed but the semundos not cleared.
>
>
> Signed-off-by: Cedric Le Goater <clg@fr.ibm.com>
> Cc: Andrew Morton <akpm@osdl.org>
> Cc: Pavel Emelianov <xemul@openvz.org>
> Cc: Kirill Korotaev <dev@openvz.org>
> Cc: Andrey Savochkin <saw@sw.ru>
> Cc: Eric W. Biederman <ebiederm@xmission.com>
> Cc: Herbert Poetzl <herbert@13thfloor.at>
> Cc: Sam Vilain <sam.vilain@catalyst.net.nz>
> Cc: Serge E. Hallyn <serue@us.ibm.com>
> Cc: Dave Hansen <haveblue@us.ibm.com>
>
> ---
> kernel/fork.c | 23 +++++------------------
> 1 file changed, 5 insertions(+), 18 deletions(-)
>
> Index: 2.6.18-rc1-mm1/kernel/fork.c
> ===================================================================
> --- 2.6.18-rc1-mm1.orig/kernel/fork.c
> +++ 2.6.18-rc1-mm1/kernel/fork.c
> @@ -1604,7 +1604,6 @@ asmlinkage long sys_unshare(unsigned lon
> struct sem_undo_list *new_ulist = NULL;
> struct nsproxy *new_nsproxy = NULL, *old_nsproxy = NULL;
> struct uts_namespace *uts, *new_uts = NULL;
> - struct ipc_namespace *ipc, *new_ipc = NULL;
>
> check_unshare_flags(&unshare_flags);
>
> @@ -1612,12 +1611,12 @@ asmlinkage long sys_unshare(unsigned lon
> err = -EINVAL;
> if (unshare_flags & ~(CLONE_THREAD|CLONE_FS|CLONE_NEWNS|CLONE_SIGHAND|
> CLONE_VM|CLONE_FILES|CLONE_SYSVSEM|
> - CLONE_NEWUTS|CLONE_NEWIPC))
> + CLONE_NEWUTS))
> goto bad_unshare_out;
>
> /* Also return -EINVAL for all unsharable namespaces. May be a
> * -EACCES would be more appropriate ? */
> - if (unshare_flags & CLONE_NEWUSER)
> + if (unshare_flags & (CLONE_NEWUSER|CLONE_NEWIPC))
> goto bad_unshare_out;
>
> if ((err = unshare_thread(unshare_flags)))
> @@ -1636,20 +1635,18 @@ asmlinkage long sys_unshare(unsigned lon
> goto bad_unshare_cleanup_fd;
> if ((err = unshare_utsname(unshare_flags, &new_uts)))
> goto bad_unshare_cleanup_semundo;
> - if ((err = unshare_ipcs(unshare_flags, &new_ipc)))
> - goto bad_unshare_cleanup_uts;
>
> - if (new_ns || new_uts || new_ipc) {
> + if (new_ns || new_uts) {
> old_nsproxy = current->nsproxy;
> new_nsproxy = dup_namespaces(old_nsproxy);
> if (!new_nsproxy) {
> err = -ENOMEM;
> - goto bad_unshare_cleanup_ipc;
> + goto bad_unshare_cleanup_uts;
> }
> }
>
> if (new_fs || new_ns || new_sigh || new_mm || new_fd || new_ulist ||
> - new_uts || new_ipc) {
> + new_uts) {
>
> task_lock(current);
>
> @@ -1697,22 +1694,12 @@ asmlinkage long sys_unshare(unsigned lon
> new_uts = uts;
> }
>
> - if (new_ipc) {
> - ipc = current->nsproxy->ipc_ns;
> - current->nsproxy->ipc_ns = new_ipc;
> - new_ipc = ipc;
> - }
> -
> task_unlock(current);
> }
>
> if (new_nsproxy)
> put_nsproxy(new_nsproxy);
>
> -bad_unshare_cleanup_ipc:
> - if (new_ipc)
> - put_ipc_ns(new_ipc);
> -
> bad_unshare_cleanup_uts:
> if (new_uts)
> put_uts_ns(new_uts);
>
> --
>
next prev parent reply other threads:[~2006-07-11 14:11 UTC|newest]
Thread overview: 104+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-07-11 7:50 [PATCH -mm 0/7] execns syscall and user namespace Cedric Le Goater
2006-07-11 7:50 ` [PATCH -mm 1/7] add execns syscall core routine Cedric Le Goater
2006-07-11 7:50 ` [PATCH -mm 2/7] add execns syscall to s390 Cedric Le Goater
2006-07-11 13:44 ` Martin Schwidefsky
2006-07-11 13:44 ` Martin Schwidefsky
2006-07-11 14:44 ` Cedric Le Goater
2006-07-11 14:54 ` Martin Schwidefsky
2006-07-11 15:43 ` Cedric Le Goater
2006-07-11 7:50 ` [PATCH -mm 3/7] add execns syscall to x86_64 Cedric Le Goater
2006-07-11 7:50 ` [PATCH -mm 4/7] add execns syscall to i386 Cedric Le Goater
2006-07-11 7:50 ` [PATCH -mm 5/7] add user namespace Cedric Le Goater
2006-07-11 16:39 ` Kirill Korotaev
2006-07-11 17:38 ` Cedric Le Goater
2006-07-12 11:21 ` Kirill Korotaev
2006-07-13 16:01 ` Cedric Le Goater
2006-07-12 3:33 ` Eric W. Biederman
2006-07-12 11:13 ` Kirill Korotaev
2006-07-12 18:10 ` Eric W. Biederman
2006-07-13 17:00 ` Cedric Le Goater
2006-07-13 18:07 ` Eric W. Biederman
2006-07-13 18:21 ` Eric W. Biederman
2006-07-13 18:31 ` Dave Hansen
2006-07-13 18:54 ` Eric W. Biederman
2006-07-12 3:46 ` Eric W. Biederman
2006-07-12 12:05 ` Herbert Poetzl
2006-07-12 17:09 ` Eric W. Biederman
2006-07-12 14:00 ` Cedric Le Goater
2006-07-12 17:24 ` Eric W. Biederman
2006-07-13 17:36 ` Cedric Le Goater
2006-07-13 17:47 ` Serge E. Hallyn
2006-07-13 18:14 ` Eric W. Biederman
2006-07-13 18:29 ` Dave Hansen
2006-07-13 19:02 ` Eric W. Biederman
2006-07-13 20:03 ` Dave Hansen
2006-07-14 3:45 ` Eric W. Biederman
2006-07-14 14:28 ` Dave Hansen
2006-07-14 15:13 ` Eric W. Biederman
2006-07-14 16:29 ` Serge E. Hallyn
2006-07-14 16:49 ` Eric W. Biederman
2006-07-14 16:55 ` Dave Hansen
2006-07-14 17:08 ` Serge E. Hallyn
2006-07-14 17:19 ` Dave Hansen
2006-07-14 17:36 ` Eric W. Biederman
2006-07-14 18:15 ` Trond Myklebust
2006-07-14 18:40 ` Eric W. Biederman
2006-07-14 21:04 ` Trond Myklebust
2006-07-15 4:09 ` Eric W. Biederman
2006-07-15 4:35 ` Kyle Moffett
2006-07-15 12:35 ` Eric W. Biederman
2006-07-15 13:25 ` Kyle Moffett
2006-07-15 15:54 ` Dave Hansen
2006-07-15 17:01 ` Trond Myklebust
2006-07-15 23:29 ` Eric W. Biederman
2006-07-16 16:18 ` Dave Hansen
2006-07-14 17:14 ` Eric W. Biederman
2006-07-16 8:36 ` Kirill Korotaev
2006-07-16 10:08 ` Eric W. Biederman
2006-07-14 17:05 ` Serge E. Hallyn
2006-07-14 17:50 ` Kyle Moffett
2006-07-15 11:33 ` Serge E. Hallyn
2006-07-14 17:56 ` Eric W. Biederman
2006-07-14 16:35 ` Dave Hansen
2006-07-13 21:41 ` Serge E. Hallyn
2006-07-14 3:52 ` Eric W. Biederman
2006-07-14 14:02 ` Serge E. Hallyn
2006-07-14 14:50 ` Eric W. Biederman
2006-07-14 16:39 ` Serge E. Hallyn
2006-07-14 17:18 ` Eric W. Biederman
2006-07-14 17:24 ` Dave Hansen
2006-07-14 18:06 ` Eric W. Biederman
2006-07-14 18:42 ` Dave Hansen
2006-07-14 19:07 ` Eric W. Biederman
2006-07-13 17:59 ` Eric W. Biederman
2006-07-13 21:22 ` Serge E. Hallyn
2006-07-14 3:50 ` Eric W. Biederman
2006-07-14 14:17 ` Serge E. Hallyn
2006-07-14 15:05 ` Eric W. Biederman
2006-07-14 16:46 ` Serge E. Hallyn
2006-07-14 16:58 ` Eric W. Biederman
2006-07-14 15:43 ` Kyle Moffett
2006-07-14 16:13 ` Eric W. Biederman
2006-07-11 7:50 ` [PATCH -mm 6/7] add the user namespace to the execns syscall Cedric Le Goater
2006-07-11 7:50 ` [PATCH -mm 7/7] forbid the use of the unshare syscall on ipc namespaces Cedric Le Goater
2006-07-11 14:10 ` Kirill Korotaev [this message]
2006-07-11 15:06 ` Cedric Le Goater
2006-07-11 8:02 ` [PATCH -mm 0/7] execns syscall and user namespace Arjan van de Ven
2006-07-11 8:42 ` Cedric Le Goater
2006-07-11 18:12 ` H. Peter Anvin
2006-07-11 18:26 ` Cedric Le Goater
2006-07-11 18:28 ` H. Peter Anvin
2006-07-11 19:50 ` Ulrich Drepper
2006-07-11 21:50 ` Cedric Le Goater
2006-07-11 21:57 ` H. Peter Anvin
2006-07-12 0:16 ` Ulrich Drepper
2006-07-12 0:25 ` H. Peter Anvin
2006-07-12 0:28 ` H. Peter Anvin
2006-07-11 20:22 ` Eric W. Biederman
2006-07-11 21:28 ` Cedric Le Goater
2006-07-12 3:24 ` Eric W. Biederman
2006-07-12 13:05 ` Cedric Le Goater
2006-07-12 16:56 ` Eric W. Biederman
2006-07-13 16:13 ` Cedric Le Goater
2006-07-12 11:11 ` Kirill Korotaev
2006-07-12 13:10 ` Cedric Le Goater
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=44B3B16D.8050100@sw.ru \
--to=dev@sw.ru \
--cc=akpm@osdl.org \
--cc=clg@fr.ibm.com \
--cc=dev@openvz.org \
--cc=ebiederm@xmission.com \
--cc=haveblue@us.ibm.com \
--cc=herbert@13thfloor.at \
--cc=linux-kernel@vger.kernel.org \
--cc=sam.vilain@catalyst.net.nz \
--cc=saw@sw.ru \
--cc=serue@us.ibm.com \
--cc=xemul@openvz.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox