From: "Serge E. Hallyn" <serue@us.ibm.com>
To: Dan Smith <danms@us.ibm.com>
Cc: orenl@librato.com, containers@lists.osdl.org, netdev@vger.kernel.org
Subject: Re: [PATCH 2/3] Expose may_setuid() in user.h and add may_setgid() (v2)
Date: Wed, 19 Aug 2009 20:31:53 -0500 [thread overview]
Message-ID: <20090820013153.GA5120@us.ibm.com> (raw)
In-Reply-To: <1250625435-16299-3-git-send-email-danms@us.ibm.com>
Quoting Dan Smith (danms@us.ibm.com):
> Make these helpers available to others.
>
> Changes in v2:
> - Avoid checking the groupinfo in ctx->realcred against the current in
> may_setgid()
>
> Cc: Serge Hallyn <serue@us.ibm.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
> Signed-off-by: Dan Smith <danms@us.ibm.com>
> ---
> include/linux/user.h | 9 +++++++++
> kernel/user.c | 13 ++++++++++++-
> 2 files changed, 21 insertions(+), 1 deletions(-)
>
> diff --git a/include/linux/user.h b/include/linux/user.h
> index 68daf84..c231e9c 100644
> --- a/include/linux/user.h
> +++ b/include/linux/user.h
> @@ -1 +1,10 @@
> +#ifndef _LINUX_USER_H
> +#define _LINUX_USER_H
> +
> #include <asm/user.h>
> +#include <linux/sched.h>
> +
> +extern int may_setuid(struct user_namespace *ns, uid_t uid);
> +extern int may_setgid(gid_t gid);
> +
> +#endif
> diff --git a/kernel/user.c b/kernel/user.c
> index a535ed6..a78fde7 100644
> --- a/kernel/user.c
> +++ b/kernel/user.c
> @@ -604,7 +604,7 @@ int checkpoint_user(struct ckpt_ctx *ctx, void *ptr)
> return do_checkpoint_user(ctx, (struct user_struct *) ptr);
> }
>
> -static int may_setuid(struct user_namespace *ns, uid_t uid)
> +int may_setuid(struct user_namespace *ns, uid_t uid)
> {
> /*
> * this next check will one day become
> @@ -631,6 +631,17 @@ static int may_setuid(struct user_namespace *ns, uid_t uid)
> return 0;
> }
>
> +int may_setgid(gid_t gid)
> +{
> + if (capable(CAP_SETGID))
> + return 1;
> +
> + if (in_egroup_p(gid))
> + return 1;
> +
> + return 0;
> +}
> +
> static struct user_struct *do_restore_user(struct ckpt_ctx *ctx)
> {
> struct user_struct *u;
> --
> 1.6.2.5
next prev parent reply other threads:[~2009-08-20 1:39 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-08-18 19:57 Socket C/R additional features Dan Smith
2009-08-18 19:57 ` [PATCH 1/3] Set socket flags on restore using sock_setsockopt() where possible (v2) Dan Smith
2009-08-18 19:57 ` [PATCH 2/3] Expose may_setuid() in user.h and add may_setgid() (v2) Dan Smith
2009-08-20 1:31 ` Serge E. Hallyn [this message]
2009-08-18 19:57 ` [PATCH 3/3] Save and restore UNIX socket peer credentials (v2) Dan Smith
2009-08-20 1:36 ` Serge E. Hallyn
2009-08-19 3:36 ` Socket C/R additional features David Miller
-- strict thread matches above, loose matches on Subject: below --
2009-08-24 17:28 Dan Smith
2009-08-24 17:28 ` [PATCH 2/3] Expose may_setuid() in user.h and add may_setgid() (v2) Dan Smith
2009-08-25 5:53 ` Oren Laadan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090820013153.GA5120@us.ibm.com \
--to=serue@us.ibm.com \
--cc=containers@lists.osdl.org \
--cc=danms@us.ibm.com \
--cc=netdev@vger.kernel.org \
--cc=orenl@librato.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).