Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a2faf2fc authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 

Pull (again) user namespace infrastructure changes from Eric Biederman:
 "Those bugs, those darn embarrasing bugs just want don't want to get
  fixed.

  Linus I just updated my mirror of your kernel.org tree and it appears
  you successfully pulled everything except the last 4 commits that fix
  those embarrasing bugs.

  When you get a chance can you please repull my branch"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace:
  userns: Fix typo in description of the limitation of userns_install
  userns: Add a more complete capability subset test to commit_creds
  userns: Require CAP_SYS_ADMIN for most uses of setns.
  Fix cap_capable to only allow owners in the parent user namespace to have caps.
parents 4351654e 5155040e

fs/namespace.c

+2 −1
Original line number Diff line number Diff line
@@ -2781,7 +2781,8 @@ static int mntns_install(struct nsproxy *nsproxy, void *ns) 
	struct path root;



	if (!ns_capable(mnt_ns->user_ns, CAP_SYS_ADMIN) ||

	    !nsown_capable(CAP_SYS_CHROOT))

	    !nsown_capable(CAP_SYS_CHROOT) ||

	    !nsown_capable(CAP_SYS_ADMIN))

		return -EPERM;



	if (fs->users != 1)

ipc/namespace.c

+2 −1
Original line number Diff line number Diff line
@@ -170,7 +170,8 @@ static void ipcns_put(void *ns) 
static int ipcns_install(struct nsproxy *nsproxy, void *new)

{

	struct ipc_namespace *ns = new;

	if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN))

	if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN) ||

	    !nsown_capable(CAP_SYS_ADMIN))

		return -EPERM;



	/* Ditch state from the old ipc namespace */

kernel/cred.c

+26 −1
Original line number Diff line number Diff line
@@ -372,6 +372,31 @@ int copy_creds(struct task_struct *p, unsigned long clone_flags) 
	return ret;

}



static bool cred_cap_issubset(const struct cred *set, const struct cred *subset)

{

	const struct user_namespace *set_ns = set->user_ns;

	const struct user_namespace *subset_ns = subset->user_ns;



	/* If the two credentials are in the same user namespace see if

	 * the capabilities of subset are a subset of set.

	 */

	if (set_ns == subset_ns)

		return cap_issubset(subset->cap_permitted, set->cap_permitted);



	/* The credentials are in a different user namespaces

	 * therefore one is a subset of the other only if a set is an

	 * ancestor of subset and set->euid is owner of subset or one

	 * of subsets ancestors.

	 */

	for (;subset_ns != &init_user_ns; subset_ns = subset_ns->parent) {

		if ((set_ns == subset_ns->parent)  &&

		    uid_eq(subset_ns->owner, set->euid))

			return true;

	}



	return false;

}



/**

 * commit_creds - Install new credentials upon the current task

 * @new: The credentials to be assigned
@@ -410,7 +435,7 @@ int commit_creds(struct cred *new) 
	    !gid_eq(old->egid, new->egid) ||

	    !uid_eq(old->fsuid, new->fsuid) ||

	    !gid_eq(old->fsgid, new->fsgid) ||

	    !cap_issubset(new->cap_permitted, old->cap_permitted)) {

	    !cred_cap_issubset(old, new)) {

		if (task->mm)

			set_dumpable(task->mm, suid_dumpable);

		task->pdeath_signal = 0;

kernel/pid_namespace.c

+2 −1
Original line number Diff line number Diff line
@@ -325,7 +325,8 @@ static int pidns_install(struct nsproxy *nsproxy, void *ns) 
	struct pid_namespace *active = task_active_pid_ns(current);

	struct pid_namespace *ancestor, *new = ns;



	if (!ns_capable(new->user_ns, CAP_SYS_ADMIN))

	if (!ns_capable(new->user_ns, CAP_SYS_ADMIN) ||

	    !nsown_capable(CAP_SYS_ADMIN))

		return -EPERM;



	/*

kernel/user_namespace.c

+1 −1
Original line number Diff line number Diff line
@@ -799,7 +799,7 @@ static int userns_install(struct nsproxy *nsproxy, void *ns) 
	if (user_ns == current_user_ns())

		return -EINVAL;



	/* Threaded many not enter a different user namespace */

	/* Threaded processes may not enter a different user namespace */

	if (atomic_read(&current->mm->mm_users) > 1)

		return -EINVAL;