14 Jan, 2011

1 commit

• 6164281ab   user_ns: improve the user_ns on-the-slab packaging ... Browse Code »

  Currently on 64-bit arch the user_namespace is 2096 and when being
  kmalloc-ed it resides on a 4k slab wasting 2003 bytes.

  If we allocate a separate cache for it and reduce the hash size from 128
  to 64 chains the packaging becomes *much* better - the struct is 1072
  bytes and the hole between is 98 bytes.

  [akpm@linux-foundation.org: s/__initcall/module_init/]
  Signed-off-by: Pavel Emelyanov
  Acked-by: Serge E. Hallyn
  Signed-off-by: Andrew Morton
  Signed-off-by: Linus Torvalds

  Pavel Emelyanov

  2011-01-14 00:03:18 +0800  

17 Jun, 2010

1 commit

• 5c1469de7   user_ns: Introduce user_nsmap_uid and user_ns_map_gid. ... Browse Code »

  Define what happens when a we view a uid from one user_namespace
  in another user_namepece.

  - If the user namespaces are the same no mapping is necessary.

  - For most cases of difference use overflowuid and overflowgid,
  the uid and gid currently used for 16bit apis when we have a 32bit uid
  that does fit in 16bits. Effectively the situation is the same,
  we want to return a uid or gid that is not assigned to any user.

  - For the case when we happen to be mapping the uid or gid of the
  creator of the target user namespace use uid 0 and gid as confusing
  that user with root is not a problem.

  Signed-off-by: Eric W. Biederman
  Acked-by: Serge E. Hallyn
  Signed-off-by: David S. Miller

  Eric W. Biederman

  2010-06-17 05:55:34 +0800  

28 Feb, 2009

1 commit

• 517083667   Fix recursive lock in free_uid()/free_user_ns() ... Browse Code »

  free_uid() and free_user_ns() are corecursive when CONFIG_USER_SCHED=n,
  but free_user_ns() is called from free_uid() by way of uid_hash_remove(),
  which requires uidhash_lock to be held. free_user_ns() then calls
  free_uid() to complete the destruction.

  Fix this by deferring the destruction of the user_namespace.

  Signed-off-by: David Howells
  Acked-by: Serge Hallyn
  Signed-off-by: Andrew Morton
  Signed-off-by: Linus Torvalds

  David Howells

  2009-02-28 08:26:21 +0800  

25 Nov, 2008

1 commit

• 18b6e0414   User namespaces: set of cleanups (v2) ... Browse Code »

  The user_ns is moved from nsproxy to user_struct, so that a struct
  cred by itself is sufficient to determine access (which it otherwise
  would not be). Corresponding ecryptfs fixes (by David Howells) are
  here as well.

  Fix refcounting. The following rules now apply:
  1. The task pins the user struct.
  2. The user struct pins its user namespace.
  3. The user namespace pins the struct user which created it.

  User namespaces are cloned during copy_creds(). Unsharing a new user_ns
  is no longer possible. (We could re-add that, but it'll cause code
  duplication and doesn't seem useful if PAM doesn't need to clone user
  namespaces).

  When a user namespace is created, its first user (uid 0) gets empty
  keyrings and a clean group_info.

  This incorporates a previous patch by David Howells. Here
  is his original patch description:

  >I suggest adding the attached incremental patch. It makes the following
  >changes:
  >
  > (1) Provides a current_user_ns() macro to wrap accesses to current's user
  > namespace.
  >
  > (2) Fixes eCryptFS.
  >
  > (3) Renames create_new_userns() to create_user_ns() to be more consistent
  > with the other associated functions and because the 'new' in the name is
  > superfluous.
  >
  > (4) Moves the argument and permission checks made for CLONE_NEWUSER to the
  > beginning of do_fork() so that they're done prior to making any attempts
  > at allocation.
  >
  > (5) Calls create_user_ns() after prepare_creds(), and gives it the new creds
  > to fill in rather than have it return the new root user. I don't imagine
  > the new root user being used for anything other than filling in a cred
  > struct.
  >
  > This also permits me to get rid of a get_uid() and a free_uid(), as the
  > reference the creds were holding on the old user_struct can just be
  > transferred to the new namespace's creator pointer.
  >
  > (6) Makes create_user_ns() reset the UIDs and GIDs of the creds under
  > preparation rather than doing it in copy_creds().
  >
  >David

  >Signed-off-by: David Howells

  Changelog:
  Oct 20: integrate dhowells comments
  1. leave thread_keyring alone
  2. use current_user_ns() in set_user()

  Signed-off-by: Serge Hallyn

  Serge Hallyn

  2008-11-25 07:57:41 +0800  

20 Sep, 2007

1 commit

• 735de2230   Convert uid hash to hlist ... Browse Code »

  Surprisingly, but (spotted by Alexey Dobriyan) the uid hash still uses
  list_heads, thus occupying twice as much place as it could. Convert it to
  hlist_heads.

  Signed-off-by: Pavel Emelyanov
  Signed-off-by: Alexey Dobriyan
  Acked-by: Serge Hallyn
  Signed-off-by: Andrew Morton
  Signed-off-by: Linus Torvalds

  Pavel Emelyanov

  2007-09-20 02:24:18 +0800  

20 Jul, 2007

1 commit

• 626ac545c   user namespace: fix copy_user_ns return value ... Browse Code »

  When a CONFIG_USER_NS=n and a user tries to unshare some namespace other
  than the user namespace, the dummy copy_user_ns returns NULL rather than
  the old_ns.

  This value then gets assigned to task->nsproxy->user_ns, so that a
  subsequent setuid, which uses task->nsproxy->user_ns, causes a NULL
  pointer deref.

  Fix this by returning old_ns.

  Signed-off-by: Serge E. Hallyn
  Signed-off-by: Linus Torvalds

  Serge E. Hallyn

  2007-07-20 05:05:08 +0800  

17 Jul, 2007

2 commits

• 77ec739d8   user namespace: add unshare ... Browse Code »

  This patch enables the unshare of user namespaces.

  It adds a new clone flag CLONE_NEWUSER and implements copy_user_ns() which
  resets the current user_struct and adds a new root user (uid == 0)

  For now, unsharing the user namespace allows a process to reset its
  user_struct accounting and uid 0 in the new user namespace should be contained
  using appropriate means, for instance selinux

  The plan, when the full support is complete (all uid checks covered), is to
  keep the original user's rights in the original namespace, and let a process
  become uid 0 in the new namespace, with full capabilities to the new
  namespace.

  Signed-off-by: Serge E. Hallyn
  Signed-off-by: Cedric Le Goater
  Acked-by: Pavel Emelianov
  Cc: Herbert Poetzl
  Cc: Kirill Korotaev
  Cc: Eric W. Biederman
  Cc: Chris Wright
  Cc: Stephen Smalley
  Cc: James Morris
  Cc: Andrew Morgan
  Signed-off-by: Andrew Morton
  Signed-off-by: Linus Torvalds

  Serge E. Hallyn

  2007-07-17 00:05:47 +0800  
• acce292c8   user namespace: add the framework ... Browse Code »

  Basically, it will allow a process to unshare its user_struct table,
  resetting at the same time its own user_struct and all the associated
  accounting.

  A new root user (uid == 0) is added to the user namespace upon creation.
  Such root users have full privileges and it seems that theses privileges
  should be controlled through some means (process capabilities ?)

  The unshare is not included in this patch.

  Changes since [try #4]:
  - Updated get_user_ns and put_user_ns to accept NULL, and
  get_user_ns to return the namespace.

  Changes since [try #3]:
  - moved struct user_namespace to files user_namespace.{c,h}

  Changes since [try #2]:
  - removed struct user_namespace* argument from find_user()

  Changes since [try #1]:
  - removed struct user_namespace* argument from find_user()
  - added a root_user per user namespace

  Signed-off-by: Cedric Le Goater
  Signed-off-by: Serge E. Hallyn
  Acked-by: Pavel Emelianov
  Cc: Herbert Poetzl
  Cc: Kirill Korotaev
  Cc: Eric W. Biederman
  Cc: Chris Wright
  Cc: Stephen Smalley
  Cc: James Morris
  Cc: Andrew Morgan
  Signed-off-by: Andrew Morton
  Signed-off-by: Linus Torvalds

  Cedric Le Goater

  2007-07-17 00:05:47 +0800