Commit d2b31ca644fdc8704de3367a6a56a5c958c77f53
1 parent
8b94eea4bf
Exists in
master
and in
20 other branches
userns: Teach security_path_chown to take kuids and kgids
Don't make the security modules deal with raw user space uid and gids instead pass in a kuid_t and a kgid_t so that security modules only have to deal with internal kernel uids and gids. Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: James Morris <james.l.morris@oracle.com> Cc: John Johansen <john.johansen@canonical.com> Cc: Kentaro Takeda <takedakn@nttdata.co.jp> Cc: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Showing 6 changed files with 14 additions and 12 deletions Side-by-side Diff
fs/open.c
... | ... | @@ -534,7 +534,7 @@ |
534 | 534 | newattrs.ia_valid |= |
535 | 535 | ATTR_KILL_SUID | ATTR_KILL_SGID | ATTR_KILL_PRIV; |
536 | 536 | mutex_lock(&inode->i_mutex); |
537 | - error = security_path_chown(path, user, group); | |
537 | + error = security_path_chown(path, uid, gid); | |
538 | 538 | if (!error) |
539 | 539 | error = notify_change(path->dentry, &newattrs); |
540 | 540 | mutex_unlock(&inode->i_mutex); |
include/linux/security.h
... | ... | @@ -1437,7 +1437,7 @@ |
1437 | 1437 | int (*path_rename) (struct path *old_dir, struct dentry *old_dentry, |
1438 | 1438 | struct path *new_dir, struct dentry *new_dentry); |
1439 | 1439 | int (*path_chmod) (struct path *path, umode_t mode); |
1440 | - int (*path_chown) (struct path *path, uid_t uid, gid_t gid); | |
1440 | + int (*path_chown) (struct path *path, kuid_t uid, kgid_t gid); | |
1441 | 1441 | int (*path_chroot) (struct path *path); |
1442 | 1442 | #endif |
1443 | 1443 | |
... | ... | @@ -2832,7 +2832,7 @@ |
2832 | 2832 | int security_path_rename(struct path *old_dir, struct dentry *old_dentry, |
2833 | 2833 | struct path *new_dir, struct dentry *new_dentry); |
2834 | 2834 | int security_path_chmod(struct path *path, umode_t mode); |
2835 | -int security_path_chown(struct path *path, uid_t uid, gid_t gid); | |
2835 | +int security_path_chown(struct path *path, kuid_t uid, kgid_t gid); | |
2836 | 2836 | int security_path_chroot(struct path *path); |
2837 | 2837 | #else /* CONFIG_SECURITY_PATH */ |
2838 | 2838 | static inline int security_path_unlink(struct path *dir, struct dentry *dentry) |
... | ... | @@ -2888,7 +2888,7 @@ |
2888 | 2888 | return 0; |
2889 | 2889 | } |
2890 | 2890 | |
2891 | -static inline int security_path_chown(struct path *path, uid_t uid, gid_t gid) | |
2891 | +static inline int security_path_chown(struct path *path, kuid_t uid, kgid_t gid) | |
2892 | 2892 | { |
2893 | 2893 | return 0; |
2894 | 2894 | } |
security/apparmor/lsm.c
... | ... | @@ -352,7 +352,7 @@ |
352 | 352 | return common_perm_mnt_dentry(OP_CHMOD, path->mnt, path->dentry, AA_MAY_CHMOD); |
353 | 353 | } |
354 | 354 | |
355 | -static int apparmor_path_chown(struct path *path, uid_t uid, gid_t gid) | |
355 | +static int apparmor_path_chown(struct path *path, kuid_t uid, kgid_t gid) | |
356 | 356 | { |
357 | 357 | struct path_cond cond = { path->dentry->d_inode->i_uid, |
358 | 358 | path->dentry->d_inode->i_mode |
security/capability.c
security/security.c
... | ... | @@ -434,7 +434,7 @@ |
434 | 434 | return security_ops->path_chmod(path, mode); |
435 | 435 | } |
436 | 436 | |
437 | -int security_path_chown(struct path *path, uid_t uid, gid_t gid) | |
437 | +int security_path_chown(struct path *path, kuid_t uid, kgid_t gid) | |
438 | 438 | { |
439 | 439 | if (unlikely(IS_PRIVATE(path->dentry->d_inode))) |
440 | 440 | return 0; |
security/tomoyo/tomoyo.c
... | ... | @@ -373,13 +373,15 @@ |
373 | 373 | * |
374 | 374 | * Returns 0 on success, negative value otherwise. |
375 | 375 | */ |
376 | -static int tomoyo_path_chown(struct path *path, uid_t uid, gid_t gid) | |
376 | +static int tomoyo_path_chown(struct path *path, kuid_t uid, kgid_t gid) | |
377 | 377 | { |
378 | 378 | int error = 0; |
379 | - if (uid != (uid_t) -1) | |
380 | - error = tomoyo_path_number_perm(TOMOYO_TYPE_CHOWN, path, uid); | |
381 | - if (!error && gid != (gid_t) -1) | |
382 | - error = tomoyo_path_number_perm(TOMOYO_TYPE_CHGRP, path, gid); | |
379 | + if (uid_valid(uid)) | |
380 | + error = tomoyo_path_number_perm(TOMOYO_TYPE_CHOWN, path, | |
381 | + from_kuid(&init_user_ns, uid)); | |
382 | + if (!error && gid_valid(gid)) | |
383 | + error = tomoyo_path_number_perm(TOMOYO_TYPE_CHGRP, path, | |
384 | + from_kgid(&init_user_ns, gid)); | |
383 | 385 | return error; |
384 | 386 | } |
385 | 387 |