[Devel] Re: [PATCH 4/9] allow killing tasks in your own or child userns
On 02/17/2011 04:03 PM, Serge E. Hallyn wrote: Changelog: Dec 8: Fixed bug in my check_kill_permission pointed out by Eric Biederman. Dec 13: Apply Eric's suggestion to pass target task into kill_ok_by_cred() for clarity Dec 31: address comment by Eric Biederman: don't need cred/tcred in check_kill_permission. Jan 1: use const cred struct. Jan 11: Per Bastian Blank's advice, clean up kill_ok_by_cred(). Feb 16: kill_ok_by_cred: fix bad parentheses Signed-off-by: Serge E. Hallynserge.hal...@canonical.com Acked-by: Daniel Lezcano daniel.lezc...@free.fr ___ Containers mailing list contain...@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/containers ___ Devel mailing list Devel@openvz.org https://openvz.org/mailman/listinfo/devel
[Devel] Re: [PATCH 5/9] Allow ptrace from non-init user namespaces
On 02/17/2011 04:03 PM, Serge E. Hallyn wrote: ptrace is allowed to tasks in the same user namespace according to the usual rules (i.e. the same rules as for two tasks in the init user namespace). ptrace is also allowed to a user namespace to which the current task the has CAP_SYS_PTRACE capability. Changelog: Dec 31: Address feedback by Eric: . Correct ptrace uid check . Rename may_ptrace_ns to ptrace_capable . Also fix the cap_ptrace checks. Jan 1: Use const cred struct Jan 11: use task_ns_capable() in place of ptrace_capable(). Signed-off-by: Serge E. Hallynserge.hal...@canonical.com Acked-by: Daniel Lezcano daniel.lezc...@free.fr ___ Containers mailing list contain...@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/containers ___ Devel mailing list Devel@openvz.org https://openvz.org/mailman/listinfo/devel
[Devel] Re: [PATCH 6/9] user namespaces: convert all capable checks in kernel/sys.c
On 02/17/2011 04:03 PM, Serge E. Hallyn wrote: This allows setuid/setgid in containers. It also fixes some corner cases where kernel logic foregoes capability checks when uids are equivalent. The latter will need to be done throughout the whole kernel. Changelog: Jan 11: Use nsown_capable() as suggested by Bastian Blank. Jan 11: Fix logic errors in uid checks pointed out by Bastian. Feb 15: allow prlimit to current (was regression in previous version) Signed-off-by: Serge E. Hallynserge.hal...@canonical.com Acked-by: Daniel Lezcano daniel.lezc...@free.fr - if (!ns_capable(current-nsproxy-uts_ns-user_ns, CAP_SYS_ADMIN)) + if (!ns_capable(current-nsproxy-uts_ns-user_ns, CAP_SYS_ADMIN)) { + printk(KERN_NOTICE %s: did not have CAP_SYS_ADMIN\n, __func__); return -EPERM; + } + printk(KERN_NOTICE %s: did have CAP_SYS_ADMIN\n, __func__); A couple of printk left here. ___ Containers mailing list contain...@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/containers ___ Devel mailing list Devel@openvz.org https://openvz.org/mailman/listinfo/devel
[Devel] Re: [PATCH 7/9] add a user namespace owner of ipc ns
On 02/17/2011 04:03 PM, Serge E. Hallyn wrote: Changelog: Feb 15: Don't set new ipc-user_ns if we didn't create a new ipc_ns. Signed-off-by: Serge E. Hallynserge.hal...@canonical.com --- Acked-by: Daniel Lezcano daniel.lezc...@free.fr [ ... ] + ns-user_ns = old_ns-user_ns; + get_user_ns(ns-user_ns); A mindless change. ns-user_ns = get_user_ns(old_ns-user_ns); ___ Containers mailing list contain...@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/containers ___ Devel mailing list Devel@openvz.org https://openvz.org/mailman/listinfo/devel
[Devel] Re: [PATCH 8/9] user namespaces: convert several capable() calls
On 02/17/2011 04:03 PM, Serge E. Hallyn wrote: CAP_IPC_OWNER and CAP_IPC_LOCK can be checked against current_user_ns(), because the resource comes from current's own ipc namespace. setuid/setgid are to uids in own namespace, so again checks can be against current_user_ns(). Changelog: Jan 11: Use task_ns_capable() in place of sched_capable(). Jan 11: Use nsown_capable() as suggested by Bastian Blank. Jan 11: Clarify (hopefully) some logic in futex and sched.c Feb 15: use ns_capable for ipc, not nsown_capable Signed-off-by: Serge E. Hallynserge.hal...@canonical.com --- Acked-by: Daniel Lezcano daniel.lezc...@free.fr ___ Containers mailing list contain...@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/containers ___ Devel mailing list Devel@openvz.org https://openvz.org/mailman/listinfo/devel
[Devel] Re: [PATCH 9/9] userns: check user namespace for task-file uid equivalence checks
On 02/17/2011 04:04 PM, Serge E. Hallyn wrote: Cheat for now and say all files belong to init_user_ns. Next step will be to let superblocks belong to a user_ns, and derive inode_userns(inode) from inode-i_sb-s_user_ns. Finally we'll introduce more flexible arrangements. Changelog: Feb 15: make is_owner_or_cap take const struct inode Signed-off-by: Serge E. Hallynserge.hal...@canonical.com --- Acked-by: Daniel Lezcano daniel.lezc...@free.fr ___ Containers mailing list contain...@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/containers ___ Devel mailing list Devel@openvz.org https://openvz.org/mailman/listinfo/devel