userns: user namespaces: convert several capable() calls
CAP_IPC_OWNER and CAP_IPC_LOCK can be checked against current_user_ns(), because the resource comes from current's own ipc namespace. setuid/setgid are to uids in own namespace, so again checks can be against current_user_ns(). Changelog: Jan 11: Use task_ns_capable() in place of sched_capable(). Jan 11: Use nsown_capable() as suggested by Bastian Blank. Jan 11: Clarify (hopefully) some logic in futex and sched.c Feb 15: use ns_capable for ipc, not nsown_capable Feb 23: let copy_ipcs handle setting ipc_ns->user_ns Feb 23: pass ns down rather than taking it from current [akpm@linux-foundation.org: coding-style fixes] Signed-off-by: Serge E. Hallyn <serge.hallyn@canonical.com> Acked-by: "Eric W. Biederman" <ebiederm@xmission.com> Acked-by: Daniel Lezcano <daniel.lezcano@free.fr> Acked-by: David Howells <dhowells@redhat.com> Cc: James Morris <jmorris@namei.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
Serge E. Hallyn
committed by
Linus Torvalds
Linus Torvalds
parent
b515498f5b
commit
b0e77598f8
@@ -2418,10 +2418,19 @@ SYSCALL_DEFINE3(get_robust_list, int, pid,
|
||||
goto err_unlock;
|
||||
ret = -EPERM;
|
||||
pcred = __task_cred(p);
|
||||
/* If victim is in different user_ns, then uids are not
|
||||
comparable, so we must have CAP_SYS_PTRACE */
|
||||
if (cred->user->user_ns != pcred->user->user_ns) {
|
||||
if (!ns_capable(pcred->user->user_ns, CAP_SYS_PTRACE))
|
||||
goto err_unlock;
|
||||
goto ok;
|
||||
}
|
||||
/* If victim is in same user_ns, then uids are comparable */
|
||||
if (cred->euid != pcred->euid &&
|
||||
cred->euid != pcred->uid &&
|
||||
!capable(CAP_SYS_PTRACE))
|
||||
!ns_capable(pcred->user->user_ns, CAP_SYS_PTRACE))
|
||||
goto err_unlock;
|
||||
ok:
|
||||
head = p->robust_list;
|
||||
rcu_read_unlock();
|
||||
}
|
||||
|
||||
@@ -153,10 +153,19 @@ compat_sys_get_robust_list(int pid, compat_uptr_t __user *head_ptr,
|
||||
goto err_unlock;
|
||||
ret = -EPERM;
|
||||
pcred = __task_cred(p);
|
||||
/* If victim is in different user_ns, then uids are not
|
||||
comparable, so we must have CAP_SYS_PTRACE */
|
||||
if (cred->user->user_ns != pcred->user->user_ns) {
|
||||
if (!ns_capable(pcred->user->user_ns, CAP_SYS_PTRACE))
|
||||
goto err_unlock;
|
||||
goto ok;
|
||||
}
|
||||
/* If victim is in same user_ns, then uids are comparable */
|
||||
if (cred->euid != pcred->euid &&
|
||||
cred->euid != pcred->uid &&
|
||||
!capable(CAP_SYS_PTRACE))
|
||||
!ns_capable(pcred->user->user_ns, CAP_SYS_PTRACE))
|
||||
goto err_unlock;
|
||||
ok:
|
||||
head = p->compat_robust_list;
|
||||
rcu_read_unlock();
|
||||
}
|
||||
|
||||
@@ -233,7 +233,7 @@ SYSCALL_DEFINE2(setgroups, int, gidsetsize, gid_t __user *, grouplist)
|
||||
struct group_info *group_info;
|
||||
int retval;
|
||||
|
||||
if (!capable(CAP_SETGID))
|
||||
if (!nsown_capable(CAP_SETGID))
|
||||
return -EPERM;
|
||||
if ((unsigned)gidsetsize > NGROUPS_MAX)
|
||||
return -EINVAL;
|
||||
|
||||
@@ -75,16 +75,11 @@ static struct nsproxy *create_new_namespaces(unsigned long flags,
|
||||
goto out_uts;
|
||||
}
|
||||
|
||||
new_nsp->ipc_ns = copy_ipcs(flags, tsk->nsproxy->ipc_ns);
|
||||
new_nsp->ipc_ns = copy_ipcs(flags, tsk);
|
||||
if (IS_ERR(new_nsp->ipc_ns)) {
|
||||
err = PTR_ERR(new_nsp->ipc_ns);
|
||||
goto out_ipc;
|
||||
}
|
||||
if (new_nsp->ipc_ns != tsk->nsproxy->ipc_ns) {
|
||||
put_user_ns(new_nsp->ipc_ns->user_ns);
|
||||
new_nsp->ipc_ns->user_ns = task_cred_xxx(tsk, user)->user_ns;
|
||||
get_user_ns(new_nsp->ipc_ns->user_ns);
|
||||
}
|
||||
|
||||
new_nsp->pid_ns = copy_pid_ns(flags, task_active_pid_ns(tsk));
|
||||
if (IS_ERR(new_nsp->pid_ns)) {
|
||||
|
||||
@@ -4892,8 +4892,11 @@ static bool check_same_owner(struct task_struct *p)
|
||||
|
||||
rcu_read_lock();
|
||||
pcred = __task_cred(p);
|
||||
match = (cred->euid == pcred->euid ||
|
||||
cred->euid == pcred->uid);
|
||||
if (cred->user->user_ns == pcred->user->user_ns)
|
||||
match = (cred->euid == pcred->euid ||
|
||||
cred->euid == pcred->uid);
|
||||
else
|
||||
match = false;
|
||||
rcu_read_unlock();
|
||||
return match;
|
||||
}
|
||||
@@ -5221,7 +5224,7 @@ long sched_setaffinity(pid_t pid, const struct cpumask *in_mask)
|
||||
goto out_free_cpus_allowed;
|
||||
}
|
||||
retval = -EPERM;
|
||||
if (!check_same_owner(p) && !capable(CAP_SYS_NICE))
|
||||
if (!check_same_owner(p) && !task_ns_capable(p, CAP_SYS_NICE))
|
||||
goto out_unlock;
|
||||
|
||||
retval = security_task_setscheduler(p);
|
||||
|
||||
@@ -189,7 +189,7 @@ SYSCALL_DEFINE2(setgroups16, int, gidsetsize, old_gid_t __user *, grouplist)
|
||||
struct group_info *group_info;
|
||||
int retval;
|
||||
|
||||
if (!capable(CAP_SETGID))
|
||||
if (!nsown_capable(CAP_SETGID))
|
||||
return -EPERM;
|
||||
if ((unsigned)gidsetsize > NGROUPS_MAX)
|
||||
return -EINVAL;
|
||||
|
||||
Reference in New Issue
Block a user