firefly-linux-kernel-4.4.55.git
12 years agouserns: Convert jffs2 to use kuid and kgid where appropriate
Eric W. Biederman [Wed, 8 Feb 2012 00:28:39 +0000 (16:28 -0800)]
userns: Convert jffs2 to use kuid and kgid where appropriate

- General routine uid/gid conversion work
- When storing posix acls treat ACL_USER and ACL_GROUP separately
  so I can call from_kuid or from_kgid as appropriate.
- When reading posix acls treat ACL_USER and ACL_GROUP separately
  so I can call make_kuid or make_kgid as appropriate.

Cc: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Convert hpfs to use kuid and kgid where appropriate
Eric W. Biederman [Wed, 8 Feb 2012 00:27:53 +0000 (16:27 -0800)]
userns: Convert hpfs to use kuid and kgid where appropriate

Cc: Mikulas Patocka <mikulas@artax.karlin.mff.cuni.cz>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Convert btrfs to use kuid/kgid where appropriate
Eric W. Biederman [Fri, 10 Feb 2012 19:05:07 +0000 (11:05 -0800)]
userns: Convert btrfs to use kuid/kgid where appropriate

Cc: Chris Mason <chris.mason@fusionio.com>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Convert bfs to use kuid/kgid where appropriate
Eric W. Biederman [Wed, 25 Apr 2012 10:57:31 +0000 (03:57 -0700)]
userns: Convert bfs to use kuid/kgid where appropriate

Cc: "Tigran A. Aivazian" <tigran@aivazian.fsnet.co.uk>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Convert affs to use kuid/kgid wherwe appropriate
Eric W. Biederman [Wed, 8 Feb 2012 00:20:16 +0000 (16:20 -0800)]
userns: Convert affs to use kuid/kgid wherwe appropriate

Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: On alpha modify linux_to_osf_stat to use convert from kuids and kgids
Eric W. Biederman [Sat, 11 Aug 2012 19:07:24 +0000 (12:07 -0700)]
userns: On alpha modify linux_to_osf_stat to use convert from kuids and kgids

Silencing build errors and potentially allowing people to use osf
system calls in from processes running in a non-default user namespace.

It seems this stat call was missed in my first round of converting the
stat system calls, bother.

Cc: Richard Henderson <rth@twiddle.net>
Cc: Ivan Kokshaysky <ink@jurassic.park.msu.ru>
Cc: Matt Turner <mattst88@gmail.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
12 years agouserns: On ia64 deal with current_uid and current_gid being kuid and kgid
Eric W. Biederman [Tue, 7 Aug 2012 11:02:41 +0000 (04:02 -0700)]
userns: On ia64 deal with current_uid and current_gid being kuid and kgid

These ia64 uses of current_uid and current_gid slipped through the
cracks when I was converting everything to kuids and kgids convert
them now.

Cc: Tony Luck <tony.luck@intel.com>
Cc: Fenghua Yu <fenghua.yu@intel.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
12 years agouserns: On ppc convert current_uid from a kuid before printing.
Eric W. Biederman [Tue, 7 Aug 2012 10:59:47 +0000 (03:59 -0700)]
userns: On ppc convert current_uid from a kuid before printing.

Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Paul Mackerras <paulus@samba.org>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
12 years agouserns: Convert s390 getting uid and gid system calls to use kuid and kgid
Eric W. Biederman [Sat, 11 Aug 2012 19:22:11 +0000 (12:22 -0700)]
userns: Convert s390 getting uid and gid system calls to use kuid and kgid

Convert getresuid, getresgid, getuid, geteuid, getgid, getegid

Convert struct cred kuids and kgids into userspace uids and gids when
returning them.

These s390 system calls slipped through the cracks in my first
round of converstions :(

Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Convert s390 hypfs to use kuid and kgid where appropriate
Eric W. Biederman [Tue, 7 Aug 2012 10:47:41 +0000 (03:47 -0700)]
userns: Convert s390 hypfs to use kuid and kgid where appropriate

Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
12 years agouserns: Convert binder ipc to use kuids
Eric W. Biederman [Sat, 26 May 2012 00:34:53 +0000 (18:34 -0600)]
userns: Convert binder ipc to use kuids

Cc: Arve Hjønnevåg <arve@android.com>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Teach security_path_chown to take kuids and kgids
Eric W. Biederman [Fri, 1 Jun 2012 22:14:19 +0000 (16:14 -0600)]
userns: Teach security_path_chown to take kuids and kgids

Don't make the security modules deal with raw user space uid and
gids instead pass in a kuid_t and a kgid_t so that security modules
only have to deal with internal kernel uids and gids.

Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: James Morris <james.l.morris@oracle.com>
Cc: John Johansen <john.johansen@canonical.com>
Cc: Kentaro Takeda <takedakn@nttdata.co.jp>
Cc: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Add user namespace support to IMA
Eric W. Biederman [Sat, 26 May 2012 00:24:12 +0000 (18:24 -0600)]
userns: Add user namespace support to IMA

Use kuid's in the IMA rules.

When reporting the current uid in audit logs use from_kuid
to get a usable value.

Cc: Mimi Zohar <zohar@us.ibm.com>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Convert EVM to deal with kuids and kgids in it's hmac computation
Eric W. Biederman [Sat, 26 May 2012 00:22:35 +0000 (18:22 -0600)]
userns: Convert EVM to deal with kuids and kgids in it's hmac computation

Cc: Mimi Zohar <zohar@us.ibm.com>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Convert hostfs to use kuid and kgid where appropriate
Eric W. Biederman [Wed, 8 Feb 2012 00:28:57 +0000 (16:28 -0800)]
userns: Convert hostfs to use kuid and kgid where appropriate

Cc: Jeff Dike <jdike@addtoit.com>
Cc: Richard Weinberger <richard@nod.at>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Convert selinux to use kuid and kgid where appropriate
Eric W. Biederman [Mon, 20 Aug 2012 07:09:36 +0000 (00:09 -0700)]
userns: Convert selinux to use kuid and kgid where appropriate

Cc: Stephen Smalley <sds@tycho.nsa.gov>
Cc: James Morris <james.l.morris@oracle.com>
Cc: Eric Paris <eparis@parisplace.org>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
12 years agouserns: Convert tomoyo to use kuid and kgid where appropriate
Eric W. Biederman [Wed, 8 Feb 2012 00:34:10 +0000 (16:34 -0800)]
userns: Convert tomoyo to use kuid and kgid where appropriate

Acked-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Convert apparmor to use kuid and kgid where appropriate
Eric W. Biederman [Wed, 8 Feb 2012 00:33:13 +0000 (16:33 -0800)]
userns: Convert apparmor to use kuid and kgid where appropriate

Cc: John Johansen <john.johansen@canonical.com>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Convert loop to use kuid_t instead of uid_t
Eric W. Biederman [Sat, 11 Feb 2012 19:23:51 +0000 (11:23 -0800)]
userns: Convert loop to use kuid_t instead of uid_t

Cc: Jens Axboe <jaxboe@fusionio.com>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Convert ipathfs to use GLOBAL_ROOT_UID and GLOBAL_ROOT_GID
Eric W. Biederman [Thu, 26 Apr 2012 05:40:44 +0000 (22:40 -0700)]
userns: Convert ipathfs to use GLOBAL_ROOT_UID and GLOBAL_ROOT_GID

Acked-by: Mike Marciniszyn <mike.marciniszyn@intel.com>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Convert freevxfs to use kuid/kgid where appropriate
Eric W. Biederman [Fri, 10 Feb 2012 19:26:34 +0000 (11:26 -0800)]
userns: Convert freevxfs to use kuid/kgid where appropriate

Cc: Christoph Hellwig <hch@infradead.org>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Convert the sysv filesystem to use kuid/kgid where appropriate
Eric W. Biederman [Fri, 10 Feb 2012 20:19:23 +0000 (12:19 -0800)]
userns: Convert the sysv filesystem to use kuid/kgid where appropriate

Cc: Christoph Hellwig <hch@infradead.org>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Convert the qnx6 filesystem to use kuid/kgid where appropriate
Eric W. Biederman [Sun, 8 Apr 2012 00:58:48 +0000 (17:58 -0700)]
userns: Convert the qnx6 filesystem to use kuid/kgid where appropriate

Cc: Kai Bankett <chaosman@ontika.net>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Convert the qnx4 filesystem to use kuid/kgid where appropriate
Eric W. Biederman [Fri, 10 Feb 2012 20:11:12 +0000 (12:11 -0800)]
userns: Convert the qnx4 filesystem to use kuid/kgid where appropriate

Acked-by: Anders Larsen <al@alarsen.net>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Convert omfs to use kuid and kgid where appropriate
Eric W. Biederman [Wed, 8 Feb 2012 00:29:49 +0000 (16:29 -0800)]
userns: Convert omfs to use kuid and kgid where appropriate

Acked-by: Bob Copeland <me@bobcopeland.com>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Convert ntfs to use kuid and kgid where appropriate
Eric W. Biederman [Wed, 8 Feb 2012 00:29:36 +0000 (16:29 -0800)]
userns: Convert ntfs to use kuid and kgid where appropriate

Cc: Anton Altaparmakov <anton@tuxera.com>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Convert nillfs2 to use kuid/kgid where appropriate
Eric W. Biederman [Fri, 10 Feb 2012 20:31:23 +0000 (12:31 -0800)]
userns: Convert nillfs2 to use kuid/kgid where appropriate

Acked-by: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Convert minix to use kuid/kgid where appropriate
Eric W. Biederman [Fri, 10 Feb 2012 19:45:03 +0000 (11:45 -0800)]
userns: Convert minix to use kuid/kgid where appropriate

Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Convert logfs to use kuid/kgid where appropriate
Eric W. Biederman [Fri, 10 Feb 2012 19:41:28 +0000 (11:41 -0800)]
userns: Convert logfs to use kuid/kgid where appropriate

Cc: Joern Engel <joern@logfs.org>
Cc: Prasad Joshi <prasadjoshi.linux@gmail.com>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Convert isofs to use kuid/kgid where appropriate
Eric W. Biederman [Fri, 10 Feb 2012 19:35:50 +0000 (11:35 -0800)]
userns: Convert isofs to use kuid/kgid where appropriate

Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Convert hfsplus to use kuid and kgid where appropriate
Eric W. Biederman [Wed, 8 Feb 2012 00:27:17 +0000 (16:27 -0800)]
userns: Convert hfsplus to use kuid and kgid where appropriate

Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Convert hfs to use kuid and kgid where appropriate
Eric W. Biederman [Wed, 8 Feb 2012 00:26:59 +0000 (16:26 -0800)]
userns: Convert hfs to use kuid and kgid where appropriate

Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Convert exofs to use kuid/kgid where appropriate
Eric W. Biederman [Fri, 10 Feb 2012 19:11:19 +0000 (11:11 -0800)]
userns: Convert exofs to use kuid/kgid where appropriate

Cc: Benny Halevy <bhalevy@tonian.com>
Acked-by: Boaz Harrosh <bharrosh@panasas.com>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Convert efs to use kuid/kgid where appropriate
Eric W. Biederman [Fri, 10 Feb 2012 19:10:33 +0000 (11:10 -0800)]
userns: Convert efs to use kuid/kgid where appropriate

Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Convert ecryptfs to use kuid/kgid where appropriate
Eric W. Biederman [Wed, 8 Feb 2012 00:24:33 +0000 (16:24 -0800)]
userns: Convert ecryptfs to use kuid/kgid where appropriate

Cc: Tyler Hicks <tyhicks@canonical.com>
Cc: Dustin Kirkland <dustin.kirkland@gazzang.com>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Convert cramfs to use kuid/kgid where appropriate
Eric W. Biederman [Fri, 10 Feb 2012 19:06:08 +0000 (11:06 -0800)]
userns: Convert cramfs to use kuid/kgid where appropriate

Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Convert befs to use kuid/kgid where appropriate
Eric W. Biederman [Fri, 10 Feb 2012 18:51:24 +0000 (10:51 -0800)]
userns: Convert befs to use kuid/kgid where appropriate

Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Convert adfs to use kuid and kgid where appropriate
Eric W. Biederman [Tue, 7 Feb 2012 23:58:38 +0000 (15:58 -0800)]
userns: Convert adfs to use kuid and kgid where appropriate

Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Convert xenfs to use kuid and kgid where appropriate
Eric W. Biederman [Wed, 8 Feb 2012 00:29:19 +0000 (16:29 -0800)]
userns: Convert xenfs to use kuid and kgid where appropriate

Cc: Ian Campbell <ian.campbell@citrix.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Convert hugetlbfs to use kuid/kgid where appropriate
Eric W. Biederman [Wed, 8 Feb 2012 00:19:25 +0000 (16:19 -0800)]
userns: Convert hugetlbfs to use kuid/kgid where appropriate

Note sysctl_hugetlb_shm_group can only be written in the root user
in the initial user namespace, so we can assume sysctl_hugetlb_shm_group
is in the initial user namespace.

Cc: William Irwin <wli@holomorphy.com>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Convert devtmpfs to use GLOBAL_ROOT_UID and GLOBAL_ROOT_GID
Eric W. Biederman [Wed, 25 Apr 2012 11:25:35 +0000 (04:25 -0700)]
userns: Convert devtmpfs to use GLOBAL_ROOT_UID and GLOBAL_ROOT_GID

Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Convert usb functionfs to use kuid/kgid where appropriate
Eric W. Biederman [Thu, 14 Jun 2012 08:19:23 +0000 (01:19 -0700)]
userns: Convert usb functionfs to use kuid/kgid where appropriate

Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Acked-by: Felipe Balbi <balbi@ti.com>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Convert gadgetfs to use kuid and kgid where appropriate
Eric W. Biederman [Wed, 8 Feb 2012 00:32:04 +0000 (16:32 -0800)]
userns: Convert gadgetfs to use kuid and kgid where appropriate

Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Acked-by: Felipe Balbi <balbi@ti.com>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Convert fat to use kuid/kgid where appropriate
Eric W. Biederman [Wed, 8 Feb 2012 00:25:39 +0000 (16:25 -0800)]
userns: Convert fat to use kuid/kgid where appropriate

Acked-by: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Convert quota
Eric W. Biederman [Sun, 16 Sep 2012 12:45:30 +0000 (05:45 -0700)]
userns: Convert quota

Now that the type changes are done, here is the final set of
changes to make the quota code work when user namespaces are enabled.

Small cleanups and fixes to make the code build when user namespaces
are enabled.

Cc: Jan Kara <jack@suse.cz>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
12 years agouserns: Convert struct dquot_warn
Eric W. Biederman [Sun, 16 Sep 2012 11:05:34 +0000 (04:05 -0700)]
userns: Convert struct dquot_warn

Convert w_dq_id to be a struct kquid and remove the now unncessary
w_dq_type.

This is a simple conversion and enough other places have already
been converted that this actually reduces the code complexity
by a little bit, when removing now unnecessary type conversions.

Cc: Jan Kara <jack@suse.cz>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
12 years agouserns: Convert struct dquot dq_id to be a struct kqid
Eric W. Biederman [Sun, 16 Sep 2012 10:56:19 +0000 (03:56 -0700)]
userns: Convert struct dquot dq_id to be a struct kqid

Change struct dquot dq_id to a struct kqid and remove the now
unecessary dq_type.

Make minimal changes to dquot, quota_tree, quota_v1, quota_v2, ext3,
ext4, and ocfs2 to deal with the change in quota structures and
signatures.  The ocfs2 changes are larger than most because of the
extensive tracing throughout the ocfs2 quota code that prints out
dq_id.

quota_tree.c:get_index is modified to take a struct kqid instead of a
qid_t because all of it's callers pass in dquot->dq_id and it allows
me to introduce only a single conversion.

The rest of the changes are either just replacing dq_type with dq_id.type,
adding conversions to deal with the change in type and occassionally
adding qid_eq to allow quota id comparisons in a user namespace safe way.

Cc: Mark Fasheh <mfasheh@suse.com>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Jan Kara <jack@suse.cz>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Andreas Dilger <adilger.kernel@dilger.ca>
Cc: Theodore Tso <tytso@mit.edu>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
12 years agouserns: Modify dqget to take struct kqid
Eric W. Biederman [Sun, 16 Sep 2012 10:11:50 +0000 (03:11 -0700)]
userns: Modify dqget to take struct kqid

Modify dqget to take struct kqid instead of a type and an identifier
pair.

Modify the callers of dqget in ocfs2 and dquot to take generate
a struct kqid so they can continue to call dqget.  The conversion
to create struct kqid should all be the final conversions that
are needed in those code paths.

Cc: Jan Kara <jack@suse.cz>
Cc: Mark Fasheh <mfasheh@suse.com>
Cc: Joel Becker <jlbec@evilplan.org>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
12 years agouserns: Convert quota netlink aka quota_send_warning
Eric W. Biederman [Sun, 16 Sep 2012 09:32:43 +0000 (02:32 -0700)]
userns: Convert quota netlink aka quota_send_warning

Modify quota_send_warning to take struct kqid instead a type and
identifier pair.

When sending netlink broadcasts always convert uids and quota
identifiers into the intial user namespace.  There is as yet no way to
send a netlink broadcast message with different contents to receivers
in different namespaces, so for the time being just map all of the
identifiers into the initial user namespace which preserves the
current behavior.

Change the callers of quota_send_warning in gfs2, xfs and dquot
to generate a struct kqid to pass to quota send warning.  When
all of the user namespaces convesions are complete a struct kqid
values will be availbe without need for conversion, but a conversion
is needed now to avoid needing to convert everything at once.

Cc: Ben Myers <bpm@sgi.com>
Cc: Alex Elder <elder@kernel.org>
Cc: Dave Chinner <david@fromorbit.com>
Cc: Jan Kara <jack@suse.cz>
Cc: Steven Whitehouse <swhiteho@redhat.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
12 years agouserns: Convert qutoactl
Eric W. Biederman [Sun, 16 Sep 2012 09:07:49 +0000 (02:07 -0700)]
userns: Convert qutoactl

Update the quotactl user space interface to successfull compile with
user namespaces support enabled and to hand off quota identifiers to
lower layers of the kernel in struct kqid instead of type and qid
pairs.

The quota on function is not converted because while it takes a quota
type and an id.  The id is the on disk quota format to use, which
is something completely different.

The signature of two struct quotactl_ops methods were changed to take
struct kqid argumetns get_dqblk and set_dqblk.

The dquot, xfs, and ocfs2 implementations of get_dqblk and set_dqblk
are minimally changed so that the code continues to work with
the change in parameter type.

This is the first in a series of changes to always store quota
identifiers in the kernel in struct kqid and only use raw type and qid
values when interacting with on disk structures or userspace.  Always
using struct kqid internally makes it hard to miss places that need
conversion to or from the kernel internal values.

Cc: Jan Kara <jack@suse.cz>
Cc: Dave Chinner <david@fromorbit.com>
Cc: Mark Fasheh <mfasheh@suse.com>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Ben Myers <bpm@sgi.com>
Cc: Alex Elder <elder@kernel.org>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
12 years agouserns: Implement struct kqid
Eric W. Biederman [Sun, 16 Sep 2012 08:11:45 +0000 (01:11 -0700)]
userns: Implement struct kqid

Add the data type struct kqid which holds the kernel internal form of
the owning identifier of a quota.  struct kqid is a replacement for
the implicit union of uid, gid and project id stored in an unsigned
int and the quota type field that is was used in the quota data
structures.  Making the data type explicit allows the kuid_t and
kgid_t type safety to propogate more thoroughly through the code,
revealing more places where uid/gid conversions need be made.

Along with the data type struct kqid comes the helper functions
qid_eq, qid_lt, from_kqid, from_kqid_munged, qid_valid, make_kqid,
make_kqid_invalid, make_kqid_uid, make_kqid_gid.

Cc: Jan Kara <jack@suse.cz>
Cc: Dave Chinner <david@fromorbit.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
12 years agouserns: Add kprojid_t and associated infrastructure in projid.h
Eric W. Biederman [Thu, 30 Aug 2012 08:24:05 +0000 (01:24 -0700)]
userns: Add kprojid_t and associated infrastructure in projid.h

Implement kprojid_t a cousin of the kuid_t and kgid_t.

The per user namespace mapping of project id values can be set with
/proc/<pid>/projid_map.

A full compliment of helpers is provided: make_kprojid, from_kprojid,
from_kprojid_munged, kporjid_has_mapping, projid_valid, projid_eq,
projid_eq, projid_lt.

Project identifiers are part of the generic disk quota interface,
although it appears only xfs implements project identifiers currently.

The xfs code allows anyone who has permission to set the project
identifier on a file to use any project identifier so when
setting up the user namespace project identifier mappings I do
not require a capability.

Cc: Dave Chinner <david@fromorbit.com>
Cc: Jan Kara <jack@suse.cz>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
12 years agouserns: Convert configfs to use kuid and kgid where appropriate
Eric W. Biederman [Wed, 8 Feb 2012 00:28:09 +0000 (16:28 -0800)]
userns: Convert configfs to use kuid and kgid where appropriate

Cc: Joel Becker <jlbec@evilplan.org>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Convert extN to support kuids and kgids in posix acls
Eric W. Biederman [Tue, 11 Sep 2012 03:44:54 +0000 (20:44 -0700)]
userns: Convert extN to support kuids and kgids in posix acls

Convert ext2, ext3, and ext4 to fully support the posix acl changes,
using e_uid e_gid instead e_id.

Enabled building with posix acls enabled, all filesystems supporting
user namespaces, now also support posix acls when user namespaces are enabled.

Cc: Theodore Tso <tytso@mit.edu>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Andreas Dilger <adilger.kernel@dilger.ca>
Cc: Jan Kara <jack@suse.cz>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Pass a userns parameter into posix_acl_to_xattr and posix_acl_from_xattr
Eric W. Biederman [Tue, 11 Sep 2012 03:17:44 +0000 (20:17 -0700)]
userns: Pass a userns parameter into posix_acl_to_xattr and posix_acl_from_xattr

 - Pass the user namespace the uid and gid values in the xattr are stored
   in into posix_acl_from_xattr.

 - Pass the user namespace kuid and kgid values should be converted into
   when storing uid and gid values in an xattr in posix_acl_to_xattr.

- Modify all callers of posix_acl_from_xattr and posix_acl_to_xattr to
  pass in &init_user_ns.

In the short term this change is not strictly needed but it makes the
code clearer.  In the longer term this change is necessary to be able to
mount filesystems outside of the initial user namespace that natively
store posix acls in the linux xattr format.

Cc: Theodore Tso <tytso@mit.edu>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Andreas Dilger <adilger.kernel@dilger.ca>
Cc: Jan Kara <jack@suse.cz>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
12 years agouserns: Convert vfs posix_acl support to use kuids and kgids
Eric W. Biederman [Wed, 8 Feb 2012 02:52:57 +0000 (18:52 -0800)]
userns: Convert vfs posix_acl support to use kuids and kgids

- In setxattr if we are setting a posix acl convert uids and gids from
  the current user namespace into the initial user namespace, before
  the xattrs are passed to the underlying filesystem.

  Untranslatable uids and gids are represented as -1 which
  posix_acl_from_xattr will represent as INVALID_UID or INVALID_GID.
  posix_acl_valid will fail if an acl from userspace has any
  INVALID_UID or INVALID_GID values.  In net this guarantees that
  untranslatable posix acls will not be stored by filesystems.

- In getxattr if we are reading a posix acl convert uids and gids from
  the initial user namespace into the current user namespace.

  Uids and gids that can not be tranlsated into the current user namespace
  will be represented as -1.

- Replace e_id in struct posix_acl_entry with an anymouns union of
  e_uid and e_gid.  For the short term retain the e_id field
  until all of the users are converted.

- Don't set struct posix_acl.e_id in the cases where the acl type
  does not use e_id.  Greatly reducing the use of ACL_UNDEFINED_ID.

- Rework the ordering checks in posix_acl_valid so that I use kuid_t
  and kgid_t types throughout the code, and so that I don't need
  arithmetic on uid and gid types.

Cc: Theodore Tso <tytso@mit.edu>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Andreas Dilger <adilger.kernel@dilger.ca>
Cc: Jan Kara <jack@suse.cz>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Teach trace to use from_kuid
Eric W. Biederman [Tue, 13 Mar 2012 23:02:19 +0000 (16:02 -0700)]
userns: Teach trace to use from_kuid

- When tracing capture the kuid.
- When displaying the data to user space convert the kuid into the
  user namespace of the process that opened the report file.

Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Ingo Molnar <mingo@redhat.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Convert bsd process accounting to use kuid and kgid where appropriate
Eric W. Biederman [Wed, 8 Feb 2012 00:54:50 +0000 (16:54 -0800)]
userns: Convert bsd process accounting to use kuid and kgid where appropriate

BSD process accounting conveniently passes the file the accounting
records will be written into to do_acct_process.  The file credentials
captured the user namespace of the opener of the file.  Use the file
credentials to format the uid and the gid of the current process into
the user namespace of the user that started the bsd process
accounting.

Cc: Pavel Emelyanov <xemul@openvz.org>
Reviewed-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Convert taskstats to handle the user and pid namespaces.
Eric W. Biederman [Wed, 8 Feb 2012 01:56:49 +0000 (17:56 -0800)]
userns: Convert taskstats to handle the user and pid namespaces.

- Explicitly limit exit task stat broadcast to the initial user and
  pid namespaces, as it is already limited to the initial network
  namespace.

- For broadcast task stats explicitly generate all of the idenitiers
  in terms of the initial user namespace and the initial pid
  namespace.

- For request stats report them in terms of the current user namespace
  and the current pid namespace.  Netlink messages are delivered
  syncrhonously to the kernel allowing us to get the user namespace
  and the pid namespace from the current task.

- Pass the namespaces for representing pids and uids and gids
  into bacct_add_task.

Cc: Balbir Singh <bsingharora@gmail.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Convert audit to work with user namespaces enabled
Eric W. Biederman [Wed, 8 Feb 2012 00:53:48 +0000 (16:53 -0800)]
userns: Convert audit to work with user namespaces enabled

- Explicitly format uids gids in audit messges in the initial user
  namespace. This is safe because auditd is restrected to be in
  the initial user namespace.

- Convert audit_sig_uid into a kuid_t.

- Enable building the audit code and user namespaces at the same time.

The net result is that the audit subsystem now uses kuid_t and kgid_t whenever
possible making it almost impossible to confuse a raw uid_t with a kuid_t
preventing bugs.

Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Eric Paris <eparis@redhat.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Convert the audit loginuid to be a kuid
Eric W. Biederman [Tue, 11 Sep 2012 05:39:43 +0000 (22:39 -0700)]
userns: Convert the audit loginuid  to be a kuid

Always store audit loginuids in type kuid_t.

Print loginuids by converting them into uids in the appropriate user
namespace, and then printing the resulting uid.

Modify audit_get_loginuid to return a kuid_t.

Modify audit_set_loginuid to take a kuid_t.

Modify /proc/<pid>/loginuid on read to convert the loginuid into the
user namespace of the opener of the file.

Modify /proc/<pid>/loginud on write to convert the loginuid
rom the user namespace of the opener of the file.

Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Eric Paris <eparis@redhat.com>
Cc: Paul Moore <paul@paul-moore.com> ?
Cc: David Miller <davem@davemloft.net>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agoaudit: Add typespecific uid and gid comparators
Eric W. Biederman [Tue, 11 Sep 2012 09:18:08 +0000 (02:18 -0700)]
audit: Add typespecific uid and gid comparators

The audit filter code guarantees that uid are always compared with
uids and gids are always compared with gids, as the comparason
operations are type specific.  Take advantage of this proper to define
audit_uid_comparator and audit_gid_comparator which use the type safe
comparasons from uidgid.h.

Build on audit_uid_comparator and audit_gid_comparator and replace
audit_compare_id with audit_compare_uid and audit_compare_gid.  This
is one of those odd cases where being type safe and duplicating code
leads to simpler shorter and more concise code.

Don't allow bitmask operations in uid and gid comparisons in
audit_data_to_entry.  Bitmask operations are already denined in
audit_rule_to_entry.

Convert constants in audit_rule_to_entry and audit_data_to_entry into
kuids and kgids when appropriate.

Convert the uid and gid field in struct audit_names to be of type
kuid_t and kgid_t respectively, so that the new uid and gid comparators
can be applied in a type safe manner.

Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Eric Paris <eparis@redhat.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
12 years agoaudit: Don't pass pid or uid to audit_log_common_recv_msg
Eric W. Biederman [Tue, 11 Sep 2012 07:24:49 +0000 (00:24 -0700)]
audit: Don't pass pid or uid to audit_log_common_recv_msg

The only place we use the uid and the pid that we calculate in
audit_receive_msg is in audit_log_common_recv_msg so move the
calculation of these values into the audit_log_common_recv_msg.

Simplify the calcuation of the current pid and uid by
reading them from current instead of reading them from
NETLINK_CREDS.

Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Eric Paris <eparis@redhat.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
12 years agoaudit: Remove the unused uid parameter from audit_receive_filter
Eric W. Biederman [Tue, 11 Sep 2012 07:19:06 +0000 (00:19 -0700)]
audit: Remove the unused uid parameter from audit_receive_filter

Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Eric Paris <eparis@redhat.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
12 years agoaudit: Properly set the origin port id of audit messages.
Eric W. Biederman [Tue, 11 Sep 2012 07:12:29 +0000 (00:12 -0700)]
audit: Properly set the origin port id of audit messages.

For user generated audit messages set the portid field in the netlink
header to the netlink port where the user generated audit message came
from.  Reporting the process id in a port id field was just nonsense.

Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Eric Paris <eparis@redhat.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
12 years agoaudit: Simply AUDIT_TTY_SET and AUDIT_TTY_GET
Eric W. Biederman [Tue, 11 Sep 2012 06:43:14 +0000 (23:43 -0700)]
audit: Simply AUDIT_TTY_SET and AUDIT_TTY_GET

Use current instead of looking up the current up the current task by
process identifier.  Netlink requests are processed in trhe context of
the sending task so this is safe.

Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Eric Paris <eparis@redhat.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
12 years agoaudit: kill audit_prepare_user_tty
Eric W. Biederman [Tue, 11 Sep 2012 06:31:17 +0000 (23:31 -0700)]
audit: kill audit_prepare_user_tty

Now that netlink messages are processed in the context of the sender
tty_audit_push_task can be called directly and audit_prepare_user_tty
which only added looking up the task of the tty by process id is
not needed.

Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Eric Paris <eparis@redhat.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
12 years agoaudit: Use current instead of NETLINK_CREDS() in audit_filter
Eric W. Biederman [Tue, 11 Sep 2012 06:10:16 +0000 (23:10 -0700)]
audit: Use current instead of NETLINK_CREDS() in audit_filter

Get caller process uid and gid and pid values from the current task
instead of the NETLINK_CB.  This is simpler than passing NETLINK_CREDS
from from audit_receive_msg to audit_filter_user_rules and avoid the
chance of being hit by the occassional bugs in netlink uid/gid
credential passing.  This is a safe changes because all netlink
requests are processed in the task of the sending process.

Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Eric Paris <eparis@redhat.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
12 years agoaudit: Limit audit requests to processes in the initial pid and user namespaces.
Eric W. Biederman [Tue, 11 Sep 2012 06:20:20 +0000 (23:20 -0700)]
audit: Limit audit requests to processes in the initial pid and user namespaces.

This allows the code to safely make the assumption that all of the
uids gids and pids that need to be send in audit messages are in the
initial namespaces.

If someone cares we may lift this restriction someday but start with
limiting access so at least the code is always correct.

Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Eric Paris <eparis@redhat.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
12 years agouserns: net: Call key_alloc with GLOBAL_ROOT_UID, GLOBAL_ROOT_GID instead of 0, 0
Eric W. Biederman [Fri, 25 May 2012 22:37:54 +0000 (16:37 -0600)]
userns: net: Call key_alloc with GLOBAL_ROOT_UID, GLOBAL_ROOT_GID instead of 0, 0

In net/dns_resolver/dns_key.c and net/rxrpc/ar-key.c make them
work with user namespaces enabled where key_alloc takes kuids and kgids.
Pass GLOBAL_ROOT_UID and GLOBAL_ROOT_GID instead of bare 0's.

Cc: Sage Weil <sage@inktank.com>
Cc: ceph-devel@vger.kernel.org
Cc: David Howells <dhowells@redhat.com>
Cc: David Miller <davem@davemloft.net>
Cc: linux-afs@lists.infradead.org
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Convert security/keys to the new userns infrastructure
Eric W. Biederman [Wed, 8 Feb 2012 15:53:04 +0000 (07:53 -0800)]
userns: Convert security/keys to the new userns infrastructure

- Replace key_user ->user_ns equality checks with kuid_has_mapping checks.
- Use from_kuid to generate key descriptions
- Use kuid_t and kgid_t and the associated helpers instead of uid_t and gid_t
- Avoid potential problems with file descriptor passing by displaying
  keys in the user namespace of the opener of key status proc files.

Cc: linux-security-module@vger.kernel.org
Cc: keyrings@linux-nfs.org
Cc: David Howells <dhowells@redhat.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Convert drm to use kuid and kgid and struct pid where appropriate
Eric W. Biederman [Wed, 8 Feb 2012 00:47:26 +0000 (16:47 -0800)]
userns: Convert drm to use kuid and kgid and struct pid where appropriate

Blink Blink this had not been converted to use struct pid ages ago?

- On drm open capture the openers kuid and struct pid.
- On drm close release the kuid and struct pid
- When reporting the uid and pid convert the kuid and struct pid
  into values in the appropriate namespace.

Cc: dri-devel@lists.freedesktop.org
Acked-by: Dave Airlie <airlied@redhat.com>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Convert ipc to use kuid and kgid where appropriate
Eric W. Biederman [Wed, 8 Feb 2012 00:54:11 +0000 (16:54 -0800)]
userns: Convert ipc to use kuid and kgid where appropriate

- Store the ipc owner and creator with a kuid
- Store the ipc group and the crators group with a kgid.
- Add error handling to ipc_update_perms, allowing it to
  fail if the uids and gids can not be converted to kuids
  or kgids.
- Modify the proc files to display the ipc creator and
  owner in the user namespace of the opener of the proc file.

Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Convert process event connector to handle kuids and kgids
Eric W. Biederman [Wed, 8 Feb 2012 00:48:16 +0000 (16:48 -0800)]
userns: Convert process event connector to handle kuids and kgids

- Only allow asking for events from the initial user and pid namespace,
  where we generate the events in.

- Convert kuids and kgids into the initial user namespace to report
  them via the process event connector.

Cc: David Miller <davem@davemloft.net>
Acked-by: Evgeniy Polyakov <zbr@ioremap.net>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Convert debugfs to use kuid/kgid where appropriate.
Eric W. Biederman [Tue, 3 Apr 2012 21:01:31 +0000 (14:01 -0700)]
userns: Convert debugfs to use kuid/kgid where appropriate.

Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Make credential debugging user namespace safe.
Eric W. Biederman [Tue, 24 Apr 2012 00:06:34 +0000 (17:06 -0700)]
userns: Make credential debugging user namespace safe.

Cc: David Howells <dhowells@redhat.com>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Enable building of pf_key sockets when user namespace support is enabled.
Eric W. Biederman [Thu, 16 Aug 2012 00:46:22 +0000 (17:46 -0700)]
userns: Enable building of pf_key sockets when user namespace support is enabled.

Enable building of pf_key sockets and user namespace support at the
same time.  This combination builds successfully so there is no reason
to forbid it.

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
12 years agoipv6: move dereference after check in fl_free()
Dan Carpenter [Thu, 16 Aug 2012 13:15:02 +0000 (16:15 +0300)]
ipv6: move dereference after check in fl_free()

There is a dereference before checking for NULL bug here.  Generally
free() functions should accept NULL pointers.  For example, fl_create()
can pass a NULL pointer to fl_free() on the error path.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Convert tun/tap to use kuid and kgid where appropriate
Eric W. Biederman [Wed, 8 Feb 2012 00:48:55 +0000 (16:48 -0800)]
userns: Convert tun/tap to use kuid and kgid where appropriate

Cc: Maxim Krasnyansky <maxk@qualcomm.com>
Acked-by: David S. Miller <davem@davemloft.net>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Make the airo wireless driver use kuids for proc uids and gids
Eric W. Biederman [Fri, 10 Feb 2012 22:01:03 +0000 (14:01 -0800)]
userns: Make the airo wireless driver use kuids for proc uids and gids

Cc: Dan Carpenter <dan.carpenter@oracle.com>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: John W. Linville <linville@tuxdriver.com>
Acked-by: David S. Miller <davem@davemloft.net>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: xt_owner: Add basic user namespace support.
Eric W. Biederman [Fri, 3 Feb 2012 01:33:59 +0000 (17:33 -0800)]
userns: xt_owner: Add basic user namespace support.

- Only allow adding matches from the initial user namespace
- Add the appropriate conversion functions to handle matches
  against sockets in other user namespaces.

Cc: Jan Engelhardt <jengelh@medozas.de>
Cc: Patrick McHardy <kaber@trash.net>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>
Acked-by: David S. Miller <davem@davemloft.net>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns xt_recent: Specify the owner/group of ip_list_perms in the initial user namespace
Eric W. Biederman [Fri, 25 May 2012 22:26:52 +0000 (16:26 -0600)]
userns xt_recent: Specify the owner/group of ip_list_perms in the initial user namespace

xt_recent creates a bunch of proc files and initializes their uid
and gids to the values of ip_list_uid and ip_list_gid.  When
initialize those proc files convert those values to kuids so they
can continue to reside on the /proc inode.

Cc: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: Patrick McHardy <kaber@trash.net>
Cc: Jan Engelhardt <jengelh@medozas.de>
Acked-by: David S. Miller <davem@davemloft.net>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Convert xt_LOG to print socket kuids and kgids as uids and gids
Eric W. Biederman [Fri, 25 May 2012 21:50:59 +0000 (15:50 -0600)]
userns: Convert xt_LOG to print socket kuids and kgids as uids and gids

xt_LOG always writes messages via sb_add via printk.  Therefore when
xt_LOG logs the uid and gid of a socket a packet came from the
values should be converted to be in the initial user namespace.

Thus making xt_LOG as user namespace safe as possible.

Cc: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: Patrick McHardy <kaber@trash.net>
Acked-by: David S. Miller <davem@davemloft.net>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Convert cls_flow to work with user namespaces enabled
Eric W. Biederman [Fri, 25 May 2012 19:49:36 +0000 (13:49 -0600)]
userns: Convert cls_flow to work with user namespaces enabled

The flow classifier can use uids and gids of the sockets that
are transmitting packets and do insert those uids and gids
into the packet classification calcuation.  I don't fully
understand the details but it appears that we can depend
on specific uids and gids when making traffic classification
decisions.

To work with user namespaces enabled map from kuids and kgids
into uids and gids in the initial user namespace giving raw
integer values the code can play with and depend on.

To avoid issues of userspace depending on uids and gids in
packet classifiers installed from other user namespaces
and getting confused deny all packet classifiers that
use uids or gids that are not comming from a netlink socket
in the initial user namespace.

Cc: Patrick McHardy <kaber@trash.net>
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Jamal Hadi Salim <jhs@mojatatu.com>
Cc: Changli Gao <xiaosuo@gmail.com>
Acked-by: David S. Miller <davem@davemloft.net>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agonet sched: Pass the skb into change so it can access NETLINK_CB
Eric W. Biederman [Fri, 25 May 2012 19:42:45 +0000 (13:42 -0600)]
net sched: Pass the skb into change so it can access NETLINK_CB

cls_flow.c plays with uids and gids.  Unless I misread that
code it is possible for classifiers to depend on the specific uid and
gid values.  Therefore I need to know the user namespace of the
netlink socket that is installing the packet classifiers.  Pass
in the rtnetlink skb so I can access the NETLINK_CB of the passed
packet.  In particular I want access to sk_user_ns(NETLINK_CB(in_skb).ssk).

Pass in not the user namespace but the incomming rtnetlink skb into
the the classifier change routines as that is generally the more useful
parameter.

Cc: Jamal Hadi Salim <jhs@mojatatu.com>
Acked-by: David S. Miller <davem@davemloft.net>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: nfnetlink_log: Report socket uids in the log sockets user namespace
Eric W. Biederman [Fri, 25 May 2012 16:42:54 +0000 (10:42 -0600)]
userns: nfnetlink_log: Report socket uids in the log sockets user namespace

At logging instance creation capture the peer netlink socket's user
namespace. Use the captured peer user namespace when reporting socket
uids to the peer.

The peer socket's user namespace is guaranateed to be valid until the user
closes the netlink socket.  nfnetlink_log removes instances during the final
close of a socket.  __build_packet_message does not get called after an
instance is destroyed.   Therefore it is safe to let the peer netlink socket
take care of the user namespace reference counting for us.

Acked-by: David S. Miller <davem@davemloft.net>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Teach inet_diag to work with user namespaces
Eric W. Biederman [Thu, 24 May 2012 23:58:08 +0000 (17:58 -0600)]
userns: Teach inet_diag to work with user namespaces

Compute the user namespace of the socket that we are replying to
and translate the kuids of reported sockets into that user namespace.

Cc: Andrew Vagin <avagin@openvz.org>
Acked-by: David S. Miller <davem@davemloft.net>
Acked-by: Pavel Emelyanov <xemul@parallels.com>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Implement sk_user_ns
Eric W. Biederman [Thu, 24 May 2012 23:56:43 +0000 (17:56 -0600)]
userns: Implement sk_user_ns

Add a helper sk_user_ns to make it easy to find the user namespace
of the process that opened a socket.

Acked-by: David S. Miller <davem@davemloft.net>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agonetlink: Make the sending netlink socket availabe in NETLINK_CB
Eric W. Biederman [Thu, 24 May 2012 23:21:27 +0000 (17:21 -0600)]
netlink: Make the sending netlink socket availabe in NETLINK_CB

The sending socket of an skb is already available by it's port id
in the NETLINK_CB.  If you want to know more like to examine the
credentials on the sending socket you have to look up the sending
socket by it's port id and all of the needed functions and data
structures are static inside of af_netlink.c.  So do the simple
thing and pass the sending socket to the receivers in the NETLINK_CB.

I intend to use this to get the user namespace of the sending socket
in inet_diag so that I can report uids in the context of the process
who opened the socket, the same way I report uids in the contect
of the process who opens files.

Acked-by: David S. Miller <davem@davemloft.net>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Convert net/ax25 to use kuid_t where appropriate
Eric W. Biederman [Thu, 24 May 2012 18:55:00 +0000 (12:55 -0600)]
userns: Convert net/ax25 to use kuid_t where appropriate

Cc: Ralf Baechle <ralf@linux-mips.org>
Acked-by: David S. Miller <davem@davemloft.net>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agopidns: Export free_pid_ns
Eric W. Biederman [Sat, 4 Aug 2012 02:11:22 +0000 (19:11 -0700)]
pidns: Export free_pid_ns

There is a least one modular user so export free_pid_ns so modules can
capture and use the pid namespace on the very rare occasion when it
makes sense.

Acked-by: David S. Miller <davem@davemloft.net>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
12 years agonet ip6 flowlabel: Make owner a union of struct pid * and kuid_t
Eric W. Biederman [Thu, 24 May 2012 16:37:59 +0000 (10:37 -0600)]
net ip6 flowlabel: Make owner a union of struct pid * and kuid_t

Correct a long standing omission and use struct pid in the owner
field of struct ip6_flowlabel when the share type is IPV6_FL_S_PROCESS.
This guarantees we don't have issues when pid wraparound occurs.

Use a kuid_t in the owner field of struct ip6_flowlabel when the
share type is IPV6_FL_S_USER to add user namespace support.

In /proc/net/ip6_flowlabel capture the current pid namespace when
opening the file and release the pid namespace when the file is
closed ensuring we print the pid owner value that is meaning to
the reader of the file.  Similarly use from_kuid_munged to print
uid values that are meaningful to the reader of the file.

This requires exporting pid_nr_ns so that ipv6 can continue to built
as a module.  Yoiks what silliness

Acked-by: David S. Miller <davem@davemloft.net>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Use kgids for sysctl_ping_group_range
Eric W. Biederman [Thu, 24 May 2012 16:34:21 +0000 (10:34 -0600)]
userns: Use kgids for sysctl_ping_group_range

- Store sysctl_ping_group_range as a paire of kgid_t values
  instead of a pair of gid_t values.
- Move the kgid conversion work from ping_init_sock into ipv4_ping_group_range
- For invalid cases reset to the default disabled state.

With the kgid_t conversion made part of the original value sanitation
from userspace understand how the code will react becomes clearer
and it becomes possible to set the sysctl ping group range from
something other than the initial user namespace.

Cc: Vasiliy Kulikov <segoon@openwall.com>
Acked-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Print out socket uids in a user namespace aware fashion.
Eric W. Biederman [Thu, 24 May 2012 07:10:10 +0000 (01:10 -0600)]
userns: Print out socket uids in a user namespace aware fashion.

Cc: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
Cc: James Morris <jmorris@namei.org>
Cc: Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>
Cc: Patrick McHardy <kaber@trash.net>
Cc: Arnaldo Carvalho de Melo <acme@ghostprotocols.net>
Cc: Sridhar Samudrala <sri@us.ibm.com>
Acked-by: Vlad Yasevich <vyasevich@gmail.com>
Acked-by: David S. Miller <davem@davemloft.net>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Make seq_file's user namespace accessible
Eric W. Biederman [Thu, 24 May 2012 00:01:20 +0000 (18:01 -0600)]
userns: Make seq_file's user namespace accessible

struct file already has a user namespace associated with it
in file->f_cred->user_ns, unfortunately because struct
seq_file has no struct file backpointer associated with
it, it is difficult to get at the user namespace in seq_file
context.  Therefore add a helper function seq_user_ns to return
the associated user namespace and a user_ns field to struct
seq_file to be used in implementing seq_user_ns.

Cc: Al Viro <viro@ZenIV.linux.org.uk>
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Cc: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Acked-by: David S. Miller <davem@davemloft.net>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Allow USER_NS and NET simultaneously in Kconfig
Eric W. Biederman [Wed, 23 May 2012 23:33:47 +0000 (17:33 -0600)]
userns: Allow USER_NS and NET simultaneously in Kconfig

Now that the networking core is user namespace safe allow
networking and user namespaces to be built at the same time.

Acked-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Convert sock_i_uid to return a kuid_t
Eric W. Biederman [Wed, 23 May 2012 23:16:53 +0000 (17:16 -0600)]
userns: Convert sock_i_uid to return a kuid_t

Acked-by: David S. Miller <davem@davemloft.net>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Convert __dev_set_promiscuity to use kuids in audit logs
Eric W. Biederman [Wed, 23 May 2012 23:01:57 +0000 (17:01 -0600)]
userns: Convert __dev_set_promiscuity to use kuids in audit logs

Cc: Klaus Heinrich Kiwi <klausk@br.ibm.com>
Cc: Eric Paris <eparis@redhat.com>
Acked-by: David S. Miller <davem@davemloft.net>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
12 years agouserns: Convert net/core/scm.c to use kuids and kgids
Eric W. Biederman [Wed, 23 May 2012 22:39:45 +0000 (16:39 -0600)]
userns: Convert net/core/scm.c to use kuids and kgids

With the existence of kuid_t and kgid_t we can take this further
and remove the usage of struct cred altogether, ensuring we
don't get cache line misses from reference counts.   For now
however start simply and do a straight forward conversion
I can be certain is correct.

In cred_to_ucred use from_kuid_munged and from_kgid_munged
as these values are going directly to userspace and we want to use
the userspace safe values not -1 when reporting a value that does not
map.  The earlier conversion that used from_kuid was buggy in that
respect.  Oops.

Cc: Eric Dumazet <eric.dumazet@gmail.com>
Acked-by: David S. Miller <davem@davemloft.net>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
12 years agouserns: Fix link restrictions to use uid_eq
Eric W. Biederman [Fri, 3 Aug 2012 16:38:08 +0000 (09:38 -0700)]
userns:  Fix link restrictions to use uid_eq

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>