projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
raid6/test: replace echo -e with printf
[deliverable/linux.git] / kernel / user_namespace.c
1 /*
2 * This program is free software; you can redistribute it and/or
3 * modify it under the terms of the GNU General Public License as
4 * published by the Free Software Foundation, version 2 of the
5 * License.
6 */
7
8 #include <linux/export.h>
9 #include <linux/nsproxy.h>
10 #include <linux/slab.h>
11 #include <linux/user_namespace.h>
12 #include <linux/proc_ns.h>
13 #include <linux/highuid.h>
14 #include <linux/cred.h>
15 #include <linux/securebits.h>
16 #include <linux/keyctl.h>
17 #include <linux/key-type.h>
18 #include <keys/user-type.h>
19 #include <linux/seq_file.h>
20 #include <linux/fs.h>
21 #include <linux/uaccess.h>
22 #include <linux/ctype.h>
23 #include <linux/projid.h>
24 #include <linux/fs_struct.h>
25
26 static struct kmem_cache *user_ns_cachep __read_mostly;
27
28 static bool new_idmap_permitted(const struct file *file,
29 struct user_namespace *ns, int cap_setid,
30 struct uid_gid_map *map);
31
32 static void set_cred_user_ns(struct cred *cred, struct user_namespace *user_ns)
33 {
34 /* Start with the same capabilities as init but useless for doing
35 * anything as the capabilities are bound to the new user namespace.
36 */
37 cred->securebits = SECUREBITS_DEFAULT;
38 cred->cap_inheritable = CAP_EMPTY_SET;
39 cred->cap_permitted = CAP_FULL_SET;
40 cred->cap_effective = CAP_FULL_SET;
41 cred->cap_bset = CAP_FULL_SET;
42 #ifdef CONFIG_KEYS
43 key_put(cred->request_key_auth);
44 cred->request_key_auth = NULL;
45 #endif
46 /* tgcred will be cleared in our caller bc CLONE_THREAD won't be set */
47 cred->user_ns = user_ns;
48 }
49
50 /*
51 * Create a new user namespace, deriving the creator from the user in the
52 * passed credentials, and replacing that user with the new root user for the
53 * new namespace.
54 *
55 * This is called by copy_creds(), which will finish setting the target task's
56 * credentials.
57 */
58 int create_user_ns(struct cred *new)
59 {
60 struct user_namespace *ns, *parent_ns = new->user_ns;
61 kuid_t owner = new->euid;
62 kgid_t group = new->egid;
63 int ret;
64
65 if (parent_ns->level > 32)
66 return -EUSERS;
67
68 /*
69 * Verify that we can not violate the policy of which files
70 * may be accessed that is specified by the root directory,
71 * by verifing that the root directory is at the root of the
72 * mount namespace which allows all files to be accessed.
73 */
74 if (current_chrooted())
75 return -EPERM;
76
77 /* The creator needs a mapping in the parent user namespace
78 * or else we won't be able to reasonably tell userspace who
79 * created a user_namespace.
80 */
81 if (!kuid_has_mapping(parent_ns, owner) ||
82 !kgid_has_mapping(parent_ns, group))
83 return -EPERM;
84
85 ns = kmem_cache_zalloc(user_ns_cachep, GFP_KERNEL);
86 if (!ns)
87 return -ENOMEM;
88
89 ret = proc_alloc_inum(&ns->proc_inum);
90 if (ret) {
91 kmem_cache_free(user_ns_cachep, ns);
92 return ret;
93 }
94
95 atomic_set(&ns->count, 1);
96 /* Leave the new->user_ns reference with the new user namespace. */
97 ns->parent = parent_ns;
98 ns->level = parent_ns->level + 1;
99 ns->owner = owner;
100 ns->group = group;
101
102 set_cred_user_ns(new, ns);
103
104 update_mnt_policy(ns);
105
106 return 0;
107 }
108
109 int unshare_userns(unsigned long unshare_flags, struct cred **new_cred)
110 {
111 struct cred *cred;
112 int err = -ENOMEM;
113
114 if (!(unshare_flags & CLONE_NEWUSER))
115 return 0;
116
117 cred = prepare_creds();
118 if (cred) {
119 err = create_user_ns(cred);
120 if (err)
121 put_cred(cred);
122 else
123 *new_cred = cred;
124 }
125
126 return err;
127 }
128
129 void free_user_ns(struct user_namespace *ns)
130 {
131 struct user_namespace *parent;
132
133 do {
134 parent = ns->parent;
135 proc_free_inum(ns->proc_inum);
136 kmem_cache_free(user_ns_cachep, ns);
137 ns = parent;
138 } while (atomic_dec_and_test(&parent->count));
139 }
140 EXPORT_SYMBOL(free_user_ns);
141
142 static u32 map_id_range_down(struct uid_gid_map *map, u32 id, u32 count)
143 {
144 unsigned idx, extents;
145 u32 first, last, id2;
146
147 id2 = id + count - 1;
148
149 /* Find the matching extent */
150 extents = map->nr_extents;
151 smp_read_barrier_depends();
152 for (idx = 0; idx < extents; idx++) {
153 first = map->extent[idx].first;
154 last = first + map->extent[idx].count - 1;
155 if (id >= first && id <= last &&
156 (id2 >= first && id2 <= last))
157 break;
158 }
159 /* Map the id or note failure */
160 if (idx < extents)
161 id = (id - first) + map->extent[idx].lower_first;
162 else
163 id = (u32) -1;
164
165 return id;
166 }
167
168 static u32 map_id_down(struct uid_gid_map *map, u32 id)
169 {
170 unsigned idx, extents;
171 u32 first, last;
172
173 /* Find the matching extent */
174 extents = map->nr_extents;
175 smp_read_barrier_depends();
176 for (idx = 0; idx < extents; idx++) {
177 first = map->extent[idx].first;
178 last = first + map->extent[idx].count - 1;
179 if (id >= first && id <= last)
180 break;
181 }
182 /* Map the id or note failure */
183 if (idx < extents)
184 id = (id - first) + map->extent[idx].lower_first;
185 else
186 id = (u32) -1;
187
188 return id;
189 }
190
191 static u32 map_id_up(struct uid_gid_map *map, u32 id)
192 {
193 unsigned idx, extents;
194 u32 first, last;
195
196 /* Find the matching extent */
197 extents = map->nr_extents;
198 smp_read_barrier_depends();
199 for (idx = 0; idx < extents; idx++) {
200 first = map->extent[idx].lower_first;
201 last = first + map->extent[idx].count - 1;
202 if (id >= first && id <= last)
203 break;
204 }
205 /* Map the id or note failure */
206 if (idx < extents)
207 id = (id - first) + map->extent[idx].first;
208 else
209 id = (u32) -1;
210
211 return id;
212 }
213
214 /**
215 * make_kuid - Map a user-namespace uid pair into a kuid.
216 * @ns: User namespace that the uid is in
217 * @uid: User identifier
218 *
219 * Maps a user-namespace uid pair into a kernel internal kuid,
220 * and returns that kuid.
221 *
222 * When there is no mapping defined for the user-namespace uid
223 * pair INVALID_UID is returned. Callers are expected to test
224 * for and handle handle INVALID_UID being returned. INVALID_UID
225 * may be tested for using uid_valid().
226 */
227 kuid_t make_kuid(struct user_namespace *ns, uid_t uid)
228 {
229 /* Map the uid to a global kernel uid */
230 return KUIDT_INIT(map_id_down(&ns->uid_map, uid));
231 }
232 EXPORT_SYMBOL(make_kuid);
233
234 /**
235 * from_kuid - Create a uid from a kuid user-namespace pair.
236 * @targ: The user namespace we want a uid in.
237 * @kuid: The kernel internal uid to start with.
238 *
239 * Map @kuid into the user-namespace specified by @targ and
240 * return the resulting uid.
241 *
242 * There is always a mapping into the initial user_namespace.
243 *
244 * If @kuid has no mapping in @targ (uid_t)-1 is returned.
245 */
246 uid_t from_kuid(struct user_namespace *targ, kuid_t kuid)
247 {
248 /* Map the uid from a global kernel uid */
249 return map_id_up(&targ->uid_map, __kuid_val(kuid));
250 }
251 EXPORT_SYMBOL(from_kuid);
252
253 /**
254 * from_kuid_munged - Create a uid from a kuid user-namespace pair.
255 * @targ: The user namespace we want a uid in.
256 * @kuid: The kernel internal uid to start with.
257 *
258 * Map @kuid into the user-namespace specified by @targ and
259 * return the resulting uid.
260 *
261 * There is always a mapping into the initial user_namespace.
262 *
263 * Unlike from_kuid from_kuid_munged never fails and always
264 * returns a valid uid. This makes from_kuid_munged appropriate
265 * for use in syscalls like stat and getuid where failing the
266 * system call and failing to provide a valid uid are not an
267 * options.
268 *
269 * If @kuid has no mapping in @targ overflowuid is returned.
270 */
271 uid_t from_kuid_munged(struct user_namespace *targ, kuid_t kuid)
272 {
273 uid_t uid;
274 uid = from_kuid(targ, kuid);
275
276 if (uid == (uid_t) -1)
277 uid = overflowuid;
278 return uid;
279 }
280 EXPORT_SYMBOL(from_kuid_munged);
281
282 /**
283 * make_kgid - Map a user-namespace gid pair into a kgid.
284 * @ns: User namespace that the gid is in
285 * @uid: group identifier
286 *
287 * Maps a user-namespace gid pair into a kernel internal kgid,
288 * and returns that kgid.
289 *
290 * When there is no mapping defined for the user-namespace gid
291 * pair INVALID_GID is returned. Callers are expected to test
292 * for and handle INVALID_GID being returned. INVALID_GID may be
293 * tested for using gid_valid().
294 */
295 kgid_t make_kgid(struct user_namespace *ns, gid_t gid)
296 {
297 /* Map the gid to a global kernel gid */
298 return KGIDT_INIT(map_id_down(&ns->gid_map, gid));
299 }
300 EXPORT_SYMBOL(make_kgid);
301
302 /**
303 * from_kgid - Create a gid from a kgid user-namespace pair.
304 * @targ: The user namespace we want a gid in.
305 * @kgid: The kernel internal gid to start with.
306 *
307 * Map @kgid into the user-namespace specified by @targ and
308 * return the resulting gid.
309 *
310 * There is always a mapping into the initial user_namespace.
311 *
312 * If @kgid has no mapping in @targ (gid_t)-1 is returned.
313 */
314 gid_t from_kgid(struct user_namespace *targ, kgid_t kgid)
315 {
316 /* Map the gid from a global kernel gid */
317 return map_id_up(&targ->gid_map, __kgid_val(kgid));
318 }
319 EXPORT_SYMBOL(from_kgid);
320
321 /**
322 * from_kgid_munged - Create a gid from a kgid user-namespace pair.
323 * @targ: The user namespace we want a gid in.
324 * @kgid: The kernel internal gid to start with.
325 *
326 * Map @kgid into the user-namespace specified by @targ and
327 * return the resulting gid.
328 *
329 * There is always a mapping into the initial user_namespace.
330 *
331 * Unlike from_kgid from_kgid_munged never fails and always
332 * returns a valid gid. This makes from_kgid_munged appropriate
333 * for use in syscalls like stat and getgid where failing the
334 * system call and failing to provide a valid gid are not options.
335 *
336 * If @kgid has no mapping in @targ overflowgid is returned.
337 */
338 gid_t from_kgid_munged(struct user_namespace *targ, kgid_t kgid)
339 {
340 gid_t gid;
341 gid = from_kgid(targ, kgid);
342
343 if (gid == (gid_t) -1)
344 gid = overflowgid;
345 return gid;
346 }
347 EXPORT_SYMBOL(from_kgid_munged);
348
349 /**
350 * make_kprojid - Map a user-namespace projid pair into a kprojid.
351 * @ns: User namespace that the projid is in
352 * @projid: Project identifier
353 *
354 * Maps a user-namespace uid pair into a kernel internal kuid,
355 * and returns that kuid.
356 *
357 * When there is no mapping defined for the user-namespace projid
358 * pair INVALID_PROJID is returned. Callers are expected to test
359 * for and handle handle INVALID_PROJID being returned. INVALID_PROJID
360 * may be tested for using projid_valid().
361 */
362 kprojid_t make_kprojid(struct user_namespace *ns, projid_t projid)
363 {
364 /* Map the uid to a global kernel uid */
365 return KPROJIDT_INIT(map_id_down(&ns->projid_map, projid));
366 }
367 EXPORT_SYMBOL(make_kprojid);
368
369 /**
370 * from_kprojid - Create a projid from a kprojid user-namespace pair.
371 * @targ: The user namespace we want a projid in.
372 * @kprojid: The kernel internal project identifier to start with.
373 *
374 * Map @kprojid into the user-namespace specified by @targ and
375 * return the resulting projid.
376 *
377 * There is always a mapping into the initial user_namespace.
378 *
379 * If @kprojid has no mapping in @targ (projid_t)-1 is returned.
380 */
381 projid_t from_kprojid(struct user_namespace *targ, kprojid_t kprojid)
382 {
383 /* Map the uid from a global kernel uid */
384 return map_id_up(&targ->projid_map, __kprojid_val(kprojid));
385 }
386 EXPORT_SYMBOL(from_kprojid);
387
388 /**
389 * from_kprojid_munged - Create a projiid from a kprojid user-namespace pair.
390 * @targ: The user namespace we want a projid in.
391 * @kprojid: The kernel internal projid to start with.
392 *
393 * Map @kprojid into the user-namespace specified by @targ and
394 * return the resulting projid.
395 *
396 * There is always a mapping into the initial user_namespace.
397 *
398 * Unlike from_kprojid from_kprojid_munged never fails and always
399 * returns a valid projid. This makes from_kprojid_munged
400 * appropriate for use in syscalls like stat and where
401 * failing the system call and failing to provide a valid projid are
402 * not an options.
403 *
404 * If @kprojid has no mapping in @targ OVERFLOW_PROJID is returned.
405 */
406 projid_t from_kprojid_munged(struct user_namespace *targ, kprojid_t kprojid)
407 {
408 projid_t projid;
409 projid = from_kprojid(targ, kprojid);
410
411 if (projid == (projid_t) -1)
412 projid = OVERFLOW_PROJID;
413 return projid;
414 }
415 EXPORT_SYMBOL(from_kprojid_munged);
416
417
418 static int uid_m_show(struct seq_file *seq, void *v)
419 {
420 struct user_namespace *ns = seq->private;
421 struct uid_gid_extent *extent = v;
422 struct user_namespace *lower_ns;
423 uid_t lower;
424
425 lower_ns = seq_user_ns(seq);
426 if ((lower_ns == ns) && lower_ns->parent)
427 lower_ns = lower_ns->parent;
428
429 lower = from_kuid(lower_ns, KUIDT_INIT(extent->lower_first));
430
431 seq_printf(seq, "%10u %10u %10u\n",
432 extent->first,
433 lower,
434 extent->count);
435
436 return 0;
437 }
438
439 static int gid_m_show(struct seq_file *seq, void *v)
440 {
441 struct user_namespace *ns = seq->private;
442 struct uid_gid_extent *extent = v;
443 struct user_namespace *lower_ns;
444 gid_t lower;
445
446 lower_ns = seq_user_ns(seq);
447 if ((lower_ns == ns) && lower_ns->parent)
448 lower_ns = lower_ns->parent;
449
450 lower = from_kgid(lower_ns, KGIDT_INIT(extent->lower_first));
451
452 seq_printf(seq, "%10u %10u %10u\n",
453 extent->first,
454 lower,
455 extent->count);
456
457 return 0;
458 }
459
460 static int projid_m_show(struct seq_file *seq, void *v)
461 {
462 struct user_namespace *ns = seq->private;
463 struct uid_gid_extent *extent = v;
464 struct user_namespace *lower_ns;
465 projid_t lower;
466
467 lower_ns = seq_user_ns(seq);
468 if ((lower_ns == ns) && lower_ns->parent)
469 lower_ns = lower_ns->parent;
470
471 lower = from_kprojid(lower_ns, KPROJIDT_INIT(extent->lower_first));
472
473 seq_printf(seq, "%10u %10u %10u\n",
474 extent->first,
475 lower,
476 extent->count);
477
478 return 0;
479 }
480
481 static void *m_start(struct seq_file *seq, loff_t *ppos, struct uid_gid_map *map)
482 {
483 struct uid_gid_extent *extent = NULL;
484 loff_t pos = *ppos;
485
486 if (pos < map->nr_extents)
487 extent = &map->extent[pos];
488
489 return extent;
490 }
491
492 static void *uid_m_start(struct seq_file *seq, loff_t *ppos)
493 {
494 struct user_namespace *ns = seq->private;
495
496 return m_start(seq, ppos, &ns->uid_map);
497 }
498
499 static void *gid_m_start(struct seq_file *seq, loff_t *ppos)
500 {
501 struct user_namespace *ns = seq->private;
502
503 return m_start(seq, ppos, &ns->gid_map);
504 }
505
506 static void *projid_m_start(struct seq_file *seq, loff_t *ppos)
507 {
508 struct user_namespace *ns = seq->private;
509
510 return m_start(seq, ppos, &ns->projid_map);
511 }
512
513 static void *m_next(struct seq_file *seq, void *v, loff_t *pos)
514 {
515 (*pos)++;
516 return seq->op->start(seq, pos);
517 }
518
519 static void m_stop(struct seq_file *seq, void *v)
520 {
521 return;
522 }
523
524 struct seq_operations proc_uid_seq_operations = {
525 .start = uid_m_start,
526 .stop = m_stop,
527 .next = m_next,
528 .show = uid_m_show,
529 };
530
531 struct seq_operations proc_gid_seq_operations = {
532 .start = gid_m_start,
533 .stop = m_stop,
534 .next = m_next,
535 .show = gid_m_show,
536 };
537
538 struct seq_operations proc_projid_seq_operations = {
539 .start = projid_m_start,
540 .stop = m_stop,
541 .next = m_next,
542 .show = projid_m_show,
543 };
544
545 static bool mappings_overlap(struct uid_gid_map *new_map, struct uid_gid_extent *extent)
546 {
547 u32 upper_first, lower_first, upper_last, lower_last;
548 unsigned idx;
549
550 upper_first = extent->first;
551 lower_first = extent->lower_first;
552 upper_last = upper_first + extent->count - 1;
553 lower_last = lower_first + extent->count - 1;
554
555 for (idx = 0; idx < new_map->nr_extents; idx++) {
556 u32 prev_upper_first, prev_lower_first;
557 u32 prev_upper_last, prev_lower_last;
558 struct uid_gid_extent *prev;
559
560 prev = &new_map->extent[idx];
561
562 prev_upper_first = prev->first;
563 prev_lower_first = prev->lower_first;
564 prev_upper_last = prev_upper_first + prev->count - 1;
565 prev_lower_last = prev_lower_first + prev->count - 1;
566
567 /* Does the upper range intersect a previous extent? */
568 if ((prev_upper_first <= upper_last) &&
569 (prev_upper_last >= upper_first))
570 return true;
571
572 /* Does the lower range intersect a previous extent? */
573 if ((prev_lower_first <= lower_last) &&
574 (prev_lower_last >= lower_first))
575 return true;
576 }
577 return false;
578 }
579
580
581 static DEFINE_MUTEX(id_map_mutex);
582
583 static ssize_t map_write(struct file *file, const char __user *buf,
584 size_t count, loff_t *ppos,
585 int cap_setid,
586 struct uid_gid_map *map,
587 struct uid_gid_map *parent_map)
588 {
589 struct seq_file *seq = file->private_data;
590 struct user_namespace *ns = seq->private;
591 struct uid_gid_map new_map;
592 unsigned idx;
593 struct uid_gid_extent *extent = NULL;
594 unsigned long page = 0;
595 char *kbuf, *pos, *next_line;
596 ssize_t ret = -EINVAL;
597
598 /*
599 * The id_map_mutex serializes all writes to any given map.
600 *
601 * Any map is only ever written once.
602 *
603 * An id map fits within 1 cache line on most architectures.
604 *
605 * On read nothing needs to be done unless you are on an
606 * architecture with a crazy cache coherency model like alpha.
607 *
608 * There is a one time data dependency between reading the
609 * count of the extents and the values of the extents. The
610 * desired behavior is to see the values of the extents that
611 * were written before the count of the extents.
612 *
613 * To achieve this smp_wmb() is used on guarantee the write
614 * order and smp_read_barrier_depends() is guaranteed that we
615 * don't have crazy architectures returning stale data.
616 *
617 */
618 mutex_lock(&id_map_mutex);
619
620 ret = -EPERM;
621 /* Only allow one successful write to the map */
622 if (map->nr_extents != 0)
623 goto out;
624
625 /*
626 * Adjusting namespace settings requires capabilities on the target.
627 */
628 if (cap_valid(cap_setid) && !file_ns_capable(file, ns, CAP_SYS_ADMIN))
629 goto out;
630
631 /* Get a buffer */
632 ret = -ENOMEM;
633 page = __get_free_page(GFP_TEMPORARY);
634 kbuf = (char *) page;
635 if (!page)
636 goto out;
637
638 /* Only allow <= page size writes at the beginning of the file */
639 ret = -EINVAL;
640 if ((*ppos != 0) || (count >= PAGE_SIZE))
641 goto out;
642
643 /* Slurp in the user data */
644 ret = -EFAULT;
645 if (copy_from_user(kbuf, buf, count))
646 goto out;
647 kbuf[count] = '\0';
648
649 /* Parse the user data */
650 ret = -EINVAL;
651 pos = kbuf;
652 new_map.nr_extents = 0;
653 for (;pos; pos = next_line) {
654 extent = &new_map.extent[new_map.nr_extents];
655
656 /* Find the end of line and ensure I don't look past it */
657 next_line = strchr(pos, '\n');
658 if (next_line) {
659 *next_line = '\0';
660 next_line++;
661 if (*next_line == '\0')
662 next_line = NULL;
663 }
664
665 pos = skip_spaces(pos);
666 extent->first = simple_strtoul(pos, &pos, 10);
667 if (!isspace(*pos))
668 goto out;
669
670 pos = skip_spaces(pos);
671 extent->lower_first = simple_strtoul(pos, &pos, 10);
672 if (!isspace(*pos))
673 goto out;
674
675 pos = skip_spaces(pos);
676 extent->count = simple_strtoul(pos, &pos, 10);
677 if (*pos && !isspace(*pos))
678 goto out;
679
680 /* Verify there is not trailing junk on the line */
681 pos = skip_spaces(pos);
682 if (*pos != '\0')
683 goto out;
684
685 /* Verify we have been given valid starting values */
686 if ((extent->first == (u32) -1) ||
687 (extent->lower_first == (u32) -1 ))
688 goto out;
689
690 /* Verify count is not zero and does not cause the extent to wrap */
691 if ((extent->first + extent->count) <= extent->first)
692 goto out;
693 if ((extent->lower_first + extent->count) <= extent->lower_first)
694 goto out;
695
696 /* Do the ranges in extent overlap any previous extents? */
697 if (mappings_overlap(&new_map, extent))
698 goto out;
699
700 new_map.nr_extents++;
701
702 /* Fail if the file contains too many extents */
703 if ((new_map.nr_extents == UID_GID_MAP_MAX_EXTENTS) &&
704 (next_line != NULL))
705 goto out;
706 }
707 /* Be very certaint the new map actually exists */
708 if (new_map.nr_extents == 0)
709 goto out;
710
711 ret = -EPERM;
712 /* Validate the user is allowed to use user id's mapped to. */
713 if (!new_idmap_permitted(file, ns, cap_setid, &new_map))
714 goto out;
715
716 /* Map the lower ids from the parent user namespace to the
717 * kernel global id space.
718 */
719 for (idx = 0; idx < new_map.nr_extents; idx++) {
720 u32 lower_first;
721 extent = &new_map.extent[idx];
722
723 lower_first = map_id_range_down(parent_map,
724 extent->lower_first,
725 extent->count);
726
727 /* Fail if we can not map the specified extent to
728 * the kernel global id space.
729 */
730 if (lower_first == (u32) -1)
731 goto out;
732
733 extent->lower_first = lower_first;
734 }
735
736 /* Install the map */
737 memcpy(map->extent, new_map.extent,
738 new_map.nr_extents*sizeof(new_map.extent[0]));
739 smp_wmb();
740 map->nr_extents = new_map.nr_extents;
741
742 *ppos = count;
743 ret = count;
744 out:
745 mutex_unlock(&id_map_mutex);
746 if (page)
747 free_page(page);
748 return ret;
749 }
750
751 ssize_t proc_uid_map_write(struct file *file, const char __user *buf, size_t size, loff_t *ppos)
752 {
753 struct seq_file *seq = file->private_data;
754 struct user_namespace *ns = seq->private;
755 struct user_namespace *seq_ns = seq_user_ns(seq);
756
757 if (!ns->parent)
758 return -EPERM;
759
760 if ((seq_ns != ns) && (seq_ns != ns->parent))
761 return -EPERM;
762
763 return map_write(file, buf, size, ppos, CAP_SETUID,
764 &ns->uid_map, &ns->parent->uid_map);
765 }
766
767 ssize_t proc_gid_map_write(struct file *file, const char __user *buf, size_t size, loff_t *ppos)
768 {
769 struct seq_file *seq = file->private_data;
770 struct user_namespace *ns = seq->private;
771 struct user_namespace *seq_ns = seq_user_ns(seq);
772
773 if (!ns->parent)
774 return -EPERM;
775
776 if ((seq_ns != ns) && (seq_ns != ns->parent))
777 return -EPERM;
778
779 return map_write(file, buf, size, ppos, CAP_SETGID,
780 &ns->gid_map, &ns->parent->gid_map);
781 }
782
783 ssize_t proc_projid_map_write(struct file *file, const char __user *buf, size_t size, loff_t *ppos)
784 {
785 struct seq_file *seq = file->private_data;
786 struct user_namespace *ns = seq->private;
787 struct user_namespace *seq_ns = seq_user_ns(seq);
788
789 if (!ns->parent)
790 return -EPERM;
791
792 if ((seq_ns != ns) && (seq_ns != ns->parent))
793 return -EPERM;
794
795 /* Anyone can set any valid project id no capability needed */
796 return map_write(file, buf, size, ppos, -1,
797 &ns->projid_map, &ns->parent->projid_map);
798 }
799
800 static bool new_idmap_permitted(const struct file *file,
801 struct user_namespace *ns, int cap_setid,
802 struct uid_gid_map *new_map)
803 {
804 /* Allow mapping to your own filesystem ids */
805 if ((new_map->nr_extents == 1) && (new_map->extent[0].count == 1)) {
806 u32 id = new_map->extent[0].lower_first;
807 if (cap_setid == CAP_SETUID) {
808 kuid_t uid = make_kuid(ns->parent, id);
809 if (uid_eq(uid, file->f_cred->fsuid))
810 return true;
811 }
812 else if (cap_setid == CAP_SETGID) {
813 kgid_t gid = make_kgid(ns->parent, id);
814 if (gid_eq(gid, file->f_cred->fsgid))
815 return true;
816 }
817 }
818
819 /* Allow anyone to set a mapping that doesn't require privilege */
820 if (!cap_valid(cap_setid))
821 return true;
822
823 /* Allow the specified ids if we have the appropriate capability
824 * (CAP_SETUID or CAP_SETGID) over the parent user namespace.
825 * And the opener of the id file also had the approprpiate capability.
826 */
827 if (ns_capable(ns->parent, cap_setid) &&
828 file_ns_capable(file, ns->parent, cap_setid))
829 return true;
830
831 return false;
832 }
833
834 static void *userns_get(struct task_struct *task)
835 {
836 struct user_namespace *user_ns;
837
838 rcu_read_lock();
839 user_ns = get_user_ns(__task_cred(task)->user_ns);
840 rcu_read_unlock();
841
842 return user_ns;
843 }
844
845 static void userns_put(void *ns)
846 {
847 put_user_ns(ns);
848 }
849
850 static int userns_install(struct nsproxy *nsproxy, void *ns)
851 {
852 struct user_namespace *user_ns = ns;
853 struct cred *cred;
854
855 /* Don't allow gaining capabilities by reentering
856 * the same user namespace.
857 */
858 if (user_ns == current_user_ns())
859 return -EINVAL;
860
861 /* Threaded processes may not enter a different user namespace */
862 if (atomic_read(&current->mm->mm_users) > 1)
863 return -EINVAL;
864
865 if (current->fs->users != 1)
866 return -EINVAL;
867
868 if (!ns_capable(user_ns, CAP_SYS_ADMIN))
869 return -EPERM;
870
871 cred = prepare_creds();
872 if (!cred)
873 return -ENOMEM;
874
875 put_user_ns(cred->user_ns);
876 set_cred_user_ns(cred, get_user_ns(user_ns));
877
878 return commit_creds(cred);
879 }
880
881 static unsigned int userns_inum(void *ns)
882 {
883 struct user_namespace *user_ns = ns;
884 return user_ns->proc_inum;
885 }
886
887 const struct proc_ns_operations userns_operations = {
888 .name = "user",
889 .type = CLONE_NEWUSER,
890 .get = userns_get,
891 .put = userns_put,
892 .install = userns_install,
893 .inum = userns_inum,
894 };
895
896 static __init int user_namespaces_init(void)
897 {
898 user_ns_cachep = KMEM_CACHE(user_namespace, SLAB_PANIC);
899 return 0;
900 }
901 module_init(user_namespaces_init);
Linux kernel - Deliverables
This page took 0.049151 seconds and 5 git commands to generate.