Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
Pull namespace updates from Eric Biederman:
"This is a bunch of small changes built against 3.16-rc6. The most
significant change for users is the first patch which makes setns
drmatically faster by removing unneded rcu handling.
The next chunk of changes are so that "mount -o remount,.." will not
allow the user namespace root to drop flags on a mount set by the
system wide root. Aks this forces read-only mounts to stay read-only,
no-dev mounts to stay no-dev, no-suid mounts to stay no-suid, no-exec
mounts to stay no exec and it prevents unprivileged users from messing
with a mounts atime settings. I have included my test case as the
last patch in this series so people performing backports can verify
this change works correctly.
The next change fixes a bug in NFS that was discovered while auditing
nsproxy users for the first optimization. Today you can oops the
kernel by reading /proc/fs/nfsfs/{servers,volumes} if you are clever
with pid namespaces. I rebased and fixed the build of the
!CONFIG_NFS_FS case yesterday when a build bot caught my typo. Given
that no one to my knowledge bases anything on my tree fixing the typo
in place seems more responsible that requiring a typo-fix to be
backported as well.
The last change is a small semantic cleanup introducing
/proc/thread-self and pointing /proc/mounts and /proc/net at it. This
prevents several kinds of problemantic corner cases. It is a
user-visible change so it has a minute chance of causing regressions
so the change to /proc/mounts and /proc/net are individual one line
commits that can be trivially reverted. Unfortunately I lost and
could not find the email of the original reporter so he is not
credited. From at least one perspective this change to /proc/net is a
refgression fix to allow pthread /proc/net uses that were broken by
the introduction of the network namespace"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace:
proc: Point /proc/mounts at /proc/thread-self/mounts instead of /proc/self/mounts
proc: Point /proc/net at /proc/thread-self/net instead of /proc/self/net
proc: Implement /proc/thread-self to point at the directory of the current thread
proc: Have net show up under /proc/<tgid>/task/<tid>
NFS: Fix /proc/fs/nfsfs/servers and /proc/fs/nfsfs/volumes
mnt: Add tests for unprivileged remount cases that have found to be faulty
mnt: Change the default remount atime from relatime to the existing value
mnt: Correct permission checks in do_remount
mnt: Move the test for MNT_LOCK_READONLY from change_mount_flags into do_remount
mnt: Only change user settable mount flags in remount
namespaces: Use task_lock and not rcu to protect nsproxy
This commit is contained in:
Linus Torvalds
commit
77e40aae76
23 changed files with 537 additions and 97 deletions
|
|
@ -42,13 +42,20 @@ struct mnt_namespace;
|
|||
* flag, consider how it interacts with shared mounts.
|
||||
*/
|
||||
#define MNT_SHARED_MASK (MNT_UNBINDABLE)
|
||||
#define MNT_PROPAGATION_MASK (MNT_SHARED | MNT_UNBINDABLE)
|
||||
#define MNT_USER_SETTABLE_MASK (MNT_NOSUID | MNT_NODEV | MNT_NOEXEC \
|
||||
| MNT_NOATIME | MNT_NODIRATIME | MNT_RELATIME \
|
||||
| MNT_READONLY)
|
||||
#define MNT_ATIME_MASK (MNT_NOATIME | MNT_NODIRATIME | MNT_RELATIME )
|
||||
|
||||
#define MNT_INTERNAL_FLAGS (MNT_SHARED | MNT_WRITE_HOLD | MNT_INTERNAL | \
|
||||
MNT_DOOMED | MNT_SYNC_UMOUNT | MNT_MARKED)
|
||||
|
||||
#define MNT_INTERNAL 0x4000
|
||||
|
||||
#define MNT_LOCK_ATIME 0x040000
|
||||
#define MNT_LOCK_NOEXEC 0x080000
|
||||
#define MNT_LOCK_NOSUID 0x100000
|
||||
#define MNT_LOCK_NODEV 0x200000
|
||||
#define MNT_LOCK_READONLY 0x400000
|
||||
#define MNT_LOCKED 0x800000
|
||||
#define MNT_DOOMED 0x1000000
|
||||
|
|
|
|||
|
|
@ -40,32 +40,28 @@ extern struct nsproxy init_nsproxy;
|
|||
* the namespaces access rules are:
|
||||
*
|
||||
* 1. only current task is allowed to change tsk->nsproxy pointer or
|
||||
* any pointer on the nsproxy itself
|
||||
* any pointer on the nsproxy itself. Current must hold the task_lock
|
||||
* when changing tsk->nsproxy.
|
||||
*
|
||||
* 2. when accessing (i.e. reading) current task's namespaces - no
|
||||
* precautions should be taken - just dereference the pointers
|
||||
*
|
||||
* 3. the access to other task namespaces is performed like this
|
||||
* rcu_read_lock();
|
||||
* nsproxy = task_nsproxy(tsk);
|
||||
* task_lock(task);
|
||||
* nsproxy = task->nsproxy;
|
||||
* if (nsproxy != NULL) {
|
||||
* / *
|
||||
* * work with the namespaces here
|
||||
* * e.g. get the reference on one of them
|
||||
* * /
|
||||
* } / *
|
||||
* * NULL task_nsproxy() means that this task is
|
||||
* * NULL task->nsproxy means that this task is
|
||||
* * almost dead (zombie)
|
||||
* * /
|
||||
* rcu_read_unlock();
|
||||
* task_unlock(task);
|
||||
*
|
||||
*/
|
||||
|
||||
static inline struct nsproxy *task_nsproxy(struct task_struct *tsk)
|
||||
{
|
||||
return rcu_dereference(tsk->nsproxy);
|
||||
}
|
||||
|
||||
int copy_namespaces(unsigned long flags, struct task_struct *tsk);
|
||||
void exit_task_namespaces(struct task_struct *tsk);
|
||||
void switch_task_namespaces(struct task_struct *tsk, struct nsproxy *new);
|
||||
|
|
|
|||
|
|
@ -33,6 +33,7 @@ struct pid_namespace {
|
|||
#ifdef CONFIG_PROC_FS
|
||||
struct vfsmount *proc_mnt;
|
||||
struct dentry *proc_self;
|
||||
struct dentry *proc_thread_self;
|
||||
#endif
|
||||
#ifdef CONFIG_BSD_PROCESS_ACCT
|
||||
struct bsd_acct_struct *bacct;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue