Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/kernel/user_namespace.c
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /* 2 * This program is free software; you can redistribute it and/or 3 * modify it under the terms of the GNU General Public License as 4 * published by the Free Software Foundation, version 2 of the 5 * License. 6 */ 7 8 #include <linux/export.h> 9 #include <linux/nsproxy.h> 10 #include <linux/slab.h> 11 #include <linux/user_namespace.h> 12 #include <linux/proc_fs.h> 13 #include <linux/highuid.h> 14 #include <linux/cred.h> 15 #include <linux/securebits.h> 16 #include <linux/keyctl.h> 17 #include <linux/key-type.h> 18 #include <keys/user-type.h> 19 #include <linux/seq_file.h> 20 #include <linux/fs.h> 21 #include <linux/uaccess.h> 22 #include <linux/ctype.h> 23 #include <linux/projid.h> 24 25 static struct kmem_cache *user_ns_cachep __read_mostly; 26 27 static bool new_idmap_permitted(struct user_namespace *ns, int cap_setid, 28 struct uid_gid_map *map); 29 30 static void set_cred_user_ns(struct cred *cred, struct user_namespace *user_ns) 31 { 32 /* Start with the same capabilities as init but useless for doing 33 * anything as the capabilities are bound to the new user namespace. 34 */ 35 cred->securebits = SECUREBITS_DEFAULT; 36 cred->cap_inheritable = CAP_EMPTY_SET; 37 cred->cap_permitted = CAP_FULL_SET; 38 cred->cap_effective = CAP_FULL_SET; 39 cred->cap_bset = CAP_FULL_SET; 40 #ifdef CONFIG_KEYS 41 key_put(cred->request_key_auth); 42 cred->request_key_auth = NULL; 43 #endif 44 /* tgcred will be cleared in our caller bc CLONE_THREAD won't be set */ 45 cred->user_ns = user_ns; 46 } 47 48 /* 49 * Create a new user namespace, deriving the creator from the user in the 50 * passed credentials, and replacing that user with the new root user for the 51 * new namespace. 52 * 53 * This is called by copy_creds(), which will finish setting the target task's 54 * credentials. 55 */ 56 int create_user_ns(struct cred *new) 57 { 58 struct user_namespace *ns, *parent_ns = new->user_ns; 59 kuid_t owner = new->euid; 60 kgid_t group = new->egid; 61 int ret; 62 63 /* The creator needs a mapping in the parent user namespace 64 * or else we won't be able to reasonably tell userspace who 65 * created a user_namespace. 66 */ 67 if (!kuid_has_mapping(parent_ns, owner) || 68 !kgid_has_mapping(parent_ns, group)) 69 return -EPERM; 70 71 ns = kmem_cache_zalloc(user_ns_cachep, GFP_KERNEL); 72 if (!ns) 73 return -ENOMEM; 74 75 ret = proc_alloc_inum(&ns->proc_inum); 76 if (ret) { 77 kmem_cache_free(user_ns_cachep, ns); 78 return ret; 79 } 80 81 kref_init(&ns->kref); 82 /* Leave the new->user_ns reference with the new user namespace. */ 83 ns->parent = parent_ns; 84 ns->owner = owner; 85 ns->group = group; 86 87 set_cred_user_ns(new, ns); 88 89 return 0; 90 } 91 92 int unshare_userns(unsigned long unshare_flags, struct cred **new_cred) 93 { 94 struct cred *cred; 95 96 if (!(unshare_flags & CLONE_NEWUSER)) 97 return 0; 98 99 cred = prepare_creds(); 100 if (!cred) 101 return -ENOMEM; 102 103 *new_cred = cred; 104 return create_user_ns(cred); 105 } 106 107 void free_user_ns(struct kref *kref) 108 { 109 struct user_namespace *parent, *ns = 110 container_of(kref, struct user_namespace, kref); 111 112 parent = ns->parent; 113 proc_free_inum(ns->proc_inum); 114 kmem_cache_free(user_ns_cachep, ns); 115 put_user_ns(parent); 116 } 117 EXPORT_SYMBOL(free_user_ns); 118 119 static u32 map_id_range_down(struct uid_gid_map *map, u32 id, u32 count) 120 { 121 unsigned idx, extents; 122 u32 first, last, id2; 123 124 id2 = id + count - 1; 125 126 /* Find the matching extent */ 127 extents = map->nr_extents; 128 smp_read_barrier_depends(); 129 for (idx = 0; idx < extents; idx++) { 130 first = map->extent[idx].first; 131 last = first + map->extent[idx].count - 1; 132 if (id >= first && id <= last && 133 (id2 >= first && id2 <= last)) 134 break; 135 } 136 /* Map the id or note failure */ 137 if (idx < extents) 138 id = (id - first) + map->extent[idx].lower_first; 139 else 140 id = (u32) -1; 141 142 return id; 143 } 144 145 static u32 map_id_down(struct uid_gid_map *map, u32 id) 146 { 147 unsigned idx, extents; 148 u32 first, last; 149 150 /* Find the matching extent */ 151 extents = map->nr_extents; 152 smp_read_barrier_depends(); 153 for (idx = 0; idx < extents; idx++) { 154 first = map->extent[idx].first; 155 last = first + map->extent[idx].count - 1; 156 if (id >= first && id <= last) 157 break; 158 } 159 /* Map the id or note failure */ 160 if (idx < extents) 161 id = (id - first) + map->extent[idx].lower_first; 162 else 163 id = (u32) -1; 164 165 return id; 166 } 167 168 static u32 map_id_up(struct uid_gid_map *map, u32 id) 169 { 170 unsigned idx, extents; 171 u32 first, last; 172 173 /* Find the matching extent */ 174 extents = map->nr_extents; 175 smp_read_barrier_depends(); 176 for (idx = 0; idx < extents; idx++) { 177 first = map->extent[idx].lower_first; 178 last = first + map->extent[idx].count - 1; 179 if (id >= first && id <= last) 180 break; 181 } 182 /* Map the id or note failure */ 183 if (idx < extents) 184 id = (id - first) + map->extent[idx].first; 185 else 186 id = (u32) -1; 187 188 return id; 189 } 190 191 /** 192 * make_kuid - Map a user-namespace uid pair into a kuid. 193 * @ns: User namespace that the uid is in 194 * @uid: User identifier 195 * 196 * Maps a user-namespace uid pair into a kernel internal kuid, 197 * and returns that kuid. 198 * 199 * When there is no mapping defined for the user-namespace uid 200 * pair INVALID_UID is returned. Callers are expected to test 201 * for and handle handle INVALID_UID being returned. INVALID_UID 202 * may be tested for using uid_valid(). 203 */ 204 kuid_t make_kuid(struct user_namespace *ns, uid_t uid) 205 { 206 /* Map the uid to a global kernel uid */ 207 return KUIDT_INIT(map_id_down(&ns->uid_map, uid)); 208 } 209 EXPORT_SYMBOL(make_kuid); 210 211 /** 212 * from_kuid - Create a uid from a kuid user-namespace pair. 213 * @targ: The user namespace we want a uid in. 214 * @kuid: The kernel internal uid to start with. 215 * 216 * Map @kuid into the user-namespace specified by @targ and 217 * return the resulting uid. 218 * 219 * There is always a mapping into the initial user_namespace. 220 * 221 * If @kuid has no mapping in @targ (uid_t)-1 is returned. 222 */ 223 uid_t from_kuid(struct user_namespace *targ, kuid_t kuid) 224 { 225 /* Map the uid from a global kernel uid */ 226 return map_id_up(&targ->uid_map, __kuid_val(kuid)); 227 } 228 EXPORT_SYMBOL(from_kuid); 229 230 /** 231 * from_kuid_munged - Create a uid from a kuid user-namespace pair. 232 * @targ: The user namespace we want a uid in. 233 * @kuid: The kernel internal uid to start with. 234 * 235 * Map @kuid into the user-namespace specified by @targ and 236 * return the resulting uid. 237 * 238 * There is always a mapping into the initial user_namespace. 239 * 240 * Unlike from_kuid from_kuid_munged never fails and always 241 * returns a valid uid. This makes from_kuid_munged appropriate 242 * for use in syscalls like stat and getuid where failing the 243 * system call and failing to provide a valid uid are not an 244 * options. 245 * 246 * If @kuid has no mapping in @targ overflowuid is returned. 247 */ 248 uid_t from_kuid_munged(struct user_namespace *targ, kuid_t kuid) 249 { 250 uid_t uid; 251 uid = from_kuid(targ, kuid); 252 253 if (uid == (uid_t) -1) 254 uid = overflowuid; 255 return uid; 256 } 257 EXPORT_SYMBOL(from_kuid_munged); 258 259 /** 260 * make_kgid - Map a user-namespace gid pair into a kgid. 261 * @ns: User namespace that the gid is in 262 * @uid: group identifier 263 * 264 * Maps a user-namespace gid pair into a kernel internal kgid, 265 * and returns that kgid. 266 * 267 * When there is no mapping defined for the user-namespace gid 268 * pair INVALID_GID is returned. Callers are expected to test 269 * for and handle INVALID_GID being returned. INVALID_GID may be 270 * tested for using gid_valid(). 271 */ 272 kgid_t make_kgid(struct user_namespace *ns, gid_t gid) 273 { 274 /* Map the gid to a global kernel gid */ 275 return KGIDT_INIT(map_id_down(&ns->gid_map, gid)); 276 } 277 EXPORT_SYMBOL(make_kgid); 278 279 /** 280 * from_kgid - Create a gid from a kgid user-namespace pair. 281 * @targ: The user namespace we want a gid in. 282 * @kgid: The kernel internal gid to start with. 283 * 284 * Map @kgid into the user-namespace specified by @targ and 285 * return the resulting gid. 286 * 287 * There is always a mapping into the initial user_namespace. 288 * 289 * If @kgid has no mapping in @targ (gid_t)-1 is returned. 290 */ 291 gid_t from_kgid(struct user_namespace *targ, kgid_t kgid) 292 { 293 /* Map the gid from a global kernel gid */ 294 return map_id_up(&targ->gid_map, __kgid_val(kgid)); 295 } 296 EXPORT_SYMBOL(from_kgid); 297 298 /** 299 * from_kgid_munged - Create a gid from a kgid user-namespace pair. 300 * @targ: The user namespace we want a gid in. 301 * @kgid: The kernel internal gid to start with. 302 * 303 * Map @kgid into the user-namespace specified by @targ and 304 * return the resulting gid. 305 * 306 * There is always a mapping into the initial user_namespace. 307 * 308 * Unlike from_kgid from_kgid_munged never fails and always 309 * returns a valid gid. This makes from_kgid_munged appropriate 310 * for use in syscalls like stat and getgid where failing the 311 * system call and failing to provide a valid gid are not options. 312 * 313 * If @kgid has no mapping in @targ overflowgid is returned. 314 */ 315 gid_t from_kgid_munged(struct user_namespace *targ, kgid_t kgid) 316 { 317 gid_t gid; 318 gid = from_kgid(targ, kgid); 319 320 if (gid == (gid_t) -1) 321 gid = overflowgid; 322 return gid; 323 } 324 EXPORT_SYMBOL(from_kgid_munged); 325 326 /** 327 * make_kprojid - Map a user-namespace projid pair into a kprojid. 328 * @ns: User namespace that the projid is in 329 * @projid: Project identifier 330 * 331 * Maps a user-namespace uid pair into a kernel internal kuid, 332 * and returns that kuid. 333 * 334 * When there is no mapping defined for the user-namespace projid 335 * pair INVALID_PROJID is returned. Callers are expected to test 336 * for and handle handle INVALID_PROJID being returned. INVALID_PROJID 337 * may be tested for using projid_valid(). 338 */ 339 kprojid_t make_kprojid(struct user_namespace *ns, projid_t projid) 340 { 341 /* Map the uid to a global kernel uid */ 342 return KPROJIDT_INIT(map_id_down(&ns->projid_map, projid)); 343 } 344 EXPORT_SYMBOL(make_kprojid); 345 346 /** 347 * from_kprojid - Create a projid from a kprojid user-namespace pair. 348 * @targ: The user namespace we want a projid in. 349 * @kprojid: The kernel internal project identifier to start with. 350 * 351 * Map @kprojid into the user-namespace specified by @targ and 352 * return the resulting projid. 353 * 354 * There is always a mapping into the initial user_namespace. 355 * 356 * If @kprojid has no mapping in @targ (projid_t)-1 is returned. 357 */ 358 projid_t from_kprojid(struct user_namespace *targ, kprojid_t kprojid) 359 { 360 /* Map the uid from a global kernel uid */ 361 return map_id_up(&targ->projid_map, __kprojid_val(kprojid)); 362 } 363 EXPORT_SYMBOL(from_kprojid); 364 365 /** 366 * from_kprojid_munged - Create a projiid from a kprojid user-namespace pair. 367 * @targ: The user namespace we want a projid in. 368 * @kprojid: The kernel internal projid to start with. 369 * 370 * Map @kprojid into the user-namespace specified by @targ and 371 * return the resulting projid. 372 * 373 * There is always a mapping into the initial user_namespace. 374 * 375 * Unlike from_kprojid from_kprojid_munged never fails and always 376 * returns a valid projid. This makes from_kprojid_munged 377 * appropriate for use in syscalls like stat and where 378 * failing the system call and failing to provide a valid projid are 379 * not an options. 380 * 381 * If @kprojid has no mapping in @targ OVERFLOW_PROJID is returned. 382 */ 383 projid_t from_kprojid_munged(struct user_namespace *targ, kprojid_t kprojid) 384 { 385 projid_t projid; 386 projid = from_kprojid(targ, kprojid); 387 388 if (projid == (projid_t) -1) 389 projid = OVERFLOW_PROJID; 390 return projid; 391 } 392 EXPORT_SYMBOL(from_kprojid_munged); 393 394 395 static int uid_m_show(struct seq_file *seq, void *v) 396 { 397 struct user_namespace *ns = seq->private; 398 struct uid_gid_extent *extent = v; 399 struct user_namespace *lower_ns; 400 uid_t lower; 401 402 lower_ns = seq_user_ns(seq); 403 if ((lower_ns == ns) && lower_ns->parent) 404 lower_ns = lower_ns->parent; 405 406 lower = from_kuid(lower_ns, KUIDT_INIT(extent->lower_first)); 407 408 seq_printf(seq, "%10u %10u %10u\n", 409 extent->first, 410 lower, 411 extent->count); 412 413 return 0; 414 } 415 416 static int gid_m_show(struct seq_file *seq, void *v) 417 { 418 struct user_namespace *ns = seq->private; 419 struct uid_gid_extent *extent = v; 420 struct user_namespace *lower_ns; 421 gid_t lower; 422 423 lower_ns = seq_user_ns(seq); 424 if ((lower_ns == ns) && lower_ns->parent) 425 lower_ns = lower_ns->parent; 426 427 lower = from_kgid(lower_ns, KGIDT_INIT(extent->lower_first)); 428 429 seq_printf(seq, "%10u %10u %10u\n", 430 extent->first, 431 lower, 432 extent->count); 433 434 return 0; 435 } 436 437 static int projid_m_show(struct seq_file *seq, void *v) 438 { 439 struct user_namespace *ns = seq->private; 440 struct uid_gid_extent *extent = v; 441 struct user_namespace *lower_ns; 442 projid_t lower; 443 444 lower_ns = seq_user_ns(seq); 445 if ((lower_ns == ns) && lower_ns->parent) 446 lower_ns = lower_ns->parent; 447 448 lower = from_kprojid(lower_ns, KPROJIDT_INIT(extent->lower_first)); 449 450 seq_printf(seq, "%10u %10u %10u\n", 451 extent->first, 452 lower, 453 extent->count); 454 455 return 0; 456 } 457 458 static void *m_start(struct seq_file *seq, loff_t *ppos, struct uid_gid_map *map) 459 { 460 struct uid_gid_extent *extent = NULL; 461 loff_t pos = *ppos; 462 463 if (pos < map->nr_extents) 464 extent = &map->extent[pos]; 465 466 return extent; 467 } 468 469 static void *uid_m_start(struct seq_file *seq, loff_t *ppos) 470 { 471 struct user_namespace *ns = seq->private; 472 473 return m_start(seq, ppos, &ns->uid_map); 474 } 475 476 static void *gid_m_start(struct seq_file *seq, loff_t *ppos) 477 { 478 struct user_namespace *ns = seq->private; 479 480 return m_start(seq, ppos, &ns->gid_map); 481 } 482 483 static void *projid_m_start(struct seq_file *seq, loff_t *ppos) 484 { 485 struct user_namespace *ns = seq->private; 486 487 return m_start(seq, ppos, &ns->projid_map); 488 } 489 490 static void *m_next(struct seq_file *seq, void *v, loff_t *pos) 491 { 492 (*pos)++; 493 return seq->op->start(seq, pos); 494 } 495 496 static void m_stop(struct seq_file *seq, void *v) 497 { 498 return; 499 } 500 501 struct seq_operations proc_uid_seq_operations = { 502 .start = uid_m_start, 503 .stop = m_stop, 504 .next = m_next, 505 .show = uid_m_show, 506 }; 507 508 struct seq_operations proc_gid_seq_operations = { 509 .start = gid_m_start, 510 .stop = m_stop, 511 .next = m_next, 512 .show = gid_m_show, 513 }; 514 515 struct seq_operations proc_projid_seq_operations = { 516 .start = projid_m_start, 517 .stop = m_stop, 518 .next = m_next, 519 .show = projid_m_show, 520 }; 521 522 static DEFINE_MUTEX(id_map_mutex); 523 524 static ssize_t map_write(struct file *file, const char __user *buf, 525 size_t count, loff_t *ppos, 526 int cap_setid, 527 struct uid_gid_map *map, 528 struct uid_gid_map *parent_map) 529 { 530 struct seq_file *seq = file->private_data; 531 struct user_namespace *ns = seq->private; 532 struct uid_gid_map new_map; 533 unsigned idx; 534 struct uid_gid_extent *extent, *last = NULL; 535 unsigned long page = 0; 536 char *kbuf, *pos, *next_line; 537 ssize_t ret = -EINVAL; 538 539 /* 540 * The id_map_mutex serializes all writes to any given map. 541 * 542 * Any map is only ever written once. 543 * 544 * An id map fits within 1 cache line on most architectures. 545 * 546 * On read nothing needs to be done unless you are on an 547 * architecture with a crazy cache coherency model like alpha. 548 * 549 * There is a one time data dependency between reading the 550 * count of the extents and the values of the extents. The 551 * desired behavior is to see the values of the extents that 552 * were written before the count of the extents. 553 * 554 * To achieve this smp_wmb() is used on guarantee the write 555 * order and smp_read_barrier_depends() is guaranteed that we 556 * don't have crazy architectures returning stale data. 557 * 558 */ 559 mutex_lock(&id_map_mutex); 560 561 ret = -EPERM; 562 /* Only allow one successful write to the map */ 563 if (map->nr_extents != 0) 564 goto out; 565 566 /* Require the appropriate privilege CAP_SETUID or CAP_SETGID 567 * over the user namespace in order to set the id mapping. 568 */ 569 if (cap_valid(cap_setid) && !ns_capable(ns, cap_setid)) 570 goto out; 571 572 /* Get a buffer */ 573 ret = -ENOMEM; 574 page = __get_free_page(GFP_TEMPORARY); 575 kbuf = (char *) page; 576 if (!page) 577 goto out; 578 579 /* Only allow <= page size writes at the beginning of the file */ 580 ret = -EINVAL; 581 if ((*ppos != 0) || (count >= PAGE_SIZE)) 582 goto out; 583 584 /* Slurp in the user data */ 585 ret = -EFAULT; 586 if (copy_from_user(kbuf, buf, count)) 587 goto out; 588 kbuf[count] = '\0'; 589 590 /* Parse the user data */ 591 ret = -EINVAL; 592 pos = kbuf; 593 new_map.nr_extents = 0; 594 for (;pos; pos = next_line) { 595 extent = &new_map.extent[new_map.nr_extents]; 596 597 /* Find the end of line and ensure I don't look past it */ 598 next_line = strchr(pos, '\n'); 599 if (next_line) { 600 *next_line = '\0'; 601 next_line++; 602 if (*next_line == '\0') 603 next_line = NULL; 604 } 605 606 pos = skip_spaces(pos); 607 extent->first = simple_strtoul(pos, &pos, 10); 608 if (!isspace(*pos)) 609 goto out; 610 611 pos = skip_spaces(pos); 612 extent->lower_first = simple_strtoul(pos, &pos, 10); 613 if (!isspace(*pos)) 614 goto out; 615 616 pos = skip_spaces(pos); 617 extent->count = simple_strtoul(pos, &pos, 10); 618 if (*pos && !isspace(*pos)) 619 goto out; 620 621 /* Verify there is not trailing junk on the line */ 622 pos = skip_spaces(pos); 623 if (*pos != '\0') 624 goto out; 625 626 /* Verify we have been given valid starting values */ 627 if ((extent->first == (u32) -1) || 628 (extent->lower_first == (u32) -1 )) 629 goto out; 630 631 /* Verify count is not zero and does not cause the extent to wrap */ 632 if ((extent->first + extent->count) <= extent->first) 633 goto out; 634 if ((extent->lower_first + extent->count) <= extent->lower_first) 635 goto out; 636 637 /* For now only accept extents that are strictly in order */ 638 if (last && 639 (((last->first + last->count) > extent->first) || 640 ((last->lower_first + last->count) > extent->lower_first))) 641 goto out; 642 643 new_map.nr_extents++; 644 last = extent; 645 646 /* Fail if the file contains too many extents */ 647 if ((new_map.nr_extents == UID_GID_MAP_MAX_EXTENTS) && 648 (next_line != NULL)) 649 goto out; 650 } 651 /* Be very certaint the new map actually exists */ 652 if (new_map.nr_extents == 0) 653 goto out; 654 655 ret = -EPERM; 656 /* Validate the user is allowed to use user id's mapped to. */ 657 if (!new_idmap_permitted(ns, cap_setid, &new_map)) 658 goto out; 659 660 /* Map the lower ids from the parent user namespace to the 661 * kernel global id space. 662 */ 663 for (idx = 0; idx < new_map.nr_extents; idx++) { 664 u32 lower_first; 665 extent = &new_map.extent[idx]; 666 667 lower_first = map_id_range_down(parent_map, 668 extent->lower_first, 669 extent->count); 670 671 /* Fail if we can not map the specified extent to 672 * the kernel global id space. 673 */ 674 if (lower_first == (u32) -1) 675 goto out; 676 677 extent->lower_first = lower_first; 678 } 679 680 /* Install the map */ 681 memcpy(map->extent, new_map.extent, 682 new_map.nr_extents*sizeof(new_map.extent[0])); 683 smp_wmb(); 684 map->nr_extents = new_map.nr_extents; 685 686 *ppos = count; 687 ret = count; 688 out: 689 mutex_unlock(&id_map_mutex); 690 if (page) 691 free_page(page); 692 return ret; 693 } 694 695 ssize_t proc_uid_map_write(struct file *file, const char __user *buf, size_t size, loff_t *ppos) 696 { 697 struct seq_file *seq = file->private_data; 698 struct user_namespace *ns = seq->private; 699 struct user_namespace *seq_ns = seq_user_ns(seq); 700 701 if (!ns->parent) 702 return -EPERM; 703 704 if ((seq_ns != ns) && (seq_ns != ns->parent)) 705 return -EPERM; 706 707 return map_write(file, buf, size, ppos, CAP_SETUID, 708 &ns->uid_map, &ns->parent->uid_map); 709 } 710 711 ssize_t proc_gid_map_write(struct file *file, const char __user *buf, size_t size, loff_t *ppos) 712 { 713 struct seq_file *seq = file->private_data; 714 struct user_namespace *ns = seq->private; 715 struct user_namespace *seq_ns = seq_user_ns(seq); 716 717 if (!ns->parent) 718 return -EPERM; 719 720 if ((seq_ns != ns) && (seq_ns != ns->parent)) 721 return -EPERM; 722 723 return map_write(file, buf, size, ppos, CAP_SETGID, 724 &ns->gid_map, &ns->parent->gid_map); 725 } 726 727 ssize_t proc_projid_map_write(struct file *file, const char __user *buf, size_t size, loff_t *ppos) 728 { 729 struct seq_file *seq = file->private_data; 730 struct user_namespace *ns = seq->private; 731 struct user_namespace *seq_ns = seq_user_ns(seq); 732 733 if (!ns->parent) 734 return -EPERM; 735 736 if ((seq_ns != ns) && (seq_ns != ns->parent)) 737 return -EPERM; 738 739 /* Anyone can set any valid project id no capability needed */ 740 return map_write(file, buf, size, ppos, -1, 741 &ns->projid_map, &ns->parent->projid_map); 742 } 743 744 static bool new_idmap_permitted(struct user_namespace *ns, int cap_setid, 745 struct uid_gid_map *new_map) 746 { 747 /* Allow mapping to your own filesystem ids */ 748 if ((new_map->nr_extents == 1) && (new_map->extent[0].count == 1)) { 749 u32 id = new_map->extent[0].lower_first; 750 if (cap_setid == CAP_SETUID) { 751 kuid_t uid = make_kuid(ns->parent, id); 752 if (uid_eq(uid, current_fsuid())) 753 return true; 754 } 755 else if (cap_setid == CAP_SETGID) { 756 kgid_t gid = make_kgid(ns->parent, id); 757 if (gid_eq(gid, current_fsgid())) 758 return true; 759 } 760 } 761 762 /* Allow anyone to set a mapping that doesn't require privilege */ 763 if (!cap_valid(cap_setid)) 764 return true; 765 766 /* Allow the specified ids if we have the appropriate capability 767 * (CAP_SETUID or CAP_SETGID) over the parent user namespace. 768 */ 769 if (ns_capable(ns->parent, cap_setid)) 770 return true; 771 772 return false; 773 } 774 775 static void *userns_get(struct task_struct *task) 776 { 777 struct user_namespace *user_ns; 778 779 rcu_read_lock(); 780 user_ns = get_user_ns(__task_cred(task)->user_ns); 781 rcu_read_unlock(); 782 783 return user_ns; 784 } 785 786 static void userns_put(void *ns) 787 { 788 put_user_ns(ns); 789 } 790 791 static int userns_install(struct nsproxy *nsproxy, void *ns) 792 { 793 struct user_namespace *user_ns = ns; 794 struct cred *cred; 795 796 /* Don't allow gaining capabilities by reentering 797 * the same user namespace. 798 */ 799 if (user_ns == current_user_ns()) 800 return -EINVAL; 801 802 /* Threaded processes may not enter a different user namespace */ 803 if (atomic_read(¤t->mm->mm_users) > 1) 804 return -EINVAL; 805 806 if (!ns_capable(user_ns, CAP_SYS_ADMIN)) 807 return -EPERM; 808 809 cred = prepare_creds(); 810 if (!cred) 811 return -ENOMEM; 812 813 put_user_ns(cred->user_ns); 814 set_cred_user_ns(cred, get_user_ns(user_ns)); 815 816 return commit_creds(cred); 817 } 818 819 static unsigned int userns_inum(void *ns) 820 { 821 struct user_namespace *user_ns = ns; 822 return user_ns->proc_inum; 823 } 824 825 const struct proc_ns_operations userns_operations = { 826 .name = "user", 827 .type = CLONE_NEWUSER, 828 .get = userns_get, 829 .put = userns_put, 830 .install = userns_install, 831 .inum = userns_inum, 832 }; 833 834 static __init int user_namespaces_init(void) 835 { 836 user_ns_cachep = KMEM_CACHE(user_namespace, SLAB_PANIC); 837 return 0; 838 } 839 module_init(user_namespaces_init);
Cache object: 35108fb844329e24ad16a4e32269c137
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]