From: Andrew Morton <akpm@linux-foundation.org>
To: akpm@linux-foundation.org, dbueso@suse.de, ebiederm@xmission.com,
linux-mm@kvack.org, manfred@colorfullife.com,
mclapinski@google.com, mm-commits@vger.kernel.org,
torvalds@linux-foundation.org
Subject: [patch 86/87] ipc: check checkpoint_restore_ns_capable() to modify C/R proc files
Date: Mon, 08 Nov 2021 18:35:59 -0800 [thread overview]
Message-ID: <20211109023559.ZBeL3oWWO%akpm@linux-foundation.org> (raw)
In-Reply-To: <20211108183057.809e428e841088b657a975ec@linux-foundation.org>
From: Michal Clapinski <mclapinski@google.com>
Subject: ipc: check checkpoint_restore_ns_capable() to modify C/R proc files
This commit removes the requirement to be root to modify sem_next_id,
msg_next_id and shm_next_id and checks checkpoint_restore_ns_capable
instead.
Since those files are specific to the IPC namespace, there is no reason
they should require root privileges. This is similar to ns_last_pid,
which also only checks checkpoint_restore_ns_capable.
[akpm@linux-foundation.org: ipc/ipc_sysctl.c needs capability.h for checkpoint_restore_ns_capable()]
Link: https://lkml.kernel.org/r/20210916163717.3179496-1-mclapinski@google.com
Signed-off-by: Michal Clapinski <mclapinski@google.com>
Reviewed-by: Davidlohr Bueso <dbueso@suse.de>
Reviewed-by: Manfred Spraul <manfred@colorfullife.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---
ipc/ipc_sysctl.c | 29 +++++++++++++++++++++++------
1 file changed, 23 insertions(+), 6 deletions(-)
--- a/ipc/ipc_sysctl.c~ipc-check-checkpoint_restore_ns_capable-to-modify-c-r-proc-files
+++ a/ipc/ipc_sysctl.c
@@ -10,6 +10,7 @@
#include <linux/nsproxy.h>
#include <linux/sysctl.h>
#include <linux/uaccess.h>
+#include <linux/capability.h>
#include <linux/ipc_namespace.h>
#include <linux/msg.h>
#include "util.h"
@@ -104,6 +105,19 @@ static int proc_ipc_sem_dointvec(struct
return ret;
}
+#ifdef CONFIG_CHECKPOINT_RESTORE
+static int proc_ipc_dointvec_minmax_checkpoint_restore(struct ctl_table *table,
+ int write, void *buffer, size_t *lenp, loff_t *ppos)
+{
+ struct user_namespace *user_ns = current->nsproxy->ipc_ns->user_ns;
+
+ if (write && !checkpoint_restore_ns_capable(user_ns))
+ return -EPERM;
+
+ return proc_ipc_dointvec_minmax(table, write, buffer, lenp, ppos);
+}
+#endif
+
#else
#define proc_ipc_doulongvec_minmax NULL
#define proc_ipc_dointvec NULL
@@ -111,6 +125,9 @@ static int proc_ipc_sem_dointvec(struct
#define proc_ipc_dointvec_minmax_orphans NULL
#define proc_ipc_auto_msgmni NULL
#define proc_ipc_sem_dointvec NULL
+#ifdef CONFIG_CHECKPOINT_RESTORE
+#define proc_ipc_dointvec_minmax_checkpoint_restore NULL
+#endif /* CONFIG_CHECKPOINT_RESTORE */
#endif
int ipc_mni = IPCMNI;
@@ -198,8 +215,8 @@ static struct ctl_table ipc_kern_table[]
.procname = "sem_next_id",
.data = &init_ipc_ns.ids[IPC_SEM_IDS].next_id,
.maxlen = sizeof(init_ipc_ns.ids[IPC_SEM_IDS].next_id),
- .mode = 0644,
- .proc_handler = proc_ipc_dointvec_minmax,
+ .mode = 0666,
+ .proc_handler = proc_ipc_dointvec_minmax_checkpoint_restore,
.extra1 = SYSCTL_ZERO,
.extra2 = SYSCTL_INT_MAX,
},
@@ -207,8 +224,8 @@ static struct ctl_table ipc_kern_table[]
.procname = "msg_next_id",
.data = &init_ipc_ns.ids[IPC_MSG_IDS].next_id,
.maxlen = sizeof(init_ipc_ns.ids[IPC_MSG_IDS].next_id),
- .mode = 0644,
- .proc_handler = proc_ipc_dointvec_minmax,
+ .mode = 0666,
+ .proc_handler = proc_ipc_dointvec_minmax_checkpoint_restore,
.extra1 = SYSCTL_ZERO,
.extra2 = SYSCTL_INT_MAX,
},
@@ -216,8 +233,8 @@ static struct ctl_table ipc_kern_table[]
.procname = "shm_next_id",
.data = &init_ipc_ns.ids[IPC_SHM_IDS].next_id,
.maxlen = sizeof(init_ipc_ns.ids[IPC_SHM_IDS].next_id),
- .mode = 0644,
- .proc_handler = proc_ipc_dointvec_minmax,
+ .mode = 0666,
+ .proc_handler = proc_ipc_dointvec_minmax_checkpoint_restore,
.extra1 = SYSCTL_ZERO,
.extra2 = SYSCTL_INT_MAX,
},
_
next prev parent reply other threads:[~2021-11-09 2:36 UTC|newest]
Thread overview: 96+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-09 2:30 incoming Andrew Morton
2021-11-09 2:31 ` [patch 01/87] vfs: keep inodes with page cache off the inode shrinker LRU Andrew Morton
2021-11-09 2:31 ` [patch 02/87] mm,hugetlb: remove mlock ulimit for SHM_HUGETLB Andrew Morton
2021-11-09 2:31 ` [patch 03/87] procfs: do not list TID 0 in /proc/<pid>/task Andrew Morton
2021-11-09 2:31 ` [patch 04/87] x86/xen: update xen_oldmem_pfn_is_ram() documentation Andrew Morton
2021-11-09 2:31 ` [patch 05/87] x86/xen: simplify xen_oldmem_pfn_is_ram() Andrew Morton
2021-11-09 2:31 ` [patch 06/87] x86/xen: print a warning when HVMOP_get_mem_type fails Andrew Morton
2021-11-09 2:31 ` [patch 07/87] proc/vmcore: let pfn_is_ram() return a bool Andrew Morton
2021-11-09 2:31 ` [patch 08/87] proc/vmcore: convert oldmem_pfn_is_ram callback to more generic vmcore callbacks Andrew Morton
2021-11-09 3:59 ` Dave Young
2021-11-09 6:40 ` David Hildenbrand
2021-11-10 7:22 ` Baoquan He
2021-11-10 8:10 ` David Hildenbrand
2021-11-10 11:11 ` Dave Young
2021-11-10 11:21 ` David Hildenbrand
2021-11-10 11:28 ` Dave Young
2021-11-10 12:05 ` David Hildenbrand
2021-11-09 2:31 ` [patch 09/87] virtio-mem: factor out hotplug specifics from virtio_mem_init() into virtio_mem_init_hotplug() Andrew Morton
2021-11-09 2:31 ` [patch 10/87] virtio-mem: factor out hotplug specifics from virtio_mem_probe() " Andrew Morton
2021-11-09 2:31 ` [patch 11/87] virtio-mem: factor out hotplug specifics from virtio_mem_remove() into virtio_mem_deinit_hotplug() Andrew Morton
2021-11-09 2:32 ` [patch 12/87] virtio-mem: kdump mode to sanitize /proc/vmcore access Andrew Morton
2021-11-09 2:32 ` [patch 13/87] proc: allow pid_revalidate() during LOOKUP_RCU Andrew Morton
2021-11-09 2:32 ` [patch 14/87] kernel.h: drop unneeded <linux/kernel.h> inclusion from other headers Andrew Morton
2021-11-09 2:32 ` [patch 15/87] kernel.h: split out container_of() and typeof_member() macros Andrew Morton
2021-11-09 2:32 ` [patch 16/87] include/kunit/test.h: replace kernel.h with the necessary inclusions Andrew Morton
2021-11-09 2:32 ` [patch 17/87] include/linux/list.h: " Andrew Morton
2021-11-09 2:32 ` [patch 18/87] include/linux/llist.h: " Andrew Morton
2021-11-09 2:32 ` [patch 19/87] include/linux/plist.h: " Andrew Morton
2021-11-09 2:32 ` [patch 20/87] include/media/media-entity.h: " Andrew Morton
2021-11-09 2:32 ` [patch 21/87] include/linux/delay.h: " Andrew Morton
2021-11-09 2:32 ` [patch 22/87] include/linux/sbitmap.h: " Andrew Morton
2021-11-09 2:32 ` [patch 23/87] include/linux/radix-tree.h: " Andrew Morton
2021-11-09 2:32 ` [patch 24/87] include/linux/generic-radix-tree.h: " Andrew Morton
2021-11-09 2:32 ` [patch 25/87] kernel.h: split out instruction pointer accessors Andrew Morton
2021-11-09 2:32 ` [patch 26/87] linux/container_of.h: switch to static_assert Andrew Morton
2021-11-09 2:32 ` [patch 27/87] mailmap: update email address for Colin King Andrew Morton
2021-11-09 2:32 ` [patch 28/87] MAINTAINERS: add "exec & binfmt" section with myself and Eric Andrew Morton
2021-11-09 2:32 ` [patch 29/87] MAINTAINERS: rectify entry for ARM/TOSHIBA VISCONTI ARCHITECTURE Andrew Morton
2021-11-09 2:32 ` [patch 30/87] MAINTAINERS: rectify entry for HIKEY960 ONBOARD USB GPIO HUB DRIVER Andrew Morton
2021-11-09 2:33 ` [patch 31/87] MAINTAINERS: rectify entry for INTEL KEEM BAY DRM DRIVER Andrew Morton
2021-11-09 2:33 ` [patch 32/87] MAINTAINERS: rectify entry for ALLWINNER HARDWARE SPINLOCK SUPPORT Andrew Morton
2021-11-09 2:33 ` [patch 33/87] lib, stackdepot: check stackdepot handle before accessing slabs Andrew Morton
2021-11-09 2:33 ` [patch 34/87] lib, stackdepot: add helper to print stack entries Andrew Morton
2021-11-09 2:33 ` [patch 35/87] lib, stackdepot: add helper to print stack entries into buffer Andrew Morton
2021-11-09 2:33 ` [patch 36/87] include/linux/string_helpers.h: add linux/string.h for strlen() Andrew Morton
2021-11-09 2:33 ` [patch 37/87] lib: uninline simple_strntoull() as well Andrew Morton
2021-11-09 2:33 ` [patch 38/87] mm/scatterlist: replace the !preemptible warning in sg_miter_stop() Andrew Morton
2021-11-09 2:33 ` [patch 39/87] const_structs.checkpatch: add a few sound ops structs Andrew Morton
2021-11-09 2:33 ` [patch 40/87] checkpatch: improve EXPORT_SYMBOL test for EXPORT_SYMBOL_NS uses Andrew Morton
2021-11-09 2:33 ` [patch 41/87] checkpatch: get default codespell dictionary path from package location Andrew Morton
2021-11-09 2:33 ` [patch 42/87] binfmt_elf: reintroduce using MAP_FIXED_NOREPLACE Andrew Morton
2021-11-09 2:33 ` [patch 43/87] ELF: simplify STACK_ALLOC macro Andrew Morton
2021-11-09 2:33 ` [patch 44/87] kallsyms: remove arch specific text and data check Andrew Morton
2021-11-09 2:33 ` [patch 45/87] kallsyms: fix address-checks for kernel related range Andrew Morton
2021-11-09 2:33 ` [patch 46/87] sections: move and rename core_kernel_data() to is_kernel_core_data() Andrew Morton
2021-11-09 2:33 ` [patch 47/87] sections: move is_kernel_inittext() into sections.h Andrew Morton
2021-11-09 2:33 ` [patch 48/87] x86: mm: rename __is_kernel_text() to is_x86_32_kernel_text() Andrew Morton
2021-11-09 2:34 ` [patch 49/87] sections: provide internal __is_kernel() and __is_kernel_text() helper Andrew Morton
2021-11-09 2:34 ` [patch 50/87] mm: kasan: use is_kernel() helper Andrew Morton
2021-11-09 2:34 ` [patch 51/87] extable: use is_kernel_text() helper Andrew Morton
2021-11-09 2:34 ` [patch 52/87] powerpc/mm: use core_kernel_text() helper Andrew Morton
2021-11-09 2:34 ` [patch 53/87] microblaze: use is_kernel_text() helper Andrew Morton
2021-11-09 2:34 ` [patch 54/87] alpha: " Andrew Morton
2021-11-09 2:34 ` [patch 55/87] ramfs: fix mount source show for ramfs Andrew Morton
2021-11-09 2:34 ` [patch 56/87] init: make unknown command line param message clearer Andrew Morton
2021-11-09 2:34 ` [patch 57/87] coda: avoid NULL pointer dereference from a bad inode Andrew Morton
2021-11-09 2:34 ` [patch 58/87] coda: check for async upcall request using local state Andrew Morton
2021-11-09 2:34 ` [patch 59/87] coda: remove err which no one care Andrew Morton
2021-11-09 2:34 ` [patch 60/87] coda: avoid flagging NULL inodes Andrew Morton
2021-11-09 2:34 ` [patch 61/87] coda: avoid hidden code duplication in rename Andrew Morton
2021-11-09 2:34 ` [patch 62/87] coda: avoid doing bad things on inode type changes during revalidation Andrew Morton
2021-11-09 2:34 ` [patch 63/87] coda: convert from atomic_t to refcount_t on coda_vm_ops->refcnt Andrew Morton
2021-11-09 2:34 ` [patch 64/87] coda: use vmemdup_user to replace the open code Andrew Morton
2021-11-09 2:34 ` [patch 65/87] coda: bump module version to 7.2 Andrew Morton
2021-11-09 2:34 ` [patch 66/87] nilfs2: replace snprintf in show functions with sysfs_emit Andrew Morton
2021-11-09 2:35 ` [patch 67/87] nilfs2: remove filenames from file comments Andrew Morton
2021-11-09 2:35 ` [patch 68/87] hfs/hfsplus: use WARN_ON for sanity check Andrew Morton
2021-11-09 2:35 ` [patch 69/87] crash_dump: fix boolreturn.cocci warning Andrew Morton
2021-11-09 2:35 ` [patch 70/87] crash_dump: remove duplicate include in crash_dump.h Andrew Morton
2021-11-09 2:35 ` [patch 71/87] signal: remove duplicate include in signal.h Andrew Morton
2021-11-09 2:35 ` [patch 72/87] seq_file: move seq_escape() to a header Andrew Morton
2021-11-09 2:35 ` [patch 73/87] seq_file: fix passing wrong private data Andrew Morton
2021-11-09 2:35 ` [patch 74/87] kernel/fork.c: unshare(): use swap() to make code cleaner Andrew Morton
2021-11-09 2:35 ` [patch 75/87] sysv: use BUILD_BUG_ON instead of runtime check Andrew Morton
2021-11-09 2:35 ` [patch 76/87] Documentation/kcov: include types.h in the example Andrew Morton
2021-11-09 2:35 ` [patch 77/87] Documentation/kcov: define `ip' " Andrew Morton
2021-11-09 2:35 ` [patch 78/87] kcov: allocate per-CPU memory on the relevant node Andrew Morton
2021-11-09 2:35 ` [patch 79/87] kcov: avoid enable+disable interrupts if !in_task() Andrew Morton
2021-11-09 2:35 ` [patch 80/87] kcov: replace local_irq_save() with a local_lock_t Andrew Morton
2021-11-09 2:35 ` [patch 81/87] scripts/gdb: handle split debug for vmlinux Andrew Morton
2021-11-09 2:35 ` [patch 82/87] kernel/resource: clean up and optimize iomem_is_exclusive() Andrew Morton
2021-11-09 2:35 ` [patch 83/87] kernel/resource: disallow access to exclusive system RAM regions Andrew Morton
2021-11-09 2:35 ` [patch 84/87] virtio-mem: disallow mapping virtio-mem memory via /dev/mem Andrew Morton
2021-11-09 2:35 ` [patch 85/87] selftests/kselftest/runner/run_one(): allow running non-executable files Andrew Morton
2021-11-09 2:35 ` Andrew Morton [this message]
2021-11-09 2:36 ` [patch 87/87] ipc/ipc_sysctl.c: remove fallback for !CONFIG_PROC_SYSCTL Andrew Morton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211109023559.ZBeL3oWWO%akpm@linux-foundation.org \
--to=akpm@linux-foundation.org \
--cc=dbueso@suse.de \
--cc=ebiederm@xmission.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=manfred@colorfullife.com \
--cc=mclapinski@google.com \
--cc=mm-commits@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).