From: Serge Hallyn <serge-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org>
To: akpm-3NddpPZAyC0@public.gmane.org,
segooon-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org,
dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org
Subject: [PATCH 03/15] keyctl: check capabilities against key's user_ns
Date: Fri, 2 Sep 2011 19:56:28 +0000 [thread overview]
Message-ID: <1314993400-6910-6-git-send-email-serge@hallyn.com> (raw)
In-Reply-To: <1314993400-6910-1-git-send-email-serge-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org>
From: "Serge E. Hallyn" <serge.hallyn-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org>
ATM, task should only be able to get his own user_ns's keys
anyway, so nsown_capable should also work, but there is no
advantage to doing that, while using key's user_ns is clearer.
changelog: jun 6:
compile fix: keyctl.c (key_user, not key has user_ns)
Signed-off-by: Serge E. Hallyn <serge.hallyn-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org>
Acked-by: David Howells <dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
Cc: Eric W. Biederman <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
---
security/keys/keyctl.c | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index eca5191..fa7d420 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -745,7 +745,7 @@ long keyctl_chown_key(key_serial_t id, uid_t uid, gid_t gid)
ret = -EACCES;
down_write(&key->sem);
- if (!capable(CAP_SYS_ADMIN)) {
+ if (!ns_capable(key->user->user_ns, CAP_SYS_ADMIN)) {
/* only the sysadmin can chown a key to some other UID */
if (uid != (uid_t) -1 && key->uid != uid)
goto error_put;
@@ -852,7 +852,8 @@ long keyctl_setperm_key(key_serial_t id, key_perm_t perm)
down_write(&key->sem);
/* if we're not the sysadmin, we can only change a key that we own */
- if (capable(CAP_SYS_ADMIN) || key->uid == current_fsuid()) {
+ if (ns_capable(key->user->user_ns, CAP_SYS_ADMIN) ||
+ key->uid == current_fsuid()) {
key->perm = perm;
ret = 0;
}
--
1.7.5.4
WARNING: multiple messages have this Message-ID (diff)
From: Serge Hallyn <serge@hallyn.com>
To: akpm@osdl.org, segooon@gmail.com, linux-kernel@vger.kernel.org,
netdev@vger.kernel.org, containers@lists.linux-foundation.org,
dhowells@redhat.com, ebiederm@xmission.com, rdunlap@xenotime.net
Cc: "Serge E. Hallyn" <serge.hallyn@canonical.com>
Subject: [PATCH 03/15] keyctl: check capabilities against key's user_ns
Date: Fri, 2 Sep 2011 19:56:28 +0000 [thread overview]
Message-ID: <1314993400-6910-6-git-send-email-serge@hallyn.com> (raw)
In-Reply-To: <1314993400-6910-1-git-send-email-serge@hallyn.com>
From: "Serge E. Hallyn" <serge.hallyn@canonical.com>
ATM, task should only be able to get his own user_ns's keys
anyway, so nsown_capable should also work, but there is no
advantage to doing that, while using key's user_ns is clearer.
changelog: jun 6:
compile fix: keyctl.c (key_user, not key has user_ns)
Signed-off-by: Serge E. Hallyn <serge.hallyn@canonical.com>
Acked-by: David Howells <dhowells@redhat.com>
Cc: Eric W. Biederman <ebiederm@xmission.com>
---
security/keys/keyctl.c | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index eca5191..fa7d420 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -745,7 +745,7 @@ long keyctl_chown_key(key_serial_t id, uid_t uid, gid_t gid)
ret = -EACCES;
down_write(&key->sem);
- if (!capable(CAP_SYS_ADMIN)) {
+ if (!ns_capable(key->user->user_ns, CAP_SYS_ADMIN)) {
/* only the sysadmin can chown a key to some other UID */
if (uid != (uid_t) -1 && key->uid != uid)
goto error_put;
@@ -852,7 +852,8 @@ long keyctl_setperm_key(key_serial_t id, key_perm_t perm)
down_write(&key->sem);
/* if we're not the sysadmin, we can only change a key that we own */
- if (capable(CAP_SYS_ADMIN) || key->uid == current_fsuid()) {
+ if (ns_capable(key->user->user_ns, CAP_SYS_ADMIN) ||
+ key->uid == current_fsuid()) {
key->perm = perm;
ret = 0;
}
--
1.7.5.4
WARNING: multiple messages have this Message-ID (diff)
From: Serge Hallyn <serge-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org>
To: akpm-3NddpPZAyC0@public.gmane.org,
segooon-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org,
dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org,
Subject: [PATCH 03/15] keyctl: check capabilities against key's user_ns
Date: Fri, 2 Sep 2011 19:56:28 +0000 [thread overview]
Message-ID: <1314993400-6910-6-git-send-email-serge@hallyn.com> (raw)
In-Reply-To: <1314993400-6910-1-git-send-email-serge-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org>
From: "Serge E. Hallyn" <serge.hallyn-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org>
ATM, task should only be able to get his own user_ns's keys
anyway, so nsown_capable should also work, but there is no
advantage to doing that, while using key's user_ns is clearer.
changelog: jun 6:
compile fix: keyctl.c (key_user, not key has user_ns)
Signed-off-by: Serge E. Hallyn <serge.hallyn-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org>
Acked-by: David Howells <dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
Cc: Eric W. Biederman <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
---
security/keys/keyctl.c | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index eca5191..fa7d420 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -745,7 +745,7 @@ long keyctl_chown_key(key_serial_t id, uid_t uid, gid_t gid)
ret = -EACCES;
down_write(&key->sem);
- if (!capable(CAP_SYS_ADMIN)) {
+ if (!ns_capable(key->user->user_ns, CAP_SYS_ADMIN)) {
/* only the sysadmin can chown a key to some other UID */
if (uid != (uid_t) -1 && key->uid != uid)
goto error_put;
@@ -852,7 +852,8 @@ long keyctl_setperm_key(key_serial_t id, key_perm_t perm)
down_write(&key->sem);
/* if we're not the sysadmin, we can only change a key that we own */
- if (capable(CAP_SYS_ADMIN) || key->uid == current_fsuid()) {
+ if (ns_capable(key->user->user_ns, CAP_SYS_ADMIN) ||
+ key->uid == current_fsuid()) {
key->perm = perm;
ret = 0;
}
--
1.7.5.4
next prev parent reply other threads:[~2011-09-02 19:56 UTC|newest]
Thread overview: 69+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-09-02 19:56 user namespaces v3: continue targetting capabilities Serge Hallyn
2011-09-02 19:56 ` Serge Hallyn
2011-09-02 19:56 ` (unknown), Serge Hallyn
2011-09-02 19:56 ` Serge Hallyn
[not found] ` <1314993400-6910-3-git-send-email-serge-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org>
2011-09-02 23:49 ` missing [PATCH 01/15] Eric W. Biederman
2011-09-02 23:49 ` Eric W. Biederman
[not found] ` <m11uvyld2d.fsf_-_-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2011-09-03 1:09 ` Serge E. Hallyn
2011-09-03 1:09 ` Serge E. Hallyn
2011-09-02 19:56 ` [PATCH 01/15] add Documentation/namespaces/user_namespace.txt (v3) Serge Hallyn
2011-09-07 22:50 ` Andrew Morton
[not found] ` <20110907155024.42e3fe27.akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>
2011-09-09 13:10 ` Serge E. Hallyn
2011-09-09 13:10 ` Serge E. Hallyn
[not found] ` <1314993400-6910-4-git-send-email-serge-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org>
2011-09-07 22:50 ` Andrew Morton
2011-09-26 19:17 ` Vasiliy Kulikov
2011-09-26 19:17 ` [kernel-hardening] " Vasiliy Kulikov
2011-09-27 13:21 ` Serge E. Hallyn
2011-09-27 13:21 ` [kernel-hardening] " Serge E. Hallyn
2011-09-27 15:56 ` Vasiliy Kulikov
2011-09-27 15:56 ` [kernel-hardening] " Vasiliy Kulikov
2011-10-01 17:00 ` Serge E. Hallyn
2011-10-01 17:00 ` [kernel-hardening] " Serge E. Hallyn
2011-10-03 1:46 ` Eric W. Biederman
2011-10-03 1:46 ` [kernel-hardening] " Eric W. Biederman
2011-10-03 19:53 ` Eric W. Biederman
2011-10-03 19:53 ` [kernel-hardening] " Eric W. Biederman
2011-10-03 20:04 ` Serge E. Hallyn
2011-10-03 20:04 ` [kernel-hardening] " Serge E. Hallyn
2011-09-02 19:56 ` [PATCH 07/15] user namespace: use net->user_ns for some capable calls under net/ Serge Hallyn
2011-09-02 19:56 ` [PATCH 08/15] af_netlink.c: make netlink_capable userns-aware Serge Hallyn
[not found] ` <1314993400-6910-1-git-send-email-serge-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org>
2011-09-02 19:56 ` (unknown), Serge Hallyn
2011-09-02 19:56 ` [PATCH 01/15] add Documentation/namespaces/user_namespace.txt (v3) Serge Hallyn
2011-09-02 19:56 ` [PATCH 02/15] user ns: setns: move capable checks into per-ns attach helper Serge Hallyn
2011-09-02 19:56 ` Serge Hallyn
2011-09-02 19:56 ` Serge Hallyn
2011-09-04 1:51 ` Matt Helsley
[not found] ` <20110904015140.GB32295-52DBMbEzqgQ/wnmkkaCWp/UQ3DHhIser@public.gmane.org>
2011-09-09 14:56 ` Serge E. Hallyn
2011-09-09 14:56 ` Serge E. Hallyn
[not found] ` <1314993400-6910-5-git-send-email-serge-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org>
2011-09-04 1:51 ` Matt Helsley
2011-09-02 19:56 ` Serge Hallyn [this message]
2011-09-02 19:56 ` [PATCH 03/15] keyctl: check capabilities against key's user_ns Serge Hallyn
2011-09-02 19:56 ` Serge Hallyn
2011-09-02 19:56 ` [PATCH 04/15] user_ns: convert fs/attr.c to targeted capabilities Serge Hallyn
2011-09-02 19:56 ` Serge Hallyn
2011-09-02 19:56 ` Serge Hallyn
2011-09-02 19:56 ` [PATCH 05/15] userns: clamp down users of cap_raised Serge Hallyn
2011-09-02 19:56 ` Serge Hallyn
2011-09-02 19:56 ` Serge Hallyn
2011-09-02 19:56 ` [PATCH 06/15] user namespace: make each net (net_ns) belong to a user_ns Serge Hallyn
2011-09-02 19:56 ` Serge Hallyn
2011-09-02 19:56 ` Serge Hallyn
2011-09-02 19:56 ` [PATCH 07/15] user namespace: use net->user_ns for some capable calls under net/ Serge Hallyn
2011-09-02 19:56 ` [PATCH 08/15] af_netlink.c: make netlink_capable userns-aware Serge Hallyn
2011-09-02 19:56 ` [PATCH 09/15] user ns: convert ipv6 to targeted capabilities Serge Hallyn
2011-09-02 19:56 ` [PATCH 10/15] net/core/scm.c: target capable() calls to user_ns owning the net_ns Serge Hallyn
2011-09-02 19:56 ` [PATCH 11/15] userns: make some net-sysfs capable calls targeted Serge Hallyn
2011-09-02 19:56 ` Serge Hallyn
2011-09-02 19:56 ` Serge Hallyn
2011-09-02 19:56 ` [PATCH 12/15] user_ns: target af_key capability check Serge Hallyn
2011-09-02 19:56 ` Serge Hallyn
2011-09-02 19:56 ` Serge Hallyn
2011-09-02 19:56 ` [PATCH 13/15] userns: net: make many network capable calls targeted Serge Hallyn
2011-09-02 19:56 ` [PATCH 14/15] net: pass user_ns to cap_netlink_recv() Serge Hallyn
2011-09-02 19:56 ` [PATCH 15/15] make kernel/signal.c user ns safe (v2) Serge Hallyn
2011-09-02 19:56 ` [PATCH 09/15] user ns: convert ipv6 to targeted capabilities Serge Hallyn
2011-09-02 19:56 ` [PATCH 10/15] net/core/scm.c: target capable() calls to user_ns owning the net_ns Serge Hallyn
2011-09-02 19:56 ` [PATCH 13/15] userns: net: make many network capable calls targeted Serge Hallyn
2011-09-02 19:56 ` [PATCH 14/15] net: pass user_ns to cap_netlink_recv() Serge Hallyn
2011-09-02 19:56 ` [PATCH 15/15] make kernel/signal.c user ns safe (v2) Serge Hallyn
2011-09-13 14:43 ` user namespaces v3: continue targetting capabilities Serge E. Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1314993400-6910-6-git-send-email-serge@hallyn.com \
--to=serge-a9i7lubdfnhqt0dzr+alfa@public.gmane.org \
--cc=akpm-3NddpPZAyC0@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=segooon-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.