From: Jann Horn <jannh@google.com>
To: Andrew Morton <akpm@linux-foundation.org>,
Kees Cook <keescook@chromium.org>,
Al Viro <viro@zeniv.linux.org.uk>,
Cyrill Gorcunov <gorcunov@openvz.org>,
Alexey Dobriyan <adobriyan@gmail.com>,
John Stultz <john.stultz@linaro.org>,
Janis Danisevskis <jdanis@google.com>,
Calvin Owens <calvinowens@fb.com>, Jann Horn <jann@thejh.net>,
Oleg Nesterov <oleg@redhat.com>, Christoph Lameter <cl@linux.com>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Andy Lutomirski <luto@kernel.org>,
linux-kernel@vger.kernel.org
Cc: Jann Horn <jannh@google.com>
Subject: [PATCH v2 1/2] namespaces: don't use from_k*id_munged() with init_user_ns
Date: Sat, 25 Jun 2016 02:23:29 +0200 [thread overview]
Message-ID: <1466814210-3778-1-git-send-email-jannh@google.com> (raw)
In-Reply-To: <CAG48ez3ELMSsWhe9X_uq_3M7TjJxq=SnAr09g72nTkCRQY008g@mail.gmail.com>
For init_user_ns, from_kuid_munged() and from_kgid_munged() are
guaranteed to be identical to from_kuid() and from_kgid(). In
preparation for another patch, change all usages of the _munged
variants that explicitly use init_user_ns to the non-munged ones.
This patch by itself should not have any effect.
Signed-off-by: Jann Horn <jannh@google.com>
---
arch/s390/hypfs/inode.c | 4 ++--
arch/x86/kernel/vm86_32.c | 2 +-
drivers/connector/cn_proc.c | 8 ++++----
fs/adfs/super.c | 4 ++--
fs/autofs4/inode.c | 4 ++--
fs/cifs/cifs_spnego.c | 4 ++--
fs/cifs/cifsfs.c | 8 ++++----
fs/debugfs/inode.c | 4 ++--
fs/devpts/inode.c | 4 ++--
fs/ext2/super.c | 4 ++--
fs/ext4/super.c | 4 ++--
fs/fat/inode.c | 4 ++--
fs/fuse/dev.c | 4 ++--
fs/fuse/inode.c | 4 ++--
fs/hfs/super.c | 4 ++--
fs/hfsplus/options.c | 4 ++--
fs/hpfs/super.c | 4 ++--
fs/ncpfs/inode.c | 6 +++---
fs/ntfs/inode.c | 4 ++--
fs/proc/inode.c | 2 +-
fs/quota/netlink.c | 2 +-
fs/tracefs/inode.c | 4 ++--
kernel/cred.c | 16 ++++++++--------
mm/shmem.c | 4 ++--
net/netfilter/nf_log_common.c | 4 ++--
net/netfilter/nfnetlink_queue.c | 4 ++--
net/netfilter/nft_meta.c | 4 ++--
27 files changed, 62 insertions(+), 62 deletions(-)
diff --git a/arch/s390/hypfs/inode.c b/arch/s390/hypfs/inode.c
index 255c7ee..df0e2f3 100644
--- a/arch/s390/hypfs/inode.c
+++ b/arch/s390/hypfs/inode.c
@@ -259,8 +259,8 @@ static int hypfs_show_options(struct seq_file *s, struct dentry *root)
{
struct hypfs_sb_info *hypfs_info = root->d_sb->s_fs_info;
- seq_printf(s, ",uid=%u", from_kuid_munged(&init_user_ns, hypfs_info->uid));
- seq_printf(s, ",gid=%u", from_kgid_munged(&init_user_ns, hypfs_info->gid));
+ seq_printf(s, ",uid=%u", from_kuid(&init_user_ns, hypfs_info->uid));
+ seq_printf(s, ",gid=%u", from_kgid(&init_user_ns, hypfs_info->gid));
return 0;
}
diff --git a/arch/x86/kernel/vm86_32.c b/arch/x86/kernel/vm86_32.c
index 3dce1ca..23d8541 100644
--- a/arch/x86/kernel/vm86_32.c
+++ b/arch/x86/kernel/vm86_32.c
@@ -259,7 +259,7 @@ static long do_sys_vm86(struct vm86plus_struct __user *user_vm86, bool plus)
*/
pr_info_once("Denied a call to vm86(old) from %s[%d] (uid: %d). Set the vm.mmap_min_addr sysctl to 0 and/or adjust LSM mmap_min_addr policy to enable vm86 if you are using a vm86-based DOS emulator.\n",
current->comm, task_pid_nr(current),
- from_kuid_munged(&init_user_ns, current_uid()));
+ from_kuid(&init_user_ns, current_uid()));
return -EPERM;
}
diff --git a/drivers/connector/cn_proc.c b/drivers/connector/cn_proc.c
index 15d06fc..89c3b6f 100644
--- a/drivers/connector/cn_proc.c
+++ b/drivers/connector/cn_proc.c
@@ -140,11 +140,11 @@ void proc_id_connector(struct task_struct *task, int which_id)
rcu_read_lock();
cred = __task_cred(task);
if (which_id == PROC_EVENT_UID) {
- ev->event_data.id.r.ruid = from_kuid_munged(&init_user_ns, cred->uid);
- ev->event_data.id.e.euid = from_kuid_munged(&init_user_ns, cred->euid);
+ ev->event_data.id.r.ruid = from_kuid(&init_user_ns, cred->uid);
+ ev->event_data.id.e.euid = from_kuid(&init_user_ns, cred->euid);
} else if (which_id == PROC_EVENT_GID) {
- ev->event_data.id.r.rgid = from_kgid_munged(&init_user_ns, cred->gid);
- ev->event_data.id.e.egid = from_kgid_munged(&init_user_ns, cred->egid);
+ ev->event_data.id.r.rgid = from_kgid(&init_user_ns, cred->gid);
+ ev->event_data.id.e.egid = from_kgid(&init_user_ns, cred->egid);
} else {
rcu_read_unlock();
return;
diff --git a/fs/adfs/super.c b/fs/adfs/super.c
index c9fdfb1..48b9195 100644
--- a/fs/adfs/super.c
+++ b/fs/adfs/super.c
@@ -131,9 +131,9 @@ static int adfs_show_options(struct seq_file *seq, struct dentry *root)
struct adfs_sb_info *asb = ADFS_SB(root->d_sb);
if (!uid_eq(asb->s_uid, GLOBAL_ROOT_UID))
- seq_printf(seq, ",uid=%u", from_kuid_munged(&init_user_ns, asb->s_uid));
+ seq_printf(seq, ",uid=%u", from_kuid(&init_user_ns, asb->s_uid));
if (!gid_eq(asb->s_gid, GLOBAL_ROOT_GID))
- seq_printf(seq, ",gid=%u", from_kgid_munged(&init_user_ns, asb->s_gid));
+ seq_printf(seq, ",gid=%u", from_kgid(&init_user_ns, asb->s_gid));
if (asb->s_owner_mask != ADFS_DEFAULT_OWNER_MASK)
seq_printf(seq, ",ownmask=%o", asb->s_owner_mask);
if (asb->s_other_mask != ADFS_DEFAULT_OTHER_MASK)
diff --git a/fs/autofs4/inode.c b/fs/autofs4/inode.c
index 61b2105..85a306f 100644
--- a/fs/autofs4/inode.c
+++ b/fs/autofs4/inode.c
@@ -77,10 +77,10 @@ static int autofs4_show_options(struct seq_file *m, struct dentry *root)
seq_printf(m, ",fd=%d", sbi->pipefd);
if (!uid_eq(root_inode->i_uid, GLOBAL_ROOT_UID))
seq_printf(m, ",uid=%u",
- from_kuid_munged(&init_user_ns, root_inode->i_uid));
+ from_kuid(&init_user_ns, root_inode->i_uid));
if (!gid_eq(root_inode->i_gid, GLOBAL_ROOT_GID))
seq_printf(m, ",gid=%u",
- from_kgid_munged(&init_user_ns, root_inode->i_gid));
+ from_kgid(&init_user_ns, root_inode->i_gid));
seq_printf(m, ",pgrp=%d", pid_vnr(sbi->oz_pgrp));
seq_printf(m, ",timeout=%lu", sbi->exp_timeout/HZ);
seq_printf(m, ",minproto=%d", sbi->min_proto);
diff --git a/fs/cifs/cifs_spnego.c b/fs/cifs/cifs_spnego.c
index b611fc2..3784b8f 100644
--- a/fs/cifs/cifs_spnego.c
+++ b/fs/cifs/cifs_spnego.c
@@ -152,11 +152,11 @@ cifs_get_spnego_key(struct cifs_ses *sesInfo)
dp = description + strlen(description);
sprintf(dp, ";uid=0x%x",
- from_kuid_munged(&init_user_ns, sesInfo->linux_uid));
+ from_kuid(&init_user_ns, sesInfo->linux_uid));
dp = description + strlen(description);
sprintf(dp, ";creduid=0x%x",
- from_kuid_munged(&init_user_ns, sesInfo->cred_uid));
+ from_kuid(&init_user_ns, sesInfo->cred_uid));
if (sesInfo->user_name) {
dp = description + strlen(description);
diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c
index 5d8b7ed..36af22a 100644
--- a/fs/cifs/cifsfs.c
+++ b/fs/cifs/cifsfs.c
@@ -428,14 +428,14 @@ cifs_show_options(struct seq_file *s, struct dentry *root)
}
seq_printf(s, ",uid=%u",
- from_kuid_munged(&init_user_ns, cifs_sb->mnt_uid));
+ from_kuid(&init_user_ns, cifs_sb->mnt_uid));
if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_OVERR_UID)
seq_puts(s, ",forceuid");
else
seq_puts(s, ",noforceuid");
seq_printf(s, ",gid=%u",
- from_kgid_munged(&init_user_ns, cifs_sb->mnt_gid));
+ from_kgid(&init_user_ns, cifs_sb->mnt_gid));
if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_OVERR_GID)
seq_puts(s, ",forcegid");
else
@@ -500,11 +500,11 @@ cifs_show_options(struct seq_file *s, struct dentry *root)
seq_puts(s, ",noperm");
if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_CIFS_BACKUPUID)
seq_printf(s, ",backupuid=%u",
- from_kuid_munged(&init_user_ns,
+ from_kuid(&init_user_ns,
cifs_sb->mnt_backupuid));
if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_CIFS_BACKUPGID)
seq_printf(s, ",backupgid=%u",
- from_kgid_munged(&init_user_ns,
+ from_kgid(&init_user_ns,
cifs_sb->mnt_backupgid));
seq_printf(s, ",rsize=%u", cifs_sb->rsize);
diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c
index 4bc1f68..ff4cffe 100644
--- a/fs/debugfs/inode.c
+++ b/fs/debugfs/inode.c
@@ -160,10 +160,10 @@ static int debugfs_show_options(struct seq_file *m, struct dentry *root)
if (!uid_eq(opts->uid, GLOBAL_ROOT_UID))
seq_printf(m, ",uid=%u",
- from_kuid_munged(&init_user_ns, opts->uid));
+ from_kuid(&init_user_ns, opts->uid));
if (!gid_eq(opts->gid, GLOBAL_ROOT_GID))
seq_printf(m, ",gid=%u",
- from_kgid_munged(&init_user_ns, opts->gid));
+ from_kgid(&init_user_ns, opts->gid));
if (opts->mode != DEBUGFS_DEFAULT_MODE)
seq_printf(m, ",mode=%o", opts->mode);
diff --git a/fs/devpts/inode.c b/fs/devpts/inode.c
index 37c134a..2809cb9 100644
--- a/fs/devpts/inode.c
+++ b/fs/devpts/inode.c
@@ -357,10 +357,10 @@ static int devpts_show_options(struct seq_file *seq, struct dentry *root)
if (opts->setuid)
seq_printf(seq, ",uid=%u",
- from_kuid_munged(&init_user_ns, opts->uid));
+ from_kuid(&init_user_ns, opts->uid));
if (opts->setgid)
seq_printf(seq, ",gid=%u",
- from_kgid_munged(&init_user_ns, opts->gid));
+ from_kgid(&init_user_ns, opts->gid));
seq_printf(seq, ",mode=%03o", opts->mode);
seq_printf(seq, ",ptmxmode=%03o", opts->ptmxmode);
if (opts->max < NR_UNIX98_PTY_MAX)
diff --git a/fs/ext2/super.c b/fs/ext2/super.c
index 1d93795..0d66d5d 100644
--- a/fs/ext2/super.c
+++ b/fs/ext2/super.c
@@ -244,12 +244,12 @@ static int ext2_show_options(struct seq_file *seq, struct dentry *root)
if (!uid_eq(sbi->s_resuid, make_kuid(&init_user_ns, EXT2_DEF_RESUID)) ||
le16_to_cpu(es->s_def_resuid) != EXT2_DEF_RESUID) {
seq_printf(seq, ",resuid=%u",
- from_kuid_munged(&init_user_ns, sbi->s_resuid));
+ from_kuid(&init_user_ns, sbi->s_resuid));
}
if (!gid_eq(sbi->s_resgid, make_kgid(&init_user_ns, EXT2_DEF_RESGID)) ||
le16_to_cpu(es->s_def_resgid) != EXT2_DEF_RESGID) {
seq_printf(seq, ",resgid=%u",
- from_kgid_munged(&init_user_ns, sbi->s_resgid));
+ from_kgid(&init_user_ns, sbi->s_resgid));
}
if (test_opt(sb, ERRORS_RO)) {
int def_errors = le16_to_cpu(es->s_errors);
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index 3822a5a..4c5664b 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -1879,11 +1879,11 @@ static int _ext4_show_options(struct seq_file *seq, struct super_block *sb,
if (nodefs || !uid_eq(sbi->s_resuid, make_kuid(&init_user_ns, EXT4_DEF_RESUID)) ||
le16_to_cpu(es->s_def_resuid) != EXT4_DEF_RESUID)
SEQ_OPTS_PRINT("resuid=%u",
- from_kuid_munged(&init_user_ns, sbi->s_resuid));
+ from_kuid(&init_user_ns, sbi->s_resuid));
if (nodefs || !gid_eq(sbi->s_resgid, make_kgid(&init_user_ns, EXT4_DEF_RESGID)) ||
le16_to_cpu(es->s_def_resgid) != EXT4_DEF_RESGID)
SEQ_OPTS_PRINT("resgid=%u",
- from_kgid_munged(&init_user_ns, sbi->s_resgid));
+ from_kgid(&init_user_ns, sbi->s_resgid));
def_errors = nodefs ? -1 : le16_to_cpu(es->s_errors);
if (test_opt(sb, ERRORS_RO) && def_errors != EXT4_ERRORS_RO)
SEQ_OPTS_PUTS("errors=remount-ro");
diff --git a/fs/fat/inode.c b/fs/fat/inode.c
index 3bcf579..e56472e 100644
--- a/fs/fat/inode.c
+++ b/fs/fat/inode.c
@@ -923,10 +923,10 @@ static int fat_show_options(struct seq_file *m, struct dentry *root)
if (!uid_eq(opts->fs_uid, GLOBAL_ROOT_UID))
seq_printf(m, ",uid=%u",
- from_kuid_munged(&init_user_ns, opts->fs_uid));
+ from_kuid(&init_user_ns, opts->fs_uid));
if (!gid_eq(opts->fs_gid, GLOBAL_ROOT_GID))
seq_printf(m, ",gid=%u",
- from_kgid_munged(&init_user_ns, opts->fs_gid));
+ from_kgid(&init_user_ns, opts->fs_gid));
seq_printf(m, ",fmask=%04o", opts->fs_fmask);
seq_printf(m, ",dmask=%04o", opts->fs_dmask);
if (opts->allow_utime)
diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c
index cbece12..811c96c 100644
--- a/fs/fuse/dev.c
+++ b/fs/fuse/dev.c
@@ -126,8 +126,8 @@ static void __fuse_put_request(struct fuse_req *req)
static void fuse_req_init_context(struct fuse_req *req)
{
- req->in.h.uid = from_kuid_munged(&init_user_ns, current_fsuid());
- req->in.h.gid = from_kgid_munged(&init_user_ns, current_fsgid());
+ req->in.h.uid = from_kuid(&init_user_ns, current_fsuid());
+ req->in.h.gid = from_kgid(&init_user_ns, current_fsgid());
req->in.h.pid = current->pid;
}
diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
index 1ce6766..fb5b216 100644
--- a/fs/fuse/inode.c
+++ b/fs/fuse/inode.c
@@ -554,8 +554,8 @@ static int fuse_show_options(struct seq_file *m, struct dentry *root)
struct super_block *sb = root->d_sb;
struct fuse_conn *fc = get_fuse_conn_super(sb);
- seq_printf(m, ",user_id=%u", from_kuid_munged(&init_user_ns, fc->user_id));
- seq_printf(m, ",group_id=%u", from_kgid_munged(&init_user_ns, fc->group_id));
+ seq_printf(m, ",user_id=%u", from_kuid(&init_user_ns, fc->user_id));
+ seq_printf(m, ",group_id=%u", from_kgid(&init_user_ns, fc->group_id));
if (fc->flags & FUSE_DEFAULT_PERMISSIONS)
seq_puts(m, ",default_permissions");
if (fc->flags & FUSE_ALLOW_OTHER)
diff --git a/fs/hfs/super.c b/fs/hfs/super.c
index 1ca95c2..30c952a 100644
--- a/fs/hfs/super.c
+++ b/fs/hfs/super.c
@@ -140,8 +140,8 @@ static int hfs_show_options(struct seq_file *seq, struct dentry *root)
if (sbi->s_type != cpu_to_be32(0x3f3f3f3f))
seq_show_option_n(seq, "type", (char *)&sbi->s_type, 4);
seq_printf(seq, ",uid=%u,gid=%u",
- from_kuid_munged(&init_user_ns, sbi->s_uid),
- from_kgid_munged(&init_user_ns, sbi->s_gid));
+ from_kuid(&init_user_ns, sbi->s_uid),
+ from_kgid(&init_user_ns, sbi->s_gid));
if (sbi->s_file_umask != 0133)
seq_printf(seq, ",file_umask=%o", sbi->s_file_umask);
if (sbi->s_dir_umask != 0022)
diff --git a/fs/hfsplus/options.c b/fs/hfsplus/options.c
index bb806e5..6897f9f 100644
--- a/fs/hfsplus/options.c
+++ b/fs/hfsplus/options.c
@@ -222,8 +222,8 @@ int hfsplus_show_options(struct seq_file *seq, struct dentry *root)
if (sbi->type != HFSPLUS_DEF_CR_TYPE)
seq_show_option_n(seq, "type", (char *)&sbi->type, 4);
seq_printf(seq, ",umask=%o,uid=%u,gid=%u", sbi->umask,
- from_kuid_munged(&init_user_ns, sbi->uid),
- from_kgid_munged(&init_user_ns, sbi->gid));
+ from_kuid(&init_user_ns, sbi->uid),
+ from_kgid(&init_user_ns, sbi->gid));
if (sbi->part >= 0)
seq_printf(seq, ",part=%u", sbi->part);
if (sbi->session >= 0)
diff --git a/fs/hpfs/super.c b/fs/hpfs/super.c
index 82067ca..98d632b 100644
--- a/fs/hpfs/super.c
+++ b/fs/hpfs/super.c
@@ -502,8 +502,8 @@ static int hpfs_show_options(struct seq_file *seq, struct dentry *root)
{
struct hpfs_sb_info *sbi = hpfs_sb(root->d_sb);
- seq_printf(seq, ",uid=%u", from_kuid_munged(&init_user_ns, sbi->sb_uid));
- seq_printf(seq, ",gid=%u", from_kgid_munged(&init_user_ns, sbi->sb_gid));
+ seq_printf(seq, ",uid=%u", from_kuid(&init_user_ns, sbi->sb_uid));
+ seq_printf(seq, ",gid=%u", from_kgid(&init_user_ns, sbi->sb_gid));
seq_printf(seq, ",umask=%03o", (~sbi->sb_mode & 0777));
if (sbi->sb_lowercase)
seq_printf(seq, ",case=lower");
diff --git a/fs/ncpfs/inode.c b/fs/ncpfs/inode.c
index 1af15fc..43770d3 100644
--- a/fs/ncpfs/inode.c
+++ b/fs/ncpfs/inode.c
@@ -334,13 +334,13 @@ static int ncp_show_options(struct seq_file *seq, struct dentry *root)
if (!uid_eq(server->m.uid, GLOBAL_ROOT_UID))
seq_printf(seq, ",uid=%u",
- from_kuid_munged(&init_user_ns, server->m.uid));
+ from_kuid(&init_user_ns, server->m.uid));
if (!gid_eq(server->m.gid, GLOBAL_ROOT_GID))
seq_printf(seq, ",gid=%u",
- from_kgid_munged(&init_user_ns, server->m.gid));
+ from_kgid(&init_user_ns, server->m.gid));
if (!uid_eq(server->m.mounted_uid, GLOBAL_ROOT_UID))
seq_printf(seq, ",owner=%u",
- from_kuid_munged(&init_user_ns, server->m.mounted_uid));
+ from_kuid(&init_user_ns, server->m.mounted_uid));
tmp = server->m.file_mode & S_IALLUGO;
if (tmp != NCP_DEFAULT_FILE_MODE)
seq_printf(seq, ",mode=0%o", tmp);
diff --git a/fs/ntfs/inode.c b/fs/ntfs/inode.c
index f40972d..dc9dd5d 100644
--- a/fs/ntfs/inode.c
+++ b/fs/ntfs/inode.c
@@ -2314,8 +2314,8 @@ int ntfs_show_options(struct seq_file *sf, struct dentry *root)
ntfs_volume *vol = NTFS_SB(root->d_sb);
int i;
- seq_printf(sf, ",uid=%i", from_kuid_munged(&init_user_ns, vol->uid));
- seq_printf(sf, ",gid=%i", from_kgid_munged(&init_user_ns, vol->gid));
+ seq_printf(sf, ",uid=%i", from_kuid(&init_user_ns, vol->uid));
+ seq_printf(sf, ",gid=%i", from_kgid(&init_user_ns, vol->gid));
if (vol->fmask == vol->dmask)
seq_printf(sf, ",umask=0%o", vol->fmask);
else {
diff --git a/fs/proc/inode.c b/fs/proc/inode.c
index 42305dd..4cba964 100644
--- a/fs/proc/inode.c
+++ b/fs/proc/inode.c
@@ -106,7 +106,7 @@ static int proc_show_options(struct seq_file *seq, struct dentry *root)
struct pid_namespace *pid = sb->s_fs_info;
if (!gid_eq(pid->pid_gid, GLOBAL_ROOT_GID))
- seq_printf(seq, ",gid=%u", from_kgid_munged(&init_user_ns, pid->pid_gid));
+ seq_printf(seq, ",gid=%u", from_kgid(&init_user_ns, pid->pid_gid));
if (pid->hide_pid != 0)
seq_printf(seq, ",hidepid=%u", pid->hide_pid);
diff --git a/fs/quota/netlink.c b/fs/quota/netlink.c
index 8b25267..042c799 100644
--- a/fs/quota/netlink.c
+++ b/fs/quota/netlink.c
@@ -83,7 +83,7 @@ void quota_send_warning(struct kqid qid, dev_t dev,
if (ret)
goto attr_err_out;
ret = nla_put_u64_64bit(skb, QUOTA_NL_A_CAUSED_ID,
- from_kuid_munged(&init_user_ns, current_uid()),
+ from_kuid(&init_user_ns, current_uid()),
QUOTA_NL_A_PAD);
if (ret)
goto attr_err_out;
diff --git a/fs/tracefs/inode.c b/fs/tracefs/inode.c
index 4a0e48f..74b6645 100644
--- a/fs/tracefs/inode.c
+++ b/fs/tracefs/inode.c
@@ -248,10 +248,10 @@ static int tracefs_show_options(struct seq_file *m, struct dentry *root)
if (!uid_eq(opts->uid, GLOBAL_ROOT_UID))
seq_printf(m, ",uid=%u",
- from_kuid_munged(&init_user_ns, opts->uid));
+ from_kuid(&init_user_ns, opts->uid));
if (!gid_eq(opts->gid, GLOBAL_ROOT_GID))
seq_printf(m, ",gid=%u",
- from_kgid_munged(&init_user_ns, opts->gid));
+ from_kgid(&init_user_ns, opts->gid));
if (opts->mode != TRACEFS_DEFAULT_MODE)
seq_printf(m, ",mode=%o", opts->mode);
diff --git a/kernel/cred.c b/kernel/cred.c
index 0c0cd8a..da39a3d 100644
--- a/kernel/cred.c
+++ b/kernel/cred.c
@@ -735,15 +735,15 @@ static void dump_invalid_creds(const struct cred *cred, const char *label,
atomic_read(&cred->usage),
read_cred_subscribers(cred));
printk(KERN_ERR "CRED: ->*uid = { %d,%d,%d,%d }\n",
- from_kuid_munged(&init_user_ns, cred->uid),
- from_kuid_munged(&init_user_ns, cred->euid),
- from_kuid_munged(&init_user_ns, cred->suid),
- from_kuid_munged(&init_user_ns, cred->fsuid));
+ from_kuid(&init_user_ns, cred->uid),
+ from_kuid(&init_user_ns, cred->euid),
+ from_kuid(&init_user_ns, cred->suid),
+ from_kuid(&init_user_ns, cred->fsuid));
printk(KERN_ERR "CRED: ->*gid = { %d,%d,%d,%d }\n",
- from_kgid_munged(&init_user_ns, cred->gid),
- from_kgid_munged(&init_user_ns, cred->egid),
- from_kgid_munged(&init_user_ns, cred->sgid),
- from_kgid_munged(&init_user_ns, cred->fsgid));
+ from_kgid(&init_user_ns, cred->gid),
+ from_kgid(&init_user_ns, cred->egid),
+ from_kgid(&init_user_ns, cred->sgid),
+ from_kgid(&init_user_ns, cred->fsgid));
#ifdef CONFIG_SECURITY
printk(KERN_ERR "CRED: ->security is %p\n", cred->security);
if ((unsigned long) cred->security >= PAGE_SIZE &&
diff --git a/mm/shmem.c b/mm/shmem.c
index a361449..144b3d7 100644
--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -2937,10 +2937,10 @@ static int shmem_show_options(struct seq_file *seq, struct dentry *root)
seq_printf(seq, ",mode=%03ho", sbinfo->mode);
if (!uid_eq(sbinfo->uid, GLOBAL_ROOT_UID))
seq_printf(seq, ",uid=%u",
- from_kuid_munged(&init_user_ns, sbinfo->uid));
+ from_kuid(&init_user_ns, sbinfo->uid));
if (!gid_eq(sbinfo->gid, GLOBAL_ROOT_GID))
seq_printf(seq, ",gid=%u",
- from_kgid_munged(&init_user_ns, sbinfo->gid));
+ from_kgid(&init_user_ns, sbinfo->gid));
shmem_show_mpol(seq, sbinfo->mpol);
return 0;
}
diff --git a/net/netfilter/nf_log_common.c b/net/netfilter/nf_log_common.c
index a5aa596..b115895 100644
--- a/net/netfilter/nf_log_common.c
+++ b/net/netfilter/nf_log_common.c
@@ -141,8 +141,8 @@ void nf_log_dump_sk_uid_gid(struct nf_log_buf *m, struct sock *sk)
if (sk->sk_socket && sk->sk_socket->file) {
const struct cred *cred = sk->sk_socket->file->f_cred;
nf_log_buf_add(m, "UID=%u GID=%u ",
- from_kuid_munged(&init_user_ns, cred->fsuid),
- from_kgid_munged(&init_user_ns, cred->fsgid));
+ from_kuid(&init_user_ns, cred->fsuid),
+ from_kgid(&init_user_ns, cred->fsgid));
}
read_unlock_bh(&sk->sk_callback_lock);
}
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
index 5d36a09..71e57bf 100644
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -264,10 +264,10 @@ static int nfqnl_put_sk_uidgid(struct sk_buff *skb, struct sock *sk)
if (sk->sk_socket && sk->sk_socket->file) {
cred = sk->sk_socket->file->f_cred;
if (nla_put_be32(skb, NFQA_UID,
- htonl(from_kuid_munged(&init_user_ns, cred->fsuid))))
+ htonl(from_kuid(&init_user_ns, cred->fsuid))))
goto nla_put_failure;
if (nla_put_be32(skb, NFQA_GID,
- htonl(from_kgid_munged(&init_user_ns, cred->fsgid))))
+ htonl(from_kgid(&init_user_ns, cred->fsgid))))
goto nla_put_failure;
}
read_unlock_bh(&sk->sk_callback_lock);
diff --git a/net/netfilter/nft_meta.c b/net/netfilter/nft_meta.c
index 16c50b0..fbdbb52 100644
--- a/net/netfilter/nft_meta.c
+++ b/net/netfilter/nft_meta.c
@@ -104,7 +104,7 @@ void nft_meta_get_eval(const struct nft_expr *expr,
goto err;
}
- *dest = from_kuid_munged(&init_user_ns,
+ *dest = from_kuid(&init_user_ns,
sk->sk_socket->file->f_cred->fsuid);
read_unlock_bh(&sk->sk_callback_lock);
break;
@@ -119,7 +119,7 @@ void nft_meta_get_eval(const struct nft_expr *expr,
read_unlock_bh(&sk->sk_callback_lock);
goto err;
}
- *dest = from_kgid_munged(&init_user_ns,
+ *dest = from_kgid(&init_user_ns,
sk->sk_socket->file->f_cred->fsgid);
read_unlock_bh(&sk->sk_callback_lock);
break;
--
2.8.0.rc3.226.g39d4020
next prev parent reply other threads:[~2016-06-25 0:24 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-23 11:11 [PATCH] namespaces: add transparent user namespaces Jann Horn
2016-06-23 18:50 ` Eric W. Biederman
2016-06-23 20:02 ` Jann Horn
2016-06-23 20:04 ` Eric W. Biederman
2016-06-25 0:23 ` Jann Horn [this message]
2016-06-25 0:23 ` [PATCH v2 2/2] " Jann Horn
2016-06-27 3:34 ` Michael Kerrisk
2016-06-27 3:34 ` Michael Kerrisk
[not found] ` <1466814210-3778-2-git-send-email-jannh-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2016-06-27 15:09 ` Eric W. Biederman
2016-06-27 15:09 ` Eric W. Biederman
2016-07-12 20:11 ` Mickaël Salaün
[not found] ` <57854EE5.1030707-WFhQfpSGs3bR7s880joybQ@public.gmane.org>
2016-07-12 22:32 ` Eric W. Biederman
2016-07-12 22:32 ` Eric W. Biederman
[not found] ` <87mvm6y8g9.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2016-07-12 20:11 ` Mickaël Salaün
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1466814210-3778-1-git-send-email-jannh@google.com \
--to=jannh@google.com \
--cc=adobriyan@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=calvinowens@fb.com \
--cc=cl@linux.com \
--cc=ebiederm@xmission.com \
--cc=gorcunov@openvz.org \
--cc=jann@thejh.net \
--cc=jdanis@google.com \
--cc=john.stultz@linaro.org \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=oleg@redhat.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.