From: "Eric W. Biederman" <ebiederm@xmission.com>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: <linux-kernel@vger.kernel.org> ,
Alexey Gladkov <legion@kernel.org> ,
Linux Containers <containers@lists.linux.dev>
Subject: [GIT PULL] ipc: per namespace ipc sysctl changes for v5.19
Date: Fri, 03 Jun 2022 12:21:46 -0500 [thread overview]
Message-ID: <875ylh8xxx.fsf@email.froward.int.ebiederm.org> (raw)
Linus,
Please pull the per-namespace-ipc-sysctls-for-v5.19 tag from the git tree:
git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git per-namespace-ipc-sysctls-for-v5.19
HEAD: 38cd5b12b7854941ede1954cf5a2393eb94b5d37 ipc: Remove extra braces
These changes update the ipc sysctls so that they are fundamentally
per ipc namespace. Previously these sysctls depended upon a hack to
simulate being per ipc namespace by looking up the ipc namespace in
read or write. With this set of changes the ipc sysctls are
registered per ipc namespace and open looks up the ipc namespace.
Not only does this series of changes ensure the traditional binding at
open time happens, but it sets a foundation for being able to relax the
permission checks to allow a user namspace root to change the ipc sysctls
for an ipc namespace that the user namespace root requires. To do this
requires the ipc namespace to be known at open time.
These changes were sent for v5.18[1] but were dropped because some
additional cleanups were requested. Linus has given his nod[2] to the
cleanups so I hope enough cleanups are present this time.
[1] https://lkml.kernel.org/r/877d8kfmdp.fsf@email.froward.int.ebiederm.org
[2] https://lkml.kernel.org/r/CAHk-=whi2SzU4XT_FsdTCAuK2qtYmH+-hwi1cbSdG8zu0KXL=g@mail.gmail.com
Alexey Gladkov (6):
ipc: Store mqueue sysctls in the ipc namespace
ipc: Store ipc sysctls in the ipc namespace
ipc: Use the same namespace to modify and validate
ipc: Remove extra1 field abuse to pass ipc namespace
ipc: Check permissions for checkpoint_restart sysctls at open time
ipc: Remove extra braces
include/linux/ipc_namespace.h | 37 +++++++-
ipc/ipc_sysctl.c | 205 +++++++++++++++++++++++++-----------------
ipc/mq_sysctl.c | 121 +++++++++++++------------
ipc/mqueue.c | 10 +--
ipc/namespace.c | 10 +++
5 files changed, 238 insertions(+), 145 deletions(-)
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
p.s. My apologies for this coming in so late. Everyone in the house has
been sick.
next reply other threads:[~2022-06-03 18:11 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-03 17:21 Eric W. Biederman [this message]
2022-06-03 22:59 ` [GIT PULL] ipc: per namespace ipc sysctl changes for v5.19 Linus Torvalds
2022-06-05 22:11 ` Eric W. Biederman
2022-06-03 23:25 ` pr-tracker-bot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=875ylh8xxx.fsf@email.froward.int.ebiederm.org \
--to=ebiederm@xmission.com \
--cc=containers@lists.linux.dev \
--cc=legion@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).