From: ebiederm@xmission.com (Eric W. Biederman)
To: <linux-kernel@vger.kernel.org>
Cc: <netdev@vger.kernel.org>, <linux-fsdevel@vger.kernel.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
David Miller <davem@davemloft.net>
Subject: [REVIEW][PATCH 0/15] userns subsystem conversions
Date: Sat, 25 Aug 2012 16:54:59 -0700 [thread overview]
Message-ID: <87lih2h6i4.fsf@xmission.com> (raw)
This patchset updates all of the major linux subsystems that use uids
and gids to store them in kuid_t and kgid_t types.
This update allows some of the subsystems to work in all user namespaces
while other subsystems were updated to only work in the initial user
namespace.
kuid_t and kgid_t values have been pushed as deeply into the code as
possible to allow type checking to find as many problems as possible.
In a couple of cases this involved taking an implicit union stored in
an unsigned int and making it an explicit union.
This patchset is based on 3.6-rc1 and strictly against:
git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git for-next
My intention after these patches have been reviewed is to add them to my
non-rebasing for-next branch of my user namespace tree and to merge
these changes into 3.7.
I had hoped when I converted the core kernel that I would have removed
the interactions between subsystems and would be able to merge these
changes independently through maintainer trees in a timely fashion, but
there are just enough dependencies and interactions that the changes
really all need to be in one tree to make these changes testable/usable.
Once these changes hit my for-next branch I won't be rebasing them so
if a maintainer wants to merge them to avoid conflicts feel free.
The biggest cross subystem change this round is probably the change
to have audit_get_loginuid return a kuid_t, but it certainly isn't
the only cross subsystem change.
Eric W. Biederman (15):
userns: Enable building of pf_key sockets when user namespace support is enabled.
userns: Make credential debugging user namespace safe.
userns: Convert security/keys to the new userns infrastructure
userns: net: Call key_alloc with GLOBAL_ROOT_UID, GLOBAL_ROOT_GID instead of 0, 0
userns: Convert ipc to use kuid and kgid where appropriate
userns: Convert audit to use kuid and kgid where appropriate
userns: Convert taskstats to handle the user and pid namespaces.
userns: Convert bsd process accounting to use kuid and kgid where appropriate
userns: Convert process event connector to handle kuids and kgids
userns: Convert debugfs to use kuid/kgid where appropriate.
userns: Teach trace to use from_kuid
userns: Convert drm to use kuid and kgid and struct pid where appropriate
userns: Add basic quota support
userns: Convert vfs posix_acl support to use kuid and kgid where appripriate.
userns: Convert configfs to use kuid and kgid where appropriate
drivers/connector/cn_proc.c | 18 +++-
drivers/gpu/drm/drm_fops.c | 3 +-
drivers/gpu/drm/drm_info.c | 5 +-
drivers/gpu/drm/drm_ioctl.c | 4 +-
drivers/tty/tty_audit.c | 16 ++--
fs/9p/acl.c | 8 +-
fs/btrfs/acl.c | 8 +-
fs/configfs/inode.c | 4 +-
fs/debugfs/inode.c | 26 +++--
fs/ext2/acl.c | 32 ++++--
fs/ext3/acl.c | 32 ++++--
fs/ext4/acl.c | 31 ++++--
fs/generic_acl.c | 4 +-
fs/gfs2/acl.c | 14 ++--
fs/gfs2/quota.c | 44 +++++---
fs/jffs2/acl.c | 4 +-
fs/jfs/acl.c | 4 +-
fs/jfs/xattr.c | 4 +-
fs/nfs/nfs3acl.c | 4 +-
fs/nfsd/vfs.c | 8 +-
fs/ocfs2/acl.c | 4 +-
fs/ocfs2/file.c | 6 +-
fs/ocfs2/quota_global.c | 34 +++++--
fs/ocfs2/quota_local.c | 12 ++-
fs/posix_acl.c | 30 +++---
fs/proc/base.c | 12 ++-
fs/quota/dquot.c | 43 ++++----
fs/quota/netlink.c | 11 ++-
fs/quota/quota.c | 44 +++++---
fs/quota/quota_tree.c | 20 +++-
fs/quota/quota_v1.c | 8 +-
fs/quota/quota_v2.c | 14 ++-
drivers/connector/cn_proc.c | 18 +++-
drivers/gpu/drm/drm_fops.c | 3 +-
drivers/gpu/drm/drm_info.c | 5 +-
drivers/gpu/drm/drm_ioctl.c | 4 +-
drivers/tty/tty_audit.c | 16 ++--
fs/9p/acl.c | 8 +-
fs/btrfs/acl.c | 8 +-
fs/configfs/inode.c | 4 +-
fs/debugfs/inode.c | 26 +++--
fs/ext2/acl.c | 32 ++++--
fs/ext3/acl.c | 32 ++++--
fs/ext4/acl.c | 31 ++++--
fs/generic_acl.c | 4 +-
fs/gfs2/acl.c | 14 ++--
fs/gfs2/quota.c | 44 +++++---
fs/jffs2/acl.c | 4 +-
fs/jfs/acl.c | 4 +-
fs/jfs/xattr.c | 4 +-
fs/nfs/nfs3acl.c | 4 +-
fs/nfsd/vfs.c | 8 +-
fs/ocfs2/acl.c | 4 +-
fs/ocfs2/file.c | 6 +-
fs/ocfs2/quota_global.c | 34 +++++--
fs/ocfs2/quota_local.c | 12 ++-
fs/posix_acl.c | 30 +++---
fs/proc/base.c | 12 ++-
fs/quota/dquot.c | 43 ++++----
fs/quota/netlink.c | 11 ++-
fs/quota/quota.c | 44 +++++---
fs/quota/quota_tree.c | 20 +++-
fs/quota/quota_v1.c | 8 +-
fs/quota/quota_v2.c | 14 ++-
fs/reiserfs/xattr_acl.c | 4 +-
fs/xattr.c | 7 ++
fs/xattr_acl.c | 96 +++++++++++++++--
fs/xfs/xfs_acl.c | 4 +-
fs/xfs/xfs_quotaops.c | 18 ++--
fs/xfs/xfs_trans_dquot.c | 8 +-
include/drm/drmP.h | 4 +-
include/linux/audit.h | 12 ++-
include/linux/init_task.h | 2 +-
include/linux/ipc.h | 9 +-
include/linux/key.h | 9 +-
include/linux/posix_acl.h | 8 ++-
include/linux/posix_acl_xattr.h | 18 +++-
include/linux/quota.h | 91 +++++++++++++++-
include/linux/quotaops.h | 18 +++-
include/linux/sched.h | 2 +-
include/linux/tsacct_kern.h | 8 +-
include/linux/tty.h | 4 +-
include/net/netlabel.h | 2 +-
include/net/xfrm.h | 23 ++--
init/Kconfig | 18 ---
ipc/msg.c | 14 ++-
ipc/sem.c | 13 ++-
ipc/shm.c | 19 ++--
ipc/util.c | 35 ++++---
ipc/util.h | 2 +-
kernel/acct.c | 4 +-
kernel/audit.c | 42 +++++---
kernel/audit.h | 4 +-
kernel/audit_watch.c | 2 +-
kernel/auditfilter.c | 142 +++++++++++++++++++++----
kernel/auditsc.c | 214 +++++++++++++++++++------------------
kernel/cred.c | 10 ++-
kernel/taskstats.c | 23 +++-
kernel/trace/trace.c | 3 +-
kernel/trace/trace.h | 2 +-
kernel/tsacct.c | 12 ++-
net/core/dev.c | 2 +-
net/dns_resolver/dns_key.c | 3 +-
net/netlabel/netlabel_unlabeled.c | 2 +-
net/netlabel/netlabel_user.c | 2 +-
net/rxrpc/ar-key.c | 6 +-
net/xfrm/xfrm_policy.c | 8 +-
net/xfrm/xfrm_state.c | 6 +-
net/xfrm/xfrm_user.c | 12 +-
security/keys/internal.h | 6 +-
security/keys/key.c | 23 ++---
security/keys/keyctl.c | 50 +++++----
security/keys/keyring.c | 4 +-
security/keys/permission.c | 14 +--
security/keys/proc.c | 44 ++++----
security/keys/process_keys.c | 15 ++--
security/keys/request_key.c | 6 +-
85 files changed, 1056 insertions(+), 564 deletions(-)
next reply other threads:[~2012-08-25 23:55 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-08-25 23:54 Eric W. Biederman [this message]
2012-08-25 23:58 ` [REVIEW][PATCH 01/15] userns: Enable building of pf_key sockets when user namespace support is enabled Eric W. Biederman
2012-08-25 23:59 ` [REVIEW][PATCH 02/15] userns: Make credential debugging user namespace safe Eric W. Biederman
2012-08-25 23:59 ` [REVIEW][PATCH 03/15] userns: Convert security/keys to the new userns infrastructure Eric W. Biederman
2012-08-26 0:00 ` [REVIEW][PATCH 04/15] userns: net: Call key_alloc with GLOBAL_ROOT_UID, GLOBAL_ROOT_GID instead of 0, 0 Eric W. Biederman
2012-08-26 0:00 ` [REVIEW][PATCH 05/15] userns: Convert ipc to use kuid and kgid where appropriate Eric W. Biederman
2012-08-26 0:01 ` [REVIEW][PATCH 07/15] userns: Convert taskstats to handle the user and pid namespaces Eric W. Biederman
2012-08-26 0:02 ` [REVIEW][PATCH 09/15] userns: Convert process event connector to handle kuids and kgids Eric W. Biederman
2012-08-26 12:33 ` Evgeniy Polyakov
2012-08-26 13:43 ` Eric W. Biederman
2012-08-26 0:03 ` [REVIEW][PATCH 10/15] userns: Convert debugfs to use kuid/kgid where appropriate Eric W. Biederman
2012-09-05 21:09 ` Greg Kroah-Hartman
2012-08-26 0:04 ` [REVIEW][PATCH 11/15] userns: Teach trace to use from_kuid Eric W. Biederman
2012-08-26 0:18 ` Steven Rostedt
2012-08-26 0:28 ` Eric W. Biederman
2012-08-26 0:05 ` [REVIEW][PATCH 12/15] userns: Convert drm to use kuid and kgid and struct pid where appropriate Eric W. Biederman
2012-09-13 1:31 ` Dave Airlie
2012-09-13 2:14 ` Eric W. Biederman
2012-09-13 3:29 ` Dave Airlie
2012-08-26 0:07 ` [REVIEW][PATCH 15/15] userns: Convert configfs to use kuid and kgid " Eric W. Biederman
2012-08-26 13:00 ` [PATCH 06/15] userns: Convert audit " Eric W. Biederman
[not found] ` <9E0E8AAC-9548-4009-AE29-D368244D8EEA@dubeyko.com>
2012-08-26 14:25 ` [REVIEW][PATCH 0/15] userns subsystem conversions Eric W. Biederman
[not found] ` <87harqecvk.fsf@xmission.com>
2012-08-27 8:50 ` [REVIEW][PATCH 13/15] userns: Add basic quota support Jan Kara
2012-08-27 15:54 ` Eric W. Biederman
2012-08-28 0:12 ` [PATCH] userns: Add basic quota support v2 Eric W. Biederman
2012-08-28 9:05 ` Jan Kara
2012-08-28 9:44 ` Boaz Harrosh
2012-08-28 17:34 ` Eric W. Biederman
2012-08-28 17:36 ` [PATCH] userns: Add basic quota support v3 Eric W. Biederman
2012-08-28 17:51 ` [PATCH] userns: Add basic quota support v2 Jan Kara
2012-08-28 19:09 ` [PATCH] userns: Add basic quota support v4 Eric W. Biederman
2012-08-29 2:10 ` Dave Chinner
2012-08-29 9:31 ` Eric W. Biederman
2012-08-31 1:17 ` Dave Chinner
2012-09-05 5:20 ` Eric W. Biederman
2012-09-20 1:28 ` Eric W. Biederman
2012-08-27 8:58 ` [REVIEW][PATCH 13/15] userns: Add basic quota support Steven Whitehouse
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87lih2h6i4.fsf@xmission.com \
--to=ebiederm@xmission.com \
--cc=davem@davemloft.net \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=serge@hallyn.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).