From: ebiederm@xmission.com (Eric W. Biederman)
To: Steven Rostedt <rostedt@goodmis.org>
Cc: linux-kernel@vger.kernel.org, netdev@vger.kernel.org,
linux-fsdevel@vger.kernel.org,
"Serge E. Hallyn" <serge@hallyn.com>,
David Miller <davem@davemloft.net>,
Frederic Weisbecker <fweisbec@gmail.com>,
Ingo Molnar <mingo@redhat.com>
Subject: Re: [REVIEW][PATCH 11/15] userns: Teach trace to use from_kuid
Date: Sat, 25 Aug 2012 17:28:02 -0700 [thread overview]
Message-ID: <87mx1icx9p.fsf@xmission.com> (raw)
In-Reply-To: <1345940316.19381.1.camel@pippen.local.home> (Steven Rostedt's message of "Sat, 25 Aug 2012 20:18:36 -0400")
Steven Rostedt <rostedt@goodmis.org> writes:
> On Sat, 2012-08-25 at 17:04 -0700, Eric W. Biederman wrote:
>> - When tracing capture the kuid.
>> - When displaying the data to user space convert the kuid into the
>> user namespace of the process that opened the report file.
>>
>
>> index 5c38c81..c9ace83 100644
>> --- a/kernel/trace/trace.c
>> +++ b/kernel/trace/trace.c
>> @@ -2060,7 +2060,8 @@ print_trace_header(struct seq_file *m, struct trace_iterator *iter)
>> seq_puts(m, "# -----------------\n");
>> seq_printf(m, "# | task: %.16s-%d "
>> "(uid:%d nice:%ld policy:%ld rt_prio:%ld)\n",
>> - data->comm, data->pid, data->uid, data->nice,
>> + data->comm, data->pid,
>> + from_kuid_munged(seq_user_ns(m), data->uid), data->nice,
>
> This is a global id. That is, it stored whatever process triggered the
> report, not the one reading it. Thus, two different readers could get a
> different uid for the same task that triggered the latency?
Yes the stored value is a kuid_t the global kernel internal form.
We report the value as a uid_t in the user namespace of the reader. So
if two different processes in different user namespaces read the file
they can see different values.
Now I don't expect in practice we will allow anyone who isn't
the global root user to even think of looking at debugfs, but in
case we do we might as well handle this as best as we can.
Eric
next prev parent reply other threads:[~2012-08-26 0:28 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-08-25 23:54 [REVIEW][PATCH 0/15] userns subsystem conversions Eric W. Biederman
2012-08-25 23:58 ` [REVIEW][PATCH 01/15] userns: Enable building of pf_key sockets when user namespace support is enabled Eric W. Biederman
2012-08-25 23:59 ` [REVIEW][PATCH 02/15] userns: Make credential debugging user namespace safe Eric W. Biederman
2012-08-25 23:59 ` [REVIEW][PATCH 03/15] userns: Convert security/keys to the new userns infrastructure Eric W. Biederman
2012-08-26 0:00 ` [REVIEW][PATCH 04/15] userns: net: Call key_alloc with GLOBAL_ROOT_UID, GLOBAL_ROOT_GID instead of 0, 0 Eric W. Biederman
2012-08-26 0:00 ` [REVIEW][PATCH 05/15] userns: Convert ipc to use kuid and kgid where appropriate Eric W. Biederman
2012-08-26 0:01 ` [REVIEW][PATCH 07/15] userns: Convert taskstats to handle the user and pid namespaces Eric W. Biederman
2012-08-26 0:02 ` [REVIEW][PATCH 09/15] userns: Convert process event connector to handle kuids and kgids Eric W. Biederman
2012-08-26 12:33 ` Evgeniy Polyakov
2012-08-26 13:43 ` Eric W. Biederman
2012-08-26 0:03 ` [REVIEW][PATCH 10/15] userns: Convert debugfs to use kuid/kgid where appropriate Eric W. Biederman
2012-09-05 21:09 ` Greg Kroah-Hartman
2012-08-26 0:04 ` [REVIEW][PATCH 11/15] userns: Teach trace to use from_kuid Eric W. Biederman
2012-08-26 0:18 ` Steven Rostedt
2012-08-26 0:28 ` Eric W. Biederman [this message]
2012-08-26 0:05 ` [REVIEW][PATCH 12/15] userns: Convert drm to use kuid and kgid and struct pid where appropriate Eric W. Biederman
2012-09-13 1:31 ` Dave Airlie
2012-09-13 2:14 ` Eric W. Biederman
2012-09-13 3:29 ` Dave Airlie
2012-08-26 0:07 ` [REVIEW][PATCH 15/15] userns: Convert configfs to use kuid and kgid " Eric W. Biederman
2012-08-26 13:00 ` [PATCH 06/15] userns: Convert audit " Eric W. Biederman
[not found] ` <9E0E8AAC-9548-4009-AE29-D368244D8EEA@dubeyko.com>
2012-08-26 14:25 ` [REVIEW][PATCH 0/15] userns subsystem conversions Eric W. Biederman
[not found] ` <87harqecvk.fsf@xmission.com>
2012-08-27 8:50 ` [REVIEW][PATCH 13/15] userns: Add basic quota support Jan Kara
2012-08-27 15:54 ` Eric W. Biederman
2012-08-28 0:12 ` [PATCH] userns: Add basic quota support v2 Eric W. Biederman
2012-08-28 9:05 ` Jan Kara
2012-08-28 9:44 ` Boaz Harrosh
2012-08-28 17:34 ` Eric W. Biederman
2012-08-28 17:36 ` [PATCH] userns: Add basic quota support v3 Eric W. Biederman
2012-08-28 17:51 ` [PATCH] userns: Add basic quota support v2 Jan Kara
2012-08-28 19:09 ` [PATCH] userns: Add basic quota support v4 Eric W. Biederman
2012-08-29 2:10 ` Dave Chinner
2012-08-29 9:31 ` Eric W. Biederman
2012-08-31 1:17 ` Dave Chinner
2012-09-05 5:20 ` Eric W. Biederman
2012-09-20 1:28 ` Eric W. Biederman
2012-08-27 8:58 ` [REVIEW][PATCH 13/15] userns: Add basic quota support Steven Whitehouse
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87mx1icx9p.fsf@xmission.com \
--to=ebiederm@xmission.com \
--cc=davem@davemloft.net \
--cc=fweisbec@gmail.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=netdev@vger.kernel.org \
--cc=rostedt@goodmis.org \
--cc=serge@hallyn.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).