Commit 77ec739d authored by Serge E. Hallyn's avatar Serge E. Hallyn Committed by Linus Torvalds

user namespace: add unshare

This patch enables the unshare of user namespaces.

It adds a new clone flag CLONE_NEWUSER and implements copy_user_ns() which
resets the current user_struct and adds a new root user (uid == 0)

For now, unsharing the user namespace allows a process to reset its
user_struct accounting and uid 0 in the new user namespace should be contained
using appropriate means, for instance selinux

The plan, when the full support is complete (all uid checks covered), is to
keep the original user's rights in the original namespace, and let a process
become uid 0 in the new namespace, with full capabilities to the new
namespace.
Signed-off-by: default avatarSerge E. Hallyn <serue@us.ibm.com>
Signed-off-by: default avatarCedric Le Goater <clg@fr.ibm.com>
Acked-by: default avatarPavel Emelianov <xemul@openvz.org>
Cc: Herbert Poetzl <herbert@13thfloor.at>
Cc: Kirill Korotaev <dev@sw.ru>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Cc: Chris Wright <chrisw@sous-sol.org>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Cc: James Morris <jmorris@namei.org>
Cc: Andrew Morgan <agm@google.com>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent acce292c
...@@ -26,6 +26,7 @@ ...@@ -26,6 +26,7 @@
#define CLONE_STOPPED 0x02000000 /* Start in stopped state */ #define CLONE_STOPPED 0x02000000 /* Start in stopped state */
#define CLONE_NEWUTS 0x04000000 /* New utsname group? */ #define CLONE_NEWUTS 0x04000000 /* New utsname group? */
#define CLONE_NEWIPC 0x08000000 /* New ipcs */ #define CLONE_NEWIPC 0x08000000 /* New ipcs */
#define CLONE_NEWUSER 0x10000000 /* New user namespace */
/* /*
* Scheduling policies * Scheduling policies
......
...@@ -4,6 +4,7 @@ ...@@ -4,6 +4,7 @@
#include <linux/kref.h> #include <linux/kref.h>
#include <linux/nsproxy.h> #include <linux/nsproxy.h>
#include <linux/sched.h> #include <linux/sched.h>
#include <linux/err.h>
#define UIDHASH_BITS (CONFIG_BASE_SMALL ? 3 : 8) #define UIDHASH_BITS (CONFIG_BASE_SMALL ? 3 : 8)
#define UIDHASH_SZ (1 << UIDHASH_BITS) #define UIDHASH_SZ (1 << UIDHASH_BITS)
...@@ -45,6 +46,9 @@ static inline struct user_namespace *get_user_ns(struct user_namespace *ns) ...@@ -45,6 +46,9 @@ static inline struct user_namespace *get_user_ns(struct user_namespace *ns)
static inline struct user_namespace *copy_user_ns(int flags, static inline struct user_namespace *copy_user_ns(int flags,
struct user_namespace *old_ns) struct user_namespace *old_ns)
{ {
if (flags & CLONE_NEWUSER)
return ERR_PTR(-EINVAL);
return NULL; return NULL;
} }
......
...@@ -1606,7 +1606,7 @@ asmlinkage long sys_unshare(unsigned long unshare_flags) ...@@ -1606,7 +1606,7 @@ asmlinkage long sys_unshare(unsigned long unshare_flags)
err = -EINVAL; err = -EINVAL;
if (unshare_flags & ~(CLONE_THREAD|CLONE_FS|CLONE_NEWNS|CLONE_SIGHAND| if (unshare_flags & ~(CLONE_THREAD|CLONE_FS|CLONE_NEWNS|CLONE_SIGHAND|
CLONE_VM|CLONE_FILES|CLONE_SYSVSEM| CLONE_VM|CLONE_FILES|CLONE_SYSVSEM|
CLONE_NEWUTS|CLONE_NEWIPC)) CLONE_NEWUTS|CLONE_NEWIPC|CLONE_NEWUSER))
goto bad_unshare_out; goto bad_unshare_out;
if ((err = unshare_thread(unshare_flags))) if ((err = unshare_thread(unshare_flags)))
......
...@@ -117,7 +117,7 @@ int copy_namespaces(int flags, struct task_struct *tsk) ...@@ -117,7 +117,7 @@ int copy_namespaces(int flags, struct task_struct *tsk)
get_nsproxy(old_ns); get_nsproxy(old_ns);
if (!(flags & (CLONE_NEWNS | CLONE_NEWUTS | CLONE_NEWIPC))) if (!(flags & (CLONE_NEWNS | CLONE_NEWUTS | CLONE_NEWIPC | CLONE_NEWUSER)))
return 0; return 0;
if (!capable(CAP_SYS_ADMIN)) { if (!capable(CAP_SYS_ADMIN)) {
...@@ -161,7 +161,8 @@ int unshare_nsproxy_namespaces(unsigned long unshare_flags, ...@@ -161,7 +161,8 @@ int unshare_nsproxy_namespaces(unsigned long unshare_flags,
{ {
int err = 0; int err = 0;
if (!(unshare_flags & (CLONE_NEWNS | CLONE_NEWUTS | CLONE_NEWIPC))) if (!(unshare_flags & (CLONE_NEWNS | CLONE_NEWUTS | CLONE_NEWIPC |
CLONE_NEWUSER)))
return 0; return 0;
if (!capable(CAP_SYS_ADMIN)) if (!capable(CAP_SYS_ADMIN))
......
...@@ -21,6 +21,45 @@ EXPORT_SYMBOL_GPL(init_user_ns); ...@@ -21,6 +21,45 @@ EXPORT_SYMBOL_GPL(init_user_ns);
#ifdef CONFIG_USER_NS #ifdef CONFIG_USER_NS
/*
* Clone a new ns copying an original user ns, setting refcount to 1
* @old_ns: namespace to clone
* Return NULL on error (failure to kmalloc), new ns otherwise
*/
static struct user_namespace *clone_user_ns(struct user_namespace *old_ns)
{
struct user_namespace *ns;
struct user_struct *new_user;
int n;
ns = kmalloc(sizeof(struct user_namespace), GFP_KERNEL);
if (!ns)
return NULL;
kref_init(&ns->kref);
for (n = 0; n < UIDHASH_SZ; ++n)
INIT_LIST_HEAD(ns->uidhash_table + n);
/* Insert new root user. */
ns->root_user = alloc_uid(ns, 0);
if (!ns->root_user) {
kfree(ns);
return NULL;
}
/* Reset current->user with a new one */
new_user = alloc_uid(ns, current->uid);
if (!new_user) {
free_uid(ns->root_user);
kfree(ns);
return NULL;
}
switch_uid(new_user);
return ns;
}
struct user_namespace * copy_user_ns(int flags, struct user_namespace *old_ns) struct user_namespace * copy_user_ns(int flags, struct user_namespace *old_ns)
{ {
struct user_namespace *new_ns; struct user_namespace *new_ns;
...@@ -28,7 +67,12 @@ struct user_namespace * copy_user_ns(int flags, struct user_namespace *old_ns) ...@@ -28,7 +67,12 @@ struct user_namespace * copy_user_ns(int flags, struct user_namespace *old_ns)
BUG_ON(!old_ns); BUG_ON(!old_ns);
get_user_ns(old_ns); get_user_ns(old_ns);
new_ns = old_ns; if (!(flags & CLONE_NEWUSER))
return old_ns;
new_ns = clone_user_ns(old_ns);
put_user_ns(old_ns);
return new_ns; return new_ns;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment