On Fri, May 11, 2018 at 09:45:33AM -0700, Linus Torvalds wrote:
> On Fri, May 11, 2018 at 2:46 AM Alexey Gladkov
> wrote:
>
> > + /* Limit procfs to only ptracable tasks */
> > + if (limit_pids == PROC_LIMIT_PIDS_PTRACE) {
> > + cond_resche
On Fri, May 11, 2018 at 09:09:04AM -0700, Randy Dunlap wrote:
> On 05/11/2018 02:36 AM, Alexey Gladkov wrote:
> > From: Djalal Harouni
> >
> > If "limit_pids=1" mount option is set then do not instantiate pids that
> > we can not ptrace. "limit_pid
On Fri, May 11, 2018 at 03:58:39PM +0200, Jann Horn wrote:
> On Fri, May 11, 2018 at 11:37 AM, Alexey Gladkov
> wrote:
> > This allows to hide all files and directories in the procfs that are not
> > related to tasks.
>
> /proc/$pid/net and /proc/$pid/task/$tid/net
RLIMIT_MSGQUEUE and RLIMIT_MEMLOCK use unsigned long to store their
counters. As a preparation for moving rlimits based on ucounts, we need
to increase the size of the variable to long.
Signed-off-by: Alexey Gladkov
---
include/linux/user_namespace.h | 4 ++--
kernel/ucount.c
-deref in is_ucounts_overlimit() detected by trinity. This
error was caused by the fact that cred_alloc_blank() left the ucounts
pointer empty.
Reported-by: kernel test robot
Signed-off-by: Alexey Gladkov
---
fs/exec.c | 4
include/linux/cred.h | 2
The rlimit counter is tied to uid in the user_namespace. This allows
rlimit values to be specified in userns even if they are already
globally exceeded by the user. However, the value of the previous
user_namespaces cannot be exceeded.
Signed-off-by: Alexey Gladkov
---
include/linux/sched
r the counter. Some rlimits can be
overlimited by root or if the user has the appropriate capability.
Signed-off-by: Alexey Gladkov
---
fs/exec.c | 2 +-
fs/io-wq.c | 22 ++--
fs/io-wq.h | 2 +-
fs/io_uring.c
The rlimit counter is tied to uid in the user_namespace. This allows
rlimit values to be specified in userns even if they are already
globally exceeded by the user. However, the value of the previous
user_namespaces cannot be exceeded.
Signed-off-by: Alexey Gladkov
---
fs/proc/array.c
ncreased the size of ucounts to
atomic_long_t.
* Added ucount_max to avoid the fork bomb.
--
Alexey Gladkov (7):
Increase size of ucounts to atomic_long_t
Add a reference to ucounts for each cred
Reimplement RLIMIT_NPROC on top of ucounts
Reimplement RLIMIT_MSGQUEUE on top of u
The testcase runs few instances of the program with RLIMIT_NPROC=1 from
user uid=6, in different user namespaces.
Signed-off-by: Alexey Gladkov
---
tools/testing/selftests/Makefile | 1 +
tools/testing/selftests/rlimits/.gitignore| 2 +
tools/testing/selftests/rlimits
trinity.
Reported-by: kernel test robot
Signed-off-by: Alexey Gladkov
---
fs/hugetlbfs/inode.c | 16
include/linux/hugetlb.h| 4 ++--
include/linux/mm.h | 4 ++--
include/linux/sched/user.h | 1 -
include/linux/shmem_fs.h | 2
CONFIG_HUGETLBFS=n. A `const'
was missing from one of the arguments.
v6:
* Fix bug in hugetlb_file_setup() detected by trinity.
Reported-by: kernel test robot
Signed-off-by: Alexey Gladkov
---
fs/hugetlbfs/inode.c | 16
include/linux/hugetlb.h| 4 ++--
in
re than 1.
v1:
* After discussion with Eric W. Biederman, I increased the size of ucounts to
atomic_long_t.
* Added ucount_max to avoid the fork bomb.
--
Alexey Gladkov (9):
Increase size of ucounts to atomic_long_t
Add a reference to ucounts for each cred
Use atomic_t for ucounts reference
RLIMIT_MSGQUEUE and RLIMIT_MEMLOCK use unsigned long to store their
counters. As a preparation for moving rlimits based on ucounts, we need
to increase the size of the variable to long.
Signed-off-by: Alexey Gladkov
---
include/linux/user_namespace.h | 4 ++--
kernel/ucount.c
r the counter. Some rlimits can be
overlimited by root or if the user has the appropriate capability.
Signed-off-by: Alexey Gladkov
---
fs/exec.c | 2 +-
include/linux/cred.h | 2 ++
include/linux/sched/user.h | 1 -
include/linux/user_namespace.h | 13 +
k
o put ucounts in case we cannot increase ucounts->count.
This will allow to cover the case when all consumers will return
ucounts at once.
v9:
* Use a negative value to check that the ucounts->count is close to
overflow.
Signed-off-by: Alexey Gladkov
---
include/linux/user_names
-deref in is_ucounts_overlimit() detected by trinity. This
error was caused by the fact that cred_alloc_blank() left the ucounts
pointer empty.
Reported-by: kernel test robot
Signed-off-by: Alexey Gladkov
---
fs/exec.c | 4
include/linux/cred.h | 2
The rlimit counter is tied to uid in the user_namespace. This allows
rlimit values to be specified in userns even if they are already
globally exceeded by the user. However, the value of the previous
user_namespaces cannot be exceeded.
Signed-off-by: Alexey Gladkov
---
include/linux/sched
: Alexey Gladkov
---
fs/proc/array.c| 2 +-
include/linux/sched/user.h | 1 -
include/linux/signal_types.h | 4 ++-
include/linux/user_namespace.h | 1 +
kernel/fork.c | 1 +
kernel/signal.c| 58 --
kernel
:
* Keep only ucounts for RLIMIT_MEMLOCK checks instead of struct cred.
v6:
* Fix bug in hugetlb_file_setup() detected by trinity.
Reported-by: kernel test robot
Signed-off-by: Alexey Gladkov
---
fs/hugetlbfs/inode.c | 16
include/linux/hugetlb.h| 4
and RLIMIT_MEMLOCK are limited to 2GiB
instead of 4GiB. I don't think anyone cares but it should be mentioned
in case someone does.
The RLIMIT_NPROC and RLIMIT_SIGPENDING used atomic_t so their maximum
hasn't changed.
Signed-off-by: Alexey Gladkov
---
include/linux/user_name
The testcase runs few instances of the program with RLIMIT_NPROC=1 from
user uid=6, in different user namespaces.
Signed-off-by: Alexey Gladkov
---
tools/testing/selftests/Makefile | 1 +
tools/testing/selftests/rlimits/.gitignore| 2 +
tools/testing/selftests/rlimits
On Thu, Apr 08, 2021 at 09:22:40AM -0700, Linus Torvalds wrote:
> On Thu, Apr 8, 2021 at 1:32 AM kernel test robot
> wrote:
> >
> > FYI, we noticed a -41.9% regression of stress-ng.sigsegv.ops_per_sec due to
> > commit
> > 08ed4efad684 ("[PATCH v10 6/9] Reimplement RLIMIT_SIGPENDING on top of
>
On Fri, May 11, 2018 at 03:49:13PM +0200, Jann Horn wrote:
> On Fri, May 11, 2018 at 11:34 AM, Alexey Gladkov
> wrote:
> > From: Djalal Harouni
> >
> > This is a preparation patch that adds proc_fs_info to be able to store
> > different procfs options and info
AID framework
md_mod.license=GPL
md_mod.parmtype=create_on_open:bool
md_mod.parmtype=start_dirty_degraded:int
...
Co-Developed-by: Gleb Fotengauer-Malinovskiy
Signed-off-by: Gleb Fotengauer-Malinovskiy
Signed-off-by: Alexey Gladkov
---
Makefile| 1 +
incl
On Fri, Mar 22, 2019 at 02:34:12PM +0900, Masahiro Yamada wrote:
> Hi.
>
> (added some people to CC)
>
>
> On Fri, Mar 15, 2019 at 7:10 PM Alexey Gladkov
> wrote:
> >
> > Problem:
> >
> > When a kernel module is compiled as a separate module, so
On Wed, Mar 27, 2019 at 04:40:25PM +0100, Jessica Yu wrote:
> +++ Alexey Gladkov [26/03/19 18:24 +0100]:
> >On Fri, Mar 22, 2019 at 02:34:12PM +0900, Masahiro Yamada wrote:
> >> Hi.
> >>
> >> (added some people to CC)
>
> (Thanks Masahiro for the CC!)
&g
484fa11e94dff65e93eb25802a443d47 ("[PATCH v7 5/7]
> > Reimplement RLIMIT_SIGPENDING on top of ucounts")
> > url:
> > https://github.com/0day-ci/linux/commits/Alexey-Gladkov/Count-rlimits-in-each-user-namespace/20210222-175836
> > base:
> > https://git.kernel.org/cg
:
* Add 'const' to struct cred *mounter_cred (fix kernel test robot warning).
v2:
* cache the mounters credentials and make access to the net directories
contingent of the permissions of the mounter of procfs.
--
Alexey Gladkov (3):
proc: Relax check of mount visibility
proc: Show /pro
Cache the mounters credentials and make access to the net directories
contingent of the permissions of the mounter of proc.
Show /proc/self/net only if mounter has CAP_NET_ADMIN and if proc is
mounted with subset=pid option.
Signed-off-by: Alexey Gladkov
---
fs/proc/proc_net.c | 8
There is no way to remount procfs mountpoint with subset=pid option
without it. This is done in order not to make visible what was hidden
since some checks occur during mount.
This patch makes this limitation explicit and demonstrates the error.
Signed-off-by: Alexey Gladkov
---
fs/proc/root.c
Allow to mount of procfs with subset=pid option even if the entire
procfs is not fully accessible to the user.
Signed-off-by: Alexey Gladkov
---
fs/namespace.c | 27 ---
fs/proc/root.c | 17 ++---
include/linux/fs.h | 1 +
3 files changed, 27
user_namespace.
Updating ucounts may require memory allocation which may fail. So, we
cannot change cred.ucounts in the commit_creds() because this function
cannot fail and it should always return 0. For this reason, we modify
cred.ucounts before calling the commit_creds().
Signed-off-by: Alexey Gladkov
The rlimit counter is tied to uid in the user_namespace. This allows
rlimit values to be specified in userns even if they are already
globally exceeded by the user. However, the value of the previous
user_namespaces cannot be exceeded.
Signed-off-by: Alexey Gladkov
---
include/linux/sched
RLIMIT_MSGQUEUE and RLIMIT_MEMLOCK use unsigned long to store their
counters. As a preparation for moving rlimits based on ucounts, we need
to increase the size of the variable to long.
Signed-off-by: Alexey Gladkov
---
include/linux/user_namespace.h | 4 ++--
kernel/ucount.c
The rlimit counter is tied to uid in the user_namespace. This allows
rlimit values to be specified in userns even if they are already
globally exceeded by the user. However, the value of the previous
user_namespaces cannot be exceeded.
Signed-off-by: Alexey Gladkov
---
fs/proc/array.c
r the counter. Some rlimits can be
overlimited by root or if the user has the appropriate capability.
Signed-off-by: Alexey Gladkov
---
fs/exec.c | 2 +-
fs/io-wq.c | 22 ++---
fs/io-wq.h | 2 +-
fs/io_uring.c
The testcase runs few instances of the program with RLIMIT_NPROC=1 from
user uid=6, in different user namespaces.
Signed-off-by: Alexey Gladkov
---
tools/testing/selftests/Makefile | 1 +
tools/testing/selftests/rlimits/.gitignore| 2 +
tools/testing/selftests/rlimits
The rlimit counter is tied to uid in the user_namespace. This allows
rlimit values to be specified in userns even if they are already
globally exceeded by the user. However, the value of the previous
user_namespaces cannot be exceeded.
Signed-off-by: Alexey Gladkov
---
fs/hugetlbfs/inode.c
avoid the fork bomb.
--
Alexey Gladkov (7):
Increase size of ucounts to atomic_long_t
Add a reference to ucounts for each cred
Reimplement RLIMIT_NPROC on top of ucounts
Reimplement RLIMIT_MSGQUEUE on top of ucounts
Reimplement RLIMIT_SIGPENDING on top of ucounts
Reimplement RLIM
On Wed, Feb 24, 2021 at 12:50:21PM -0600, Eric W. Biederman wrote:
> Alexey Gladkov writes:
>
> > On Wed, Feb 24, 2021 at 10:54:17AM -0600, Eric W. Biederman wrote:
> >> kernel test robot writes:
> >>
> >> > Greeting,
> >> >
Cache the mounters credentials and make access to the net directories
contingent of the permissions of the mounter of proc.
Show /proc/self/net only if mounter has CAP_NET_ADMIN and if proc is
mounted with subset=pid option.
Signed-off-by: Alexey Gladkov
---
fs/proc/proc_net.c | 8
If only the dynamic part of procfs is mounted (subset=pid), then there is no
need to check if procfs is fully visible to the user in the new user namespace.
Alexey Gladkov (2):
proc: Relax check of mount visibility
Show /proc/self/net only for CAP_NET_ADMIN
fs/namespace.c | 27
Cache the mounters credentials and make access to the net directories
contingent of the permissions of the mounter of proc.
Show /proc/self/net only if mounter has CAP_NET_ADMIN and if proc is
mounted with subset=pid option.
Signed-off-by: Alexey Gladkov
---
fs/proc/proc_net.c | 8
Allow to mount of procfs with subset=pid option even if the entire
procfs is not fully accessible to the user.
Signed-off-by: Alexey Gladkov
---
fs/namespace.c | 27 ---
fs/proc/root.c | 16 +---
include/linux/fs.h | 1 +
3 files changed, 26
Cache the mounters credentials and make access to the net directories
contingent of the permissions of the mounter of proc.
Show /proc/self/net only if mounter has CAP_NET_ADMIN and if proc is
mounted with subset=pid option.
Signed-off-by: Alexey Gladkov
---
fs/proc/proc_net.c | 8
redentials and make access to the net directories
contingent of the permissions of the mounter of procfs.
Alexey Gladkov (2):
proc: Relax check of mount visibility
Show /proc/self/net only for CAP_NET_ADMIN
fs/namespace.c | 27 ---
fs/proc/proc_net.c
Allow to mount of procfs with subset=pid option even if the entire
procfs is not fully accessible to the user.
Signed-off-by: Alexey Gladkov
---
fs/namespace.c | 27 ---
fs/proc/root.c | 16 +---
include/linux/fs.h | 1 +
3 files changed, 26
for migrating rlimits to ucounts.
Signed-off-by: Alexey Gladkov
---
include/linux/cred.h | 1 +
include/linux/user_namespace.h | 2 ++
kernel/cred.c | 17 +++--
kernel/ucount.c| 12 +++-
kernel/user_namespace.c| 1 +
5 files
discussion with Eric W. Biederman, I increased the size of ucounts to
atomic_long_t.
* Added ucount_max to avoid the fork bomb.
--
Alexey Gladkov (8):
Use atomic type for ucounts reference counting
Add a reference to ucounts for each user
Increase size of ucounts to atomic_long_t
Move
Signed-off-by: Alexey Gladkov
---
include/linux/sched/user.h | 4
include/linux/user_namespace.h | 8
ipc/mqueue.c | 29 +++--
kernel/fork.c | 1 +
kernel/ucount.c| 1 +
kernel/user_namespace.c
Signed-off-by: Alexey Gladkov
---
fs/proc/array.c| 2 +-
include/linux/sched/user.h | 1 -
include/linux/signal_types.h | 4 ++-
include/linux/user_namespace.h | 1 +
kernel/fork.c | 1 +
kernel/signal.c| 53
Signed-off-by: Alexey Gladkov
---
fs/hugetlbfs/inode.c | 17 -
include/linux/hugetlb.h| 3 +--
include/linux/mm.h | 4 ++--
include/linux/shmem_fs.h | 2 +-
include/linux/user_namespace.h | 1 +
ipc/shm.c | 31
Signed-off-by: Alexey Gladkov
---
include/linux/user_namespace.h | 2 +-
kernel/ucount.c| 10 +-
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h
index 64cf8ebdc4ec..84fefa9247c4 100644
--- a
becomes meaningless.
We cannot use existing inc_ucounts / dec_ucounts because they do not
allow us to exceed the maximum for the counter. Some rlimits can be
overlimited if the user has the appropriate capability.
Signed-off-by: Alexey Gladkov
---
fs/exec.c | 2 +-
fs/io
This commit is preparation for migrating rlimits counters to ucounts.
Signed-off-by: Alexey Gladkov
---
include/linux/user_namespace.h | 4 ++--
kernel/ucount.c| 14 +++---
2 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/include/linux/user_namespace.h b
After calling set_user(), we always have to call commit_creds() to apply
new credentials upon the current task. There is no need to separate
limit check and counter incrementing.
Signed-off-by: Alexey Gladkov
---
kernel/cred.c | 22 +-
kernel/sys.c | 13 -
2
On Mon, Jan 18, 2021 at 11:14:48AM -0800, Linus Torvalds wrote:
> On Fri, Jan 15, 2021 at 6:59 AM Alexey Gladkov
> wrote:
> >
> > @@ -152,10 +153,7 @@ static struct ucounts *get_ucounts(struct
> > user_namespace *ns, kuid_t uid)
> >
On Mon, Jan 18, 2021 at 12:34:29PM -0800, Linus Torvalds wrote:
> On Mon, Jan 18, 2021 at 11:46 AM Alexey Gladkov
> wrote:
> >
> > Sorry about that. I thought that this code is not needed when switching
> > from int to refcount_t. I was wrong.
>
> Well, you _may_
RLIMIT_MSGQUEUE and RLIMIT_MEMLOCK use unsigned long to store their
counters. As a preparation for moving rlimits based on ucounts, we need
to increase the size of the variable to long.
Signed-off-by: Alexey Gladkov
---
include/linux/user_namespace.h | 4 ++--
kernel/ucount.c
-deref in is_ucounts_overlimit() detected by trinity. This
error was caused by the fact that cred_alloc_blank() left the ucounts
pointer empty.
Reported-by: kernel test robot
Signed-off-by: Alexey Gladkov
---
fs/exec.c | 4
include/linux/cred.h | 2
The rlimit counter is tied to uid in the user_namespace. This allows
rlimit values to be specified in userns even if they are already
globally exceeded by the user. However, the value of the previous
user_namespaces cannot be exceeded.
Signed-off-by: Alexey Gladkov
---
fs/proc/array.c
ted to ucounts.
* Added ucounts for pair uid and user namespace into cred.
* Added the ability to increase ucount by more than 1.
v1:
* After discussion with Eric W. Biederman, I increased the size of ucounts to
atomic_long_t.
* Added ucount_max to avoid the fork bomb.
--
Alexey Gladkov (8):
Incr
r the counter. Some rlimits can be
overlimited by root or if the user has the appropriate capability.
Signed-off-by: Alexey Gladkov
---
fs/exec.c | 2 +-
include/linux/cred.h | 2 ++
include/linux/sched/user.h | 1 -
include/linux/user_namespace.h | 13
k
ue to check that the ucounts->count is close to
overflow.
Signed-off-by: Alexey Gladkov
---
include/linux/user_namespace.h | 4 +--
kernel/ucount.c| 53 --
2 files changed, 21 insertions(+), 36 deletions(-)
diff --git a/include/linux/user_nam
The testcase runs few instances of the program with RLIMIT_NPROC=1 from
user uid=6, in different user namespaces.
Signed-off-by: Alexey Gladkov
---
tools/testing/selftests/Makefile | 1 +
tools/testing/selftests/rlimits/.gitignore| 2 +
tools/testing/selftests/rlimits
The rlimit counter is tied to uid in the user_namespace. This allows
rlimit values to be specified in userns even if they are already
globally exceeded by the user. However, the value of the previous
user_namespaces cannot be exceeded.
Signed-off-by: Alexey Gladkov
---
include/linux/sched
:
* Keep only ucounts for RLIMIT_MEMLOCK checks instead of struct cred.
v6:
* Fix bug in hugetlb_file_setup() detected by trinity.
Reported-by: kernel test robot
Signed-off-by: Alexey Gladkov
---
fs/hugetlbfs/inode.c | 16
include/linux/hugetlb.h| 4
; Currently "subset=pid" doesn't return "." and ".." via readdir.
> This must be a bug.
Ops. Good catch! Looks good to me.
Acked-by: Alexey Gladkov
> Signed-off-by: Alexey Dobriyan
> ---
>
> tools/testing/selftests/proc/Makefile |
then
I disabled lookup. Now this is unnecessary.
Acked-by: Alexey Gladkov
> Signed-off-by: Alexey Dobriyan
> ---
>
> fs/proc/inode.c |4
> 1 file changed, 4 deletions(-)
>
> --- a/fs/proc/inode.c
> +++ b/fs/proc/inode.c
> @@ -483,7 +483,6 @@ proc_reg_get_
On Thu, Apr 08, 2021 at 01:44:43PM -0500, Eric W. Biederman wrote:
> Linus Torvalds writes:
>
> > On Thu, Apr 8, 2021 at 1:32 AM kernel test robot
> > wrote:
> >>
> >> FYI, we noticed a -41.9% regression of stress-ng.sigsegv.ops_per_sec due
> >> to commit
> >> 08ed4efad684 ("[PATCH v10 6/9] Re
On Mon, Apr 05, 2021 at 11:56:35AM -0500, Eric W. Biederman wrote:
>
> Also when setting ns->ucount_max[] in create_user_ns because one value
> is signed and the other is unsigned. Care should be taken so that
> rlimit_infinity is translated into the largest positive value the
> type can hold.
Yo
RLIMIT_MSGQUEUE and RLIMIT_MEMLOCK use unsigned long to store their
counters. As a preparation for moving rlimits based on ucounts, we need
to increase the size of the variable to long.
Signed-off-by: Alexey Gladkov
---
include/linux/user_namespace.h | 4 ++--
kernel/ucount.c
to cred.
* Added the ability to increase ucount by more than 1.
v1:
* After discussion with Eric W. Biederman, I increased the size of ucounts to
atomic_long_t.
* Added ucount_max to avoid the fork bomb.
--
Alexey Gladkov (7):
Increase size of ucounts to atomic_long_t
Add a reference to u
r the counter. Some rlimits can be
overlimited by root or if the user has the appropriate capability.
Signed-off-by: Alexey Gladkov
---
fs/exec.c | 2 +-
fs/io-wq.c | 22 ++--
fs/io-wq.h | 2 +-
fs/io_uring.c
The rlimit counter is tied to uid in the user_namespace. This allows
rlimit values to be specified in userns even if they are already
globally exceeded by the user. However, the value of the previous
user_namespaces cannot be exceeded.
Signed-off-by: Alexey Gladkov
---
include/linux/sched
-deref in is_ucounts_overlimit() detected by trinity. This
error was caused by the fact that cred_alloc_blank() left the ucounts
pointer empty.
Reported-by: kernel test robot
Signed-off-by: Alexey Gladkov
---
fs/exec.c | 4
include/linux/cred.h | 2
instead of struct cred.
v6:
* Fix bug in hugetlb_file_setup() detected by trinity.
Reported-by: kernel test robot
Signed-off-by: Alexey Gladkov
---
fs/hugetlbfs/inode.c | 16
include/linux/hugetlb.h| 4 ++--
include/linux/mm.h | 4 ++--
include
The rlimit counter is tied to uid in the user_namespace. This allows
rlimit values to be specified in userns even if they are already
globally exceeded by the user. However, the value of the previous
user_namespaces cannot be exceeded.
Signed-off-by: Alexey Gladkov
---
fs/proc/array.c
The testcase runs few instances of the program with RLIMIT_NPROC=1 from
user uid=6, in different user namespaces.
Signed-off-by: Alexey Gladkov
---
tools/testing/selftests/Makefile | 1 +
tools/testing/selftests/rlimits/.gitignore| 2 +
tools/testing/selftests/rlimits
On Sun, Feb 21, 2021 at 04:38:10PM -0700, Jens Axboe wrote:
> On 2/15/21 5:41 AM, Alexey Gladkov wrote:
> > diff --git a/fs/io-wq.c b/fs/io-wq.c
> > index a564f36e260c..5b6940c90c61 100644
> > --- a/fs/io-wq.c
> > +++ b/fs/io-wq.c
> > @@ -1090,10 +1091,7 @@ st
On Sun, Feb 21, 2021 at 02:20:00PM -0800, Linus Torvalds wrote:
> On Mon, Feb 15, 2021 at 4:42 AM Alexey Gladkov
> wrote:
> >
> > These patches are for binding the rlimit counters to a user in user
> > namespace.
>
> So this is now version 6, but I thi
if subset=pid is canceled during remount.
v3:
* Add 'const' to struct cred *mounter_cred (fix kernel test robot warning).
v2:
* cache the mounters credentials and make access to the net directories
contingent of the permissions of the mounter of procfs.
--
Alexey Gladkov (5):
docs:
When procfs is mounted with subset=pid option, where is no way to
remount it with this option removed. This is done in order not to make
visible what ever was hidden since some checks occur during mount.
This patch makes the limitation explicit and prints an error message.
Signed-off-by: Alexey
Signed-off-by: Alexey Gladkov
---
Documentation/filesystems/proc.rst | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/Documentation/filesystems/proc.rst
b/Documentation/filesystems/proc.rst
index 5a1bb0e081fd..9d993aef7f1c 100644
--- a/Documentation/filesystems/proc.rst
Signed-off-by: Alexey Gladkov
---
Documentation/filesystems/proc.rst | 14 ++
1 file changed, 14 insertions(+)
diff --git a/Documentation/filesystems/proc.rst
b/Documentation/filesystems/proc.rst
index 2fa69f710e2a..5a1bb0e081fd 100644
--- a/Documentation/filesystems/proc.rst
+++ b
Allow to mount procfs with subset=pid option even if the entire procfs
is not fully accessible to the user.
Signed-off-by: Alexey Gladkov
---
fs/namespace.c | 30 ++
fs/proc/root.c | 16 ++--
include/linux/fs.h | 1 +
3 files changed, 29
Cache the mounters credentials and allow access to the net directories
contingent of the permissions of the mounter of proc.
Do not show /proc/self/net when proc is mounted with subset=pid option
and the mounter does not have CAP_NET_ADMIN.
Signed-off-by: Alexey Gladkov
---
fs/proc/proc_net.c
:
* Add 'const' to struct cred *mounter_cred (fix kernel test robot warning).
v2:
* cache the mounters credentials and make access to the net directories
contingent of the permissions of the mounter of procfs.
--
Alexey Gladkov (5):
docs: proc: add documentation about mount restricti
Signed-off-by: Alexey Gladkov
---
Documentation/filesystems/proc.rst | 16
1 file changed, 16 insertions(+)
diff --git a/Documentation/filesystems/proc.rst
b/Documentation/filesystems/proc.rst
index 2fa69f710e2a..3daf0e7d1071 100644
--- a/Documentation/filesystems/proc.rst
Signed-off-by: Alexey Gladkov
---
Documentation/filesystems/proc.rst | 2 ++
1 file changed, 2 insertions(+)
diff --git a/Documentation/filesystems/proc.rst
b/Documentation/filesystems/proc.rst
index 3daf0e7d1071..9d2985a7aad6 100644
--- a/Documentation/filesystems/proc.rst
+++ b/Documentation
Allow to mount of procfs with subset=pid option even if the entire
procfs is not fully accessible to the user.
Signed-off-by: Alexey Gladkov
---
fs/namespace.c | 27 ---
fs/proc/root.c | 17 ++---
include/linux/fs.h | 1 +
3 files changed, 27
There is no way to remount procfs mountpoint with subset=pid option
without it. This is done in order not to make visible what was hidden
since some checks occur during mount.
This patch makes this limitation explicit and demonstrates the error.
Signed-off-by: Alexey Gladkov
---
fs/proc/root.c
Cache the mounters credentials and make access to the net directories
contingent of the permissions of the mounter of proc.
Show /proc/self/net only if mounter has CAP_NET_ADMIN and if proc is
mounted with subset=pid option.
Signed-off-by: Alexey Gladkov
---
fs/proc/proc_net.c | 8
On Mon, Feb 22, 2021 at 09:44:40AM -0600, Eric W. Biederman wrote:
> Alexey Gladkov writes:
>
> > If only the dynamic part of procfs is mounted (subset=pid), then there is no
> > need to check if procfs is fully visible to the user in the new user
> > namespace.
&g
On Wed, Mar 10, 2021 at 07:19:55PM +0100, Alexey Gladkov wrote:
> If only the dynamic part of procfs is mounted (subset=pid), then there is no
> need to check if procfs is fully visible to the user in the new user
> namespace.
I'm sorry about that unfinished patch set. Pl
On Tue, Jan 19, 2021 at 07:57:36PM -0600, Eric W. Biederman wrote:
> Alexey Gladkov writes:
>
> > On Mon, Jan 18, 2021 at 12:34:29PM -0800, Linus Torvalds wrote:
> >> On Mon, Jan 18, 2021 at 11:46 AM Alexey Gladkov
> >> wrote:
> >> >
> >>
On Thu, Jan 21, 2021 at 09:50:34AM -0600, Eric W. Biederman wrote:
> >> The current ucount code does check for overflow and fails the increment
> >> in every case.
> >>
> >> So arguably it will be a regression and inferior error handling behavior
> >> if the code switches to the ``better'' refcoun
ucounts for pair uid and user namespace into cred.
* Added the ability to increase ucount by more than 1.
v1:
* After discussion with Eric W. Biederman, I increased the size of ucounts to
atomic_long_t.
* Added ucount_max to avoid the fork bomb.
--
Alexey Gladkov (7):
Add a reference to u
limit.
Signed-off-by: Alexey Gladkov
---
include/linux/cred.h | 1 +
include/linux/user_namespace.h | 7 --
kernel/cred.c | 20 +--
kernel/ucount.c| 46 ++
kernel/user_namespace.c| 1 +
5 files
1 - 100 of 189 matches
Mail list logo
