diff options
author | Eric W. Biederman <ebiederm@xmission.com> | 2012-04-24 02:06:34 +0200 |
---|---|---|
committer | Eric W. Biederman <ebiederm@xmission.com> | 2012-08-24 07:54:18 +0200 |
commit | c9235f4872e810d43bf1b19b92cdbe0ec282bada (patch) | |
tree | 7b83bddcae65527ea9f2995f523866483ea6a678 | |
parent | userns: Enable building of pf_key sockets when user namespace support is enab... (diff) | |
download | linux-c9235f4872e810d43bf1b19b92cdbe0ec282bada.tar.xz linux-c9235f4872e810d43bf1b19b92cdbe0ec282bada.zip |
userns: Make credential debugging user namespace safe.
Cc: David Howells <dhowells@redhat.com>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
-rw-r--r-- | init/Kconfig | 1 | ||||
-rw-r--r-- | kernel/cred.c | 10 |
2 files changed, 8 insertions, 3 deletions
diff --git a/init/Kconfig b/init/Kconfig index 448b701b1722..fdabc5160cdf 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -936,7 +936,6 @@ config UIDGID_CONVERTED depends on FS_POSIX_ACL = n depends on QUOTA = n depends on QUOTACTL = n - depends on DEBUG_CREDENTIALS = n depends on BSD_PROCESS_ACCT = n depends on DRM = n depends on PROC_EVENTS = n diff --git a/kernel/cred.c b/kernel/cred.c index de728ac50d82..48cea3da6d05 100644 --- a/kernel/cred.c +++ b/kernel/cred.c @@ -799,9 +799,15 @@ static void dump_invalid_creds(const struct cred *cred, const char *label, atomic_read(&cred->usage), read_cred_subscribers(cred)); printk(KERN_ERR "CRED: ->*uid = { %d,%d,%d,%d }\n", - cred->uid, cred->euid, cred->suid, cred->fsuid); + from_kuid_munged(&init_user_ns, cred->uid), + from_kuid_munged(&init_user_ns, cred->euid), + from_kuid_munged(&init_user_ns, cred->suid), + from_kuid_munged(&init_user_ns, cred->fsuid)); printk(KERN_ERR "CRED: ->*gid = { %d,%d,%d,%d }\n", - cred->gid, cred->egid, cred->sgid, cred->fsgid); + from_kgid_munged(&init_user_ns, cred->gid), + from_kgid_munged(&init_user_ns, cred->egid), + from_kgid_munged(&init_user_ns, cred->sgid), + from_kgid_munged(&init_user_ns, cred->fsgid)); #ifdef CONFIG_SECURITY printk(KERN_ERR "CRED: ->security is %p\n", cred->security); if ((unsigned long) cred->security >= PAGE_SIZE && |