summaryrefslogtreecommitdiffstats
path: root/init (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch 'for-linus' of ↵Linus Torvalds2012-10-021-89/+0
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace Pull user namespace changes from Eric Biederman: "This is a mostly modest set of changes to enable basic user namespace support. This allows the code to code to compile with user namespaces enabled and removes the assumption there is only the initial user namespace. Everything is converted except for the most complex of the filesystems: autofs4, 9p, afs, ceph, cifs, coda, fuse, gfs2, ncpfs, nfs, ocfs2 and xfs as those patches need a bit more review. The strategy is to push kuid_t and kgid_t values are far down into subsystems and filesystems as reasonable. Leaving the make_kuid and from_kuid operations to happen at the edge of userspace, as the values come off the disk, and as the values come in from the network. Letting compile type incompatible compile errors (present when user namespaces are enabled) guide me to find the issues. The most tricky areas have been the places where we had an implicit union of uid and gid values and were storing them in an unsigned int. Those places were converted into explicit unions. I made certain to handle those places with simple trivial patches. Out of that work I discovered we have generic interfaces for storing quota by projid. I had never heard of the project identifiers before. Adding full user namespace support for project identifiers accounts for most of the code size growth in my git tree. Ultimately there will be work to relax privlige checks from "capable(FOO)" to "ns_capable(user_ns, FOO)" where it is safe allowing root in a user names to do those things that today we only forbid to non-root users because it will confuse suid root applications. While I was pushing kuid_t and kgid_t changes deep into the audit code I made a few other cleanups. I capitalized on the fact we process netlink messages in the context of the message sender. I removed usage of NETLINK_CRED, and started directly using current->tty. Some of these patches have also made it into maintainer trees, with no problems from identical code from different trees showing up in linux-next. After reading through all of this code I feel like I might be able to win a game of kernel trivial pursuit." Fix up some fairly trivial conflicts in netfilter uid/git logging code. * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace: (107 commits) userns: Convert the ufs filesystem to use kuid/kgid where appropriate userns: Convert the udf filesystem to use kuid/kgid where appropriate userns: Convert ubifs to use kuid/kgid userns: Convert squashfs to use kuid/kgid where appropriate userns: Convert reiserfs to use kuid and kgid where appropriate userns: Convert jfs to use kuid/kgid where appropriate userns: Convert jffs2 to use kuid and kgid where appropriate userns: Convert hpfs to use kuid and kgid where appropriate userns: Convert btrfs to use kuid/kgid where appropriate userns: Convert bfs to use kuid/kgid where appropriate userns: Convert affs to use kuid/kgid wherwe appropriate userns: On alpha modify linux_to_osf_stat to use convert from kuids and kgids userns: On ia64 deal with current_uid and current_gid being kuid and kgid userns: On ppc convert current_uid from a kuid before printing. userns: Convert s390 getting uid and gid system calls to use kuid and kgid userns: Convert s390 hypfs to use kuid and kgid where appropriate userns: Convert binder ipc to use kuids userns: Teach security_path_chown to take kuids and kgids userns: Add user namespace support to IMA userns: Convert EVM to deal with kuids and kgids in it's hmac computation ...
| * userns: Convert the ufs filesystem to use kuid/kgid where appropriateEric W. Biederman2012-09-211-1/+0
| | | | | | | | | | | | Cc: Evgeniy Dushistov <dushistov@mail.ru> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
| * userns: Convert the udf filesystem to use kuid/kgid where appropriateEric W. Biederman2012-09-211-1/+0
| | | | | | | | | | Cc: Jan Kara <jack@suse.cz> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
| * userns: Convert ubifs to use kuid/kgidEric W. Biederman2012-09-211-1/+0
| | | | | | | | | | | | | | Cc: Artem Bityutskiy <dedekind1@gmail.com> Cc: Adrian Hunter <adrian.hunter@intel.com> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
| * userns: Convert squashfs to use kuid/kgid where appropriateEric W. Biederman2012-09-211-1/+0
| | | | | | | | | | | | Cc: Phillip Lougher <phillip@squashfs.org.uk> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
| * userns: Convert reiserfs to use kuid and kgid where appropriateEric W. Biederman2012-09-211-1/+0
| | | | | | | | | | Cc: reiserfs-devel@vger.kernel.org Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
| * userns: Convert jfs to use kuid/kgid where appropriateEric W. Biederman2012-09-211-1/+0
| | | | | | | | | | Cc: Dave Kleikamp <shaggy@kernel.org> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
| * userns: Convert jffs2 to use kuid and kgid where appropriateEric W. Biederman2012-09-211-1/+0
| | | | | | | | | | | | | | | | | | | | | | - General routine uid/gid conversion work - When storing posix acls treat ACL_USER and ACL_GROUP separately so I can call from_kuid or from_kgid as appropriate. - When reading posix acls treat ACL_USER and ACL_GROUP separately so I can call make_kuid or make_kgid as appropriate. Cc: David Woodhouse <dwmw2@infradead.org> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
| * userns: Convert hpfs to use kuid and kgid where appropriateEric W. Biederman2012-09-211-1/+0
| | | | | | | | | | | | Cc: Mikulas Patocka <mikulas@artax.karlin.mff.cuni.cz> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
| * userns: Convert btrfs to use kuid/kgid where appropriateEric W. Biederman2012-09-211-1/+0
| | | | | | | | | | | | Cc: Chris Mason <chris.mason@fusionio.com> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
| * userns: Convert bfs to use kuid/kgid where appropriateEric W. Biederman2012-09-211-1/+0
| | | | | | | | | | | | Cc: "Tigran A. Aivazian" <tigran@aivazian.fsnet.co.uk> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
| * userns: Convert affs to use kuid/kgid wherwe appropriateEric W. Biederman2012-09-211-1/+0
| | | | | | | | | | Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
| * userns: Convert binder ipc to use kuidsEric W. Biederman2012-09-211-3/+0
| | | | | | | | | | | | | | Cc: Arve Hjønnevåg <arve@android.com> Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
| * userns: Add user namespace support to IMAEric W. Biederman2012-09-211-4/+0
| | | | | | | | | | | | | | | | | | | | | | Use kuid's in the IMA rules. When reporting the current uid in audit logs use from_kuid to get a usable value. Cc: Mimi Zohar <zohar@us.ibm.com> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
| * userns: Convert EVM to deal with kuids and kgids in it's hmac computationEric W. Biederman2012-09-211-1/+0
| | | | | | | | | | | | Cc: Mimi Zohar <zohar@us.ibm.com> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
| * userns: Convert hostfs to use kuid and kgid where appropriateEric W. Biederman2012-09-211-2/+0
| | | | | | | | | | | | | | Cc: Jeff Dike <jdike@addtoit.com> Cc: Richard Weinberger <richard@nod.at> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
| * userns: Convert tomoyo to use kuid and kgid where appropriateEric W. Biederman2012-09-211-3/+0
| | | | | | | | | | | | Acked-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
| * userns: Convert apparmor to use kuid and kgid where appropriateEric W. Biederman2012-09-211-1/+0
| | | | | | | | | | | | Cc: John Johansen <john.johansen@canonical.com> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
| * userns: Convert loop to use kuid_t instead of uid_tEric W. Biederman2012-09-211-1/+0
| | | | | | | | | | | | Cc: Jens Axboe <jaxboe@fusionio.com> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
| * userns: Convert ipathfs to use GLOBAL_ROOT_UID and GLOBAL_ROOT_GIDEric W. Biederman2012-09-211-1/+0
| | | | | | | | | | | | Acked-by: Mike Marciniszyn <mike.marciniszyn@intel.com> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
| * userns: Convert freevxfs to use kuid/kgid where appropriateEric W. Biederman2012-09-211-1/+0
| | | | | | | | | | | | Cc: Christoph Hellwig <hch@infradead.org> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
| * userns: Convert the sysv filesystem to use kuid/kgid where appropriateEric W. Biederman2012-09-211-1/+0
| | | | | | | | | | | | Cc: Christoph Hellwig <hch@infradead.org> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
| * userns: Convert the qnx6 filesystem to use kuid/kgid where appropriateEric W. Biederman2012-09-211-1/+0
| | | | | | | | | | | | Cc: Kai Bankett <chaosman@ontika.net> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
| * userns: Convert the qnx4 filesystem to use kuid/kgid where appropriateEric W. Biederman2012-09-211-1/+0
| | | | | | | | | | | | Acked-by: Anders Larsen <al@alarsen.net> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
| * userns: Convert omfs to use kuid and kgid where appropriateEric W. Biederman2012-09-211-1/+0
| | | | | | | | | | | | Acked-by: Bob Copeland <me@bobcopeland.com> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
| * userns: Convert ntfs to use kuid and kgid where appropriateEric W. Biederman2012-09-211-1/+0
| | | | | | | | | | | | Cc: Anton Altaparmakov <anton@tuxera.com> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
| * userns: Convert nillfs2 to use kuid/kgid where appropriateEric W. Biederman2012-09-211-1/+0
| | | | | | | | | | | | Acked-by: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
| * userns: Convert minix to use kuid/kgid where appropriateEric W. Biederman2012-09-211-1/+0
| | | | | | | | | | Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
| * userns: Convert logfs to use kuid/kgid where appropriateEric W. Biederman2012-09-211-1/+0
| | | | | | | | | | | | | | Cc: Joern Engel <joern@logfs.org> Cc: Prasad Joshi <prasadjoshi.linux@gmail.com> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
| * userns: Convert isofs to use kuid/kgid where appropriateEric W. Biederman2012-09-211-1/+0
| | | | | | | | Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
| * userns: Convert hfsplus to use kuid and kgid where appropriateEric W. Biederman2012-09-211-1/+0
| | | | | | | | Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
| * userns: Convert hfs to use kuid and kgid where appropriateEric W. Biederman2012-09-211-1/+0
| | | | | | | | | | Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
| * userns: Convert exofs to use kuid/kgid where appropriateEric W. Biederman2012-09-211-1/+0
| | | | | | | | | | | | | | Cc: Benny Halevy <bhalevy@tonian.com> Acked-by: Boaz Harrosh <bharrosh@panasas.com> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
| * userns: Convert efs to use kuid/kgid where appropriateEric W. Biederman2012-09-211-1/+0
| | | | | | | | | | Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
| * userns: Convert ecryptfs to use kuid/kgid where appropriateEric W. Biederman2012-09-211-1/+0
| | | | | | | | | | | | | | Cc: Tyler Hicks <tyhicks@canonical.com> Cc: Dustin Kirkland <dustin.kirkland@gazzang.com> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
| * userns: Convert cramfs to use kuid/kgid where appropriateEric W. Biederman2012-09-211-1/+0
| | | | | | | | | | Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
| * userns: Convert befs to use kuid/kgid where appropriateEric W. Biederman2012-09-211-1/+0
| | | | | | | | | | Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
| * userns: Convert adfs to use kuid and kgid where appropriateEric W. Biederman2012-09-211-1/+0
| | | | | | | | | | Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
| * userns: Convert xenfs to use kuid and kgid where appropriateEric W. Biederman2012-09-211-2/+0
| | | | | | | | | | | | | | Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
| * userns: Convert hugetlbfs to use kuid/kgid where appropriateEric W. Biederman2012-09-211-1/+0
| | | | | | | | | | | | | | | | | | | | Note sysctl_hugetlb_shm_group can only be written in the root user in the initial user namespace, so we can assume sysctl_hugetlb_shm_group is in the initial user namespace. Cc: William Irwin <wli@holomorphy.com> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
| * userns: Convert devtmpfs to use GLOBAL_ROOT_UID and GLOBAL_ROOT_GIDEric W. Biederman2012-09-211-1/+0
| | | | | | | | | | | | Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
| * userns: Convert usb functionfs to use kuid/kgid where appropriateEric W. Biederman2012-09-211-1/+0
| | | | | | | | | | | | | | Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Acked-by: Felipe Balbi <balbi@ti.com> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
| * userns: Convert gadgetfs to use kuid and kgid where appropriateEric W. Biederman2012-09-211-1/+0
| | | | | | | | | | | | | | Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Acked-by: Felipe Balbi <balbi@ti.com> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
| * userns: Convert fat to use kuid/kgid where appropriateEric W. Biederman2012-09-201-1/+0
| | | | | | | | | | | | Acked-by: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
| * userns: Convert quotaEric W. Biederman2012-09-181-1/+0
| | | | | | | | | | | | | | | | | | | | | | Now that the type changes are done, here is the final set of changes to make the quota code work when user namespaces are enabled. Small cleanups and fixes to make the code build when user namespaces are enabled. Cc: Jan Kara <jack@suse.cz> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
| * userns: Convert quota netlink aka quota_send_warningEric W. Biederman2012-09-181-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Modify quota_send_warning to take struct kqid instead a type and identifier pair. When sending netlink broadcasts always convert uids and quota identifiers into the intial user namespace. There is as yet no way to send a netlink broadcast message with different contents to receivers in different namespaces, so for the time being just map all of the identifiers into the initial user namespace which preserves the current behavior. Change the callers of quota_send_warning in gfs2, xfs and dquot to generate a struct kqid to pass to quota send warning. When all of the user namespaces convesions are complete a struct kqid values will be availbe without need for conversion, but a conversion is needed now to avoid needing to convert everything at once. Cc: Ben Myers <bpm@sgi.com> Cc: Alex Elder <elder@kernel.org> Cc: Dave Chinner <david@fromorbit.com> Cc: Jan Kara <jack@suse.cz> Cc: Steven Whitehouse <swhiteho@redhat.com> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
| * userns: Convert qutoactlEric W. Biederman2012-09-181-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update the quotactl user space interface to successfull compile with user namespaces support enabled and to hand off quota identifiers to lower layers of the kernel in struct kqid instead of type and qid pairs. The quota on function is not converted because while it takes a quota type and an id. The id is the on disk quota format to use, which is something completely different. The signature of two struct quotactl_ops methods were changed to take struct kqid argumetns get_dqblk and set_dqblk. The dquot, xfs, and ocfs2 implementations of get_dqblk and set_dqblk are minimally changed so that the code continues to work with the change in parameter type. This is the first in a series of changes to always store quota identifiers in the kernel in struct kqid and only use raw type and qid values when interacting with on disk structures or userspace. Always using struct kqid internally makes it hard to miss places that need conversion to or from the kernel internal values. Cc: Jan Kara <jack@suse.cz> Cc: Dave Chinner <david@fromorbit.com> Cc: Mark Fasheh <mfasheh@suse.com> Cc: Joel Becker <jlbec@evilplan.org> Cc: Ben Myers <bpm@sgi.com> Cc: Alex Elder <elder@kernel.org> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
| * userns: Convert configfs to use kuid and kgid where appropriateEric W. Biederman2012-09-181-1/+0
| | | | | | | | | | | | Cc: Joel Becker <jlbec@evilplan.org> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
| * userns: Convert extN to support kuids and kgids in posix aclsEric W. Biederman2012-09-181-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Convert ext2, ext3, and ext4 to fully support the posix acl changes, using e_uid e_gid instead e_id. Enabled building with posix acls enabled, all filesystems supporting user namespaces, now also support posix acls when user namespaces are enabled. Cc: Theodore Tso <tytso@mit.edu> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Andreas Dilger <adilger.kernel@dilger.ca> Cc: Jan Kara <jack@suse.cz> Cc: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
| * userns: Teach trace to use from_kuidEric W. Biederman2012-09-181-1/+0
| | | | | | | | | | | | | | | | | | | | | | - When tracing capture the kuid. - When displaying the data to user space convert the kuid into the user namespace of the process that opened the report file. Cc: Steven Rostedt <rostedt@goodmis.org> Cc: Frederic Weisbecker <fweisbec@gmail.com> Cc: Ingo Molnar <mingo@redhat.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>