[GIT PULL] user namespace changes for v3.7
Linus, Please pull the for-linus git tree from: git://git.kernel.org:/pub/scm/linux/kernel/git/ebiederm/user-namespace.git for-linus HEAD: 72235465864d84cedb2d9f26f8e1de824ee20339 userns: Convert the ufs filesystem to use kuid/kgid where appropriate The tree is against v3.6-rc1 This is a mostly modest set of changes to enable basic user namespace support. This allows the code to code to compile with user namespaces enabled and removes the assumption there is only the initial user namespace. Everything is converted except for the most complex of the filesystems: autofs4, 9p, afs, ceph, cifs, coda, fuse, gfs2, ncpfs, nfs, ocfs2 and xfs as those patches need a bit more review. The strategy is to push kuid_t and kgid_t values are far down into subsystems and filesystems as reasonable. Leaving the make_kuid and from_kuid operations to happen at the edge of userspace, as the values come off the disk, and as the values come in from the network. Letting compile type incompatible compile errors (present when user namespaces are enabled) guide me to find the issues. The most tricky areas have been the places where we had an implicit union of uid and gid values and were storing them in an unsigned int. Those places were converted into explicit unions. I made certain to handle those places with simple trivial patches. Out of that work I discovered we have generic interfaces for storing quota by projid. I had never heard of the project identifiers before. Adding full user namespace support for project identifiers accounts for most of the code size growth in my git tree. Ultimately there will be work to relax privlige checks from "capable(FOO)" to "ns_capable(user_ns, FOO)" where it is safe allowing root in a user names to do those things that today we only forbid to non-root users because it will confuse suid root applications. While I was pushing kuid_t and kgid_t changes deep into the audit code I made a few other cleanups. I capitalized on the fact we process netlink messages in the context of the message sender. I removed usage of NETLINK_CRED, and started directly using current->tty. Some of these patches have also made it into maintainer trees, with no problems from identical code from different trees showing up in linux-next. After reading through all of this code I feel like I might be able to win a game of kernel trivial pursuit. Eric Dan Carpenter (1): ipv6: move dereference after check in fl_free() Eric W. Biederman (106): userns: Allow the usernamespace support to build after the removal of usbfs userns: Fix link restrictions to use uid_eq userns: Convert net/core/scm.c to use kuids and kgids userns: Convert __dev_set_promiscuity to use kuids in audit logs userns: Convert sock_i_uid to return a kuid_t userns: Allow USER_NS and NET simultaneously in Kconfig userns: Make seq_file's user namespace accessible userns: Print out socket uids in a user namespace aware fashion. userns: Use kgids for sysctl_ping_group_range net ip6 flowlabel: Make owner a union of struct pid * and kuid_t pidns: Export free_pid_ns userns: Convert net/ax25 to use kuid_t where appropriate netlink: Make the sending netlink socket availabe in NETLINK_CB userns: Implement sk_user_ns userns: Teach inet_diag to work with user namespaces userns: nfnetlink_log: Report socket uids in the log sockets user namespace net sched: Pass the skb into change so it can access NETLINK_CB userns: Convert cls_flow to work with user namespaces enabled userns: Convert xt_LOG to print socket kuids and kgids as uids and gids userns xt_recent: Specify the owner/group of ip_list_perms in the initial user namespace userns: xt_owner: Add basic user namespace support. userns: Make the airo wireless driver use kuids for proc uids and gids userns: Convert tun/tap to use kuid and kgid where appropriate userns: Enable building of pf_key sockets when user namespace support is enabled. userns: Make credential debugging user namespace safe. userns: Convert debugfs to use kuid/kgid where appropriate. userns: Convert process event connector to handle kuids and kgids userns: Convert ipc to use kuid and kgid where appropriate userns: Convert drm to use kuid and kgid and struct pid where appropriate userns: Convert security/keys to the new userns infrastructure userns: net: Call key_alloc with GLOBAL_ROOT_UID, GLOBAL_ROOT_GID instead of 0, 0 audit: Limit audit requests to processes in the initial pid and user namespaces. audit: Use current instead of NETLINK_CREDS() in audit_filter audit: kill audit_prepare_user_tty audit: Simply AUDIT_TTY_SET and AUDIT_TTY_GET audit: Properly set the origin port id of audit messages. audit: Remove the unused uid parameter from audit_receive_filter audit: Don't pass pid or
[GIT PULL] user namespace changes for v3.7
Linus, Please pull the for-linus git tree from: git://git.kernel.org:/pub/scm/linux/kernel/git/ebiederm/user-namespace.git for-linus HEAD: 72235465864d84cedb2d9f26f8e1de824ee20339 userns: Convert the ufs filesystem to use kuid/kgid where appropriate The tree is against v3.6-rc1 This is a mostly modest set of changes to enable basic user namespace support. This allows the code to code to compile with user namespaces enabled and removes the assumption there is only the initial user namespace. Everything is converted except for the most complex of the filesystems: autofs4, 9p, afs, ceph, cifs, coda, fuse, gfs2, ncpfs, nfs, ocfs2 and xfs as those patches need a bit more review. The strategy is to push kuid_t and kgid_t values are far down into subsystems and filesystems as reasonable. Leaving the make_kuid and from_kuid operations to happen at the edge of userspace, as the values come off the disk, and as the values come in from the network. Letting compile type incompatible compile errors (present when user namespaces are enabled) guide me to find the issues. The most tricky areas have been the places where we had an implicit union of uid and gid values and were storing them in an unsigned int. Those places were converted into explicit unions. I made certain to handle those places with simple trivial patches. Out of that work I discovered we have generic interfaces for storing quota by projid. I had never heard of the project identifiers before. Adding full user namespace support for project identifiers accounts for most of the code size growth in my git tree. Ultimately there will be work to relax privlige checks from capable(FOO) to ns_capable(user_ns, FOO) where it is safe allowing root in a user names to do those things that today we only forbid to non-root users because it will confuse suid root applications. While I was pushing kuid_t and kgid_t changes deep into the audit code I made a few other cleanups. I capitalized on the fact we process netlink messages in the context of the message sender. I removed usage of NETLINK_CRED, and started directly using current-tty. Some of these patches have also made it into maintainer trees, with no problems from identical code from different trees showing up in linux-next. After reading through all of this code I feel like I might be able to win a game of kernel trivial pursuit. Eric Dan Carpenter (1): ipv6: move dereference after check in fl_free() Eric W. Biederman (106): userns: Allow the usernamespace support to build after the removal of usbfs userns: Fix link restrictions to use uid_eq userns: Convert net/core/scm.c to use kuids and kgids userns: Convert __dev_set_promiscuity to use kuids in audit logs userns: Convert sock_i_uid to return a kuid_t userns: Allow USER_NS and NET simultaneously in Kconfig userns: Make seq_file's user namespace accessible userns: Print out socket uids in a user namespace aware fashion. userns: Use kgids for sysctl_ping_group_range net ip6 flowlabel: Make owner a union of struct pid * and kuid_t pidns: Export free_pid_ns userns: Convert net/ax25 to use kuid_t where appropriate netlink: Make the sending netlink socket availabe in NETLINK_CB userns: Implement sk_user_ns userns: Teach inet_diag to work with user namespaces userns: nfnetlink_log: Report socket uids in the log sockets user namespace net sched: Pass the skb into change so it can access NETLINK_CB userns: Convert cls_flow to work with user namespaces enabled userns: Convert xt_LOG to print socket kuids and kgids as uids and gids userns xt_recent: Specify the owner/group of ip_list_perms in the initial user namespace userns: xt_owner: Add basic user namespace support. userns: Make the airo wireless driver use kuids for proc uids and gids userns: Convert tun/tap to use kuid and kgid where appropriate userns: Enable building of pf_key sockets when user namespace support is enabled. userns: Make credential debugging user namespace safe. userns: Convert debugfs to use kuid/kgid where appropriate. userns: Convert process event connector to handle kuids and kgids userns: Convert ipc to use kuid and kgid where appropriate userns: Convert drm to use kuid and kgid and struct pid where appropriate userns: Convert security/keys to the new userns infrastructure userns: net: Call key_alloc with GLOBAL_ROOT_UID, GLOBAL_ROOT_GID instead of 0, 0 audit: Limit audit requests to processes in the initial pid and user namespaces. audit: Use current instead of NETLINK_CREDS() in audit_filter audit: kill audit_prepare_user_tty audit: Simply AUDIT_TTY_SET and AUDIT_TTY_GET audit: Properly set the origin port id of audit messages. audit: Remove the unused uid parameter from audit_receive_filter audit: Don't pass pid or uid
