From 5673a94c14574d7c6495c320c6b0e480673d54bd Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Thu, 17 Nov 2011 10:23:55 -0800 Subject: userns: Add a Kconfig option to enforce strict kuid and kgid type checks Make it possible to easily switch between strong mandatory type checks and relaxed type checks so that the code can easily be tested with the type checks and then built with the strong type checks disabled so the resulting code can be used. Require strong mandatory type checks when enabling the user namespace. It is very simple to make a typo and use the wrong type allowing conversions to/from userspace values to be bypassed by accident, the strong type checks prevent this. Acked-by: Serge Hallyn Signed-off-by: Eric W. Biederman --- init/Kconfig | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) (limited to 'init/Kconfig') diff --git a/init/Kconfig b/init/Kconfig index 72f33faca44..86cf760893b 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -828,7 +828,8 @@ config IPC_NS config USER_NS bool "User namespace (EXPERIMENTAL)" depends on EXPERIMENTAL - default y + select UIDGID_STRICT_TYPE_CHECKS + default n help This allows containers, i.e. vservers, to use user namespaces to provide different user info for different servers. @@ -852,6 +853,15 @@ config NET_NS endif # NAMESPACES +config UIDGID_STRICT_TYPE_CHECKS + bool "Require conversions between uid/gids and their internal representation" + default n + help + While the nececessary conversions are being added to all subsystems this option allows + the code to continue to build for unconverted subsystems. + + Say Y here if you want the strict type checking enabled + config SCHED_AUTOGROUP bool "Automatic process group scheduling" select EVENTFD -- cgit v1.2.3-18-g5258 From e1c972b681bf118fcedb9fe2ed7a73de983aa5ef Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Sat, 21 Apr 2012 04:09:01 -0700 Subject: userns: Add negative depends on entries to avoid building code that is userns unsafe Add a new internal Kconfig option UIDGID_CONVERTED that is true when the selected Kconfig options have been converted to be user namespace safe, and guard USER_NS and guard the UIDGID_STRICT_TYPE_CHECK options with it. This keeps innocent kernel users from having the choice to enable the user namespace in the cases where it is known not to work. Most of the rest of the conversions are simple and straight forward but their sheer number means it is good not to count on having them all done and reviwed before thinking of merging this code. Acked-by: Serge Hallyn Signed-off-by: Eric W. Biederman --- init/Kconfig | 131 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 131 insertions(+) (limited to 'init/Kconfig') diff --git a/init/Kconfig b/init/Kconfig index 86cf760893b..3349670149d 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -828,7 +828,9 @@ config IPC_NS config USER_NS bool "User namespace (EXPERIMENTAL)" depends on EXPERIMENTAL + depends on UIDGID_CONVERTED select UIDGID_STRICT_TYPE_CHECKS + default n help This allows containers, i.e. vservers, to use user namespaces @@ -853,8 +855,137 @@ config NET_NS endif # NAMESPACES +config UIDGID_CONVERTED + # True if all of the selected software conmponents are known + # to have uid_t and gid_t converted to kuid_t and kgid_t + # where appropriate and are otherwise safe to use with + # the user namespace. + bool + default y + + # List of kernel pieces that need user namespace work + # Features + depends on BINFMT_ELF = n + depends on BINFMT_ELF_FDPIC = n + depends on UNIX98_PTYS = n + depends on CGROUPS = n + depends on MIGRATION = n + depends on NUMA = n + depends on SYSVIPC = n + depends on IMA = n + depends on EVM = n + depends on KEYS = n + depends on AUDIT = n + depends on AUDITSYSCALL = n + depends on TASKSTATS = n + depends on TRACING = n + depends on FS_POSIX_ACL = n + depends on QUOTA = n + depends on QUOTACTL = n + depends on DEBUG_CREDENTIALS = n + depends on BSD_PROCESS_ACCT = n + depends on DRM = n + depends on PROC_EVENTS = n + + # Networking + depends on NET = n + depends on NET_9P = n + depends on IPX = n + depends on PHONET = n + depends on NET_CLS_FLOW = n + depends on NETFILTER_XT_MATCH_OWNER = n + depends on NETFILTER_XT_MATCH_RECENT = n + depends on NETFILTER_XT_TARGET_LOG = n + depends on NETFILTER_NETLINK_LOG = n + depends on INET = n + depends on IPV6 = n + depends on IP_SCTP = n + depends on AF_RXRPC = n + depends on LLC2 = n + depends on NET_KEY = n + depends on INET_DIAG = n + depends on DNS_RESOLVER = n + depends on AX25 = n + depends on ATALK = n + + # Filesystems + depends on USB_DEVICEFS = n + depends on USB_GADGETFS = n + depends on USB_FUNCTIONFS = n + depends on DEVTMPFS = n + depends on XENFS = n + + depends on 9P_FS = n + depends on ADFS_FS = n + depends on AFFS_FS = n + depends on AFS_FS = n + depends on AUTOFS4_FS = n + depends on BEFS_FS = n + depends on BFS_FS = n + depends on BTRFS_FS = n + depends on CEPH_FS = n + depends on CIFS = n + depends on CODA_FS = n + depends on CONFIGFS_FS = n + depends on CRAMFS = n + depends on DEBUG_FS = n + depends on ECRYPT_FS = n + depends on EFS_FS = n + depends on EXOFS_FS = n + depends on EXT2_FS = n + depends on EXT3_FS = n + depends on EXT4_FS = n + depends on FAT_FS = n + depends on FUSE_FS = n + depends on GFS2_FS = n + depends on HFS_FS = n + depends on HFSPLUS_FS = n + depends on HPFS_FS = n + depends on HUGETLBFS = n + depends on ISO9660_FS = n + depends on JFFS2_FS = n + depends on JFS_FS = n + depends on LOGFS = n + depends on MINIX_FS = n + depends on NCP_FS = n + depends on NFSD = n + depends on NFS_FS = n + depends on NILFS2_FS = n + depends on NTFS_FS = n + depends on OCFS2_FS = n + depends on OMFS_FS = n + depends on PROC_FS = n + depends on PROC_SYSCTL = n + depends on QNX4FS_FS = n + depends on QNX6FS_FS = n + depends on REISERFS_FS = n + depends on SQUASHFS = n + depends on SYSFS = n + depends on SYSV_FS = n + depends on TMPFS = n + depends on UBIFS_FS = n + depends on UDF_FS = n + depends on UFS_FS = n + depends on VXFS_FS = n + depends on XFS_FS = n + + depends on !UML || HOSTFS = n + + # The rare drivers that won't build + depends on AIRO = n + depends on AIRO_CS = n + depends on TUN = n + depends on INFINIBAND_QIB = n + depends on BLK_DEV_LOOP = n + depends on ANDROID_BINDER_IPC = n + + # Security modules + depends on SECURITY_TOMOYO = n + depends on SECURITY_APPARMOR = n + config UIDGID_STRICT_TYPE_CHECKS bool "Require conversions between uid/gids and their internal representation" + depends on UIDGID_CONVERTED default n help While the nececessary conversions are being added to all subsystems this option allows -- cgit v1.2.3-18-g5258 From ebc887b278944fc478ab31a4be8ba0cae5fe4f48 Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Tue, 7 Feb 2012 18:36:10 -0800 Subject: userns: Convert binary formats to use kuid/kgid where appropriate Acked-by: Serge Hallyn Signed-off-by: Eric W. Biederman --- init/Kconfig | 2 -- 1 file changed, 2 deletions(-) (limited to 'init/Kconfig') diff --git a/init/Kconfig b/init/Kconfig index 3349670149d..994a53ec1d8 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -865,8 +865,6 @@ config UIDGID_CONVERTED # List of kernel pieces that need user namespace work # Features - depends on BINFMT_ELF = n - depends on BINFMT_ELF_FDPIC = n depends on UNIX98_PTYS = n depends on CGROUPS = n depends on MIGRATION = n -- cgit v1.2.3-18-g5258 From f04c6ce2cfaff4b982a6c8ad37e07c14379c111c Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Tue, 7 Feb 2012 16:22:56 -0800 Subject: userns: Convert devpts to use kuid/kgid where appropriate Acked-by: Serge Hallyn Signed-off-by: Eric W. Biederman --- init/Kconfig | 1 - 1 file changed, 1 deletion(-) (limited to 'init/Kconfig') diff --git a/init/Kconfig b/init/Kconfig index 994a53ec1d8..2738a7c4793 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -865,7 +865,6 @@ config UIDGID_CONVERTED # List of kernel pieces that need user namespace work # Features - depends on UNIX98_PTYS = n depends on CGROUPS = n depends on MIGRATION = n depends on NUMA = n -- cgit v1.2.3-18-g5258 From b8a9f9e183229d163d8ace855cbbb63c209fba3c Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Tue, 7 Feb 2012 15:39:12 -0800 Subject: userns: Convert ext2 to use kuid/kgid where appropriate. Acked-by: Serge Hallyn Signed-off-by: Eric W. Biederman --- init/Kconfig | 1 - 1 file changed, 1 deletion(-) (limited to 'init/Kconfig') diff --git a/init/Kconfig b/init/Kconfig index 2738a7c4793..769d9a471ee 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -929,7 +929,6 @@ config UIDGID_CONVERTED depends on ECRYPT_FS = n depends on EFS_FS = n depends on EXOFS_FS = n - depends on EXT2_FS = n depends on EXT3_FS = n depends on EXT4_FS = n depends on FAT_FS = n -- cgit v1.2.3-18-g5258 From 1523299d5817773e344d135d4b1c485f269400bc Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Tue, 7 Feb 2012 15:41:24 -0800 Subject: userns: Convert ext3 to use kuid/kgid where appropriate Acked-by: Serge Hallyn Signed-off-by: Eric W. Biederman --- init/Kconfig | 1 - 1 file changed, 1 deletion(-) (limited to 'init/Kconfig') diff --git a/init/Kconfig b/init/Kconfig index 769d9a471ee..669f991bb13 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -929,7 +929,6 @@ config UIDGID_CONVERTED depends on ECRYPT_FS = n depends on EFS_FS = n depends on EXOFS_FS = n - depends on EXT3_FS = n depends on EXT4_FS = n depends on FAT_FS = n depends on FUSE_FS = n -- cgit v1.2.3-18-g5258 From 08cefc7ab839cf3ece44b8033968a4732eac06d8 Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Tue, 7 Feb 2012 15:41:49 -0800 Subject: userns: Convert ext4 to user kuid/kgid where appropriate Acked-by: Serge Hallyn Signed-off-by: Eric W. Biederman --- init/Kconfig | 1 - 1 file changed, 1 deletion(-) (limited to 'init/Kconfig') diff --git a/init/Kconfig b/init/Kconfig index 669f991bb13..0e7d30ba8eb 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -929,7 +929,6 @@ config UIDGID_CONVERTED depends on ECRYPT_FS = n depends on EFS_FS = n depends on EXOFS_FS = n - depends on EXT4_FS = n depends on FAT_FS = n depends on FUSE_FS = n depends on GFS2_FS = n -- cgit v1.2.3-18-g5258 From dcb0f22282e680ee5202ab7574ce78beb3803a9f Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Thu, 9 Feb 2012 08:48:21 -0800 Subject: userns: Convert proc to use kuid/kgid where appropriate Acked-by: Serge Hallyn Signed-off-by: Eric W. Biederman --- init/Kconfig | 1 - 1 file changed, 1 deletion(-) (limited to 'init/Kconfig') diff --git a/init/Kconfig b/init/Kconfig index 0e7d30ba8eb..7bebe91367c 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -948,7 +948,6 @@ config UIDGID_CONVERTED depends on NTFS_FS = n depends on OCFS2_FS = n depends on OMFS_FS = n - depends on PROC_FS = n depends on PROC_SYSCTL = n depends on QNX4FS_FS = n depends on QNX6FS_FS = n -- cgit v1.2.3-18-g5258 From 091bd3ea4e7ff4da8509978b9be93dc9d8cf0680 Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Mon, 13 Feb 2012 18:02:50 -0800 Subject: userns: Convert sysctl permission checks to use kuid and kgids. Acked-by: Serge Hallyn Signed-off-by: Eric W. Biederman --- init/Kconfig | 1 - 1 file changed, 1 deletion(-) (limited to 'init/Kconfig') diff --git a/init/Kconfig b/init/Kconfig index 7bebe91367c..be587651b95 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -948,7 +948,6 @@ config UIDGID_CONVERTED depends on NTFS_FS = n depends on OCFS2_FS = n depends on OMFS_FS = n - depends on PROC_SYSCTL = n depends on QNX4FS_FS = n depends on QNX6FS_FS = n depends on REISERFS_FS = n -- cgit v1.2.3-18-g5258 From ab27b91b9f1937ddb9e0eb0d0892728f852b48cf Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Tue, 7 Feb 2012 15:46:26 -0800 Subject: userns: Convert sysfs to use kgid/kuid where appropriate Acked-by: Serge Hallyn Signed-off-by: Eric W. Biederman --- init/Kconfig | 1 - 1 file changed, 1 deletion(-) (limited to 'init/Kconfig') diff --git a/init/Kconfig b/init/Kconfig index be587651b95..908e61cd0b0 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -952,7 +952,6 @@ config UIDGID_CONVERTED depends on QNX6FS_FS = n depends on REISERFS_FS = n depends on SQUASHFS = n - depends on SYSFS = n depends on SYSV_FS = n depends on TMPFS = n depends on UBIFS_FS = n -- cgit v1.2.3-18-g5258 From 8751e03958f2adbfba6a0f186f4c5797c950c22a Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Tue, 7 Feb 2012 16:46:12 -0800 Subject: userns: Convert tmpfs to use kuid and kgid where appropriate Acked-by: Serge Hallyn Signed-off-by: Eric W. Biederman --- init/Kconfig | 1 - 1 file changed, 1 deletion(-) (limited to 'init/Kconfig') diff --git a/init/Kconfig b/init/Kconfig index 908e61cd0b0..7a5ccb2e9e0 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -953,7 +953,6 @@ config UIDGID_CONVERTED depends on REISERFS_FS = n depends on SQUASHFS = n depends on SYSV_FS = n - depends on TMPFS = n depends on UBIFS_FS = n depends on UDF_FS = n depends on UFS_FS = n -- cgit v1.2.3-18-g5258 From 14a590c3f987977d7b09ec926481ee0238c08eee Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Mon, 12 Mar 2012 15:44:39 -0700 Subject: userns: Convert cgroup permission checks to use uid_eq Acked-by: Serge Hallyn Signed-off-by: Eric W. Biederman --- init/Kconfig | 1 - 1 file changed, 1 deletion(-) (limited to 'init/Kconfig') diff --git a/init/Kconfig b/init/Kconfig index 7a5ccb2e9e0..d24cc75caf6 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -865,7 +865,6 @@ config UIDGID_CONVERTED # List of kernel pieces that need user namespace work # Features - depends on CGROUPS = n depends on MIGRATION = n depends on NUMA = n depends on SYSVIPC = n -- cgit v1.2.3-18-g5258 From b38a86eb196d9402299919456fe3f28e490c76fa Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Mon, 12 Mar 2012 15:48:24 -0700 Subject: userns: Convert the move_pages, and migrate_pages permission checks to use uid_eq Acked-by: Serge Hallyn Signed-off-by: Eric W. Biederman --- init/Kconfig | 2 -- 1 file changed, 2 deletions(-) (limited to 'init/Kconfig') diff --git a/init/Kconfig b/init/Kconfig index d24cc75caf6..b5dff4d1e1d 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -865,8 +865,6 @@ config UIDGID_CONVERTED # List of kernel pieces that need user namespace work # Features - depends on MIGRATION = n - depends on NUMA = n depends on SYSVIPC = n depends on IMA = n depends on EVM = n -- cgit v1.2.3-18-g5258