[Devel] [PATCH 7/6] proc connector: user containers initial user namespace
Andrey Ryabinin
aryabinin at virtuozzo.com
Tue Aug 15 16:55:06 MSK 2017
On 08/15/2017 03:56 PM, Stanislav Kinsburskiy wrote:
> Signed-off-by: Stanislav Kinsburskiy <skinsbursky at virtuozzo.com>
> ---
> drivers/connector/cn_proc.c | 17 +++++++++++++----
> 1 file changed, 13 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/connector/cn_proc.c b/drivers/connector/cn_proc.c
> index c5bd47b..10a3e3e 100644
> --- a/drivers/connector/cn_proc.c
> +++ b/drivers/connector/cn_proc.c
> @@ -159,6 +159,14 @@ void proc_exec_connector(struct task_struct *task)
> cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL);
> }
>
> +static struct user_namespace *task_user(struct task_struct *task)
> +{
> + struct cred *init_cred;
> +
> + init_cred = task->task_ve->init_cred;
> + return init_cred ? init_cred->user_ns : &init_user_ns;
> +}
> +
> void proc_id_connector(struct task_struct *task, int which_id)
> {
> struct cn_msg *msg;
> @@ -167,6 +175,7 @@ void proc_id_connector(struct task_struct *task, int which_id)
> struct timespec ts;
> const struct cred *cred;
> struct net *net = task_net(task);
> + struct user_namespace *user_ns = task_user(task);
>
> if (get_listeners(net) < 1)
> return;
> @@ -180,11 +189,11 @@ void proc_id_connector(struct task_struct *task, int which_id)
> rcu_read_lock();
> cred = __task_cred(task);
> if (which_id == PROC_EVENT_UID) {
> - ev->event_data.id.r.ruid = from_kuid_munged(&init_user_ns, cred->uid);
> - ev->event_data.id.e.euid = from_kuid_munged(&init_user_ns, cred->euid);
> + ev->event_data.id.r.ruid = from_kuid_munged(user_ns, cred->uid);
> + ev->event_data.id.e.euid = from_kuid_munged(user_ns, cred->euid);
user_ns has to be ns of the listener, not the task itself. And as mentioned before you'll need to craft
similar messages for all listeners.
> } else if (which_id == PROC_EVENT_GID) {
> - ev->event_data.id.r.rgid = from_kgid_munged(&init_user_ns, cred->gid);
> - ev->event_data.id.e.egid = from_kgid_munged(&init_user_ns, cred->egid);
> + ev->event_data.id.r.rgid = from_kgid_munged(user_ns, cred->gid);
> + ev->event_data.id.e.egid = from_kgid_munged(user_ns, cred->egid);
> } else {
> rcu_read_unlock();
> return;
>
More information about the Devel
mailing list