[Devel] [PATCH v2 22/27] proc connector: take namespaces from VE

Stanislav Kinsburskiy skinsbursky at virtuozzo.com
Thu Aug 17 17:00:53 MSK 2017 

Intead of hardcoded "init" namespaces.

Signed-off-by: Stanislav Kinsburskiy <skinsbursky at virtuozzo.com>
---
 drivers/connector/cn_proc.c |   69 ++++++++++++++++++++++++++-----------------
 1 file changed, 42 insertions(+), 27 deletions(-)

diff --git a/drivers/connector/cn_proc.c b/drivers/connector/cn_proc.c
index b66fde8..df6553d 100644
--- a/drivers/connector/cn_proc.c
+++ b/drivers/connector/cn_proc.c
@@ -122,14 +122,15 @@ static bool fill_fork_event(struct proc_event *ev, struct ve_struct *ve,
 			    struct task_struct *task, int unused)
 {
 	struct task_struct *parent;
+	struct pid_namespace *pid_ns = ve->ve_ns->pid_ns;
 
 	rcu_read_lock();
 	parent = rcu_dereference(task->real_parent);
-	ev->event_data.fork.parent_pid = task_pid_nr_ns(parent, &init_pid_ns);
-	ev->event_data.fork.parent_tgid = task_tgid_nr_ns(parent, &init_pid_ns);
+	ev->event_data.fork.parent_pid = task_pid_nr_ns(parent, pid_ns);
+	ev->event_data.fork.parent_tgid = task_tgid_nr_ns(parent, pid_ns);
 	rcu_read_unlock();
-	ev->event_data.fork.child_pid = task_pid_nr_ns(task, &init_pid_ns);
-	ev->event_data.fork.child_tgid = task_tgid_nr_ns(task, &init_pid_ns);
+	ev->event_data.fork.child_pid = task_pid_nr_ns(task, pid_ns);
+	ev->event_data.fork.child_tgid = task_tgid_nr_ns(task, pid_ns);
 	return true;
 }
 
@@ -141,8 +142,10 @@ void proc_fork_connector(struct task_struct *task)
 static bool fill_exec_event(struct proc_event *ev, struct ve_struct *ve,
 			    struct task_struct *task, int unused)
 {
-	ev->event_data.exec.process_pid = task_pid_nr_ns(task, &init_pid_ns);
-	ev->event_data.exec.process_tgid = task_tgid_nr_ns(task, &init_pid_ns);
+	struct pid_namespace *pid_ns = ve->ve_ns->pid_ns;
+
+	ev->event_data.exec.process_pid = task_pid_nr_ns(task, pid_ns);
+	ev->event_data.exec.process_tgid = task_tgid_nr_ns(task, pid_ns);
 	return true;
 }
 
@@ -155,17 +158,19 @@ static bool fill_id_event(struct proc_event *ev, struct ve_struct *ve,
 			  struct task_struct *task, int which_id)
 {
 	const struct cred *cred;
+	struct pid_namespace *pid_ns = ve->ve_ns->pid_ns;
+	struct user_namespace *user_ns = ve->init_cred->user_ns;
 
-	ev->event_data.id.process_pid = task_pid_nr_ns(task, &init_pid_ns);
-	ev->event_data.id.process_tgid = task_tgid_nr_ns(task, &init_pid_ns);
+	ev->event_data.id.process_pid = task_pid_nr_ns(task, pid_ns);
+	ev->event_data.id.process_tgid = task_tgid_nr_ns(task, pid_ns);
 	rcu_read_lock();
 	cred = __task_cred(task);
 	if (which_id == PROC_EVENT_UID) {
-		ev->event_data.id.r.ruid = from_kuid_munged(&init_user_ns, cred->uid);
-		ev->event_data.id.e.euid = from_kuid_munged(&init_user_ns, cred->euid);
+		ev->event_data.id.r.ruid = from_kuid_munged(user_ns, cred->uid);
+		ev->event_data.id.e.euid = from_kuid_munged(user_ns, cred->euid);
 	} else if (which_id == PROC_EVENT_GID) {
-		ev->event_data.id.r.rgid = from_kgid_munged(&init_user_ns, cred->gid);
-		ev->event_data.id.e.egid = from_kgid_munged(&init_user_ns, cred->egid);
+		ev->event_data.id.r.rgid = from_kgid_munged(user_ns, cred->gid);
+		ev->event_data.id.e.egid = from_kgid_munged(user_ns, cred->egid);
 	} else {
 		rcu_read_unlock();
 		return false;
@@ -182,8 +187,10 @@ void proc_id_connector(struct task_struct *task, int which_id)
 static bool fill_sid_event(struct proc_event *ev, struct ve_struct *ve,
 			   struct task_struct *task, int unused)
 {
-	ev->event_data.sid.process_pid = task_pid_nr_ns(task, &init_pid_ns);
-	ev->event_data.sid.process_tgid = task_tgid_nr_ns(task, &init_pid_ns);
+	struct pid_namespace *pid_ns = ve->ve_ns->pid_ns;
+
+	ev->event_data.sid.process_pid = task_pid_nr_ns(task, pid_ns);
+	ev->event_data.sid.process_tgid = task_tgid_nr_ns(task, pid_ns);
 	return true;
 }
 
@@ -195,11 +202,13 @@ void proc_sid_connector(struct task_struct *task)
 static bool fill_ptrace_event(struct proc_event *ev, struct ve_struct *ve,
 			      struct task_struct *task, int ptrace_id)
 {
-	ev->event_data.ptrace.process_pid  = task_pid_nr_ns(task, &init_pid_ns);
-	ev->event_data.ptrace.process_tgid = task_tgid_nr_ns(task, &init_pid_ns);
+	struct pid_namespace *pid_ns = ve->ve_ns->pid_ns;
+
+	ev->event_data.ptrace.process_pid  = task_pid_nr_ns(task, pid_ns);
+	ev->event_data.ptrace.process_tgid = task_tgid_nr_ns(task, pid_ns);
 	if (ptrace_id == PTRACE_ATTACH) {
-		ev->event_data.ptrace.tracer_pid  = task_pid_nr_ns(current, &init_pid_ns);
-		ev->event_data.ptrace.tracer_tgid = task_tgid_nr_ns(current, &init_pid_ns);
+		ev->event_data.ptrace.tracer_pid  = task_pid_nr_ns(current, pid_ns);
+		ev->event_data.ptrace.tracer_tgid = task_tgid_nr_ns(current, pid_ns);
 	} else if (ptrace_id == PTRACE_DETACH) {
 		ev->event_data.ptrace.tracer_pid  = 0;
 		ev->event_data.ptrace.tracer_tgid = 0;
@@ -217,8 +226,10 @@ void proc_ptrace_connector(struct task_struct *task, int ptrace_id)
 static bool fill_comm_event(struct proc_event *ev, struct ve_struct *ve,
 			    struct task_struct *task, int unused)
 {
-	ev->event_data.comm.process_pid  = task_pid_nr_ns(task, &init_pid_ns);
-	ev->event_data.comm.process_tgid = task_tgid_nr_ns(task, &init_pid_ns);
+	struct pid_namespace *pid_ns = ve->ve_ns->pid_ns;
+
+	ev->event_data.comm.process_pid  = task_pid_nr_ns(task, pid_ns);
+	ev->event_data.comm.process_tgid = task_tgid_nr_ns(task, pid_ns);
 	get_task_comm(ev->event_data.comm.comm, task);
 	return true;
 }
@@ -231,8 +242,10 @@ void proc_comm_connector(struct task_struct *task)
 static bool fill_coredump_event(struct proc_event *ev, struct ve_struct *ve,
 				struct task_struct *task, int unused)
 {
-	ev->event_data.coredump.process_pid = task_pid_nr_ns(task, &init_pid_ns);
-	ev->event_data.coredump.process_tgid = task_tgid_nr_ns(task, &init_pid_ns);
+	struct pid_namespace *pid_ns = ve->ve_ns->pid_ns;
+
+	ev->event_data.coredump.process_pid = task_pid_nr_ns(task, pid_ns);
+	ev->event_data.coredump.process_tgid = task_tgid_nr_ns(task, pid_ns);
 	return true;
 }
 
@@ -244,8 +257,10 @@ void proc_coredump_connector(struct task_struct *task)
 static bool fill_exit_event(struct proc_event *ev, struct ve_struct *ve,
 			    struct task_struct *task, int unused)
 {
-	ev->event_data.exit.process_pid = task_pid_nr_ns(task, &init_pid_ns);
-	ev->event_data.exit.process_tgid = task_tgid_nr_ns(task, &init_pid_ns);
+	struct pid_namespace *pid_ns = ve->ve_ns->pid_ns;
+
+	ev->event_data.exit.process_pid = task_pid_nr_ns(task, pid_ns);
+	ev->event_data.exit.process_tgid = task_tgid_nr_ns(task, pid_ns);
 	ev->event_data.exit.exit_code = task->exit_code;
 	ev->event_data.exit.exit_signal = task->exit_signal;
 	return true;
@@ -309,12 +324,12 @@ static void cn_proc_mcast_ctl(struct cn_msg *msg,
 	 * and user namespaces so ignore requestors from
 	 * other namespaces.
 	 */
-	if ((current_user_ns() != &init_user_ns) ||
-	    (task_active_pid_ns(current) != &init_pid_ns))
+	if (!current_user_ns_initial() ||
+	    (task_active_pid_ns(current) != ve->ve_ns->pid_ns))
 		return;
 
 	/* Can only change if privileged. */
-	if (!__netlink_ns_capable(nsp, &init_user_ns, CAP_NET_ADMIN)) {
+	if (!__netlink_ns_capable(nsp, ve_init_user_ns(), CAP_NET_ADMIN)) {
 		err = EPERM;
 		goto out;
 	}

More information about the Devel mailing list