[Devel] [PATCH RHEL7 COMMIT] ms/prctl: Allow local CAP_SYS_ADMIN changing exe_file

Konstantin Khorenko khorenko at virtuozzo.com
Tue May 16 06:02:51 PDT 2017 

The commit is pushed to "branch-rh7-3.10.0-514.16.1.vz7.32.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-514.16.1.vz7.32.3
------>
commit 81ab8ba12f41c8056e236c6a0a8f01cdfd98a983
Author: Kirill Tkhai <ktkhai at virtuozzo.com>
Date:   Tue May 16 17:02:51 2017 +0400

    ms/prctl: Allow local CAP_SYS_ADMIN changing exe_file
    
    This patch is going to mainstream, Eric W.Biederman
    took it to his tree.
    
    https://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git/commit/?h=for-testing&id=f4434071b18b119aa2474be8746b49a9734fe505
    
    During checkpointing and restore of userspace tasks
    we bumped into the situation, that it's not possible
    to restore the tasks, which user namespace does not
    have uid 0 or gid 0 mapped.
    
    People create user namespace mappings like they want,
    and there is no a limitation on obligatory uid and gid
    "must be mapped". So, if there is no uid 0 or gid 0
    in the mapping, it's impossible to restore mm->exe_file
    of the processes belonging to this user namespace.
    
    Also, there is no a workaround. It's impossible
    to create a temporary uid/gid mapping, because
    only one write to /proc/[pid]/uid_map and gid_map
    is allowed during a namespace lifetime.
    If there is an entry, then no more mapings can't be
    written. If there isn't an entry, we can't write
    there too, otherwise user task won't be able
    to do that in the future.
    
    The patch changes the check, and looks for CAP_SYS_ADMIN
    instead of zero uid and gid. This allows to restore
    a task independently of its user namespace mappings.
    
    Signed-off-by: Kirill Tkhai <ktkhai at virtuozzo.com>
    
    CC: Andrew Morton <akpm at linux-foundation.org>
    CC: Serge Hallyn <serge at hallyn.com>
    CC: "Eric W. Biederman" <ebiederm at xmission.com>
    CC: Oleg Nesterov <oleg at redhat.com>
    CC: Michal Hocko <mhocko at suse.com>
    CC: Andrei Vagin <avagin at openvz.org>
    CC: Cyrill Gorcunov <gorcunov at openvz.org>
    CC: Stanislav Kinsburskiy <skinsbursky at virtuozzo.com>
    CC: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
    Reviewed-by: Cyrill Gorcunov <gorcunov at openvz.org>
    
    https://jira.sw.ru/browse/PSBM-66313
    
    Signed-off-by: Kirill Tkhai <ktkhai at virtuozzo.com>
---
 kernel/sys.c | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/kernel/sys.c b/kernel/sys.c
index be563d9..9a681ae 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -2183,15 +2183,11 @@ static int validate_prctl_map(struct prctl_mm_map *prctl_map)
 
 	/*
 	 * Finally, make sure the caller has the rights to
-	 * change /proc/pid/exe link: only local root should
+	 * change /proc/pid/exe link: only local sys admin should
 	 * be allowed to.
 	 */
 	if (prctl_map->exe_fd != (u32)-1) {
-		struct user_namespace *ns = current_user_ns();
-		const struct cred *cred = current_cred();
-
-		if (!uid_eq(cred->uid, make_kuid(ns, 0)) ||
-		    !gid_eq(cred->gid, make_kgid(ns, 0)))
+		if (!ns_capable(current_user_ns(), CAP_SYS_ADMIN))
 			goto out;
 	}

More information about the Devel mailing list