[GIT PULL] user namespace changes for v3.7

From: Eric W. Biederman
Date: Tue Oct 02 2012 - 00:22:28 EST



Linus,

Please pull the for-linus git tree from:

git://git.kernel.org:/pub/scm/linux/kernel/git/ebiederm/user-namespace.git for-linus

HEAD: 72235465864d84cedb2d9f26f8e1de824ee20339 userns: Convert the ufs filesystem to use kuid/kgid where appropriate

The tree is against v3.6-rc1

This is a mostly modest set of changes to enable basic user namespace
support. This allows the code to code to compile with user namespaces
enabled and removes the assumption there is only the initial user
namespace. Everything is converted except for the most complex of the
filesystems: autofs4, 9p, afs, ceph, cifs, coda, fuse, gfs2, ncpfs, nfs,
ocfs2 and xfs as those patches need a bit more review.

The strategy is to push kuid_t and kgid_t values are far down into
subsystems and filesystems as reasonable. Leaving the make_kuid and
from_kuid operations to happen at the edge of userspace, as the
values come off the disk, and as the values come in from the network.
Letting compile type incompatible compile errors (present when user
namespaces are enabled) guide me to find the issues.

The most tricky areas have been the places where we had an implicit
union of uid and gid values and were storing them in an unsigned int.
Those places were converted into explicit unions. I made certain
to handle those places with simple trivial patches.

Out of that work I discovered we have generic interfaces for storing
quota by projid. I had never heard of the project identifiers before.
Adding full user namespace support for project identifiers accounts
for most of the code size growth in my git tree.

Ultimately there will be work to relax privlige checks from
"capable(FOO)" to "ns_capable(user_ns, FOO)" where it is safe
allowing root in a user names to do those things that today we only
forbid to non-root users because it will confuse suid root applications.

While I was pushing kuid_t and kgid_t changes deep into the audit code I
made a few other cleanups. I capitalized on the fact we process netlink
messages in the context of the message sender. I removed usage of
NETLINK_CRED, and started directly using current->tty.

Some of these patches have also made it into maintainer trees, with no
problems from identical code from different trees showing up in
linux-next.

After reading through all of this code I feel like I might be able
to win a game of kernel trivial pursuit.

Eric


Dan Carpenter (1):
ipv6: move dereference after check in fl_free()

Eric W. Biederman (106):
userns: Allow the usernamespace support to build after the removal of usbfs
userns: Fix link restrictions to use uid_eq
userns: Convert net/core/scm.c to use kuids and kgids
userns: Convert __dev_set_promiscuity to use kuids in audit logs
userns: Convert sock_i_uid to return a kuid_t
userns: Allow USER_NS and NET simultaneously in Kconfig
userns: Make seq_file's user namespace accessible
userns: Print out socket uids in a user namespace aware fashion.
userns: Use kgids for sysctl_ping_group_range
net ip6 flowlabel: Make owner a union of struct pid * and kuid_t
pidns: Export free_pid_ns
userns: Convert net/ax25 to use kuid_t where appropriate
netlink: Make the sending netlink socket availabe in NETLINK_CB
userns: Implement sk_user_ns
userns: Teach inet_diag to work with user namespaces
userns: nfnetlink_log: Report socket uids in the log sockets user namespace
net sched: Pass the skb into change so it can access NETLINK_CB
userns: Convert cls_flow to work with user namespaces enabled
userns: Convert xt_LOG to print socket kuids and kgids as uids and gids
userns xt_recent: Specify the owner/group of ip_list_perms in the initial user namespace
userns: xt_owner: Add basic user namespace support.
userns: Make the airo wireless driver use kuids for proc uids and gids
userns: Convert tun/tap to use kuid and kgid where appropriate
userns: Enable building of pf_key sockets when user namespace support is enabled.
userns: Make credential debugging user namespace safe.
userns: Convert debugfs to use kuid/kgid where appropriate.
userns: Convert process event connector to handle kuids and kgids
userns: Convert ipc to use kuid and kgid where appropriate
userns: Convert drm to use kuid and kgid and struct pid where appropriate
userns: Convert security/keys to the new userns infrastructure
userns: net: Call key_alloc with GLOBAL_ROOT_UID, GLOBAL_ROOT_GID instead of 0, 0
audit: Limit audit requests to processes in the initial pid and user namespaces.
audit: Use current instead of NETLINK_CREDS() in audit_filter
audit: kill audit_prepare_user_tty
audit: Simply AUDIT_TTY_SET and AUDIT_TTY_GET
audit: Properly set the origin port id of audit messages.
audit: Remove the unused uid parameter from audit_receive_filter
audit: Don't pass pid or uid to audit_log_common_recv_msg
audit: Add typespecific uid and gid comparators
userns: Convert the audit loginuid to be a kuid
userns: Convert audit to work with user namespaces enabled
userns: Convert taskstats to handle the user and pid namespaces.
userns: Convert bsd process accounting to use kuid and kgid where appropriate
userns: Teach trace to use from_kuid
userns: Convert vfs posix_acl support to use kuids and kgids
userns: Pass a userns parameter into posix_acl_to_xattr and posix_acl_from_xattr
userns: Convert extN to support kuids and kgids in posix acls
userns: Convert configfs to use kuid and kgid where appropriate
userns: Add kprojid_t and associated infrastructure in projid.h
userns: Implement struct kqid
userns: Convert qutoactl
userns: Convert quota netlink aka quota_send_warning
userns: Modify dqget to take struct kqid
userns: Convert struct dquot dq_id to be a struct kqid
userns: Convert struct dquot_warn
userns: Convert quota
userns: Convert fat to use kuid/kgid where appropriate
userns: Convert gadgetfs to use kuid and kgid where appropriate
userns: Convert usb functionfs to use kuid/kgid where appropriate
userns: Convert devtmpfs to use GLOBAL_ROOT_UID and GLOBAL_ROOT_GID
userns: Convert hugetlbfs to use kuid/kgid where appropriate
userns: Convert xenfs to use kuid and kgid where appropriate
userns: Convert adfs to use kuid and kgid where appropriate
userns: Convert befs to use kuid/kgid where appropriate
userns: Convert cramfs to use kuid/kgid where appropriate
userns: Convert ecryptfs to use kuid/kgid where appropriate
userns: Convert efs to use kuid/kgid where appropriate
userns: Convert exofs to use kuid/kgid where appropriate
userns: Convert hfs to use kuid and kgid where appropriate
userns: Convert hfsplus to use kuid and kgid where appropriate
userns: Convert isofs to use kuid/kgid where appropriate
userns: Convert logfs to use kuid/kgid where appropriate
userns: Convert minix to use kuid/kgid where appropriate
userns: Convert nillfs2 to use kuid/kgid where appropriate
userns: Convert ntfs to use kuid and kgid where appropriate
userns: Convert omfs to use kuid and kgid where appropriate
userns: Convert the qnx4 filesystem to use kuid/kgid where appropriate
userns: Convert the qnx6 filesystem to use kuid/kgid where appropriate
userns: Convert the sysv filesystem to use kuid/kgid where appropriate
userns: Convert freevxfs to use kuid/kgid where appropriate
userns: Convert ipathfs to use GLOBAL_ROOT_UID and GLOBAL_ROOT_GID
userns: Convert loop to use kuid_t instead of uid_t
userns: Convert apparmor to use kuid and kgid where appropriate
userns: Convert tomoyo to use kuid and kgid where appropriate
userns: Convert selinux to use kuid and kgid where appropriate
userns: Convert hostfs to use kuid and kgid where appropriate
userns: Convert EVM to deal with kuids and kgids in it's hmac computation
userns: Add user namespace support to IMA
userns: Teach security_path_chown to take kuids and kgids
userns: Convert binder ipc to use kuids
userns: Convert s390 hypfs to use kuid and kgid where appropriate
userns: Convert s390 getting uid and gid system calls to use kuid and kgid
userns: On ppc convert current_uid from a kuid before printing.
userns: On ia64 deal with current_uid and current_gid being kuid and kgid
userns: On alpha modify linux_to_osf_stat to use convert from kuids and kgids
userns: Convert affs to use kuid/kgid wherwe appropriate
userns: Convert bfs to use kuid/kgid where appropriate
userns: Convert btrfs to use kuid/kgid where appropriate
userns: Convert hpfs to use kuid and kgid where appropriate
userns: Convert jffs2 to use kuid and kgid where appropriate
userns: Convert jfs to use kuid/kgid where appropriate
userns: Convert reiserfs to use kuid and kgid where appropriate
userns: Convert squashfs to use kuid/kgid where appropriate
userns: Convert ubifs to use kuid/kgid
userns: Convert the udf filesystem to use kuid/kgid where appropriate
userns: Convert the ufs filesystem to use kuid/kgid where appropriate
---

arch/alpha/kernel/osf_sys.c | 4 +-
arch/ia64/kernel/mca_drv.c | 3 +-
arch/ia64/kernel/perfmon.c | 32 +++---
arch/ia64/kernel/signal.c | 4 +-
arch/powerpc/mm/fault.c | 2 +-
arch/s390/hypfs/inode.c | 20 +++-
arch/s390/kernel/compat_linux.c | 36 ++++--
drivers/base/devtmpfs.c | 4 +-
drivers/block/loop.c | 4 +-
drivers/connector/cn_proc.c | 18 +++-
drivers/gpu/drm/drm_fops.c | 3 +-
drivers/gpu/drm/drm_info.c | 5 +-
drivers/gpu/drm/drm_ioctl.c | 4 +-
drivers/infiniband/hw/qib/qib_fs.c | 4 +-
drivers/net/tun.c | 46 +++++---
drivers/net/wireless/airo.c | 48 +++++---
drivers/staging/android/binder.c | 14 +-
drivers/tty/tty_audit.c | 17 ++-
drivers/usb/gadget/f_fs.c | 23 +++-
drivers/usb/gadget/inode.c | 4 +-
drivers/xen/xenfs/super.c | 3 +-
fs/9p/acl.c | 8 +-
fs/adfs/adfs.h | 4 +-
fs/adfs/inode.c | 4 +-
fs/adfs/super.c | 21 ++--
fs/affs/affs.h | 4 +-
fs/affs/inode.c | 20 ++--
fs/affs/super.c | 18 ++-
fs/befs/befs.h | 4 +-
fs/befs/linuxvfs.c | 27 +++--
fs/bfs/inode.c | 8 +-
fs/btrfs/acl.c | 8 +-
fs/btrfs/delayed-inode.c | 8 +-
fs/btrfs/inode.c | 8 +-
fs/btrfs/ioctl.c | 6 +-
fs/configfs/inode.c | 4 +-
fs/cramfs/inode.c | 4 +-
fs/debugfs/inode.c | 26 +++--
fs/ecryptfs/main.c | 5 +-
fs/ecryptfs/messaging.c | 5 +-
fs/efs/inode.c | 4 +-
fs/exofs/inode.c | 8 +-
fs/ext2/acl.c | 32 ++++--
fs/ext3/acl.c | 32 ++++--
fs/ext3/super.c | 2 +-
fs/ext4/acl.c | 31 ++++--
fs/ext4/super.c | 2 +-
fs/fat/fat.h | 4 +-
fs/fat/file.c | 6 +-
fs/fat/inode.c | 18 ++-
fs/freevxfs/vxfs_inode.c | 4 +-
fs/generic_acl.c | 4 +-
fs/gfs2/acl.c | 14 +-
fs/gfs2/quota.c | 32 +++--
fs/hfs/hfs_fs.h | 4 +-
fs/hfs/inode.c | 4 +-
fs/hfs/super.c | 16 ++-
fs/hfsplus/catalog.c | 4 +-
fs/hfsplus/hfsplus_fs.h | 4 +-
fs/hfsplus/inode.c | 8 +-
fs/hfsplus/options.c | 15 ++-
fs/hostfs/hostfs_kern.c | 8 +-
fs/hpfs/hpfs_fn.h | 4 +-
fs/hpfs/inode.c | 19 ++--
fs/hpfs/namei.c | 8 +-
fs/hpfs/super.c | 18 ++-
fs/hugetlbfs/inode.c | 16 ++-
fs/isofs/inode.c | 17 ++-
fs/isofs/isofs.h | 4 +-
fs/isofs/rock.c | 4 +-
fs/jffs2/acl.c | 30 ++++--
fs/jffs2/file.c | 8 +-
fs/jffs2/fs.c | 24 ++--
fs/jffs2/os-linux.h | 4 +-
fs/jfs/acl.c | 4 +-
fs/jfs/file.c | 4 +-
fs/jfs/jfs_imap.c | 22 ++--
fs/jfs/jfs_incore.h | 8 +-
fs/jfs/super.c | 22 +++-
fs/jfs/xattr.c | 4 +-
fs/logfs/inode.c | 4 +-
fs/logfs/readwrite.c | 8 +-
fs/minix/inode.c | 16 ++--
fs/namei.c | 6 +-
fs/nfs/nfs3acl.c | 4 +-
fs/nfsd/vfs.c | 8 +-
fs/nilfs2/inode.c | 8 +-
fs/ntfs/inode.c | 7 +-
fs/ntfs/super.c | 39 +++++-
fs/ntfs/volume.h | 5 +-
fs/ocfs2/acl.c | 4 +-
fs/ocfs2/file.c | 6 +-
fs/ocfs2/quota_global.c | 43 ++++---
fs/ocfs2/quota_local.c | 15 ++-
fs/omfs/inode.c | 8 +-
fs/omfs/omfs.h | 4 +-
fs/open.c | 2 +-
fs/posix_acl.c | 30 +++---
fs/proc/base.c | 27 ++++-
fs/qnx4/inode.c | 4 +-
fs/qnx6/inode.c | 4 +-
fs/quota/Makefile | 2 +-
fs/quota/dquot.c | 114 +++++++++---------
fs/quota/kqid.c | 132 +++++++++++++++++++++
fs/quota/netlink.c | 10 +-
fs/quota/quota.c | 28 ++++-
fs/quota/quota_tree.c | 22 ++--
fs/quota/quota_v1.c | 12 +-
fs/quota/quota_v2.c | 26 +++--
fs/reiserfs/inode.c | 26 ++--
fs/reiserfs/xattr_acl.c | 24 +++-
fs/seq_file.c | 4 +
fs/squashfs/inode.c | 8 +-
fs/sysv/inode.c | 8 +-
fs/ubifs/budget.c | 4 +-
fs/ubifs/debug.c | 4 +-
fs/ubifs/journal.c | 4 +-
fs/ubifs/sb.c | 4 +-
fs/ubifs/super.c | 4 +-
fs/ubifs/ubifs.h | 4 +-
fs/udf/inode.c | 12 +-
fs/udf/super.c | 20 ++--
fs/udf/udf_sb.h | 4 +-
fs/ufs/inode.c | 16 ++--
fs/xattr.c | 7 +
fs/xattr_acl.c | 96 ++++++++++++++-
fs/xfs/xfs_acl.c | 4 +-
fs/xfs/xfs_quotaops.c | 12 +-
fs/xfs/xfs_trans_dquot.c | 8 +-
include/drm/drmP.h | 4 +-
include/linux/audit.h | 12 +-
include/linux/inet_diag.h | 1 +
include/linux/init_task.h | 2 +-
include/linux/ipc.h | 9 +-
include/linux/key.h | 9 +-
include/linux/loop.h | 2 +-
include/linux/netlink.h | 1 +
include/linux/posix_acl.h | 8 +-
include/linux/posix_acl_xattr.h | 18 +++-
include/linux/projid.h | 104 +++++++++++++++++
include/linux/quota.h | 136 +++++++++++++++++++++-
include/linux/quotaops.h | 6 +-
include/linux/sched.h | 2 +-
include/linux/security.h | 6 +-
include/linux/seq_file.h | 14 +++
include/linux/tsacct_kern.h | 8 +-
include/linux/tty.h | 4 +-
include/linux/user_namespace.h | 3 +
include/net/ax25.h | 4 +-
include/net/ipv6.h | 5 +-
include/net/netlabel.h | 2 +-
include/net/netns/ipv4.h | 3 +-
include/net/sch_generic.h | 3 +-
include/net/sock.h | 11 ++-
include/net/tcp.h | 3 +-
include/net/xfrm.h | 23 ++--
init/Kconfig | 89 --------------
ipc/msg.c | 14 ++-
ipc/sem.c | 13 ++-
ipc/shm.c | 19 ++--
ipc/util.c | 35 ++++---
ipc/util.h | 2 +-
kernel/acct.c | 4 +-
kernel/audit.c | 121 ++++++++------------
kernel/audit.h | 4 +-
kernel/audit_watch.c | 2 +-
kernel/auditfilter.c | 137 +++++++++++++++++++---
kernel/auditsc.c | 219 ++++++++++++++++++-----------------
kernel/cred.c | 10 ++-
kernel/pid.c | 1 +
kernel/pid_namespace.c | 2 +
kernel/taskstats.c | 23 +++-
kernel/trace/trace.c | 3 +-
kernel/trace/trace.h | 2 +-
kernel/tsacct.c | 12 +-
kernel/user.c | 8 ++
kernel/user_namespace.c | 128 ++++++++++++++++++++-
net/appletalk/atalk_proc.c | 3 +-
net/ax25/ax25_uid.c | 21 +++-
net/core/dev.c | 9 +-
net/core/scm.c | 31 ++++--
net/core/sock.c | 10 +-
net/dns_resolver/dns_key.c | 3 +-
net/ipv4/inet_diag.c | 21 +++-
net/ipv4/ping.c | 22 ++--
net/ipv4/raw.c | 4 +-
net/ipv4/sysctl_net_ipv4.c | 42 +++++---
net/ipv4/tcp_ipv4.c | 6 +-
net/ipv4/udp.c | 4 +-
net/ipv4/udp_diag.c | 5 +-
net/ipv6/ip6_flowlabel.c | 47 +++++++-
net/ipv6/raw.c | 3 +-
net/ipv6/tcp_ipv6.c | 6 +-
net/ipv6/udp.c | 3 +-
net/ipx/ipx_proc.c | 3 +-
net/key/af_key.c | 2 +-
net/llc/llc_proc.c | 2 +-
net/netfilter/nfnetlink_log.c | 14 ++-
net/netfilter/xt_LOG.c | 16 ++-
net/netfilter/xt_owner.c | 30 ++++-
net/netfilter/xt_recent.c | 13 ++-
net/netlabel/netlabel_unlabeled.c | 2 +-
net/netlabel/netlabel_user.c | 2 +-
net/netlink/af_netlink.c | 6 +-
net/packet/af_packet.c | 2 +-
net/phonet/socket.c | 6 +-
net/rxrpc/ar-key.c | 6 +-
net/sched/cls_api.c | 2 +-
net/sched/cls_basic.c | 3 +-
net/sched/cls_cgroup.c | 3 +-
net/sched/cls_flow.c | 19 +++-
net/sched/cls_fw.c | 3 +-
net/sched/cls_route.c | 3 +-
net/sched/cls_rsvp.h | 3 +-
net/sched/cls_tcindex.c | 3 +-
net/sched/cls_u32.c | 3 +-
net/sctp/proc.c | 6 +-
net/xfrm/xfrm_policy.c | 8 +-
net/xfrm/xfrm_state.c | 6 +-
net/xfrm/xfrm_user.c | 12 +-
security/apparmor/domain.c | 4 +-
security/apparmor/file.c | 12 +-
security/apparmor/include/audit.h | 2 +-
security/apparmor/include/file.h | 4 +-
security/apparmor/lsm.c | 2 +-
security/capability.c | 2 +-
security/integrity/evm/evm_crypto.c | 4 +-
security/integrity/ima/ima_audit.c | 5 +-
security/integrity/ima/ima_policy.c | 14 +-
security/keys/internal.h | 6 +-
security/keys/key.c | 23 ++---
security/keys/keyctl.c | 50 +++++---
security/keys/keyring.c | 4 +-
security/keys/permission.c | 14 +--
security/keys/proc.c | 44 ++++----
security/keys/process_keys.c | 15 ++-
security/keys/request_key.c | 6 +-
security/security.c | 2 +-
security/selinux/selinuxfs.c | 6 +-
security/selinux/ss/services.c | 2 +-
security/tomoyo/audit.c | 23 +++-
security/tomoyo/common.c | 4 +-
security/tomoyo/common.h | 4 +-
security/tomoyo/condition.c | 20 ++--
security/tomoyo/tomoyo.c | 12 +-
245 files changed, 2480 insertions(+), 1310 deletions(-)
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/