[PATCH] coredump: run the coredump helper using the same namespaceas the dead process

From: Aristeu Rozanski
Date: Mon Nov 05 2012 - 11:38:04 EST

Next message: Shuah Khan: "Re: [PATCH] wireless: iwlwifi - add dma_mapping_error() checks toavoid warnings"
Previous message: Vivek Goyal: "Re: [floppy, blk_peek_request] BUG: scheduling while atomic:kworker/u:0/6/0x10000002"
Next in thread: Eric W. Biederman: "Re: [PATCH] coredump: run the coredump helper using the same namespace as the dead process"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

/proc/sys/kernel/core_pattern can be used to specify a userspace helper
to handle core files and it currently runs in the root namespace.
This patch allows the helper to run in the same namespace in a step
towards letting containers setting their own helpers.

Cc: "Serge E. Hallyn" <serge@xxxxxxxxxx>
Cc: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>
Cc: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
Signed-off-by: Aristeu Rozanski <aris@xxxxxxxxxx>

diff --git a/fs/coredump.c b/fs/coredump.c
index ce47379..fa14ea1 100644
--- a/fs/coredump.c
+++ b/fs/coredump.c
@@ -455,6 +455,19 @@ static int umh_pipe_setup(struct subprocess_info *info, struct cred *new)
/* and disallow core files too */
current->signal->rlim[RLIMIT_CORE] = (struct rlimit){1, 1};

+ /*
+ * We want to run the helper within the same namespace. Since we
+ * already forked, current here is using init_nsproxy and the usage
+ * was already accounted. switch_task_namespace() will revert that
+ * but we need to bump the dead process' nsproxy before calling the
+ * the helper. Once it exits, the dead process' nsproxy usage will be
+ * decremented as part of normal process exit.
+ */
+ if (current->nsproxy != cp->nsproxy) {
+ get_nsproxy(cp->nsproxy);
+ switch_task_namespaces(current, cp->nsproxy);
+ }
+
return err;
}

@@ -482,6 +495,8 @@ void do_coredump(siginfo_t *siginfo, struct pt_regs *regs)
* by any locks.
*/
.mm_flags = mm->flags,
+ /* we run the helper in the same namespace */
+ .nsproxy = current->nsproxy,
};

audit_core_dumps(siginfo->si_signo);
diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h
index cfcc6bf..45113e6 100644
--- a/include/linux/binfmts.h
+++ b/include/linux/binfmts.h
@@ -63,6 +63,7 @@ struct coredump_params {
struct file *file;
unsigned long limit;
unsigned long mm_flags;
+ struct nsproxy *nsproxy;
};

/*
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Shuah Khan: "Re: [PATCH] wireless: iwlwifi - add dma_mapping_error() checks toavoid warnings"
Previous message: Vivek Goyal: "Re: [floppy, blk_peek_request] BUG: scheduling while atomic:kworker/u:0/6/0x10000002"
Next in thread: Eric W. Biederman: "Re: [PATCH] coredump: run the coredump helper using the same namespace as the dead process"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]