From 9582d90196aa879e6acf866f02a1adead08707b5 Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Tue, 7 Feb 2012 16:48:16 -0800 Subject: [PATCH] userns: Convert process event connector to handle kuids and kgids - Only allow asking for events from the initial user and pid namespace, where we generate the events in. - Convert kuids and kgids into the initial user namespace to report them via the process event connector. Cc: David Miller Acked-by: Evgeniy Polyakov Acked-by: Serge Hallyn Signed-off-by: Eric W. Biederman --- drivers/connector/cn_proc.c | 18 ++++++++++++++---- init/Kconfig | 1 - 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/drivers/connector/cn_proc.c b/drivers/connector/cn_proc.c index 3e92b7d3fcd2..fce2000eec31 100644 --- a/drivers/connector/cn_proc.c +++ b/drivers/connector/cn_proc.c @@ -30,6 +30,7 @@ #include #include #include +#include #include @@ -127,11 +128,11 @@ void proc_id_connector(struct task_struct *task, int which_id) rcu_read_lock(); cred = __task_cred(task); if (which_id == PROC_EVENT_UID) { - ev->event_data.id.r.ruid = cred->uid; - ev->event_data.id.e.euid = cred->euid; + ev->event_data.id.r.ruid = from_kuid_munged(&init_user_ns, cred->uid); + ev->event_data.id.e.euid = from_kuid_munged(&init_user_ns, cred->euid); } else if (which_id == PROC_EVENT_GID) { - ev->event_data.id.r.rgid = cred->gid; - ev->event_data.id.e.egid = cred->egid; + ev->event_data.id.r.rgid = from_kgid_munged(&init_user_ns, cred->gid); + ev->event_data.id.e.egid = from_kgid_munged(&init_user_ns, cred->egid); } else { rcu_read_unlock(); return; @@ -303,6 +304,15 @@ static void cn_proc_mcast_ctl(struct cn_msg *msg, if (msg->len != sizeof(*mc_op)) return; + /* + * Events are reported with respect to the initial pid + * and user namespaces so ignore requestors from + * other namespaces. + */ + if ((current_user_ns() != &init_user_ns) || + (task_active_pid_ns(current) != &init_pid_ns)) + return; + mc_op = (enum proc_cn_mcast_op *)msg->data; switch (*mc_op) { case PROC_CN_MCAST_LISTEN: diff --git a/init/Kconfig b/init/Kconfig index 071dbb4928ef..7d4422c92cca 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -938,7 +938,6 @@ config UIDGID_CONVERTED depends on QUOTACTL = n depends on BSD_PROCESS_ACCT = n depends on DRM = n - depends on PROC_EVENTS = n # Networking depends on NET_9P = n