OpenVZ Forum: Devel » [patch -mm 00/17] new namespaces and related syscalls

Home » Mailing lists » Devel » [patch -mm 00/17] new namespaces and related syscalls

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

[patch -mm 12/17] user namespace: hook permission [message #16814 is a reply to message #16802]

Tue, 05 December 2006 10:28

Cedric Le Goater
Messages: 443
Registered: February 2006

Senior Member

From: Serge Hallyn <serue@us.ibm.com>

Hook permission to check vfsmnt->user_ns against current.

Signed-off-by: Serge E. Hallyn <serue@us.ibm.com>
---
 fs/namei.c |    4 ++++
 1 file changed, 4 insertions(+)

Index: 2.6.19-rc6-mm2/fs/namei.c
===================================================================
--- 2.6.19-rc6-mm2.orig/fs/namei.c
+++ 2.6.19-rc6-mm2/fs/namei.c
@@ -246,6 +246,8 @@ int permission(struct inode *inode, int 
 			return -EACCES;
 	}
 
+	if (nd && !task_mnt_same_uid(current, nd->mnt))
+		return -EACCES;
 
 	/*
 	 * MAY_EXEC on regular files requires special handling: We override
@@ -433,6 +435,8 @@ static int exec_permission_lite(struct i
 {
 	umode_t	mode = inode->i_mode;
 
+	if (!task_mnt_same_uid(current, nd->mnt))
+		return -EACCES;
 	if (inode->i_op && inode->i_op->permission)
 		return -EAGAIN;
 

-- 
_______________________________________________
Containers mailing list
Containers@lists.osdl.org
https://lists.osdl.org/mailman/listinfo/containers

Report message to a moderator

[Message index]

		[patch -mm 00/17] new namespaces and related syscalls By: Cedric Le Goater on Tue, 05 December 2006 10:27
		[patch -mm 01/17] net namespace: empty framework By: Cedric Le Goater on Tue, 05 December 2006 10:27
		[patch -mm 02/17] user namespace: add the framework By: Cedric Le Goater on Tue, 05 December 2006 10:27
		[patch -mm 03/17] namespace : export unshare of namespace and fs_struct By: Cedric Le Goater on Tue, 05 December 2006 10:27
		[patch -mm 04/17] nsproxy: externalizes exit_task_namespaces By: Cedric Le Goater on Tue, 05 December 2006 10:27
		Re: [patch -mm 04/17] nsproxy: externalizes exit_task_namespaces By: ebiederm on Fri, 08 December 2006 20:16
		Re: [patch -mm 04/17] nsproxy: externalizes exit_task_namespaces By: Cedric Le Goater on Mon, 11 December 2006 15:26
		[patch -mm 05/17] ipc namespace : externalizes unshare_ipcs By: Cedric Le Goater on Tue, 05 December 2006 10:27
		Re: [patch -mm 05/17] ipc namespace : externalizes unshare_ipcs By: Herbert Poetzl on Tue, 05 December 2006 23:32
		Re: [patch -mm 05/17] ipc namespace : externalizes unshare_ipcs By: Cedric Le Goater on Thu, 07 December 2006 09:00
		[patch -mm 06/17] nsproxy: add extern to nsproxy functions By: Cedric Le Goater on Tue, 05 December 2006 10:27
		[patch -mm 07/17] nsproxy: make put_nsproxy an extern By: Cedric Le Goater on Tue, 05 December 2006 10:27
		[patch -mm 08/17] nsproxy: add hashtable By: Cedric Le Goater on Tue, 05 December 2006 10:28
		Re: [patch -mm 08/17] nsproxy: add hashtable By: Herbert Poetzl on Tue, 05 December 2006 23:36
		Re: [patch -mm 08/17] nsproxy: add hashtable By: Cedric Le Goater on Thu, 07 December 2006 09:06
		Re: [patch -mm 08/17] nsproxy: add hashtable By: ebiederm on Fri, 08 December 2006 19:30
		Re: [patch -mm 08/17] nsproxy: add hashtable By: serue on Fri, 08 December 2006 19:53
		Re: [patch -mm 08/17] nsproxy: add hashtable By: ebiederm on Fri, 08 December 2006 20:57
		Re: [patch -mm 08/17] nsproxy: add hashtable By: Herbert Poetzl on Sat, 09 December 2006 04:11
		Re: [patch -mm 08/17] nsproxy: add hashtable By: Cedric Le Goater on Mon, 11 December 2006 16:09
		Re: [patch -mm 08/17] nsproxy: add hashtable By: Cedric Le Goater on Mon, 11 December 2006 15:23
		Re: [patch -mm 08/17] nsproxy: add hashtable By: ebiederm on Sat, 09 December 2006 07:54
		Re: [patch -mm 08/17] nsproxy: add hashtable By: serue on Mon, 11 December 2006 15:29
		Re: [patch -mm 08/17] nsproxy: add hashtable By: serue on Mon, 11 December 2006 15:56
		Re: [patch -mm 08/17] nsproxy: add hashtable By: ebiederm on Mon, 11 December 2006 19:35
		Re: [patch -mm 08/17] nsproxy: add hashtable By: serue on Mon, 11 December 2006 20:03
		Re: [patch -mm 08/17] nsproxy: add hashtable By: Cedric Le Goater on Tue, 12 December 2006 07:11
		Re: [patch -mm 08/17] nsproxy: add hashtable By: ebiederm on Mon, 11 December 2006 20:34
		Re: [patch -mm 08/17] nsproxy: add hashtable By: serue on Mon, 11 December 2006 22:01
		Re: [patch -mm 08/17] nsproxy: add hashtable By: Herbert Poetzl on Tue, 12 December 2006 23:22
		Re: [patch -mm 08/17] nsproxy: add hashtable By: serue on Wed, 20 December 2006 06:12
		Re: [patch -mm 08/17] nsproxy: add hashtable By: serue on Mon, 11 December 2006 22:18
		Re: [patch -mm 08/17] nsproxy: add hashtable By: ebiederm on Tue, 12 December 2006 03:28
		Re: [patch -mm 08/17] nsproxy: add hashtable By: serue on Tue, 12 December 2006 15:29
		Re: [patch -mm 08/17] nsproxy: add hashtable By: Cedric Le Goater on Tue, 12 December 2006 18:29
		Re: [patch -mm 08/17] nsproxy: add hashtable By: Dave Hansen on Mon, 11 December 2006 22:53
		Re: [patch -mm 08/17] nsproxy: add hashtable By: Cedric Le Goater on Tue, 12 December 2006 07:09
		Re: [patch -mm 08/17] nsproxy: add hashtable By: serue on Tue, 12 December 2006 15:45
		Re: [patch -mm 08/17] nsproxy: add hashtable By: Cedric Le Goater on Wed, 13 December 2006 15:00
		Re: [patch -mm 08/17] nsproxy: add hashtable By: dev on Tue, 12 December 2006 08:43
		Re: [patch -mm 08/17] nsproxy: add hashtable By: Herbert Poetzl on Wed, 13 December 2006 04:55
		Re: [patch -mm 08/17] nsproxy: add hashtable By: Cedric Le Goater on Wed, 13 December 2006 15:17
		Re: [patch -mm 08/17] nsproxy: add hashtable By: ebiederm on Tue, 12 December 2006 07:52
		Re: [patch -mm 08/17] nsproxy: add hashtable By: Cedric Le Goater on Wed, 13 December 2006 14:44
		Re: [patch -mm 08/17] nsproxy: add hashtable By: ebiederm on Tue, 12 December 2006 08:37
		Re: [patch -mm 08/17] nsproxy: add hashtable By: Cedric Le Goater on Wed, 13 December 2006 15:02
		Re: [patch -mm 08/17] nsproxy: add hashtable By: ebiederm on Tue, 12 December 2006 08:57
		Re: [patch -mm 08/17] nsproxy: add hashtable By: ebiederm on Wed, 13 December 2006 18:53
		Re: [patch -mm 08/17] nsproxy: add hashtable By: Cedric Le Goater on Thu, 14 December 2006 13:17
		Re: [patch -mm 08/17] nsproxy: add hashtable By: ebiederm on Thu, 14 December 2006 21:08
		[patch -mm 09/17] nsproxy: add namespace flags By: Cedric Le Goater on Tue, 05 December 2006 10:28
		Re: [patch -mm 09/17] nsproxy: add namespace flags By: Herbert Poetzl on Tue, 05 December 2006 23:41
		Re: [patch -mm 09/17] nsproxy: add namespace flags By: Cedric Le Goater on Thu, 07 December 2006 09:29
		Re: [patch -mm 09/17] nsproxy: add namespace flags By: ebiederm on Fri, 08 December 2006 19:40
		Re: [patch -mm 09/17] nsproxy: add namespace flags By: Cedric Le Goater on Mon, 11 December 2006 15:27
		Re: [patch -mm 09/17] nsproxy: add namespace flags By: ebiederm on Mon, 11 December 2006 20:02
		[patch -mm 10/17] nsproxy: add unshare_ns and bind_ns syscalls By: Cedric Le Goater on Tue, 05 December 2006 10:28
		Re: [patch -mm 10/17] nsproxy: add unshare_ns and bind_ns syscalls By: ebiederm on Fri, 08 December 2006 19:26
		Re: [patch -mm 10/17] nsproxy: add unshare_ns and bind_ns syscalls By: Herbert Poetzl on Sat, 09 December 2006 04:18
		Re: [patch -mm 10/17] nsproxy: add unshare_ns and bind_ns syscalls By: Cedric Le Goater on Mon, 11 December 2006 17:05
		Re: [patch -mm 10/17] nsproxy: add unshare_ns and bind_ns syscalls By: Cedric Le Goater on Mon, 11 December 2006 15:21
		Re: [patch -mm 10/17] nsproxy: add unshare_ns and bind_ns syscalls By: ebiederm on Sat, 09 December 2006 07:40
		Re: [patch -mm 10/17] nsproxy: add unshare_ns and bind_ns syscalls By: Herbert Poetzl on Sat, 09 December 2006 08:22
		[patch -mm 11/17] user namespace: add user_namespace ptr to vfsmount By: Cedric Le Goater on Tue, 05 December 2006 10:28
		Re: [patch -mm 11/17] user namespace: add user_namespace ptr to vfsmount By: serue on Tue, 05 December 2006 18:27
		[patch -mm 12/17] user namespace: hook permission By: Cedric Le Goater on Tue, 05 December 2006 10:28
		[patch -mm 13/17] user namespace: implement shared mounts By: Cedric Le Goater on Tue, 05 December 2006 10:28
		[patch -mm 14/17] user namespace: maintain user ns for priv_userns mounts to vfsmount By: Cedric Le Goater on Tue, 05 December 2006 10:28
		[patch -mm 15/17] pid namespace: add unshare By: Cedric Le Goater on Tue, 05 December 2006 10:28
		[patch -mm 16/17] net namespace: add unshare By: Cedric Le Goater on Tue, 05 December 2006 10:28
		[patch -mm 17/17] user namespace: add unshare By: Cedric Le Goater on Tue, 05 December 2006 10:28

Previous Topic:	seems to be a flaw in cfq
Next Topic:	[PATCH] compat offsets size change

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Tue Sep 09 20:44:04 GMT 2025

Total time taken to generate the page: 0.09376 seconds