OpenVZ Forum: Devel » userns: targeted capabilities v5

Home » Mailing lists » Devel » userns: targeted capabilities v5

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

Re: [PATCH 4/9] allow killing tasks in your own or child userns [message #41876 is a reply to message #41780]

Thu, 24 February 2011 00:48

serge
Messages: 72
Registered: January 2007

Member

Quoting Andrew Morton (akpm@linux-foundation.org):
> On Thu, 17 Feb 2011 15:03:25 +0000
> "Serge E. Hallyn" <serge@hallyn.com> wrote:
>
> > /*
> > + * called with RCU read lock from check_kill_permission()
> > + */
> > +static inline int kill_ok_by_cred(struct task_struct *t)
> > +{
> > + const struct cred *cred = current_cred();
> > + const struct cred *tcred = __task_cred(t);
> > +
> > + if (cred->user->user_ns == tcred->user->user_ns &&
> > + (cred->euid == tcred->suid ||
> > + cred->euid == tcred->uid ||
> > + cred->uid == tcred->suid ||
> > + cred->uid == tcred->uid))
> > + return 1;
> > +
> > + if (ns_capable(tcred->user->user_ns, CAP_KILL))
> > + return 1;
> > +
> > + return 0;
> > +}
>
> The compiler will inline this for us.

Is that simply true with everything (worth inlining) nowadays, or is
there a particular implicit hint to the compiler that'll make that
happen?

Not that I guess it's even particularly important in this case.

From: Serge E. Hallyn <serge.hallyn@canonical.com>
Date: Thu, 24 Feb 2011 00:26:02 +0000
Subject: [PATCH 1/2] userns: let compiler inline kill_ok_by_cred (per akpm)

Signed-off-by: Serge E. Hallyn <serge.hallyn@canonical.com>
---
kernel/signal.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/kernel/signal.c b/kernel/signal.c
index ffe4bdf..12702b4 100644
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -638,7 +638,7 @@ static inline bool si_fromuser(const struct siginfo *info)
/*
* called with RCU read lock from check_kill_permission()
*/
-static inline int kill_ok_by_cred(struct task_struct *t)
+static int kill_ok_by_cred(struct task_struct *t)
{
const struct cred *cred = current_cred();
const struct cred *tcred = __task_cred(t);
--
1.7.0.4

_______________________________________________
Containers mailing list
Containers@lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containe rs

Report message to a moderator

[Message index]

		userns: targeted capabilities v5 By: serge on Thu, 17 February 2011 15:02
		[PATCH 2/9] security: Make capabilities relative to the user namespace. By: serge on Thu, 17 February 2011 15:03
		Re: [PATCH 2/9] security: Make capabilities relative to the user namespace. By: ebiederm on Fri, 18 February 2011 03:46
		Re: [PATCH 2/9] security: Make capabilities relative to the user namespace. By: Daniel Lezcano on Fri, 18 February 2011 23:44
		Re: [PATCH 2/9] security: Make capabilities relative to the user namespace. By: akpm on Fri, 18 February 2011 23:59
		Re: [PATCH 2/9] security: Make capabilities relative to the user namespace. By: David Howells on Wed, 23 February 2011 12:01
		Re: [PATCH 2/9] security: Make capabilities relative to the user namespace. By: serge on Wed, 23 February 2011 13:43
		Re: [PATCH 2/9] security: Make capabilities relative to the user namespace. By: David Howells on Wed, 23 February 2011 11:40
		Re: [PATCH 2/9] security: Make capabilities relative to the user namespace. By: David Howells on Wed, 23 February 2011 16:59
		[PATCH 9/9] userns: check user namespace for task->file uid equivalence checks By: serge on Thu, 17 February 2011 15:04
		Re: [PATCH 9/9] userns: check user namespace for task->file uid equivalence checks By: ebiederm on Fri, 18 February 2011 01:29
		Re: [PATCH 9/9] userns: check user namespace for task->file uid equivalence checks By: akpm on Fri, 18 February 2011 23:59
		Re: [PATCH 9/9] userns: check user namespace for task->file uid equivalence checks By: serge on Thu, 24 February 2011 03:24
		Re: [PATCH 9/9] userns: check user namespace for task->file uid equivalence checks By: akpm on Thu, 24 February 2011 05:08
		Re: [PATCH 9/9] userns: check user namespace for task->file uid equivalence checks By: Daniel Lezcano on Sat, 19 February 2011 19:22
		[PATCH 7/9] add a user namespace owner of ipc ns By: serge on Thu, 17 February 2011 15:03
		Re: [PATCH 7/9] add a user namespace owner of ipc ns By: ebiederm on Fri, 18 February 2011 03:19
		Re: [PATCH 7/9] add a user namespace owner of ipc ns By: akpm on Fri, 18 February 2011 23:59
		Re: [PATCH 7/9] add a user namespace owner of ipc ns By: Daniel Lezcano on Sat, 19 February 2011 17:57
		[PATCH 1/9] Add a user_namespace as creator/owner of uts_namespace By: serge on Thu, 17 February 2011 15:02
		Re: [PATCH 1/9] Add a user_namespace as creator/owner of uts_namespace By: ebiederm on Fri, 18 February 2011 03:31
		Re: [PATCH 1/9] Add a user_namespace as creator/owner of uts_namespace By: Daniel Lezcano on Fri, 18 February 2011 16:57
		Re: [PATCH 1/9] Add a user_namespace as creator/owner of uts_namespace By: akpm on Fri, 18 February 2011 23:59
		Re: [PATCH 1/9] Add a user_namespace as creator/owner of uts_namespace By: David Howells on Wed, 23 February 2011 17:16
		Re: [PATCH 1/9] Add a user_namespace as creator/owner of uts_namespace By: ebiederm on Wed, 23 February 2011 21:21
		Re: [PATCH 1/9] Add a user_namespace as creator/owner of uts_namespace By: David Howells on Wed, 23 February 2011 23:19
		Re: [PATCH 1/9] Add a user_namespace as creator/owner of uts_namespace By: ebiederm on Wed, 23 February 2011 23:54
		[PATCH 3/9] allow sethostname in a container By: serge on Thu, 17 February 2011 15:03
		Re: [PATCH 3/9] allow sethostname in a container By: ebiederm on Fri, 18 February 2011 03:05
		Re: [PATCH 3/9] allow sethostname in a container By: Daniel Lezcano on Fri, 18 February 2011 23:46
		[PATCH 4/9] allow killing tasks in your own or child userns By: serge on Thu, 17 February 2011 15:03
		Re: [PATCH 4/9] allow killing tasks in your own or child userns By: ebiederm on Fri, 18 February 2011 03:00
		Re: [PATCH 4/9] allow killing tasks in your own or child userns By: akpm on Fri, 18 February 2011 23:59
		Re: [PATCH 4/9] allow killing tasks in your own or child userns By: serge on Thu, 24 February 2011 00:48
		Re: [PATCH 4/9] allow killing tasks in your own or child userns By: akpm on Thu, 24 February 2011 00:54
		Re: [PATCH 4/9] allow killing tasks in your own or child userns By: Daniel Lezcano on Sat, 19 February 2011 10:55
		[PATCH 6/9] user namespaces: convert all capable checks in kernel/sys.c By: serge on Thu, 17 February 2011 15:03
		Re: [PATCH 6/9] user namespaces: convert all capable checks in kernel/sys.c By: ebiederm on Fri, 18 February 2011 01:57
		Re: [PATCH 6/9] user namespaces: convert all capable checks in kernel/sys.c By: akpm on Fri, 18 February 2011 23:59
		Re: [PATCH 6/9] user namespaces: convert all capable checks in kernel/sys.c By: akpm on Sat, 19 February 2011 00:01
		Re: [PATCH 6/9] user namespaces: convert all capable checks in kernel/sys.c By: Daniel Lezcano on Sat, 19 February 2011 17:52
		[PATCH 5/9] Allow ptrace from non-init user namespaces By: serge on Thu, 17 February 2011 15:03
		Re: [PATCH 5/9] Allow ptrace from non-init user namespaces By: ebiederm on Fri, 18 February 2011 02:59
		Re: [PATCH 5/9] Allow ptrace from non-init user namespaces By: serge on Fri, 18 February 2011 04:36
		[PATCH] userns: ptrace: incorporate feedback from Eric By: serge on Thu, 24 February 2011 00:49
		Re: [PATCH] userns: ptrace: incorporate feedback from Eric By: akpm on Thu, 24 February 2011 00:56
		Re: [PATCH] userns: ptrace: incorporate feedback from Eric By: serge on Thu, 24 February 2011 03:15
		Re: [PATCH 5/9] Allow ptrace from non-init user namespaces By: akpm on Fri, 18 February 2011 23:59
		Re: [PATCH 5/9] Allow ptrace from non-init user namespaces By: serge on Thu, 24 February 2011 00:43
		Re: [PATCH 5/9] Allow ptrace from non-init user namespaces By: Daniel Lezcano on Sat, 19 February 2011 17:49
		Re: [PATCH 5/9] Allow ptrace from non-init user namespaces By: David Howells on Wed, 23 February 2011 17:05
		Re: [PATCH 5/9] Allow ptrace from non-init user namespaces By: David Howells on Wed, 23 February 2011 17:11
		[PATCH 8/9] user namespaces: convert several capable() calls By: serge on Thu, 17 February 2011 15:03
		Re: [PATCH 8/9] user namespaces: convert several capable() calls By: ebiederm on Fri, 18 February 2011 01:51
		Re: [PATCH 8/9] user namespaces: convert several capable() calls By: Daniel Lezcano on Sat, 19 February 2011 19:07
		Re: userns: targeted capabilities v5 By: akpm on Fri, 18 February 2011 00:21
		Re: userns: targeted capabilities v5 By: ebiederm on Fri, 18 February 2011 03:53
		Re: userns: targeted capabilities v5 By: serge on Fri, 18 February 2011 04:28
		User namespaces and keys By: David Howells on Wed, 23 February 2011 12:05
		Re: User namespaces and keys By: serge on Wed, 23 February 2011 13:58
		Re: User namespaces and keys By: ebiederm on Wed, 23 February 2011 14:46
		Re: User namespaces and keys By: David Howells on Wed, 23 February 2011 15:06
		Re: User namespaces and keys By: ebiederm on Wed, 23 February 2011 15:45
		Re: User namespaces and keys By: Serge E. Hallyn on Wed, 23 February 2011 15:53
		Re: User namespaces and keys By: Casey Schaufler on Wed, 23 February 2011 19:24
		Re: User namespaces and keys By: ebiederm on Wed, 23 February 2011 20:55
		Re: User namespaces and keys By: Casey Schaufler on Wed, 23 February 2011 21:37
		Re: User namespaces and keys By: ebiederm on Thu, 24 February 2011 06:56

Previous Topic:	[PATCH 0/5] blk-throttle: writeback and swap IO control
Next Topic:	[PATCH 1/4] userns: let clone_uts_ns() handle setting uts->user_ns

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Fri Oct 18 22:59:50 GMT 2024

Total time taken to generate the page: 0.04916 seconds