Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755615AbcLUEs1 (ORCPT ); Tue, 20 Dec 2016 23:48:27 -0500 Received: from mail-db5eur01on0136.outbound.protection.outlook.com ([104.47.2.136]:28430 "EHLO EUR01-DB5-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1753069AbcLUEsY (ORCPT ); Tue, 20 Dec 2016 23:48:24 -0500 Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=avagin@virtuozzo.com; Date: Tue, 20 Dec 2016 19:13:16 -0800 From: Andrei Vagin To: "Michael Kerrisk (man-pages)" CC: "Eric W. Biederman" , "Serge E. Hallyn" , , , , Andrey Vagin , James Bottomley , "W. Trevor King" , Alexander Viro , Jonathan Corbet Subject: Re: [PATCH 2/2] nsfs: Add an ioctl() to return creator UID of a userns Message-ID: <20161221031315.GB20983@outlook.office365.com> References: <46b85444-dc97-17a3-4445-439923936450@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-r" Content-Disposition: inline In-Reply-To: <46b85444-dc97-17a3-4445-439923936450@gmail.com> User-Agent: Mutt/1.7.1 (2016-10-04) X-Originating-IP: [162.246.95.100] X-ClientProxiedBy: BN6PR02CA0050.namprd02.prod.outlook.com (10.175.94.140) To HE1PR0801MB1980.eurprd08.prod.outlook.com (10.168.94.150) X-MS-Office365-Filtering-Correlation-Id: 11221ec2-7282-486c-6527-08d4294f570c X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001);SRVR:HE1PR0801MB1980; X-Microsoft-Exchange-Diagnostics: 1;HE1PR0801MB1980;3:QHNFVV7M21ma+rfPENZEu3CsrIthpqE6KyJdNBwbp0QIpCUlaGYeZH7d5d2YAk9S96UmolTYQrURlJc5y1rt2llzYj59WZyWsYk1kGjBfT1csJPlZanOpKo0WQJL1bVS7Sd8APxHAY3dyv38sW0WpfpytJUgZIIHG5rDw0JqywXCMpqXXJAEjLFHHHsThq0Jgej+Rn6K6mOoh6FxIky4wnCut2DtelmLt/1pCOrTxerwFne3p3hbLtY3ULnNsgys7WYp5mQ8THZ8bD7FHcgn2w==;25:6sGNtc+j0HpGYUdU10D0LxR85Z+GYDFJliBYKZo5oKGsldYz+HWDgXTLrRgHflGCz4WCGzWiviMvfU0XF+RF3dsRl7xS6kWqMBAJIu66DAQfGk3Wxnd6cj/C4oMI5b2U4YtIB8BR9vpvI/jEes4iivardbIKBbTq3iUjOTTNQlWh6rSLyua6jAsYuQbVetdQVzIkzFowswQXaep7wBMdYMHQ/sgaihADxpnzX5FeLV5w4BwTF+NjgM9E6VcyVSoB5DDPVcEokYAvTIYUh829btZtwKj2J4w/XTzhkMKtD9JI+yobZLViW5BZv3Zm7+sHvn8ZfZNjAn5RdhDfi3sf4+ElSTnk/6Vtovz1HTe8mKO06gNDud/rvvAXBYxtTt8RmuUw6K7Kmq7eeAkCMlwtYo7EGmKRyibI5nu6fmvyK0oOfqnMF1nUTqF5VcSmeZKxNFwcv3c1Ar/Rb1Y+LMovBg== X-Microsoft-Exchange-Diagnostics: 1;HE1PR0801MB1980;31:mfeIVa426FLcQ89twpCy4ezvbvt6cDpTWcIkbcwvJG847T9SARcs4an3hFHEQSYr/+PI9OIr3GshAgmZFOJepVz5CxY1wNdHdUwt1LJqhOj04Xm+KaebwnSPQnsSJpFM2EuHreRR9vk4apFrJKTEQQ5waTJnQMARWVFhkAT5IayT80nvMnn7Ck7Wt8yIuCUfOpjtkPfud/ZuJeYXN8oeQ+AaBEmLGzzMpY6jgrVR8JRwU8RA7CUJVZoRizBV3nRZ;20:+1xSsA3c4ei/vJORe9D/owf5Gok6IstGet663etxGiZrPcGWx4+m2eZTg4rbHHiwdCTgW2VxooUO9c7NnAZy1+6KSMc4kGmaUwRwe8yQLxjTOm58+qjdHDxCiJKJPY4/9RkrTttVe5khvWkle3sDxWrKwM3bVSSR33sC7yrpZNI3ssf6hRQ0tVKv2Wrg3QXb9JrLRu25qeCp1x7yFUq1t+S7yVy5lAL+2UjdpV5gRCv/jxGnrmroZoW2pBVe9BlG X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040375)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(6041248)(20161123560025)(20161123558021)(20161123562025)(20161123555025)(20161123564025)(6072148);SRVR:HE1PR0801MB1980;BCL:0;PCL:0;RULEID:;SRVR:HE1PR0801MB1980; X-Microsoft-Exchange-Diagnostics: 1;HE1PR0801MB1980;4:FENY1gCwZakESXZ/AaocHlukmKX6DWjpJAzMy0ljSgBfjVbW/T67eWvgX3I32BlkV+tyf5JXOTA9myHU39hmQMGzJC4JVhojSod50imCKc3Zidlo0tHivjnpMj2Nv159Wur0X4u/+CUrseNN3eYBhdMDROmJCO6RMbDOuIUz42Gg3tyQrVGksMjvveWdgQFInFNZn3Fx7ZOcfI/G60Ji4rRIg1x158JluBIkADnfP1d5UCzLd0piwqlqsSfksJVMJDR/vCbYiH1+zWOHYOGZmQIfwiJfnhQMgQ/4mWQoBNMh667iCPgqGcRBF/L92Y8UfxuJdIQZ2A9G3o6WK6qvCapFmujdtHIRSp2n92eNxUVy6M4ORsEDzTgMOcX6DjzMP6yiM5/ypphBCr5hgYKOyGKJKB75rAaOZudy7UmtQdisoNxIgqouICYiIBOiAKN1jF94u7o67puZ3q52gBwBPAm5kIvoTdLTYvqZkJKBUnBxISuVfRxXqhaZYA5rkWE1QC9ldDdxbmrd1yZs4DOfgqP71NLKllLlgizsivl5NXMYPQwoD6+vy280Tk+ySYXeJufbHO/gKRI26JXBsvSAl3lkRhpFn+BFCJ24dtNYPw4= X-Forefront-PRVS: 01630974C0 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10019020)(4630300001)(6009001)(7916002)(39450400003)(199003)(189002)(24454002)(305945005)(50466002)(189998001)(5660300001)(7736002)(7416002)(33656002)(83506001)(25786008)(92566002)(47776003)(66066001)(86362001)(4326007)(42186005)(6916009)(50986999)(110136003)(4001350100001)(9686002)(38730400001)(6506006)(2950100002)(101416001)(23686003)(229853002)(76176999)(6666003)(97736004)(81166006)(68736007)(39060400001)(53416004)(54356999)(106356001)(3846002)(6116002)(1076002)(69596002)(105586002)(81156014)(2906002)(8676002)(7099028)(18370500001)(26326002);DIR:OUT;SFP:1102;SCL:1;SRVR:HE1PR0801MB1980;H:outlook.office365.com;FPR:;SPF:None;PTR:InfoNoRecords;A:1;MX:1;LANG:en; X-Microsoft-Exchange-Diagnostics: =?koi8-r?Q?1;HE1PR0801MB1980;23:m1bMYNgzUUcwYyEExb487Kd35notnq8sjsRI835Ed?= =?koi8-r?Q?S++Mt4sT6tpi0cBO3+9Vz9p88s4nilgItpF26Ds2FREb7WYOM2V2xWZPGLNgxJ?= =?koi8-r?Q?wD0FRwyPgB5HyxjE2ncVX9HqhX87SIR5yjN9+en/GnCaV221M7AdfwVVQrKea1?= =?koi8-r?Q?piVGwUpzLwM2KzPoFPSw9lSd4k5mCNRJ8xSmLnanV2AzjOR3tVkomM2PeLvgNJ?= =?koi8-r?Q?KeuGainO0OUenWn0ZkkdGlb0YnGFPTGJa1+CzxJD3cdSGfB3MxVaxIkEpJSbke?= =?koi8-r?Q?53LPtNSB8BE2gQcW9bkgEd0G+YaAmDIXgKM6UL33q9zSQrAPCdl+NshNgObKuo?= =?koi8-r?Q?9fkAzTsEQD0hgilxSIpzLzGLCMKQZHnVX5X9fHy2yTG/35rcgpa1HNlN5vMZRb?= =?koi8-r?Q?2zXOK3S2qhZyNLhDl9k9N9HNBHwxghoeV+gp7JvLnvI8JEToQONreF1d5a4oe7?= =?koi8-r?Q?2MX1wxQwMGPO/TbovkaUqzXtBCwNWnr+dDsJ4VSmggaMQwusSzS+ZsEa9P5qSQ?= =?koi8-r?Q?t8JaDkLp/RSGy/PPQuVR2VPedUwRQ8D0vhgll+dX6qnEi/iuRs3gEQFE2s4FN7?= =?koi8-r?Q?kh7rmqH0QeTz0RBiKd0XvvoPCKj+yKeC8DRAZDJwFbHAWWdRLh6cWRmLu0BhzF?= =?koi8-r?Q?ArvwjClL3VEmFL9MMwbl7JvpaGqxQECJIrl11G6O/s9XkxuC33R1vr/U4rIdEh?= =?koi8-r?Q?/YOssn00smBDa44qRHoy3vVKiG5VuPqDAxdZjVgb90MmlGIpTJUc8zmEEPKrqD?= =?koi8-r?Q?O5bgucVp3DnZNs1QpuWRiZdvpb6ugf00cuAA0kBZoFN4LK95Y20B5rBT4mIceG?= =?koi8-r?Q?xnBIiOE2XnOrqzFXqs5F0eP39DbBeKh852WJ8Qd1Vkw7E+Z2x6qfHdQhbHU0e7?= =?koi8-r?Q?lPF1YqeVWceLidSxsznC3fzQbh/NaxoFIrWTiEfsP0Z1eIis0DZlMlLGPSgbSI?= =?koi8-r?Q?oMCwTbl9K6SmZvl+eUHAQdHerdRboZWHKMLUR+3yifKzg1JokUr91NLYBGnMYr?= =?koi8-r?Q?DtClgcWLJlxMo46nwNJBhUHE5jbxd3ZktCD/IhRGWKYO0EUdhhFaEHQO3QSW8o?= =?koi8-r?Q?M1I4umpkdixYI/yd3VdLpOe7gkt7u3BmiZAWRjJT/bUbJW807r2Tq8/xlfO7JG?= =?koi8-r?Q?H/03c87wuS5FI71esDpd6chZ6/Jys0me6/zdqx1xL0NgCgs1CUqE63Pmbb+j3i?= =?koi8-r?Q?qvt5cnaa3CLE77tk08Era4I8JIDQHduNN8didkqqVaTDA4twuH/EQjZcfKKIU?= X-Microsoft-Exchange-Diagnostics: 1;HE1PR0801MB1980;6:xPXEI88dCNEepICWvB6QX3oGlH6sVKTCc1iSkQerDyt01fdx40iOqk/qr7BdB7J6GT3joJrpbA0+cCA1DQ3kY6YRzX3dI6v8ArU9VDZW/pelPQgRxgyP6kwoitJGx3FUGLcqyC+9PCYsNRpK0hhv/KlnblSCk90futj3CFCglI7OmXdnhPMDSgv6899XGluRBIaPLQcrRi+bHOVc4Wb2d/QZVw+f2e9u1Rv9XQL1bAE6VIDAg5qyTxmdN9cLTo5XbNzZfpj19uPRkdypiKDtGne7m4bJZRtve66J78XJynbuUQj8AVMz+X9xf+nuVUHpB9AtlwiyYZN6QYbfbm0CkVYrakg9vfl2Xjv2ly1f1eoodkpukHvMrzjrIluJ1nnxzkj/u2jZg80bUPoHe8uT6vxrbnz+lYMZp5oRCKtUC34=;5:2O5OGks1c6Q/UUVW6T/VS9UIU3VulD3ODY6dVwEjVgusdIofMDAkmC9G6w/3l6auwRSRa4TkZWTExB0HqhScJRlnkmVgyFwaQlunnx1U1321lbHhN2gSdgWpBQPwdMsYLeQPyZ1J5tsZ9h8GO7rjfg==;24:Sgi9tgp8JsuhhBKgxbv9f8VpZI4yGlUNIFEqld5JZqroPhN6z+dLW40jc5K2l9ViLmVWDCwcocEWnCpjfcjlLcK8ki4Yus8KhVcX+Osad+E= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;HE1PR0801MB1980;7:rwaJX1nKsHALZWlV5CJX0h3zWlIBR3AHBSDYAG6ATvsZPPIj0VGa81i1+kz5odyXFo2YiG0Kn5vhVQzYjq/fNzfssu95REXDgDQiPgXfWQbKPFMkqSjAv9bgKbUDoGML6HINClewcPISWmZgNHtxvm2EuQgGfhLRGX7/STPYZubGYoGEGwflxbA5tCYguR4U4B4eKiajF64aG572oZktUHTTsw9+YffAGADC7w8C16xvKpCAKcVDY9sDwa6WciGt2rxoqdkFM5kdeeBEdTvLPxyBdMsz+RNQBWAbY8raSHy/B1ZApASwOaV9Bhawa78ZjoUl7I5ZG33R44XagvDYUexMPALxnPY7NZYD88X2dPl2Xf62xD49q1lIcE0O2oVAvutoIILHKFcKPR2YW5JMeGHZ7HxW6yw3jBa+E48mkBByTeismh8yklzk3oBZe5DmhNZyDvRTJ93JxhcMCDqSxA==;20:iTeZ8UT49UwBRHH0GogFh27rXQ+p2lgIS1kIZz07qhlLpi1+4yHveiCviNx7hm92neTTvYxLfXaEThZMcbUdeufO3L12wlKzLvYDC3GLrF1uQuwvHiIggHHBE4LI37rPVbXflaXBVSVEpsCLe1nY4Jkp/ND1pojafu8yrAul2LY= X-OriginatorOrg: virtuozzo.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Dec 2016 03:13:28.0156 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0801MB1980 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 3165 Lines: 86 On Mon, Dec 19, 2016 at 03:38:35PM +0100, Michael Kerrisk (man-pages) wrote: > # Some open questions about this patch below. > # > One of the rules regarding capabilities is: > > A process that resides in the parent of the user namespace and > whose effective user ID matches the owner of the namespace has > all capabilities in the namespace. > > Therefore, in order to write code that discovers whether process X has > capabilities in namespace Y, we need a way to find out who the creator > of a user namespace is. This patch adds an NS_GET_CREATOR_UID ioctl() > that returns the (munged) UID of the creator of the user namespace > referred to by the specified file descriptor. > > If the supplied file descriptor does not refer to a user namespace, > the operation fails with the error EINVAL. > > Signed-off-by: Michael Kerrisk > --- > fs/nsfs.c | 6 ++++++ > include/uapi/linux/nsfs.h | 8 +++++--- > 2 files changed, 11 insertions(+), 3 deletions(-) > > Open questions: > > * Would it be preferabe to separate the logic for NS_GET_CREATOR_UID > into a small helper function? > * Is this a correct use of container_of()? I did not immediately > see another way to get to the user_namespace struct, but I > may well have missed something. > > diff --git a/fs/nsfs.c b/fs/nsfs.c > index 5d53476..26f6d94 100644 > --- a/fs/nsfs.c > +++ b/fs/nsfs.c > @@ -163,6 +163,7 @@ int open_related_ns(struct ns_common *ns, > static long ns_ioctl(struct file *filp, unsigned int ioctl, > unsigned long arg) > { > + struct user_namespace *user_ns; > struct ns_common *ns = get_proc_ns(file_inode(filp)); > > switch (ioctl) { > @@ -174,6 +175,11 @@ static long ns_ioctl(struct file *filp, unsigned int ioctl, > return open_related_ns(ns, ns->ops->get_parent); > case NS_GET_NSTYPE: > return ns->ops->type; > + case NS_GET_CREATOR_UID: > + if (ns->ops->type != CLONE_NEWUSER) > + return -EINVAL; > + user_ns = container_of(ns, struct user_namespace, ns); > + return from_kuid_munged(current_user_ns(), user_ns->owner); uid_t is "unsigned int", ioctl() returns long, so it may be hard to distinguish user id-s from errors on x32. off-topic: What is about user_ns->group? I can't find where it is used... > default: > return -ENOTTY; > } > diff --git a/include/uapi/linux/nsfs.h b/include/uapi/linux/nsfs.h > index 2b48df1..b3c6c78 100644 > --- a/include/uapi/linux/nsfs.h > +++ b/include/uapi/linux/nsfs.h > @@ -6,11 +6,13 @@ > #define NSIO 0xb7 > > /* Returns a file descriptor that refers to an owning user namespace */ > -#define NS_GET_USERNS _IO(NSIO, 0x1) > +#define NS_GET_USERNS _IO(NSIO, 0x1) > /* Returns a file descriptor that refers to a parent namespace */ > -#define NS_GET_PARENT _IO(NSIO, 0x2) > +#define NS_GET_PARENT _IO(NSIO, 0x2) > /* Returns the type of namespace (CLONE_NEW* value) referred to by > file descriptor */ > -#define NS_GET_NSTYPE _IO(NSIO, 0x3) > +#define NS_GET_NSTYPE _IO(NSIO, 0x3) > +/* Get creator UID for a user namespace */ > +#define NS_GET_CREATOR_UID _IO(NSIO, 0x4) > > #endif /* __LINUX_NSFS_H */ > -- > 2.5.5 >