Received: by 10.213.65.68 with SMTP id h4csp638310imn;
        Fri, 23 Mar 2018 12:13:49 -0700 (PDT)
X-Google-Smtp-Source: AG47ELsYq08PYzTYQB4znC3hy1sPReg7fCst8T0GWTray4Ee7sqixWRrB67wZ0e0DekouJPwDLcq
X-Received: by 10.167.131.199 with SMTP id j7mr24662797pfn.99.1521832429783;
        Fri, 23 Mar 2018 12:13:49 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1521832429; cv=none;
        d=google.com; s=arc-20160816;
        b=vtqZEWaSl3BllD8uTxsbM8AhbOM1okHZqaiPYbUVRHiPoq55YMMUuxC0GroWACQrpz
         Ihg2GFpgHi0I4L4J1hJ0oYTJTWhMjYpRb8x8KIcLiyjCNyN2e5ACLKx5NyL+7QHZHeLm
         9X1ETspPmT6Etn91BO03iOXuxtmmVk0ijSNLxk/vu7Jj+b3+wDZ3sdjb8twe6D2z6HnC
         9WTu310m2Sagqz7gyPBpW9WLPZYhvbeBCekmQKQ6lM03RtqEOHVHQjU+EU9t/UlyQpLC
         99oFUyEpJtvV8Debq47F2VWIZWTEzY5nO7/lScyDbuIcGVdJrY6YtUQ1gYxTNiAZoE/H
         iujA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:subject:mime-version:user-agent
         :message-id:in-reply-to:date:references:cc:to:from
         :arc-authentication-results;
        bh=hJjB6KFn58yTfFjF493/yv4ZS9i4NYCyxCqgi5qcmH0=;
        b=ycn74EJyYKQ2uOTZcYZz8oKlx9IO4xGO5KpF/S3iFQerEtJ2C5zbWH+61cYL1wLGr1
         l1ylD/RkwPNhsaYFpZpMJ/7+71HNUDDDXcoXigizMqM+S3tY+I8OtjWiarWPXwF1mpU+
         M+t5ufpFxPMlgR10bwLtb64XKKtzWOPZHYuffY95a98MRfrDBQxVNravPOeWka2rKWdI
         nKlgestVK0skxNeeRT6aUSjvuskPnsJjOJBVeRhMsSgMn/7iQ/Wy9wyJhUHhgWJ/bikQ
         Uxx1hwkM9oIramGuZX+NxKtCavLHP1YkDjADahqpbtxWN6Su3d8TvL/xWjbmji/DKz9L
         ahqQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id y22si7053666pfm.357.2018.03.23.12.13.35;
        Fri, 23 Mar 2018 12:13:49 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752305AbeCWTM1 (ORCPT <rfc822;thunderbird.krnldev@gmail.com>
        + 99 others); Fri, 23 Mar 2018 15:12:27 -0400
Received: from out01.mta.xmission.com ([166.70.13.231]:38150 "EHLO
        out01.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751997AbeCWTMX (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 23 Mar 2018 15:12:23 -0400
Received: from in02.mta.xmission.com ([166.70.13.52])
        by out01.mta.xmission.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
        (Exim 4.87)
        (envelope-from <ebiederm@xmission.com>)
        id 1ezS6v-0003DN-87; Fri, 23 Mar 2018 13:12:21 -0600
Received: from 97-119-121-173.omah.qwest.net ([97.119.121.173] helo=x220.xmission.com)
        by in02.mta.xmission.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
        (Exim 4.87)
        (envelope-from <ebiederm@xmission.com>)
        id 1ezS6u-0003RW-GQ; Fri, 23 Mar 2018 13:12:21 -0600
From:   ebiederm@xmission.com (Eric W. Biederman)
To:     Linux Containers <containers@lists.linux-foundation.org>
Cc:     linux-kernel@vger.kernel.org, linux-api@vger.kernel.org,
        khlebnikov@yandex-team.ru, prakash.sangappa@oracle.com,
        luto@kernel.org, akpm@linux-foundation.org, oleg@redhat.com,
        serge.hallyn@ubuntu.com, esyr@redhat.com, jannh@google.com,
        linux-security-module@vger.kernel.org,
        Pavel Emelyanov <xemul@openvz.org>,
        Nagarathnam Muthusamy <nagarathnam.muthusamy@oracle.com>
References: <1520875093-18174-1-git-send-email-nagarathnam.muthusamy@oracle.com>
        <87vadzqqq6.fsf@xmission.com>
        <990e88fa-ab50-9645-b031-14e1afbf7ccc@oracle.com>
        <877eqejowd.fsf@xmission.com>
        <3a46a03d-e4dd-59b6-e25f-0020be1b1dc9@oracle.com>
        <87a7v2z2qa.fsf@xmission.com>
Date:   Fri, 23 Mar 2018 14:11:23 -0500
In-Reply-To: <87a7v2z2qa.fsf@xmission.com> (Eric W. Biederman's message of
        "Tue, 20 Mar 2018 19:33:49 -0500")
Message-ID: <87vadmobdw.fsf_-_@xmission.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-XM-SPF: eid=1ezS6u-0003RW-GQ;;;mid=<87vadmobdw.fsf_-_@xmission.com>;;;hst=in02.mta.xmission.com;;;ip=97.119.121.173;;;frm=ebiederm@xmission.com;;;spf=neutral
X-XM-AID: U2FsdGVkX1+HUW0WzLjMq2RIl2kmFx/6hMspRguewWg=
X-SA-Exim-Connect-IP: 97.119.121.173
X-SA-Exim-Mail-From: ebiederm@xmission.com
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on sa06.xmission.com
X-Spam-Level: **
X-Spam-Status: No, score=2.8 required=8.0 tests=ALL_TRUSTED,BAYES_50,
        DCC_CHECK_NEGATIVE,TR_Symld_Words,TVD_RCVD_IP,XMNoVowels autolearn=disabled
        version=3.4.1
X-Spam-Report: * -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP
        *  1.5 XMNoVowels Alpha-numberic number with no vowels
        *  1.5 TR_Symld_Words too many words that have symbols inside
        *  0.0 TVD_RCVD_IP Message was received from an IP address
        *  0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
        *      [score: 0.5000]
        * -0.0 DCC_CHECK_NEGATIVE Not listed in DCC
        *      [sa06 1397; Body=1 Fuz1=1 Fuz2=1]
X-Spam-DCC: XMission; sa06 1397; Body=1 Fuz1=1 Fuz2=1 
X-Spam-Combo: **;Linux Containers <containers@lists.linux-foundation.org>
X-Spam-Relay-Country: 
X-Spam-Timing: total 307 ms - load_scoreonly_sql: 0.07 (0.0%),
        signal_user_changed: 3.4 (1.1%), b_tie_ro: 2.3 (0.8%), parse: 1.21 (0.4%),
        extract_message_metadata: 4.6 (1.5%), get_uri_detail_list: 2.2 (0.7%),
        tests_pri_-1000: 4.2 (1.4%), tests_pri_-950: 1.26 (0.4%), tests_pri_-900:
        1.07 (0.3%), tests_pri_-400: 24 (7.9%), check_bayes: 23 (7.5%), b_tokenize: 8
        (2.6%), b_tok_get_all: 8 (2.5%), b_comp_prob: 2.4 (0.8%), b_tok_touch_all:
        3.1 (1.0%), b_finish: 0.68 (0.2%), tests_pri_0: 254 (82.8%),
        check_dkim_signature: 0.55 (0.2%), check_dkim_adsp: 3.0 (1.0%),
        tests_pri_500: 4.3 (1.4%), rewrite_mail: 0.00 (0.0%)
Subject: [REVIEW][PATCH 00/11] ipc: Fixing the pid namespace support
X-Spam-Flag: No
X-SA-Exim-Version: 4.2.1 (built Thu, 05 May 2016 13:38:54 -0600)
X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org


While discussing a proposal by Nagarathnam Muthusamy I realized that
the ipc namespace has never been given proper pid namespace support.
In particular if objects in a single ipc namespace are accessed from
different pid namespaces they will return the wrong pids.

Then when trying to test this I discovered that definitions that are
only used in msg.c, sem.c, and shm.c are included in linux/sched.h
resulting in what should be simple local modifications requring
nearly a full kernel rebuild.

So this patchset does several things.
- Changes the types that are passed into the security hooks to struct
  kern_ipc_perm because that is all the security hooks use.
- Moves definitions from include/{msg,sem,shm}.h into ipc/{msg,sem,shm}.c
  So the code can be modified without excessive development time.
- Instead of storing pids as intergers stores struct pid * instead.

I took a careful look to see if it seems likely the performance
regression in credential passing that af_unix experienced after
a similar conversion would be likely, but I don't see it.

So I think the biggest concern is if someone in the last 10 years
has come to depend on the buggy behavior.  If either the performance
is problematic or the there are regression caused by the change
in behavior we can revert.

Still I would like to see this fixed and I plan on merging this code.

Eric W. Biederman (11):
      sem/security: Pass kern_ipc_perm not sem_array into the sem security hooks
      shm/security: Pass kern_ipc_perm not shmid_kernel into the shm security hooks
      msg/security: Pass kern_ipc_perm not msg_queue into the msg_queue security hooks
      sem: Move struct sem and struct sem_array into ipc/sem.c
      shm: Move struct shmid_kernel into ipc/shm.c
      msg: Move struct msg_queue into ipc/msg.c
      ipc: Move IPCMNI from include/ipc.h into ipc/util.h
      ipc/util: Helpers for making the sysvipc operations pid namespace aware
      ipc/shm: Fix shmctl(..., IPC_STAT, ...) between pid namespaces.
      ipc/msg: Fix msgctl(..., IPC_STAT, ...) between pid namespaces
      ipc/sem: Fix semctl(..., GETPID, ...) between pid namespaces

include/linux/ipc.h        |  2 -
 include/linux/lsm_hooks.h  | 32 ++++++++--------
 include/linux/msg.h        | 18 ---------
 include/linux/security.h   | 67 ++++++++++++++++-----------------
 include/linux/sem.h        | 40 +-------------------
 include/linux/shm.h        | 23 ------------
 ipc/msg.c                  | 54 ++++++++++++++++++---------
 ipc/sem.c                  | 73 ++++++++++++++++++++++++++----------
 ipc/shm.c                  | 60 +++++++++++++++++++++---------
 ipc/util.c                 |  9 +++++
 ipc/util.h                 | 12 ++++++
 security/security.c        | 32 ++++++++--------
 security/selinux/hooks.c   | 92 +++++++++++++++++++++++-----------------------
 security/smack/smack_lsm.c | 68 +++++++++++++++++-----------------
 14 files changed, 297 insertions(+), 285 deletions(-)


Eric