Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp4955182rwd; Tue, 30 May 2023 12:20:10 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ63yOYfDmrxbIRXn5pf7WNy1KA01ShDxK23e/o5sxebezJdd65nt8KGy3DZiF0hZfTD1pWZ X-Received: by 2002:a05:6a20:d805:b0:10b:6b1f:acf1 with SMTP id iv5-20020a056a20d80500b0010b6b1facf1mr3428589pzb.29.1685474409871; Tue, 30 May 2023 12:20:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1685474409; cv=none; d=google.com; s=arc-20160816; b=0VM/s2PW1iahPUazy9iP6zBfYJ9+IvmHUZbR9PO+Myo2oaNtaX+zE/w67MSK7s4/cb 3ueuJfZ/tM5htU/BmxPvSR6kuOer47bif/Jdeifsn//p0btA2ytThzuNQtCTcOg47y7h qWElG3abDXLcKdM4/R+tHDicsFuIhh4lMGMVxS3odjVbwu1wLWoeishvO6JuPem2SV2q NbkAknYpyFyqKJ5mFffX7xWesQDvLwFCMaEdqbEb7uIjcqodSRwhssSlsSzv5fnCNx1G 55PWtEuOxkJf7b01uIRBo1M4eBiiY6GjvNAdNTIixURxgEUZ/RgDYu4cRBWkoKI+t3zu sMLA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:reply-to :message-id:mime-version:subject:date:from; bh=PGBBRzn5AhKpRAxjaWD/8u6B9bTglhrUvoCC+EPd+5E=; b=CyJL6zqXSjKpFO9QoOZNFLhSAwnzP7S3yn+6cEkf72ICwyq9d+tQvU1VDvUmTRYQMw UBWCLEDKVJzFhKgzgO7GWFv2h+DnPLYQ/yP12vlQN7jKp+ORw0o37YZ5d5FLEKsFTqAE vsBPX8Kq+gcYlxZLcfJnU8m4xqHGU+jrpe1S2TJRzkUfmEQIoKFlRMk8uzY55HdsCdF1 TQEnNbTWVmfMnyLwfWVRgXTd/OBg7BSWvql2gXhz97OtObYWIIWw6wspYWvLK2IiR0GS iOu4HnYXcNiIMaPU4g628JHQMhnbXoAl9JPQdWTZbFiz2/2xhisGb+6r+zO5G4TtrEM3 TgsA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=sr.ht Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id g21-20020a633755000000b0052c3f0b850asi9574680pgn.221.2023.05.30.12.19.55; Tue, 30 May 2023 12:20:09 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=sr.ht Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232752AbjE3TAJ (ORCPT + 99 others); Tue, 30 May 2023 15:00:09 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43764 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230183AbjE3TAI (ORCPT ); Tue, 30 May 2023 15:00:08 -0400 Received: from mail-b.sr.ht (mail-b.sr.ht [173.195.146.151]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BBD4C102 for ; Tue, 30 May 2023 12:00:02 -0700 (PDT) Authentication-Results: mail-b.sr.ht; dkim=none Received: from git.sr.ht (unknown [173.195.146.142]) by mail-b.sr.ht (Postfix) with ESMTPSA id 3822211EE8C; Tue, 30 May 2023 18:50:50 +0000 (UTC) From: ~akihirosuda Date: Tue, 30 May 2023 18:50:50 +0000 Subject: [PATCH linux 0/3] [PATCH] userns: add sysctl "kernel.userns_group_range" MIME-Version: 1.0 Message-ID: <168547265011.24337.4306067683997517082-0@git.sr.ht> X-Mailer: git.sr.ht Reply-to: ~akihirosuda To: linux-kernel@vger.kernel.org, containers@lists.linux.dev, serge@hallyn.com, brauner@kernel.org, paul@paul-moore.com, ebiederm@xmission.com Cc: suda.kyoto@gmail.com, akihiro.suda.cz@hco.ntt.co.jp Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=0.2 required=5.0 tests=BAYES_00, FREEMAIL_FORGED_REPLYTO,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE, URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This sysctl limits groups who can create a new userns without CAP_SYS_ADMIN in the current userns, so as to mitigate potential kernel vulnerabilities around userns. The sysctl value format is same as "net.ipv4.ping_group_range". To disable creating new unprivileged userns, set the sysctl value to "1 0" in the initial userns. To allow everyone to create new userns, set the sysctl value to "0 4294967294". This is the default value. This sysctl replaces "kernel.unprivileged_userns_clone" that is found in Ubuntu [1] and Debian GNU/Linux. Link: https://git.launchpad.net/~ubuntu- kernel/ubuntu/+source/linux/+git/jammy/commit?id=3422764 [1] Signed-off-by: Akihiro Suda Akihiro Suda (3): net/ipv4: split group_range logic to kernel/group_range.c group_range: allow GID from 2147483648 to 4294967294 userns: add sysctl "kernel.userns_group_range" include/linux/group_range.h | 18 +++++ include/linux/user_namespace.h | 5 ++ include/net/netns/ipv4.h | 9 +-- include/net/ping.h | 6 -- kernel/Makefile | 2 +- kernel/fork.c | 24 +++++++ kernel/group_range.c | 123 +++++++++++++++++++++++++++++++++ kernel/sysctl.c | 30 ++++++++ kernel/user.c | 9 +++ net/ipv4/ping.c | 39 +---------- net/ipv4/sysctl_net_ipv4.c | 56 ++------------- 11 files changed, 219 insertions(+), 102 deletions(-) create mode 100644 include/linux/group_range.h create mode 100644 kernel/group_range.c -- 2.38.4