userns: Make credential debugging user namespace safe.

Cc: David Howells <dhowells@redhat.com>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>

diff --git a/init/Kconfig b/init/Kconfig
index 448b701b17223fbf4c5705596cc76b889573340e..fdabc5160cdffb1cc66cee8633197aedf8c282af 100644 (file)
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -936,7 +936,6 @@ config UIDGID_CONVERTED
        depends on FS_POSIX_ACL = n
        depends on QUOTA = n
        depends on QUOTACTL = n
-       depends on DEBUG_CREDENTIALS = n
        depends on BSD_PROCESS_ACCT = n
        depends on DRM = n
        depends on PROC_EVENTS = n

diff --git a/kernel/cred.c b/kernel/cred.c
index de728ac50d821b9f38340534a4ba6202137d55a2..48cea3da6d052c77bdfe3b5b8e766f0a3033c28c 100644 (file)
--- a/kernel/cred.c
+++ b/kernel/cred.c
@@ -799,9 +799,15 @@ static void dump_invalid_creds(const struct cred *cred, const char *label,
               atomic_read(&cred->usage),
               read_cred_subscribers(cred));
        printk(KERN_ERR "CRED: ->*uid = { %d,%d,%d,%d }\n",
-              cred->uid, cred->euid, cred->suid, cred->fsuid);
+               from_kuid_munged(&init_user_ns, cred->uid),
+               from_kuid_munged(&init_user_ns, cred->euid),
+               from_kuid_munged(&init_user_ns, cred->suid),
+               from_kuid_munged(&init_user_ns, cred->fsuid));
        printk(KERN_ERR "CRED: ->*gid = { %d,%d,%d,%d }\n",
-              cred->gid, cred->egid, cred->sgid, cred->fsgid);
+               from_kgid_munged(&init_user_ns, cred->gid),
+               from_kgid_munged(&init_user_ns, cred->egid),
+               from_kgid_munged(&init_user_ns, cred->sgid),
+               from_kgid_munged(&init_user_ns, cred->fsgid));
 #ifdef CONFIG_SECURITY
        printk(KERN_ERR "CRED: ->security is %p\n", cred->security);
        if ((unsigned long) cred->security >= PAGE_SIZE &&