projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge tag 'v3.10.55' into update
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / kernel / user_namespace.c
1 /*
2 * This program is free software; you can redistribute it and/or
3 * modify it under the terms of the GNU General Public License as
4 * published by the Free Software Foundation, version 2 of the
5 * License.
6 */
7
8 #include <linux/export.h>
9 #include <linux/nsproxy.h>
10 #include <linux/slab.h>
11 #include <linux/user_namespace.h>
12 #include <linux/proc_ns.h>
13 #include <linux/highuid.h>
14 #include <linux/cred.h>
15 #include <linux/securebits.h>
16 #include <linux/keyctl.h>
17 #include <linux/key-type.h>
18 #include <keys/user-type.h>
19 #include <linux/seq_file.h>
20 #include <linux/fs.h>
21 #include <linux/uaccess.h>
22 #include <linux/ctype.h>
23 #include <linux/projid.h>
24 #include <linux/fs_struct.h>
25
26 static struct kmem_cache *user_ns_cachep __read_mostly;
27
28 static bool new_idmap_permitted(const struct file *file,
29 struct user_namespace *ns, int cap_setid,
30 struct uid_gid_map *map);
31
32 static void set_cred_user_ns(struct cred *cred, struct user_namespace *user_ns)
33 {
34 /* Start with the same capabilities as init but useless for doing
35 * anything as the capabilities are bound to the new user namespace.
36 */
37 cred->securebits = SECUREBITS_DEFAULT;
38 cred->cap_inheritable = CAP_EMPTY_SET;
39 cred->cap_permitted = CAP_FULL_SET;
40 cred->cap_effective = CAP_FULL_SET;
41 cred->cap_bset = CAP_FULL_SET;
42 #ifdef CONFIG_KEYS
43 key_put(cred->request_key_auth);
44 cred->request_key_auth = NULL;
45 #endif
46 /* tgcred will be cleared in our caller bc CLONE_THREAD won't be set */
47 cred->user_ns = user_ns;
48 }
49
50 /*
51 * Create a new user namespace, deriving the creator from the user in the
52 * passed credentials, and replacing that user with the new root user for the
53 * new namespace.
54 *
55 * This is called by copy_creds(), which will finish setting the target task's
56 * credentials.
57 */
58 int create_user_ns(struct cred *new)
59 {
60 struct user_namespace *ns, *parent_ns = new->user_ns;
61 kuid_t owner = new->euid;
62 kgid_t group = new->egid;
63 int ret;
64
65 if (parent_ns->level > 32)
66 return -EUSERS;
67
68 /*
69 * Verify that we can not violate the policy of which files
70 * may be accessed that is specified by the root directory,
71 * by verifing that the root directory is at the root of the
72 * mount namespace which allows all files to be accessed.
73 */
74 if (current_chrooted())
75 return -EPERM;
76
77 /* The creator needs a mapping in the parent user namespace
78 * or else we won't be able to reasonably tell userspace who
79 * created a user_namespace.
80 */
81 if (!kuid_has_mapping(parent_ns, owner) ||
82 !kgid_has_mapping(parent_ns, group))
83 return -EPERM;
84
85 ns = kmem_cache_zalloc(user_ns_cachep, GFP_KERNEL);
86 if (!ns)
87 return -ENOMEM;
88
89 ret = proc_alloc_inum(&ns->proc_inum);
90 if (ret) {
91 kmem_cache_free(user_ns_cachep, ns);
92 return ret;
93 }
94
95 atomic_set(&ns->count, 1);
96 /* Leave the new->user_ns reference with the new user namespace. */
97 ns->parent = parent_ns;
98 ns->level = parent_ns->level + 1;
99 ns->owner = owner;
100 ns->group = group;
101
102 set_cred_user_ns(new, ns);
103
104 update_mnt_policy(ns);
105
106 return 0;
107 }
108
109 int unshare_userns(unsigned long unshare_flags, struct cred **new_cred)
110 {
111 struct cred *cred;
112 int err = -ENOMEM;
113
114 if (!(unshare_flags & CLONE_NEWUSER))
115 return 0;
116
117 cred = prepare_creds();
118 if (cred) {
119 err = create_user_ns(cred);
120 if (err)
121 put_cred(cred);
122 else
123 *new_cred = cred;
124 }
125
126 return err;
127 }
128
129 void free_user_ns(struct user_namespace *ns)
130 {
131 struct user_namespace *parent;
132
133 do {
134 parent = ns->parent;
135 proc_free_inum(ns->proc_inum);
136 kmem_cache_free(user_ns_cachep, ns);
137 ns = parent;
138 } while (atomic_dec_and_test(&parent->count));
139 }
140 EXPORT_SYMBOL(free_user_ns);
141
142 static u32 map_id_range_down(struct uid_gid_map *map, u32 id, u32 count)
143 {
144 unsigned idx, extents;
145 u32 first, last, id2;
146
147 id2 = id + count - 1;
148
149 /* Find the matching extent */
150 extents = map->nr_extents;
151 smp_rmb();
152 for (idx = 0; idx < extents; idx++) {
153 first = map->extent[idx].first;
154 last = first + map->extent[idx].count - 1;
155 if (id >= first && id <= last &&
156 (id2 >= first && id2 <= last))
157 break;
158 }
159 /* Map the id or note failure */
160 if (idx < extents)
161 id = (id - first) + map->extent[idx].lower_first;
162 else
163 id = (u32) -1;
164
165 return id;
166 }
167
168 static u32 map_id_down(struct uid_gid_map *map, u32 id)
169 {
170 unsigned idx, extents;
171 u32 first, last;
172
173 /* Find the matching extent */
174 extents = map->nr_extents;
175 smp_rmb();
176 for (idx = 0; idx < extents; idx++) {
177 first = map->extent[idx].first;
178 last = first + map->extent[idx].count - 1;
179 if (id >= first && id <= last)
180 break;
181 }
182 /* Map the id or note failure */
183 if (idx < extents)
184 id = (id - first) + map->extent[idx].lower_first;
185 else
186 id = (u32) -1;
187
188 return id;
189 }
190
191 static u32 map_id_up(struct uid_gid_map *map, u32 id)
192 {
193 unsigned idx, extents;
194 u32 first, last;
195
196 /* Find the matching extent */
197 extents = map->nr_extents;
198 smp_rmb();
199 for (idx = 0; idx < extents; idx++) {
200 first = map->extent[idx].lower_first;
201 last = first + map->extent[idx].count - 1;
202 if (id >= first && id <= last)
203 break;
204 }
205 /* Map the id or note failure */
206 if (idx < extents)
207 id = (id - first) + map->extent[idx].first;
208 else
209 id = (u32) -1;
210
211 return id;
212 }
213
214 /**
215 * make_kuid - Map a user-namespace uid pair into a kuid.
216 * @ns: User namespace that the uid is in
217 * @uid: User identifier
218 *
219 * Maps a user-namespace uid pair into a kernel internal kuid,
220 * and returns that kuid.
221 *
222 * When there is no mapping defined for the user-namespace uid
223 * pair INVALID_UID is returned. Callers are expected to test
224 * for and handle handle INVALID_UID being returned. INVALID_UID
225 * may be tested for using uid_valid().
226 */
227 kuid_t make_kuid(struct user_namespace *ns, uid_t uid)
228 {
229 /* Map the uid to a global kernel uid */
230 return KUIDT_INIT(map_id_down(&ns->uid_map, uid));
231 }
232 EXPORT_SYMBOL(make_kuid);
233
234 /**
235 * from_kuid - Create a uid from a kuid user-namespace pair.
236 * @targ: The user namespace we want a uid in.
237 * @kuid: The kernel internal uid to start with.
238 *
239 * Map @kuid into the user-namespace specified by @targ and
240 * return the resulting uid.
241 *
242 * There is always a mapping into the initial user_namespace.
243 *
244 * If @kuid has no mapping in @targ (uid_t)-1 is returned.
245 */
246 uid_t from_kuid(struct user_namespace *targ, kuid_t kuid)
247 {
248 /* Map the uid from a global kernel uid */
249 return map_id_up(&targ->uid_map, __kuid_val(kuid));
250 }
251 EXPORT_SYMBOL(from_kuid);
252
253 /**
254 * from_kuid_munged - Create a uid from a kuid user-namespace pair.
255 * @targ: The user namespace we want a uid in.
256 * @kuid: The kernel internal uid to start with.
257 *
258 * Map @kuid into the user-namespace specified by @targ and
259 * return the resulting uid.
260 *
261 * There is always a mapping into the initial user_namespace.
262 *
263 * Unlike from_kuid from_kuid_munged never fails and always
264 * returns a valid uid. This makes from_kuid_munged appropriate
265 * for use in syscalls like stat and getuid where failing the
266 * system call and failing to provide a valid uid are not an
267 * options.
268 *
269 * If @kuid has no mapping in @targ overflowuid is returned.
270 */
271 uid_t from_kuid_munged(struct user_namespace *targ, kuid_t kuid)
272 {
273 uid_t uid;
274 uid = from_kuid(targ, kuid);
275
276 if (uid == (uid_t) -1)
277 uid = overflowuid;
278 return uid;
279 }
280 EXPORT_SYMBOL(from_kuid_munged);
281
282 /**
283 * make_kgid - Map a user-namespace gid pair into a kgid.
284 * @ns: User namespace that the gid is in
285 * @uid: group identifier
286 *
287 * Maps a user-namespace gid pair into a kernel internal kgid,
288 * and returns that kgid.
289 *
290 * When there is no mapping defined for the user-namespace gid
291 * pair INVALID_GID is returned. Callers are expected to test
292 * for and handle INVALID_GID being returned. INVALID_GID may be
293 * tested for using gid_valid().
294 */
295 kgid_t make_kgid(struct user_namespace *ns, gid_t gid)
296 {
297 /* Map the gid to a global kernel gid */
298 return KGIDT_INIT(map_id_down(&ns->gid_map, gid));
299 }
300 EXPORT_SYMBOL(make_kgid);
301
302 /**
303 * from_kgid - Create a gid from a kgid user-namespace pair.
304 * @targ: The user namespace we want a gid in.
305 * @kgid: The kernel internal gid to start with.
306 *
307 * Map @kgid into the user-namespace specified by @targ and
308 * return the resulting gid.
309 *
310 * There is always a mapping into the initial user_namespace.
311 *
312 * If @kgid has no mapping in @targ (gid_t)-1 is returned.
313 */
314 gid_t from_kgid(struct user_namespace *targ, kgid_t kgid)
315 {
316 /* Map the gid from a global kernel gid */
317 return map_id_up(&targ->gid_map, __kgid_val(kgid));
318 }
319 EXPORT_SYMBOL(from_kgid);
320
321 /**
322 * from_kgid_munged - Create a gid from a kgid user-namespace pair.
323 * @targ: The user namespace we want a gid in.
324 * @kgid: The kernel internal gid to start with.
325 *
326 * Map @kgid into the user-namespace specified by @targ and
327 * return the resulting gid.
328 *
329 * There is always a mapping into the initial user_namespace.
330 *
331 * Unlike from_kgid from_kgid_munged never fails and always
332 * returns a valid gid. This makes from_kgid_munged appropriate
333 * for use in syscalls like stat and getgid where failing the
334 * system call and failing to provide a valid gid are not options.
335 *
336 * If @kgid has no mapping in @targ overflowgid is returned.
337 */
338 gid_t from_kgid_munged(struct user_namespace *targ, kgid_t kgid)
339 {
340 gid_t gid;
341 gid = from_kgid(targ, kgid);
342
343 if (gid == (gid_t) -1)
344 gid = overflowgid;
345 return gid;
346 }
347 EXPORT_SYMBOL(from_kgid_munged);
348
349 /**
350 * make_kprojid - Map a user-namespace projid pair into a kprojid.
351 * @ns: User namespace that the projid is in
352 * @projid: Project identifier
353 *
354 * Maps a user-namespace uid pair into a kernel internal kuid,
355 * and returns that kuid.
356 *
357 * When there is no mapping defined for the user-namespace projid
358 * pair INVALID_PROJID is returned. Callers are expected to test
359 * for and handle handle INVALID_PROJID being returned. INVALID_PROJID
360 * may be tested for using projid_valid().
361 */
362 kprojid_t make_kprojid(struct user_namespace *ns, projid_t projid)
363 {
364 /* Map the uid to a global kernel uid */
365 return KPROJIDT_INIT(map_id_down(&ns->projid_map, projid));
366 }
367 EXPORT_SYMBOL(make_kprojid);
368
369 /**
370 * from_kprojid - Create a projid from a kprojid user-namespace pair.
371 * @targ: The user namespace we want a projid in.
372 * @kprojid: The kernel internal project identifier to start with.
373 *
374 * Map @kprojid into the user-namespace specified by @targ and
375 * return the resulting projid.
376 *
377 * There is always a mapping into the initial user_namespace.
378 *
379 * If @kprojid has no mapping in @targ (projid_t)-1 is returned.
380 */
381 projid_t from_kprojid(struct user_namespace *targ, kprojid_t kprojid)
382 {
383 /* Map the uid from a global kernel uid */
384 return map_id_up(&targ->projid_map, __kprojid_val(kprojid));
385 }
386 EXPORT_SYMBOL(from_kprojid);
387
388 /**
389 * from_kprojid_munged - Create a projiid from a kprojid user-namespace pair.
390 * @targ: The user namespace we want a projid in.
391 * @kprojid: The kernel internal projid to start with.
392 *
393 * Map @kprojid into the user-namespace specified by @targ and
394 * return the resulting projid.
395 *
396 * There is always a mapping into the initial user_namespace.
397 *
398 * Unlike from_kprojid from_kprojid_munged never fails and always
399 * returns a valid projid. This makes from_kprojid_munged
400 * appropriate for use in syscalls like stat and where
401 * failing the system call and failing to provide a valid projid are
402 * not an options.
403 *
404 * If @kprojid has no mapping in @targ OVERFLOW_PROJID is returned.
405 */
406 projid_t from_kprojid_munged(struct user_namespace *targ, kprojid_t kprojid)
407 {
408 projid_t projid;
409 projid = from_kprojid(targ, kprojid);
410
411 if (projid == (projid_t) -1)
412 projid = OVERFLOW_PROJID;
413 return projid;
414 }
415 EXPORT_SYMBOL(from_kprojid_munged);
416
417
418 static int uid_m_show(struct seq_file *seq, void *v)
419 {
420 struct user_namespace *ns = seq->private;
421 struct uid_gid_extent *extent = v;
422 struct user_namespace *lower_ns;
423 uid_t lower;
424
425 lower_ns = seq_user_ns(seq);
426 if ((lower_ns == ns) && lower_ns->parent)
427 lower_ns = lower_ns->parent;
428
429 lower = from_kuid(lower_ns, KUIDT_INIT(extent->lower_first));
430
431 seq_printf(seq, "%10u %10u %10u\n",
432 extent->first,
433 lower,
434 extent->count);
435
436 return 0;
437 }
438
439 static int gid_m_show(struct seq_file *seq, void *v)
440 {
441 struct user_namespace *ns = seq->private;
442 struct uid_gid_extent *extent = v;
443 struct user_namespace *lower_ns;
444 gid_t lower;
445
446 lower_ns = seq_user_ns(seq);
447 if ((lower_ns == ns) && lower_ns->parent)
448 lower_ns = lower_ns->parent;
449
450 lower = from_kgid(lower_ns, KGIDT_INIT(extent->lower_first));
451
452 seq_printf(seq, "%10u %10u %10u\n",
453 extent->first,
454 lower,
455 extent->count);
456
457 return 0;
458 }
459
460 static int projid_m_show(struct seq_file *seq, void *v)
461 {
462 struct user_namespace *ns = seq->private;
463 struct uid_gid_extent *extent = v;
464 struct user_namespace *lower_ns;
465 projid_t lower;
466
467 lower_ns = seq_user_ns(seq);
468 if ((lower_ns == ns) && lower_ns->parent)
469 lower_ns = lower_ns->parent;
470
471 lower = from_kprojid(lower_ns, KPROJIDT_INIT(extent->lower_first));
472
473 seq_printf(seq, "%10u %10u %10u\n",
474 extent->first,
475 lower,
476 extent->count);
477
478 return 0;
479 }
480
481 static void *m_start(struct seq_file *seq, loff_t *ppos, struct uid_gid_map *map)
482 {
483 struct uid_gid_extent *extent = NULL;
484 loff_t pos = *ppos;
485
486 if (pos < map->nr_extents)
487 extent = &map->extent[pos];
488
489 return extent;
490 }
491
492 static void *uid_m_start(struct seq_file *seq, loff_t *ppos)
493 {
494 struct user_namespace *ns = seq->private;
495
496 return m_start(seq, ppos, &ns->uid_map);
497 }
498
499 static void *gid_m_start(struct seq_file *seq, loff_t *ppos)
500 {
501 struct user_namespace *ns = seq->private;
502
503 return m_start(seq, ppos, &ns->gid_map);
504 }
505
506 static void *projid_m_start(struct seq_file *seq, loff_t *ppos)
507 {
508 struct user_namespace *ns = seq->private;
509
510 return m_start(seq, ppos, &ns->projid_map);
511 }
512
513 static void *m_next(struct seq_file *seq, void *v, loff_t *pos)
514 {
515 (*pos)++;
516 return seq->op->start(seq, pos);
517 }
518
519 static void m_stop(struct seq_file *seq, void *v)
520 {
521 return;
522 }
523
524 struct seq_operations proc_uid_seq_operations = {
525 .start = uid_m_start,
526 .stop = m_stop,
527 .next = m_next,
528 .show = uid_m_show,
529 };
530
531 struct seq_operations proc_gid_seq_operations = {
532 .start = gid_m_start,
533 .stop = m_stop,
534 .next = m_next,
535 .show = gid_m_show,
536 };
537
538 struct seq_operations proc_projid_seq_operations = {
539 .start = projid_m_start,
540 .stop = m_stop,
541 .next = m_next,
542 .show = projid_m_show,
543 };
544
545 static bool mappings_overlap(struct uid_gid_map *new_map, struct uid_gid_extent *extent)
546 {
547 u32 upper_first, lower_first, upper_last, lower_last;
548 unsigned idx;
549
550 upper_first = extent->first;
551 lower_first = extent->lower_first;
552 upper_last = upper_first + extent->count - 1;
553 lower_last = lower_first + extent->count - 1;
554
555 for (idx = 0; idx < new_map->nr_extents; idx++) {
556 u32 prev_upper_first, prev_lower_first;
557 u32 prev_upper_last, prev_lower_last;
558 struct uid_gid_extent *prev;
559
560 prev = &new_map->extent[idx];
561
562 prev_upper_first = prev->first;
563 prev_lower_first = prev->lower_first;
564 prev_upper_last = prev_upper_first + prev->count - 1;
565 prev_lower_last = prev_lower_first + prev->count - 1;
566
567 /* Does the upper range intersect a previous extent? */
568 if ((prev_upper_first <= upper_last) &&
569 (prev_upper_last >= upper_first))
570 return true;
571
572 /* Does the lower range intersect a previous extent? */
573 if ((prev_lower_first <= lower_last) &&
574 (prev_lower_last >= lower_first))
575 return true;
576 }
577 return false;
578 }
579
580
581 static DEFINE_MUTEX(id_map_mutex);
582
583 static ssize_t map_write(struct file *file, const char __user *buf,
584 size_t count, loff_t *ppos,
585 int cap_setid,
586 struct uid_gid_map *map,
587 struct uid_gid_map *parent_map)
588 {
589 struct seq_file *seq = file->private_data;
590 struct user_namespace *ns = seq->private;
591 struct uid_gid_map new_map;
592 unsigned idx;
593 struct uid_gid_extent *extent = NULL;
594 unsigned long page = 0;
595 char *kbuf, *pos, *next_line;
596 ssize_t ret = -EINVAL;
597
598 /*
599 * The id_map_mutex serializes all writes to any given map.
600 *
601 * Any map is only ever written once.
602 *
603 * An id map fits within 1 cache line on most architectures.
604 *
605 * On read nothing needs to be done unless you are on an
606 * architecture with a crazy cache coherency model like alpha.
607 *
608 * There is a one time data dependency between reading the
609 * count of the extents and the values of the extents. The
610 * desired behavior is to see the values of the extents that
611 * were written before the count of the extents.
612 *
613 * To achieve this smp_wmb() is used on guarantee the write
614 * order and smp_rmb() is guaranteed that we don't have crazy
615 * architectures returning stale data.
616 */
617 mutex_lock(&id_map_mutex);
618
619 ret = -EPERM;
620 /* Only allow one successful write to the map */
621 if (map->nr_extents != 0)
622 goto out;
623
624 /*
625 * Adjusting namespace settings requires capabilities on the target.
626 */
627 if (cap_valid(cap_setid) && !file_ns_capable(file, ns, CAP_SYS_ADMIN))
628 goto out;
629
630 /* Get a buffer */
631 ret = -ENOMEM;
632 page = __get_free_page(GFP_TEMPORARY);
633 kbuf = (char *) page;
634 if (!page)
635 goto out;
636
637 /* Only allow <= page size writes at the beginning of the file */
638 ret = -EINVAL;
639 if ((*ppos != 0) || (count >= PAGE_SIZE))
640 goto out;
641
642 /* Slurp in the user data */
643 ret = -EFAULT;
644 if (copy_from_user(kbuf, buf, count))
645 goto out;
646 kbuf[count] = '\0';
647
648 /* Parse the user data */
649 ret = -EINVAL;
650 pos = kbuf;
651 new_map.nr_extents = 0;
652 for (;pos; pos = next_line) {
653 extent = &new_map.extent[new_map.nr_extents];
654
655 /* Find the end of line and ensure I don't look past it */
656 next_line = strchr(pos, '\n');
657 if (next_line) {
658 *next_line = '\0';
659 next_line++;
660 if (*next_line == '\0')
661 next_line = NULL;
662 }
663
664 pos = skip_spaces(pos);
665 extent->first = simple_strtoul(pos, &pos, 10);
666 if (!isspace(*pos))
667 goto out;
668
669 pos = skip_spaces(pos);
670 extent->lower_first = simple_strtoul(pos, &pos, 10);
671 if (!isspace(*pos))
672 goto out;
673
674 pos = skip_spaces(pos);
675 extent->count = simple_strtoul(pos, &pos, 10);
676 if (*pos && !isspace(*pos))
677 goto out;
678
679 /* Verify there is not trailing junk on the line */
680 pos = skip_spaces(pos);
681 if (*pos != '\0')
682 goto out;
683
684 /* Verify we have been given valid starting values */
685 if ((extent->first == (u32) -1) ||
686 (extent->lower_first == (u32) -1 ))
687 goto out;
688
689 /* Verify count is not zero and does not cause the extent to wrap */
690 if ((extent->first + extent->count) <= extent->first)
691 goto out;
692 if ((extent->lower_first + extent->count) <= extent->lower_first)
693 goto out;
694
695 /* Do the ranges in extent overlap any previous extents? */
696 if (mappings_overlap(&new_map, extent))
697 goto out;
698
699 new_map.nr_extents++;
700
701 /* Fail if the file contains too many extents */
702 if ((new_map.nr_extents == UID_GID_MAP_MAX_EXTENTS) &&
703 (next_line != NULL))
704 goto out;
705 }
706 /* Be very certaint the new map actually exists */
707 if (new_map.nr_extents == 0)
708 goto out;
709
710 ret = -EPERM;
711 /* Validate the user is allowed to use user id's mapped to. */
712 if (!new_idmap_permitted(file, ns, cap_setid, &new_map))
713 goto out;
714
715 /* Map the lower ids from the parent user namespace to the
716 * kernel global id space.
717 */
718 for (idx = 0; idx < new_map.nr_extents; idx++) {
719 u32 lower_first;
720 extent = &new_map.extent[idx];
721
722 lower_first = map_id_range_down(parent_map,
723 extent->lower_first,
724 extent->count);
725
726 /* Fail if we can not map the specified extent to
727 * the kernel global id space.
728 */
729 if (lower_first == (u32) -1)
730 goto out;
731
732 extent->lower_first = lower_first;
733 }
734
735 /* Install the map */
736 memcpy(map->extent, new_map.extent,
737 new_map.nr_extents*sizeof(new_map.extent[0]));
738 smp_wmb();
739 map->nr_extents = new_map.nr_extents;
740
741 *ppos = count;
742 ret = count;
743 out:
744 mutex_unlock(&id_map_mutex);
745 if (page)
746 free_page(page);
747 return ret;
748 }
749
750 ssize_t proc_uid_map_write(struct file *file, const char __user *buf, size_t size, loff_t *ppos)
751 {
752 struct seq_file *seq = file->private_data;
753 struct user_namespace *ns = seq->private;
754 struct user_namespace *seq_ns = seq_user_ns(seq);
755
756 if (!ns->parent)
757 return -EPERM;
758
759 if ((seq_ns != ns) && (seq_ns != ns->parent))
760 return -EPERM;
761
762 return map_write(file, buf, size, ppos, CAP_SETUID,
763 &ns->uid_map, &ns->parent->uid_map);
764 }
765
766 ssize_t proc_gid_map_write(struct file *file, const char __user *buf, size_t size, loff_t *ppos)
767 {
768 struct seq_file *seq = file->private_data;
769 struct user_namespace *ns = seq->private;
770 struct user_namespace *seq_ns = seq_user_ns(seq);
771
772 if (!ns->parent)
773 return -EPERM;
774
775 if ((seq_ns != ns) && (seq_ns != ns->parent))
776 return -EPERM;
777
778 return map_write(file, buf, size, ppos, CAP_SETGID,
779 &ns->gid_map, &ns->parent->gid_map);
780 }
781
782 ssize_t proc_projid_map_write(struct file *file, const char __user *buf, size_t size, loff_t *ppos)
783 {
784 struct seq_file *seq = file->private_data;
785 struct user_namespace *ns = seq->private;
786 struct user_namespace *seq_ns = seq_user_ns(seq);
787
788 if (!ns->parent)
789 return -EPERM;
790
791 if ((seq_ns != ns) && (seq_ns != ns->parent))
792 return -EPERM;
793
794 /* Anyone can set any valid project id no capability needed */
795 return map_write(file, buf, size, ppos, -1,
796 &ns->projid_map, &ns->parent->projid_map);
797 }
798
799 static bool new_idmap_permitted(const struct file *file,
800 struct user_namespace *ns, int cap_setid,
801 struct uid_gid_map *new_map)
802 {
803 /* Allow mapping to your own filesystem ids */
804 if ((new_map->nr_extents == 1) && (new_map->extent[0].count == 1)) {
805 u32 id = new_map->extent[0].lower_first;
806 if (cap_setid == CAP_SETUID) {
807 kuid_t uid = make_kuid(ns->parent, id);
808 if (uid_eq(uid, file->f_cred->fsuid))
809 return true;
810 }
811 else if (cap_setid == CAP_SETGID) {
812 kgid_t gid = make_kgid(ns->parent, id);
813 if (gid_eq(gid, file->f_cred->fsgid))
814 return true;
815 }
816 }
817
818 /* Allow anyone to set a mapping that doesn't require privilege */
819 if (!cap_valid(cap_setid))
820 return true;
821
822 /* Allow the specified ids if we have the appropriate capability
823 * (CAP_SETUID or CAP_SETGID) over the parent user namespace.
824 * And the opener of the id file also had the approprpiate capability.
825 */
826 if (ns_capable(ns->parent, cap_setid) &&
827 file_ns_capable(file, ns->parent, cap_setid))
828 return true;
829
830 return false;
831 }
832
833 static void *userns_get(struct task_struct *task)
834 {
835 struct user_namespace *user_ns;
836
837 rcu_read_lock();
838 user_ns = get_user_ns(__task_cred(task)->user_ns);
839 rcu_read_unlock();
840
841 return user_ns;
842 }
843
844 static void userns_put(void *ns)
845 {
846 put_user_ns(ns);
847 }
848
849 static int userns_install(struct nsproxy *nsproxy, void *ns)
850 {
851 struct user_namespace *user_ns = ns;
852 struct cred *cred;
853
854 /* Don't allow gaining capabilities by reentering
855 * the same user namespace.
856 */
857 if (user_ns == current_user_ns())
858 return -EINVAL;
859
860 /* Threaded processes may not enter a different user namespace */
861 if (atomic_read(&current->mm->mm_users) > 1)
862 return -EINVAL;
863
864 if (current->fs->users != 1)
865 return -EINVAL;
866
867 if (!ns_capable(user_ns, CAP_SYS_ADMIN))
868 return -EPERM;
869
870 cred = prepare_creds();
871 if (!cred)
872 return -ENOMEM;
873
874 put_user_ns(cred->user_ns);
875 set_cred_user_ns(cred, get_user_ns(user_ns));
876
877 return commit_creds(cred);
878 }
879
880 static unsigned int userns_inum(void *ns)
881 {
882 struct user_namespace *user_ns = ns;
883 return user_ns->proc_inum;
884 }
885
886 const struct proc_ns_operations userns_operations = {
887 .name = "user",
888 .type = CLONE_NEWUSER,
889 .get = userns_get,
890 .put = userns_put,
891 .install = userns_install,
892 .inum = userns_inum,
893 };
894
895 static __init int user_namespaces_init(void)
896 {
897 user_ns_cachep = KMEM_CACHE(user_namespace, SLAB_PANIC);
898 return 0;
899 }
900 module_init(user_namespaces_init);
kernel source for telekom puls (alcatel/mediatek)