user/sven/linux.git/kernel/utsname.c, branch stable/4.7.y

copy address of proc_ns_ops into ns_common

2014-12-04T19:34:47Z

Signed-off-by: Al Viro

new helpers: ns_alloc_inum/ns_free_inum

2014-12-04T19:34:36Z

take struct ns_common *, for now simply wrappers around proc_{alloc,free}_inum() Signed-off-by: Al Viro

make proc_ns_operations work with struct ns_common * instead of void *

2014-12-04T19:34:17Z

We can do that now. And kill ->inum(), while we are at it - all instances are identical. Signed-off-by: Al Viro

switch the rest of proc_ns_operations to working with &...->ns

2014-12-04T19:34:11Z

Signed-off-by: Al Viro

common object embedded into various struct ....ns

2014-12-04T19:31:00Z

for now - just move corresponding ->proc_inum instances over there Acked-by: "Eric W. Biederman" Signed-off-by: Al Viro

namespaces: Use task_lock and not rcu to protect nsproxy

2014-07-30T01:08:50Z

The synchronous syncrhonize_rcu in switch_task_namespaces makes setns a sufficiently expensive system call that people have complained. Upon inspect nsproxy no longer needs rcu protection for remote reads. remote reads are rare. So optimize for same process reads and write by switching using rask_lock instead. This yields a simpler to understand lock, and a faster setns system call. In particular this fixes a performance regression observed by Rafael David Tinoco . This is effectively a revert of Pavel Emelyanov's commit cf7b708c8d1d7a27736771bcf4c457b332b0f818 Make access to task's nsproxy lighter from 2007. The race this originialy fixed no longer exists as do_notify_parent uses task_active_pid_ns(parent) instead of parent->nsproxy. Signed-off-by: "Eric W. Biederman"

userns: Kill nsown_capable it makes the wrong thing easy

2013-08-31T06:44:11Z

nsown_capable is a special case of ns_capable essentially for just CAP_SETUID and CAP_SETGID. For the existing users it doesn't noticably simplify things and from the suggested patches I have seen it encourages people to do the wrong thing. So remove nsown_capable. Acked-by: Serge Hallyn Signed-off-by: "Eric W. Biederman"

proc: Split the namespace stuff out into linux/proc_ns.h

2013-05-01T21:29:39Z

Split the proc namespace stuff out into linux/proc_ns.h. Signed-off-by: David Howells cc: netdev@vger.kernel.org cc: Serge E. Hallyn cc: Eric W. Biederman Signed-off-by: Al Viro

kernel/utsname.c: fix wrong comment about clone_uts_ns()

2013-02-28T03:10:22Z

Fix the wrong comment about the return value of clone_uts_ns() Signed-off-by: Yuanhan Liu Acked-by: Serge Hallyn Cc: "Eric W. Biederman" Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds

userns: Require CAP_SYS_ADMIN for most uses of setns.

2012-12-15T00:12:03Z

Andy Lutomirski found a nasty little bug in the permissions of setns. With unprivileged user namespaces it became possible to create new namespaces without privilege. However the setns calls were relaxed to only require CAP_SYS_ADMIN in the user nameapce of the targed namespace. Which made the following nasty sequence possible. pid = clone(CLONE_NEWUSER | CLONE_NEWNS); if (pid == 0) { /* child */ system("mount --bind /home/me/passwd /etc/passwd"); } else if (pid != 0) { /* parent */ char path[PATH_MAX]; snprintf(path, sizeof(path), "/proc/%u/ns/mnt"); fd = open(path, O_RDONLY); setns(fd, 0); system("su -"); } Prevent this possibility by requiring CAP_SYS_ADMIN in the current user namespace when joing all but the user namespace. Acked-by: Serge Hallyn Signed-off-by: "Eric W. Biederman"