1888e9b4bb
per ipc namespace. Previously these sysctls depended upon a hack to simulate being per ipc namespace by looking up the ipc namespace in read or write. With this set of changes the ipc sysctls are registered per ipc namespace and open looks up the ipc namespace. Not only does this series of changes ensure the traditional binding at open time happens, but it sets a foundation for being able to relax the permission checks to allow a user namspace root to change the ipc sysctls for an ipc namespace that the user namespace root requires. To do this requires the ipc namespace to be known at open time. These changes were sent for v5.18[1] but were dropped because some additional cleanups were requested. Linus has given his nod[2] to the cleanups so I hope enough cleanups are present this time. [1] https://lkml.kernel.org/r/877d8kfmdp.fsf@email.froward.int.ebiederm.org [2] https://lkml.kernel.org/r/CAHk-=whi2SzU4XT_FsdTCAuK2qtYmH+-hwi1cbSdG8zu0KXL=g@mail.gmail.com Alexey Gladkov (6): ipc: Store mqueue sysctls in the ipc namespace ipc: Store ipc sysctls in the ipc namespace ipc: Use the same namespace to modify and validate ipc: Remove extra1 field abuse to pass ipc namespace ipc: Check permissions for checkpoint_restart sysctls at open time ipc: Remove extra braces include/linux/ipc_namespace.h | 37 +++++++- ipc/ipc_sysctl.c | 205 +++++++++++++++++++++++++----------------- ipc/mq_sysctl.c | 121 +++++++++++++------------ ipc/mqueue.c | 10 +-- ipc/namespace.c | 10 +++ 5 files changed, 238 insertions(+), 145 deletions(-) Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEgjlraLDcwBA2B+6cC/v6Eiajj0AFAmKaP5QACgkQC/v6Eiaj j0Cd6A//fBb7GWeZpEsQXN0LLJZwfQqd5HYKBZ1yB0bclj4K4rg//goMqwvAb8YC x4h8Mny9yt3SHYWHqFMQvXGi5oMOodlZ3dxz5RAUoGG7c2oqF4mUhD5ugUJ07ElT z2DImq+oZ6NZcsVcW8n9WmaLiGFdZ6N1Ftr4w+lfH4bioON/jsBKa/v9ftXCgzyJ cqZ7Q7JCpD4qKDw7q6zEx5Y2ZqCciMWdmJOZ/X77D1vyNia1EJmsi26NgsH0uLTV mYz/L2BgHUiCmvPbdtD2hKs3OlkX38zkvVyyLxHVAIcCKIWE4O8vA6xsz+I+5kMB V3anYjf+PNeI9ASXGTJ56QlTj9I0Z7Dti8Sq6fCUa99rJtG4tcwgRHOZyL/Z3l48 8Dx//op/OTf5C3PLPhYqngpnMaXOQo++XEHqCN5c0j8UyaFLDbfs7H+JDuKZDp3d HQBdqaeyxxGaO87JqKt+K4wHkr+B0genTRfW3zliGVBmZC9KLXHoJ53ENRo1RyMs DcTZXzPdYx+yFJaYk5GAiP/S81eTjbznsQ0ATTEDGZPQcX+LeiFaeZ9aqObIx3UL krX9bohwWzL7bI9hwSp0waoLZGx5TEd9UXClMlct8GXBZUBpYfeaA7BQ8CJoH6+z IsQH/z5eOvfux5LsPUVI3PSd/IJWdh+uz0vDpNWkoKMabiZT1fg= =cSFI -----END PGP SIGNATURE----- Merge tag 'per-namespace-ipc-sysctls-for-v5.19' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace Pull ipc sysctl namespace updates from Eric Biederman: "This updates the ipc sysctls so that they are fundamentally per ipc namespace. Previously these sysctls depended upon a hack to simulate being per ipc namespace by looking up the ipc namespace in read or write. With this set of changes the ipc sysctls are registered per ipc namespace and open looks up the ipc namespace. Not only does this series of changes ensure the traditional binding at open time happens, but it sets a foundation for being able to relax the permission checks to allow a user namspace root to change the ipc sysctls for an ipc namespace that the user namespace root requires. To do this requires the ipc namespace to be known at open time" * tag 'per-namespace-ipc-sysctls-for-v5.19' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace: ipc: Remove extra braces ipc: Check permissions for checkpoint_restart sysctls at open time ipc: Remove extra1 field abuse to pass ipc namespace ipc: Use the same namespace to modify and validate ipc: Store ipc sysctls in the ipc namespace ipc: Store mqueue sysctls in the ipc namespace |
||
|---|---|---|
| .. | ||
| Makefile | ||
| compat.c | ||
| ipc_sysctl.c | ||
| mq_sysctl.c | ||
| mqueue.c | ||
| msg.c | ||
| msgutil.c | ||
| namespace.c | ||
| sem.c | ||
| shm.c | ||
| syscall.c | ||
| util.c | ||
| util.h | ||