| ipc_sysctl.c (c900529f3d9161bfde5cca0754f83b4d3c3e0220) | ipc_sysctl.c (8d5b1a9ff84461d7e92e2df1058e75659c94ccb6) |
|---|---|
| 1// SPDX-License-Identifier: GPL-2.0-only 2/* 3 * Copyright (C) 2007 4 * 5 * Author: Eric Biederman <ebiederm@xmision.com> 6 */ 7 8#include <linux/module.h> 9#include <linux/ipc.h> 10#include <linux/nsproxy.h> 11#include <linux/sysctl.h> 12#include <linux/uaccess.h> 13#include <linux/capability.h> 14#include <linux/ipc_namespace.h> 15#include <linux/msg.h> 16#include <linux/slab.h> | 1// SPDX-License-Identifier: GPL-2.0-only 2/* 3 * Copyright (C) 2007 4 * 5 * Author: Eric Biederman <ebiederm@xmision.com> 6 */ 7 8#include <linux/module.h> 9#include <linux/ipc.h> 10#include <linux/nsproxy.h> 11#include <linux/sysctl.h> 12#include <linux/uaccess.h> 13#include <linux/capability.h> 14#include <linux/ipc_namespace.h> 15#include <linux/msg.h> 16#include <linux/slab.h> |
| 17#include <linux/cred.h> |
|
| 17#include "util.h" 18 19static int proc_ipc_dointvec_minmax_orphans(struct ctl_table *table, int write, 20 void *buffer, size_t *lenp, loff_t *ppos) 21{ 22 struct ipc_namespace *ns = 23 container_of(table->data, struct ipc_namespace, shm_rmid_forced); 24 int err; --- 160 unchanged lines hidden (view full) --- 185 return ¤t->nsproxy->ipc_ns->ipc_set; 186} 187 188static int set_is_seen(struct ctl_table_set *set) 189{ 190 return ¤t->nsproxy->ipc_ns->ipc_set == set; 191} 192 | 18#include "util.h" 19 20static int proc_ipc_dointvec_minmax_orphans(struct ctl_table *table, int write, 21 void *buffer, size_t *lenp, loff_t *ppos) 22{ 23 struct ipc_namespace *ns = 24 container_of(table->data, struct ipc_namespace, shm_rmid_forced); 25 int err; --- 160 unchanged lines hidden (view full) --- 186 return ¤t->nsproxy->ipc_ns->ipc_set; 187} 188 189static int set_is_seen(struct ctl_table_set *set) 190{ 191 return ¤t->nsproxy->ipc_ns->ipc_set == set; 192} 193 |
| 194static void ipc_set_ownership(struct ctl_table_header *head, 195 struct ctl_table *table, 196 kuid_t *uid, kgid_t *gid) 197{ 198 struct ipc_namespace *ns = 199 container_of(head->set, struct ipc_namespace, ipc_set); 200 201 kuid_t ns_root_uid = make_kuid(ns->user_ns, 0); 202 kgid_t ns_root_gid = make_kgid(ns->user_ns, 0); 203 204 *uid = uid_valid(ns_root_uid) ? ns_root_uid : GLOBAL_ROOT_UID; 205 *gid = gid_valid(ns_root_gid) ? ns_root_gid : GLOBAL_ROOT_GID; 206} 207 |
|
| 193static int ipc_permissions(struct ctl_table_header *head, struct ctl_table *table) 194{ 195 int mode = table->mode; 196 197#ifdef CONFIG_CHECKPOINT_RESTORE | 208static int ipc_permissions(struct ctl_table_header *head, struct ctl_table *table) 209{ 210 int mode = table->mode; 211 212#ifdef CONFIG_CHECKPOINT_RESTORE |
| 198 struct ipc_namespace *ns = current->nsproxy->ipc_ns; | 213 struct ipc_namespace *ns = 214 container_of(head->set, struct ipc_namespace, ipc_set); |
| 199 200 if (((table->data == &ns->ids[IPC_SEM_IDS].next_id) || 201 (table->data == &ns->ids[IPC_MSG_IDS].next_id) || 202 (table->data == &ns->ids[IPC_SHM_IDS].next_id)) && 203 checkpoint_restore_ns_capable(ns->user_ns)) 204 mode = 0666; | 215 216 if (((table->data == &ns->ids[IPC_SEM_IDS].next_id) || 217 (table->data == &ns->ids[IPC_MSG_IDS].next_id) || 218 (table->data == &ns->ids[IPC_SHM_IDS].next_id)) && 219 checkpoint_restore_ns_capable(ns->user_ns)) 220 mode = 0666; |
| 221 else |
|
| 205#endif | 222#endif |
| 206 return mode; | 223 { 224 kuid_t ns_root_uid; 225 kgid_t ns_root_gid; 226 227 ipc_set_ownership(head, table, &ns_root_uid, &ns_root_gid); 228 229 if (uid_eq(current_euid(), ns_root_uid)) 230 mode >>= 6; 231 232 else if (in_egroup_p(ns_root_gid)) 233 mode >>= 3; 234 } 235 236 mode &= 7; 237 238 return (mode << 6) | (mode << 3) | mode; |
| 207} 208 209static struct ctl_table_root set_root = { 210 .lookup = set_lookup, 211 .permissions = ipc_permissions, | 239} 240 241static struct ctl_table_root set_root = { 242 .lookup = set_lookup, 243 .permissions = ipc_permissions, |
| 244 .set_ownership = ipc_set_ownership, |
|
| 212}; 213 214bool setup_ipc_sysctls(struct ipc_namespace *ns) 215{ 216 struct ctl_table *tbl; 217 218 setup_sysctl_set(&ns->ipc_set, &set_root, set_is_seen); 219 --- 85 unchanged lines hidden --- | 245}; 246 247bool setup_ipc_sysctls(struct ipc_namespace *ns) 248{ 249 struct ctl_table *tbl; 250 251 setup_sysctl_set(&ns->ipc_set, &set_root, set_is_seen); 252 --- 85 unchanged lines hidden --- |