| Message ID | 20200218143411.2389182-8-christian.brauner@ubuntu.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | user_namespace: introduce fsid mappings | expand |
On Tue, Feb 18, 2020 at 03:33:53PM +0100, Christian Brauner wrote: > If fsid mappings have been written, this will cause proc to look at fsid > mappings for the user namespace. If no fsid mappings have been written the > behavior is as before. > > Here is part of the output from /proc/<pid>/status from the initial user > namespace for systemd running in an unprivileged container as user namespace > root with id mapping 0 100000 100000 and fsid mapping 0 300000 100000: > > Name: systemd > Umask: 0000 > State: S (sleeping) > Tgid: 13023 > Ngid: 0 > Pid: 13023 > PPid: 13008 > TracerPid: 0 > Uid: 100000 100000 100000 300000 > Gid: 100000 100000 100000 300000 > FDSize: 64 > Groups: > > Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> Acked-by: Serge Hallyn <serge@hallyn.com> > --- > /* v2 */ > unchanged > > /* v3 */ > unchanged > --- > fs/proc/array.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/fs/proc/array.c b/fs/proc/array.c > index 5efaf3708ec6..d4a04f85a67e 100644 > --- a/fs/proc/array.c > +++ b/fs/proc/array.c > @@ -91,6 +91,7 @@ > #include <linux/string_helpers.h> > #include <linux/user_namespace.h> > #include <linux/fs_struct.h> > +#include <linux/fsuidgid.h> > > #include <asm/pgtable.h> > #include <asm/processor.h> > @@ -193,11 +194,11 @@ static inline void task_state(struct seq_file *m, struct pid_namespace *ns, > seq_put_decimal_ull(m, "\nUid:\t", from_kuid_munged(user_ns, cred->uid)); > seq_put_decimal_ull(m, "\t", from_kuid_munged(user_ns, cred->euid)); > seq_put_decimal_ull(m, "\t", from_kuid_munged(user_ns, cred->suid)); > - seq_put_decimal_ull(m, "\t", from_kuid_munged(user_ns, cred->fsuid)); > + seq_put_decimal_ull(m, "\t", from_kfsuid_munged(user_ns, cred->fsuid)); > seq_put_decimal_ull(m, "\nGid:\t", from_kgid_munged(user_ns, cred->gid)); > seq_put_decimal_ull(m, "\t", from_kgid_munged(user_ns, cred->egid)); > seq_put_decimal_ull(m, "\t", from_kgid_munged(user_ns, cred->sgid)); > - seq_put_decimal_ull(m, "\t", from_kgid_munged(user_ns, cred->fsgid)); > + seq_put_decimal_ull(m, "\t", from_kfsgid_munged(user_ns, cred->fsgid)); > seq_put_decimal_ull(m, "\nFDSize:\t", max_fds); > > seq_puts(m, "\nGroups:\t"); > -- > 2.25.0
diff --git a/fs/proc/array.c b/fs/proc/array.c index 5efaf3708ec6..d4a04f85a67e 100644 --- a/fs/proc/array.c +++ b/fs/proc/array.c @@ -91,6 +91,7 @@ #include <linux/string_helpers.h> #include <linux/user_namespace.h> #include <linux/fs_struct.h> +#include <linux/fsuidgid.h> #include <asm/pgtable.h> #include <asm/processor.h> @@ -193,11 +194,11 @@ static inline void task_state(struct seq_file *m, struct pid_namespace *ns, seq_put_decimal_ull(m, "\nUid:\t", from_kuid_munged(user_ns, cred->uid)); seq_put_decimal_ull(m, "\t", from_kuid_munged(user_ns, cred->euid)); seq_put_decimal_ull(m, "\t", from_kuid_munged(user_ns, cred->suid)); - seq_put_decimal_ull(m, "\t", from_kuid_munged(user_ns, cred->fsuid)); + seq_put_decimal_ull(m, "\t", from_kfsuid_munged(user_ns, cred->fsuid)); seq_put_decimal_ull(m, "\nGid:\t", from_kgid_munged(user_ns, cred->gid)); seq_put_decimal_ull(m, "\t", from_kgid_munged(user_ns, cred->egid)); seq_put_decimal_ull(m, "\t", from_kgid_munged(user_ns, cred->sgid)); - seq_put_decimal_ull(m, "\t", from_kgid_munged(user_ns, cred->fsgid)); + seq_put_decimal_ull(m, "\t", from_kfsgid_munged(user_ns, cred->fsgid)); seq_put_decimal_ull(m, "\nFDSize:\t", max_fds); seq_puts(m, "\nGroups:\t");
If fsid mappings have been written, this will cause proc to look at fsid mappings for the user namespace. If no fsid mappings have been written the behavior is as before. Here is part of the output from /proc/<pid>/status from the initial user namespace for systemd running in an unprivileged container as user namespace root with id mapping 0 100000 100000 and fsid mapping 0 300000 100000: Name: systemd Umask: 0000 State: S (sleeping) Tgid: 13023 Ngid: 0 Pid: 13023 PPid: 13008 TracerPid: 0 Uid: 100000 100000 100000 300000 Gid: 100000 100000 100000 300000 FDSize: 64 Groups: Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> --- /* v2 */ unchanged /* v3 */ unchanged --- fs/proc/array.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)