From: ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org (Eric W. Biederman)
To: Linux Containers
<containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org>
Cc: esyr-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
jannh-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org,
khlebnikov-XoJtRXgx1JseBXzfvpsJ4g@public.gmane.org,
linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
serge.hallyn-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
prakash.sangappa-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org,
linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
luto-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org,
oleg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org,
Nagarathnam Muthusamy
<nagarathnam.muthusamy-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>,
Pavel Emelyanov <xemul-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
Subject: [REVIEW][PATCH 00/11] ipc: Fixing the pid namespace support
Date: Fri, 23 Mar 2018 14:11:23 -0500 [thread overview]
Message-ID: <87vadmobdw.fsf_-_@xmission.com> (raw)
In-Reply-To: <87a7v2z2qa.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org> (Eric W. Biederman's message of "Tue, 20 Mar 2018 19:33:49 -0500")
While discussing a proposal by Nagarathnam Muthusamy I realized that
the ipc namespace has never been given proper pid namespace support.
In particular if objects in a single ipc namespace are accessed from
different pid namespaces they will return the wrong pids.
Then when trying to test this I discovered that definitions that are
only used in msg.c, sem.c, and shm.c are included in linux/sched.h
resulting in what should be simple local modifications requring
nearly a full kernel rebuild.
So this patchset does several things.
- Changes the types that are passed into the security hooks to struct
kern_ipc_perm because that is all the security hooks use.
- Moves definitions from include/{msg,sem,shm}.h into ipc/{msg,sem,shm}.c
So the code can be modified without excessive development time.
- Instead of storing pids as intergers stores struct pid * instead.
I took a careful look to see if it seems likely the performance
regression in credential passing that af_unix experienced after
a similar conversion would be likely, but I don't see it.
So I think the biggest concern is if someone in the last 10 years
has come to depend on the buggy behavior. If either the performance
is problematic or the there are regression caused by the change
in behavior we can revert.
Still I would like to see this fixed and I plan on merging this code.
Eric W. Biederman (11):
sem/security: Pass kern_ipc_perm not sem_array into the sem security hooks
shm/security: Pass kern_ipc_perm not shmid_kernel into the shm security hooks
msg/security: Pass kern_ipc_perm not msg_queue into the msg_queue security hooks
sem: Move struct sem and struct sem_array into ipc/sem.c
shm: Move struct shmid_kernel into ipc/shm.c
msg: Move struct msg_queue into ipc/msg.c
ipc: Move IPCMNI from include/ipc.h into ipc/util.h
ipc/util: Helpers for making the sysvipc operations pid namespace aware
ipc/shm: Fix shmctl(..., IPC_STAT, ...) between pid namespaces.
ipc/msg: Fix msgctl(..., IPC_STAT, ...) between pid namespaces
ipc/sem: Fix semctl(..., GETPID, ...) between pid namespaces
include/linux/ipc.h | 2 -
include/linux/lsm_hooks.h | 32 ++++++++--------
include/linux/msg.h | 18 ---------
include/linux/security.h | 67 ++++++++++++++++-----------------
include/linux/sem.h | 40 +-------------------
include/linux/shm.h | 23 ------------
ipc/msg.c | 54 ++++++++++++++++++---------
ipc/sem.c | 73 ++++++++++++++++++++++++++----------
ipc/shm.c | 60 +++++++++++++++++++++---------
ipc/util.c | 9 +++++
ipc/util.h | 12 ++++++
security/security.c | 32 ++++++++--------
security/selinux/hooks.c | 92 +++++++++++++++++++++++-----------------------
security/smack/smack_lsm.c | 68 +++++++++++++++++-----------------
14 files changed, 297 insertions(+), 285 deletions(-)
Eric
next parent reply other threads:[~2018-03-23 19:11 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1520875093-18174-1-git-send-email-nagarathnam.muthusamy@oracle.com>
[not found] ` <87vadzqqq6.fsf@xmission.com>
[not found] ` <990e88fa-ab50-9645-b031-14e1afbf7ccc@oracle.com>
[not found] ` <877eqejowd.fsf@xmission.com>
[not found] ` <3a46a03d-e4dd-59b6-e25f-0020be1b1dc9@oracle.com>
[not found] ` <87a7v2z2qa.fsf@xmission.com>
[not found] ` <87a7v2z2qa.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2018-03-23 19:11 ` Eric W. Biederman [this message]
[not found] ` <20180323191614.32489-9-ebiederm@xmission.com>
[not found] ` <20180323191614.32489-9-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2018-03-23 21:17 ` [REVIEW][PATCH 09/11] ipc/shm: Fix shmctl(..., IPC_STAT, ...) between pid namespaces NAGARATHNAM MUTHUSAMY
[not found] ` <7df62190-2407-bfd4-d144-7304a8ea8ae3-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>
2018-03-23 21:33 ` Eric W. Biederman
[not found] ` <87lgeio4tb.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2018-03-23 21:41 ` NAGARATHNAM MUTHUSAMY
[not found] ` <1091a91e-f8ee-b091-6d95-78b33520fb2d-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>
2018-03-28 23:04 ` Eric W. Biederman
[not found] ` <87woxvajk9.fsf@xmission.com>
[not found] ` <87woxvajk9.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2018-03-28 23:18 ` Nagarathnam Muthusamy
[not found] ` <20180323191614.32489-10-ebiederm@xmission.com>
[not found] ` <20180323191614.32489-10-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2018-03-23 21:21 ` [REVIEW][PATCH 10/11] ipc/msg: Fix msgctl(..., " NAGARATHNAM MUTHUSAMY
[not found] ` <20180323191614.32489-3-ebiederm@xmission.com>
[not found] ` <20180323191614.32489-3-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2018-03-23 21:55 ` [REVIEW][PATCH 03/11] msg/security: Pass kern_ipc_perm not msg_queue into the msg_queue security hooks Casey Schaufler
[not found] ` <bb73b0ea-bcda-a996-8f14-48d9dd1b0940@schaufler-ca.com>
[not found] ` <bb73b0ea-bcda-a996-8f14-48d9dd1b0940-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org>
2018-03-24 5:37 ` Eric W. Biederman
[not found] ` <87y3iikp1y.fsf_-_@xmission.com>
[not found] ` <87y3iikp1y.fsf_-_-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2018-03-25 0:05 ` [REVIEW][PATCH 13/11] ipc/smack: Tidy up from the change in type of the ipc " Casey Schaufler
[not found] ` <80cd2fea-c9a8-4f26-acbb-e0ecb34e4e40-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org>
2018-03-28 23:38 ` Davidlohr Bueso
2018-03-28 23:57 ` Davidlohr Bueso
[not found] ` <87vadmobdw.fsf_-_-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2018-03-23 19:16 ` [REVIEW][PATCH 01/11] sem/security: Pass kern_ipc_perm not sem_array into the sem " Eric W. Biederman
[not found] ` <20180323191614.32489-1-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2018-03-23 21:46 ` Casey Schaufler
[not found] ` <bdf6ed62-b75c-1920-d5ce-ea08428d03d0@schaufler-ca.com>
[not found] ` <bdf6ed62-b75c-1920-d5ce-ea08428d03d0-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org>
2018-03-28 23:20 ` Davidlohr Bueso
2018-03-23 19:16 ` [REVIEW][PATCH 02/11] shm/security: Pass kern_ipc_perm not shmid_kernel into the shm " Eric W. Biederman
[not found] ` <20180323191614.32489-2-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2018-03-23 21:54 ` Casey Schaufler
2018-03-23 19:16 ` [REVIEW][PATCH 03/11] msg/security: Pass kern_ipc_perm not msg_queue into the msg_queue " Eric W. Biederman
2018-03-23 19:16 ` [REVIEW][PATCH 04/11] sem: Move struct sem and struct sem_array into ipc/sem.c Eric W. Biederman
2018-03-23 19:16 ` [REVIEW][PATCH 05/11] shm: Move struct shmid_kernel into ipc/shm.c Eric W. Biederman
2018-03-23 19:16 ` [REVIEW][PATCH 06/11] msg: Move struct msg_queue into ipc/msg.c Eric W. Biederman
2018-03-23 19:16 ` [REVIEW][PATCH 07/11] ipc: Move IPCMNI from include/ipc.h into ipc/util.h Eric W. Biederman
2018-03-23 19:16 ` [REVIEW][PATCH 08/11] ipc/util: Helpers for making the sysvipc operations pid namespace aware Eric W. Biederman
2018-03-23 19:16 ` [REVIEW][PATCH 09/11] ipc/shm: Fix shmctl(..., IPC_STAT, ...) between pid namespaces Eric W. Biederman
2018-03-23 19:16 ` [REVIEW][PATCH 10/11] ipc/msg: Fix msgctl(..., " Eric W. Biederman
2018-03-23 19:16 ` [REVIEW][PATCH 11/11] ipc/sem: Fix semctl(..., GETPID, " Eric W. Biederman
[not found] ` <20180323191614.32489-11-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2018-03-29 0:52 ` Davidlohr Bueso
[not found] ` <20180329005209.fnzr3hzvyr4oy3wi@linux-n805>
2018-03-30 19:09 ` Davidlohr Bueso
[not found] ` <20180330190951.nfcdwuzp42bl2lfy@linux-n805>
2018-03-30 20:12 ` Eric W. Biederman
[not found] ` <87y3i91fxh.fsf@xmission.com>
[not found] ` <87y3i91fxh.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2018-03-30 20:45 ` Davidlohr Bueso
2018-04-02 11:11 ` Manfred Spraul
2018-03-24 5:40 ` [REVIEW][PATCH 12/11] ipc: Directly call the security hook in ipc_ops.associate Eric W. Biederman
[not found] ` <877eq2m3or.fsf_-_-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2018-03-28 23:40 ` Davidlohr Bueso
2018-03-31 2:13 ` James Morris
2018-03-24 5:42 ` [REVIEW][PATCH 13/11] ipc/smack: Tidy up from the change in type of the ipc security hooks Eric W. Biederman
2018-03-29 1:12 ` [REVIEW][PATCH 00/11] ipc: Fixing the pid namespace support Davidlohr Bueso
2018-03-29 18:42 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87vadmobdw.fsf_-_@xmission.com \
--to=ebiederm-as9lmozglivwk0htik3j/w@public.gmane.org \
--cc=akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=esyr-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=jannh-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org \
--cc=khlebnikov-XoJtRXgx1JseBXzfvpsJ4g@public.gmane.org \
--cc=linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=luto-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
--cc=nagarathnam.muthusamy-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org \
--cc=oleg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=prakash.sangappa-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org \
--cc=serge.hallyn-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org \
--cc=xemul-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).