summaryrefslogtreecommitdiff
path: root/kernel/user.c
diff options
context:
space:
mode:
authorEric W. Biederman <ebiederm@xmission.com>2014-12-02 12:27:26 -0600
committerJiri Slaby <jslaby@suse.cz>2015-01-07 17:55:14 +0100
commit84c4e718c006d4e37e1d0a8d1928dd80927e1127 (patch)
treeffcadb5ef77614eff73a9710a90048d1462592d2 /kernel/user.c
parent8af7f1447f86763c7c7d8bff54f58030723d9abb (diff)
userns: Add a knob to disable setgroups on a per user namespace basis
commit 9cc46516ddf497ea16e8d7cb986ae03a0f6b92f8 upstream. - Expose the knob to user space through a proc file /proc/<pid>/setgroups A value of "deny" means the setgroups system call is disabled in the current processes user namespace and can not be enabled in the future in this user namespace. A value of "allow" means the segtoups system call is enabled. - Descendant user namespaces inherit the value of setgroups from their parents. - A proc file is used (instead of a sysctl) as sysctls currently do not allow checking the permissions at open time. - Writing to the proc file is restricted to before the gid_map for the user namespace is set. This ensures that disabling setgroups at a user namespace level will never remove the ability to call setgroups from a process that already has that ability. A process may opt in to the setgroups disable for itself by creating, entering and configuring a user namespace or by calling setns on an existing user namespace with setgroups disabled. Processes without privileges already can not call setgroups so this is a noop. Prodcess with privilege become processes without privilege when entering a user namespace and as with any other path to dropping privilege they would not have the ability to call setgroups. So this remains within the bounds of what is possible without a knob to disable setgroups permanently in a user namespace. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Diffstat (limited to 'kernel/user.c')
-rw-r--r--kernel/user.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/kernel/user.c b/kernel/user.c
index 5bbb91988e69..75774ce9bf58 100644
--- a/kernel/user.c
+++ b/kernel/user.c
@@ -51,6 +51,7 @@ struct user_namespace init_user_ns = {
.owner = GLOBAL_ROOT_UID,
.group = GLOBAL_ROOT_GID,
.proc_inum = PROC_USER_INIT_INO,
+ .flags = USERNS_INIT_FLAGS,
};
EXPORT_SYMBOL_GPL(init_user_ns);