Commit c110486f authored by Dmitry Torokhov's avatar Dmitry Torokhov Committed by David S. Miller

proc: make proc entries inherit ownership from parent

There are certain parameters that belong to net namespace and that are
exported in /proc. They should be controllable by the container's owner,
but are currently owned by global root and thus not available.

Let's change proc code to inherit ownership of parent entry, and when
create per-ns "net" proc entry set it up as owned by container's owner.
Signed-off-by: default avatarDmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent f8c46cb3
...@@ -390,6 +390,8 @@ static struct proc_dir_entry *__proc_create(struct proc_dir_entry **parent, ...@@ -390,6 +390,8 @@ static struct proc_dir_entry *__proc_create(struct proc_dir_entry **parent,
atomic_set(&ent->count, 1); atomic_set(&ent->count, 1);
spin_lock_init(&ent->pde_unload_lock); spin_lock_init(&ent->pde_unload_lock);
INIT_LIST_HEAD(&ent->pde_openers); INIT_LIST_HEAD(&ent->pde_openers);
proc_set_user(ent, (*parent)->uid, (*parent)->gid);
out: out:
return ent; return ent;
} }
......
...@@ -21,6 +21,7 @@ ...@@ -21,6 +21,7 @@
#include <linux/bitops.h> #include <linux/bitops.h>
#include <linux/mount.h> #include <linux/mount.h>
#include <linux/nsproxy.h> #include <linux/nsproxy.h>
#include <linux/uidgid.h>
#include <net/net_namespace.h> #include <net/net_namespace.h>
#include <linux/seq_file.h> #include <linux/seq_file.h>
...@@ -185,6 +186,8 @@ const struct file_operations proc_net_operations = { ...@@ -185,6 +186,8 @@ const struct file_operations proc_net_operations = {
static __net_init int proc_net_ns_init(struct net *net) static __net_init int proc_net_ns_init(struct net *net)
{ {
struct proc_dir_entry *netd, *net_statd; struct proc_dir_entry *netd, *net_statd;
kuid_t uid;
kgid_t gid;
int err; int err;
err = -ENOMEM; err = -ENOMEM;
...@@ -199,6 +202,16 @@ static __net_init int proc_net_ns_init(struct net *net) ...@@ -199,6 +202,16 @@ static __net_init int proc_net_ns_init(struct net *net)
netd->parent = &proc_root; netd->parent = &proc_root;
memcpy(netd->name, "net", 4); memcpy(netd->name, "net", 4);
uid = make_kuid(net->user_ns, 0);
if (!uid_valid(uid))
uid = netd->uid;
gid = make_kgid(net->user_ns, 0);
if (!gid_valid(gid))
gid = netd->gid;
proc_set_user(netd, uid, gid);
err = -EEXIST; err = -EEXIST;
net_statd = proc_net_mkdir(net, "stat", netd); net_statd = proc_net_mkdir(net, "stat", netd);
if (!net_statd) if (!net_statd)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment