userns: Kill nsown_capable it makes the wrong thing easy
authorEric W. Biederman <ebiederm@xmission.com>
Wed, 20 Mar 2013 19:49:49 +0000 (12:49 -0700)
committerEric W. Biederman <ebiederm@xmission.com>
Sat, 31 Aug 2013 06:44:11 +0000 (23:44 -0700)
nsown_capable is a special case of ns_capable essentially for just CAP_SETUID and
CAP_SETGID.  For the existing users it doesn't noticably simplify things and
from the suggested patches I have seen it encourages people to do the wrong
thing.  So remove nsown_capable.

Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
12 files changed:
fs/namespace.c
fs/open.c
include/linux/capability.h
ipc/namespace.c
kernel/capability.c
kernel/groups.c
kernel/pid_namespace.c
kernel/sys.c
kernel/uid16.c
kernel/utsname.c
net/core/net_namespace.c
net/core/scm.c

index 877e4277f4962cd1699a9dddcd2e2cec67982928..dc519a1437ee949da2e549886c838fc4698dad5c 100644 (file)
@@ -2929,8 +2929,8 @@ static int mntns_install(struct nsproxy *nsproxy, void *ns)
        struct path root;
 
        if (!ns_capable(mnt_ns->user_ns, CAP_SYS_ADMIN) ||
-           !nsown_capable(CAP_SYS_CHROOT) ||
-           !nsown_capable(CAP_SYS_ADMIN))
+           !ns_capable(current_user_ns(), CAP_SYS_CHROOT) ||
+           !ns_capable(current_user_ns(), CAP_SYS_ADMIN))
                return -EPERM;
 
        if (fs->users != 1)
index 9156cb050d0873b65e8083671ef0ffdbe1ff1a47..1c9d23f7e683611767cb08d8d6d82150b61727b9 100644 (file)
--- a/fs/open.c
+++ b/fs/open.c
@@ -443,7 +443,7 @@ retry:
                goto dput_and_out;
 
        error = -EPERM;
-       if (!nsown_capable(CAP_SYS_CHROOT))
+       if (!ns_capable(current_user_ns(), CAP_SYS_CHROOT))
                goto dput_and_out;
        error = security_path_chroot(&path);
        if (error)
index d9a4f7f40f329b22c81f86e31c72b259d4acb4bf..a6ee1f9a5018544294b50e27b6feac325db63af2 100644 (file)
@@ -210,7 +210,6 @@ extern bool has_ns_capability_noaudit(struct task_struct *t,
                                      struct user_namespace *ns, int cap);
 extern bool capable(int cap);
 extern bool ns_capable(struct user_namespace *ns, int cap);
-extern bool nsown_capable(int cap);
 extern bool inode_capable(const struct inode *inode, int cap);
 extern bool file_ns_capable(const struct file *file, struct user_namespace *ns, int cap);
 
index 7ee61bf449332bbb556f4742e72c8f54c8111d89..4be6581d3b7fa075c3d899e889ce6d09e8fcca86 100644 (file)
@@ -171,7 +171,7 @@ static int ipcns_install(struct nsproxy *nsproxy, void *new)
 {
        struct ipc_namespace *ns = new;
        if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN) ||
-           !nsown_capable(CAP_SYS_ADMIN))
+           !ns_capable(current_user_ns(), CAP_SYS_ADMIN))
                return -EPERM;
 
        /* Ditch state from the old ipc namespace */
index f6c2ce5701e1c3c723d03e3d917c62f584c3a074..6fc1c8af44df745bad512e02be04645984d1b5a1 100644 (file)
@@ -432,18 +432,6 @@ bool capable(int cap)
 }
 EXPORT_SYMBOL(capable);
 
-/**
- * nsown_capable - Check superior capability to one's own user_ns
- * @cap: The capability in question
- *
- * Return true if the current task has the given superior capability
- * targeted at its own user namespace.
- */
-bool nsown_capable(int cap)
-{
-       return ns_capable(current_user_ns(), cap);
-}
-
 /**
  * inode_capable - Check superior capability over inode
  * @inode: The inode in question
index 6b2588dd04ff20fb89995394f9c530a2613fbb83..90cf1c38c8ea8cd425f09a078e2e334db6d675cc 100644 (file)
@@ -233,7 +233,7 @@ SYSCALL_DEFINE2(setgroups, int, gidsetsize, gid_t __user *, grouplist)
        struct group_info *group_info;
        int retval;
 
-       if (!nsown_capable(CAP_SETGID))
+       if (!ns_capable(current_user_ns(), CAP_SETGID))
                return -EPERM;
        if ((unsigned)gidsetsize > NGROUPS_MAX)
                return -EINVAL;
index 6917e8edb48e7702714041737657f1e3949bc849..ee1f6bb83d6783bf83d414ea35e9a8ca2faef2cc 100644 (file)
@@ -329,7 +329,7 @@ static int pidns_install(struct nsproxy *nsproxy, void *ns)
        struct pid_namespace *ancestor, *new = ns;
 
        if (!ns_capable(new->user_ns, CAP_SYS_ADMIN) ||
-           !nsown_capable(CAP_SYS_ADMIN))
+           !ns_capable(current_user_ns(), CAP_SYS_ADMIN))
                return -EPERM;
 
        /*
index 771129b299f8865d176f233e1f14c290da8c89c8..c18ecca575b42e0dcc9e12e2fc5c279983d9eb57 100644 (file)
@@ -337,7 +337,7 @@ SYSCALL_DEFINE2(setregid, gid_t, rgid, gid_t, egid)
        if (rgid != (gid_t) -1) {
                if (gid_eq(old->gid, krgid) ||
                    gid_eq(old->egid, krgid) ||
-                   nsown_capable(CAP_SETGID))
+                   ns_capable(old->user_ns, CAP_SETGID))
                        new->gid = krgid;
                else
                        goto error;
@@ -346,7 +346,7 @@ SYSCALL_DEFINE2(setregid, gid_t, rgid, gid_t, egid)
                if (gid_eq(old->gid, kegid) ||
                    gid_eq(old->egid, kegid) ||
                    gid_eq(old->sgid, kegid) ||
-                   nsown_capable(CAP_SETGID))
+                   ns_capable(old->user_ns, CAP_SETGID))
                        new->egid = kegid;
                else
                        goto error;
@@ -387,7 +387,7 @@ SYSCALL_DEFINE1(setgid, gid_t, gid)
        old = current_cred();
 
        retval = -EPERM;
-       if (nsown_capable(CAP_SETGID))
+       if (ns_capable(old->user_ns, CAP_SETGID))
                new->gid = new->egid = new->sgid = new->fsgid = kgid;
        else if (gid_eq(kgid, old->gid) || gid_eq(kgid, old->sgid))
                new->egid = new->fsgid = kgid;
@@ -471,7 +471,7 @@ SYSCALL_DEFINE2(setreuid, uid_t, ruid, uid_t, euid)
                new->uid = kruid;
                if (!uid_eq(old->uid, kruid) &&
                    !uid_eq(old->euid, kruid) &&
-                   !nsown_capable(CAP_SETUID))
+                   !ns_capable(old->user_ns, CAP_SETUID))
                        goto error;
        }
 
@@ -480,7 +480,7 @@ SYSCALL_DEFINE2(setreuid, uid_t, ruid, uid_t, euid)
                if (!uid_eq(old->uid, keuid) &&
                    !uid_eq(old->euid, keuid) &&
                    !uid_eq(old->suid, keuid) &&
-                   !nsown_capable(CAP_SETUID))
+                   !ns_capable(old->user_ns, CAP_SETUID))
                        goto error;
        }
 
@@ -534,7 +534,7 @@ SYSCALL_DEFINE1(setuid, uid_t, uid)
        old = current_cred();
 
        retval = -EPERM;
-       if (nsown_capable(CAP_SETUID)) {
+       if (ns_capable(old->user_ns, CAP_SETUID)) {
                new->suid = new->uid = kuid;
                if (!uid_eq(kuid, old->uid)) {
                        retval = set_user(new);
@@ -591,7 +591,7 @@ SYSCALL_DEFINE3(setresuid, uid_t, ruid, uid_t, euid, uid_t, suid)
        old = current_cred();
 
        retval = -EPERM;
-       if (!nsown_capable(CAP_SETUID)) {
+       if (!ns_capable(old->user_ns, CAP_SETUID)) {
                if (ruid != (uid_t) -1        && !uid_eq(kruid, old->uid) &&
                    !uid_eq(kruid, old->euid) && !uid_eq(kruid, old->suid))
                        goto error;
@@ -673,7 +673,7 @@ SYSCALL_DEFINE3(setresgid, gid_t, rgid, gid_t, egid, gid_t, sgid)
        old = current_cred();
 
        retval = -EPERM;
-       if (!nsown_capable(CAP_SETGID)) {
+       if (!ns_capable(old->user_ns, CAP_SETGID)) {
                if (rgid != (gid_t) -1        && !gid_eq(krgid, old->gid) &&
                    !gid_eq(krgid, old->egid) && !gid_eq(krgid, old->sgid))
                        goto error;
@@ -744,7 +744,7 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid)
 
        if (uid_eq(kuid, old->uid)  || uid_eq(kuid, old->euid)  ||
            uid_eq(kuid, old->suid) || uid_eq(kuid, old->fsuid) ||
-           nsown_capable(CAP_SETUID)) {
+           ns_capable(old->user_ns, CAP_SETUID)) {
                if (!uid_eq(kuid, old->fsuid)) {
                        new->fsuid = kuid;
                        if (security_task_fix_setuid(new, old, LSM_SETID_FS) == 0)
@@ -783,7 +783,7 @@ SYSCALL_DEFINE1(setfsgid, gid_t, gid)
 
        if (gid_eq(kgid, old->gid)  || gid_eq(kgid, old->egid)  ||
            gid_eq(kgid, old->sgid) || gid_eq(kgid, old->fsgid) ||
-           nsown_capable(CAP_SETGID)) {
+           ns_capable(old->user_ns, CAP_SETGID)) {
                if (!gid_eq(kgid, old->fsgid)) {
                        new->fsgid = kgid;
                        goto change_okay;
index f6c83d7ef0006fffe3cc9811b736c513c1b8f6f1..602e5bbbceff51ef47d4a22d2e3a51e34a88cfd5 100644 (file)
@@ -176,7 +176,7 @@ SYSCALL_DEFINE2(setgroups16, int, gidsetsize, old_gid_t __user *, grouplist)
        struct group_info *group_info;
        int retval;
 
-       if (!nsown_capable(CAP_SETGID))
+       if (!ns_capable(current_user_ns(), CAP_SETGID))
                return -EPERM;
        if ((unsigned)gidsetsize > NGROUPS_MAX)
                return -EINVAL;
index 2fc8576efaa8e7a5201d9334f6fb8452cc14226a..fd393124e507f15f6d366a0f41e4808b81c64934 100644 (file)
@@ -114,7 +114,7 @@ static int utsns_install(struct nsproxy *nsproxy, void *new)
        struct uts_namespace *ns = new;
 
        if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN) ||
-           !nsown_capable(CAP_SYS_ADMIN))
+           !ns_capable(current_user_ns(), CAP_SYS_ADMIN))
                return -EPERM;
 
        get_uts_ns(ns);
index f976520367542a5fdfc9e609e16a5a696dd767ad..81d3a9a084536541867afe9350602c0c73253006 100644 (file)
@@ -651,7 +651,7 @@ static int netns_install(struct nsproxy *nsproxy, void *ns)
        struct net *net = ns;
 
        if (!ns_capable(net->user_ns, CAP_SYS_ADMIN) ||
-           !nsown_capable(CAP_SYS_ADMIN))
+           !ns_capable(current_user_ns(), CAP_SYS_ADMIN))
                return -EPERM;
 
        put_net(nsproxy->net_ns);
index 03795d0147f2995e09495c98dcf3c94cb3d5511f..c346f58d97c28cc43bda5dbdd836959585f9bee3 100644 (file)
@@ -56,9 +56,9 @@ static __inline__ int scm_check_creds(struct ucred *creds)
        if ((creds->pid == task_tgid_vnr(current) ||
             ns_capable(current->nsproxy->pid_ns->user_ns, CAP_SYS_ADMIN)) &&
            ((uid_eq(uid, cred->uid)   || uid_eq(uid, cred->euid) ||
-             uid_eq(uid, cred->suid)) || nsown_capable(CAP_SETUID)) &&
+             uid_eq(uid, cred->suid)) || ns_capable(cred->user_ns, CAP_SETUID)) &&
            ((gid_eq(gid, cred->gid)   || gid_eq(gid, cred->egid) ||
-             gid_eq(gid, cred->sgid)) || nsown_capable(CAP_SETGID))) {
+             gid_eq(gid, cred->sgid)) || ns_capable(cred->user_ns, CAP_SETGID))) {
               return 0;
        }
        return -EPERM;