[PATCH 07/44] kdbus: Fix comment on translation of caps between namespaces

From: Sergei Zviagintsev
Date: Thu Oct 08 2015 - 07:32:49 EST

Next message: Sergei Zviagintsev: "[PATCH 08/44] kdbus: Rename var in kdbus_meta_export_caps()"
Previous message: Sergei Zviagintsev: "[PATCH 05/44] kdbus: Add comment on merging free pool slices"
In reply to: Sergei Zviagintsev: "Re: [PATCH 05/44] kdbus: Add comment on merging free pool slices"
Next in thread: Sergei Zviagintsev: "[PATCH 08/44] kdbus: Rename var in kdbus_meta_export_caps()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Update the comment to keep it in sync with the algorithm. The current
one lacks words on that in order to have all capabilities in the owned
user namespace the process must stay in the parent of that namespace.
Also (obvious, but should be mentioned for completeness) the mask is
copied verbatim if the process is a member of the given userns.

Signed-off-by: Sergei Zviagintsev <sergei@xxxxxxxx>
---
ipc/kdbus/metadata.c | 24 +++++++++++++++---------
1 file changed, 15 insertions(+), 9 deletions(-)

diff --git a/ipc/kdbus/metadata.c b/ipc/kdbus/metadata.c
index 71ca475a80d5..4ff4b99a40e0 100644
--- a/ipc/kdbus/metadata.c
+++ b/ipc/kdbus/metadata.c
@@ -730,15 +730,21 @@ static void kdbus_meta_export_caps(struct kdbus_meta_caps *out,

/*
* This translates the effective capabilities of 'cred' into the given
- * user-namespace. If the given user-namespace is a child-namespace of
- * the user-namespace of 'cred', the mask can be copied verbatim. If
- * not, the mask is cleared.
- * There's one exception: If 'cred' is the owner of any user-namespace
- * in the path between the given user-namespace and the user-namespace
- * of 'cred', then it has all effective capabilities set. This means,
- * the user who created a user-namespace always has all effective
- * capabilities in any child namespaces. Note that this is based on the
- * uid of the namespace creator, not the task hierarchy.
+ * user namespace according to the following rules:
+ *
+ * - If 'cred' is a member of the given user namespace or any of its
+ * parent user namespaces, the mask is copied verbatim. That is, if
+ * a process has a capability in a user namespace, then it has it in
+ * all child user namespaces too.
+ *
+ * - If the effective UID of 'cred' matches the owner of the given user
+ * namespace or any of its parent user namespaces and 'cred' itself
+ * resides in the parent of that user namespace which it owns, then
+ * it has all effective capabilities set. This means that the user
+ * who created a user namespace always has all effective capabilities
+ * in all child namespaces while staying in the parent of the user
+ * namespace which it owns. Note that this is based on the UID of the
+ * namespace creator, not the task hierarchy.
*/
for (iter = user_ns; iter; iter = iter->parent) {
if (iter == cred->user_ns) {
--
1.8.3.1

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Sergei Zviagintsev: "[PATCH 08/44] kdbus: Rename var in kdbus_meta_export_caps()"
Previous message: Sergei Zviagintsev: "[PATCH 05/44] kdbus: Add comment on merging free pool slices"
In reply to: Sergei Zviagintsev: "Re: [PATCH 05/44] kdbus: Add comment on merging free pool slices"
Next in thread: Sergei Zviagintsev: "[PATCH 08/44] kdbus: Rename var in kdbus_meta_export_caps()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]