From patchwork Wed Aug 10 21:36:01 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Dmitry Torokhov <dmitry.torokhov@gmail.com>
X-Patchwork-Id: 657950
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming@ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 3s8ky13sDdz9s9G
	for <patchwork-incoming@ozlabs.org>;
	Thu, 11 Aug 2016 07:37:13 +1000 (AEST)
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com header.b=0LQOLWQC;
	dkim-atps=neutral
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S932346AbcHJVgz (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);
	Wed, 10 Aug 2016 17:36:55 -0400
Received: from mail-pa0-f68.google.com ([209.85.220.68]:35704 "EHLO
	mail-pa0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751097AbcHJVgH (ORCPT
	<rfc822;netdev@vger.kernel.org>); Wed, 10 Aug 2016 17:36:07 -0400
Received: by mail-pa0-f68.google.com with SMTP id cf3so3414076pad.2;
	Wed, 10 Aug 2016 14:36:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20120113;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=sFT2cZ7b5MAI8IVL5hzbC531qqAVA/6zC3Mtf5qDXEQ=;
	b=0LQOLWQCBo2dlxeqc3s+phdir/CVeYq1FQfhs5KRlRcrLn1C334WmDZs5aXPgDuN5H
	Kubji0bzDN33OndfKX2s9TMTwG4NZPkAS41JHneNzoBXSTHO2gyX4a6DWD1+rsvEwPNv
	iUE1FEPIEIGmRaOIUpwlt71gQQ/rD8pEN20A5NFEBEhCg9R3DEEj3UPRS+12KUV2v5Wj
	Bub63gRqs/RFlK5C+fpUML9H4nQP87xcWPAiFi0RzZPKH9GIGc0UMUKNV1xOYLHLlgEx
	xOk/9RgWo2WM0CGlpg8aa3eZan50kgSPFYR1/Cais56gIkxeKLm27+h1D9cff/vY1drB
	fgrA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=sFT2cZ7b5MAI8IVL5hzbC531qqAVA/6zC3Mtf5qDXEQ=;
	b=FitxWZrWzure4wVydMRi6k8+GZXcioXamQhEieXAyHSSTpAkhtgaJJPKGhxZ6BFK1q
	CWJ7Bx9Qq1mX7He4O1VqSnZuQ65ELWW0XDijl4gp7F/dp88oHTbp/AljeFbXZFS0noyK
	ngdxcsWZEYfCoaTrfMGWsXYC/MfzXPT/kfyPr5ySOz656pk2017sa/hOmXKqmM1xyMWa
	x0p+UXmnPvxBtv1now3XiSQdH7CkFM5uddE9dGNkmWKm9h9zsDQK34VRl9R13+ihhGH4
	+Bpvr6neXJL2MXEqVySvQarrkWcMt1ZAu2GOOpMk4JRyZIWSOZ1ySGjR85D8ZLj10VZh
	Strw==
X-Gm-Message-State: 
 AEkoouvkZd7AVWiDJDzYN91D2WLj2F4h5lE7LTIJIeBqlYVUl/Kl2MLbVk59rH0A8UwjLA==
X-Received: by 10.66.159.131 with SMTP id xc3mr11087652pab.28.1470864966295;
	Wed, 10 Aug 2016 14:36:06 -0700 (PDT)
Received: from dtor-ws.mtv.corp.google.com ([172.22.152.21])
	by smtp.gmail.com with ESMTPSA id
	fj19sm66408660pab.37.2016.08.10.14.36.05
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Wed, 10 Aug 2016 14:36:05 -0700 (PDT)
From: Dmitry Torokhov <dmitry.torokhov@gmail.com>
To: "Eric W. Biederman" <ebiederm@xmission.com>,
	"David S. Miller" <davem@davemloft.net>
Cc: Al Viro <viro@zeniv.linux.org.uk>, linux-kernel@vger.kernel.org,
	netdev@vger.kernel.org
Subject: [PATCH v2 2/3] proc: make proc entries inherit ownership from parent
Date: Wed, 10 Aug 2016 14:36:01 -0700
Message-Id: <1470864962-25056-3-git-send-email-dmitry.torokhov@gmail.com>
X-Mailer: git-send-email 2.8.0.rc3.226.g39d4020
In-Reply-To: <1470864962-25056-1-git-send-email-dmitry.torokhov@gmail.com>
References: <1470864962-25056-1-git-send-email-dmitry.torokhov@gmail.com>
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

There are certain parameters that belong to net namespace and that are
exported in /proc. They should be controllable by the container's owner,
but are currently owned by global root and thus not available.

Let's change proc code to inherit ownership of parent entry, and when
create per-ns "net" proc entry set it up as owned by container's owner.

Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
---
 fs/proc/generic.c  |  2 ++
 fs/proc/proc_net.c | 13 +++++++++++++
 2 files changed, 15 insertions(+)

diff --git a/fs/proc/generic.c b/fs/proc/generic.c
index c633476..bca66d8 100644
--- a/fs/proc/generic.c
+++ b/fs/proc/generic.c
@@ -390,6 +390,8 @@ static struct proc_dir_entry *__proc_create(struct proc_dir_entry **parent,
 	atomic_set(&ent->count, 1);
 	spin_lock_init(&ent->pde_unload_lock);
 	INIT_LIST_HEAD(&ent->pde_openers);
+	proc_set_user(ent, (*parent)->uid, (*parent)->gid);
+
 out:
 	return ent;
 }
diff --git a/fs/proc/proc_net.c b/fs/proc/proc_net.c
index c8bbc68..7ae6b1d 100644
--- a/fs/proc/proc_net.c
+++ b/fs/proc/proc_net.c
@@ -21,6 +21,7 @@
 #include <linux/bitops.h>
 #include <linux/mount.h>
 #include <linux/nsproxy.h>
+#include <linux/uidgid.h>
 #include <net/net_namespace.h>
 #include <linux/seq_file.h>
 
@@ -185,6 +186,8 @@ const struct file_operations proc_net_operations = {
 static __net_init int proc_net_ns_init(struct net *net)
 {
 	struct proc_dir_entry *netd, *net_statd;
+	kuid_t uid;
+	kgid_t gid;
 	int err;
 
 	err = -ENOMEM;
@@ -199,6 +202,16 @@ static __net_init int proc_net_ns_init(struct net *net)
 	netd->parent = &proc_root;
 	memcpy(netd->name, "net", 4);
 
+	uid = make_kuid(net->user_ns, 0);
+	if (!uid_valid(uid))
+		uid = netd->uid;
+
+	gid = make_kgid(net->user_ns, 0);
+	if (!gid_valid(gid))
+		gid = netd->gid;
+
+	proc_set_user(netd, uid, gid);
+
 	err = -EEXIST;
 	net_statd = proc_net_mkdir(net, "stat", netd);
 	if (!net_statd)