From patchwork Fri Aug  5 03:22:10 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Dmitry Torokhov <dmitry.torokhov@gmail.com>
X-Patchwork-Id: 656018
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming@ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 3s5BvH0ZVHz9t1G
	for <patchwork-incoming@ozlabs.org>;
	Fri,  5 Aug 2016 13:22:35 +1000 (AEST)
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com header.b=fiCgj05D;
	dkim-atps=neutral
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S933622AbcHEDWR (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);
	Thu, 4 Aug 2016 23:22:17 -0400
Received: from mail-pa0-f66.google.com ([209.85.220.66]:36785 "EHLO
	mail-pa0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S932365AbcHEDWO (ORCPT
	<rfc822;netdev@vger.kernel.org>); Thu, 4 Aug 2016 23:22:14 -0400
Received: by mail-pa0-f66.google.com with SMTP id ez1so18529634pab.3;
	Thu, 04 Aug 2016 20:22:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20120113;
	h=date:from:to:cc:subject:message-id:mime-version:content-disposition
	:user-agent; bh=c6paVc8P9bNVvxcUaaIA48U+ZdJWbn6uoLZm4JVohAg=;
	b=fiCgj05Dxn8iWpKIeRJ99Bmvid0yy6VUhQsFaIJT6QAGufndeFhKXubIWXRt01l78W
	5EGtu2xf0/1qZU7axfXPYkRBxQmLc3c18hPqxv140sNB9fDR27aRPO4T+bRvuw6o9Aem
	JGe/r1T7pCnDO7N9DZ0yMe1uow3Xpn0NvbheFFskyc4Wa0HetuhCxxJicXuAoMrsNST/
	2Ymv/Q3VyrHBfcX89O++l25H4wiuciRw/XqjI6c9JIwmwgrUfre1Sn9sOo3LY7jW4FZJ
	48jqfuL2ghmM7VuKkW3+TxoaPo4qT/HjlTz+E2jMDLKbb+tud2LFNDaOLKdfvNEwLReO
	PV1w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version
	:content-disposition:user-agent;
	bh=c6paVc8P9bNVvxcUaaIA48U+ZdJWbn6uoLZm4JVohAg=;
	b=iRGzrHwEpecCH1VDvSNExmgF/PbthZTK2kpt7K55a1U52VTsquCR/SVo5PXiHxbGcG
	/UgiZmuCbSIk54DxCFLzp2dYTf4YRByJR51rXhYK08f5ElgmH6VZAD5IIbD7rJa9uNLr
	OE4pxm3rQQpiU6Hpfp3Yj7CG5Ohb5vAaM+SiXK+Y1fA/HJfta3ktdn344xBJzAqMbEZs
	HeTmW4b/aGDp5k3zb5U1yukjCejAHK8HF063u4kKny2a0Euz8Wn/ObF2zRfcREddd36r
	6sz5RYW+3AyfU9Q+kuvfx5D0f2JHMATvU3HGAOJgJPPNDNKknUqPotUW8nighQ7qDPR7
	wZNg==
X-Gm-Message-State: 
 AEkoouvWH40b55KsR44bLp4BcRRo+s2ysEN1M0S1sgshipKBt9Jlt7WwbQh5J/BSlAxSKA==
X-Received: by 10.66.0.231 with SMTP id 7mr61883373pah.118.1470367334021;
	Thu, 04 Aug 2016 20:22:14 -0700 (PDT)
Received: from dtor-ws ([2620:0:1000:1311:293f:6c21:26ed:ef6a])
	by smtp.gmail.com with ESMTPSA id
	b90sm23466343pfc.29.2016.08.04.20.22.12
	(version=TLS1_2 cipher=AES128-SHA bits=128/128);
	Thu, 04 Aug 2016 20:22:12 -0700 (PDT)
Date: Thu, 4 Aug 2016 20:22:10 -0700
From: Dmitry Torokhov <dmitry.torokhov@gmail.com>
To: linux-kernel@vger.kernel.org
Cc: "David S. Miller" <davem@davemloft.net>,
	Andrew Morton <akpm@linux-foundation.org>,
	"Eric W. Biederman" <ebiederm@xmission.com>,
	Al Viro <viro@zeniv.linux.org.uk>, netdev@vger.kernel.org
Subject: [PATCH] proc: make proc entries inherit ownership from parent
Message-ID: <20160805032210.GA27480@dtor-ws>
MIME-Version: 1.0
Content-Disposition: inline
User-Agent: Mutt/1.5.21 (2010-09-15)
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

There are certain parameters that belong to net namespace and that are
exported in /proc. They should be controllable by the container's owner,
but are currently owned by global root and thus not available.

Let's change proc code to inherit ownership of parent entry, and when
create per-ns "net" proc entry set it up as owned by container's owner.

Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
---
 fs/proc/generic.c  |  2 ++
 fs/proc/proc_net.c | 13 +++++++++++++
 2 files changed, 15 insertions(+)

diff --git a/fs/proc/generic.c b/fs/proc/generic.c
index c633476..bca66d8 100644
--- a/fs/proc/generic.c
+++ b/fs/proc/generic.c
@@ -390,6 +390,8 @@ static struct proc_dir_entry *__proc_create(struct proc_dir_entry **parent,
 	atomic_set(&ent->count, 1);
 	spin_lock_init(&ent->pde_unload_lock);
 	INIT_LIST_HEAD(&ent->pde_openers);
+	proc_set_user(ent, (*parent)->uid, (*parent)->gid);
+
 out:
 	return ent;
 }
diff --git a/fs/proc/proc_net.c b/fs/proc/proc_net.c
index c8bbc68..d701738 100644
--- a/fs/proc/proc_net.c
+++ b/fs/proc/proc_net.c
@@ -21,6 +21,7 @@
 #include <linux/bitops.h>
 #include <linux/mount.h>
 #include <linux/nsproxy.h>
+#include <linux/uidgid.h>
 #include <net/net_namespace.h>
 #include <linux/seq_file.h>
 
@@ -185,6 +186,8 @@ const struct file_operations proc_net_operations = {
 static __net_init int proc_net_ns_init(struct net *net)
 {
 	struct proc_dir_entry *netd, *net_statd;
+	kuid_t uid;
+	kgid_t gid;
 	int err;
 
 	err = -ENOMEM;
@@ -199,6 +202,16 @@ static __net_init int proc_net_ns_init(struct net *net)
 	netd->parent = &proc_root;
 	memcpy(netd->name, "net", 4);
 
+	uid = make_kuid(net->user_ns, 0);
+	if (!uid_valid(uid))
+		uid = GLOBAL_ROOT_UID;
+
+	gid = make_kgid(net->user_ns, 0);
+	if (!gid_valid(gid))
+		gid = GLOBAL_ROOT_GID;
+
+	proc_set_user(netd, uid, gid);
+
 	err = -EEXIST;
 	net_statd = proc_net_mkdir(net, "stat", netd);
 	if (!net_statd)