Skip to content

Commit

Permalink
prctl: Allow local CAP_SYS_ADMIN changing exe_file
Browse files Browse the repository at this point in the history
During checkpointing and restore of userspace tasks
we bumped into the situation, that it's not possible
to restore the tasks, which user namespace does not
have uid 0 or gid 0 mapped.

People create user namespace mappings like they want,
and there is no a limitation on obligatory uid and gid
"must be mapped". So, if there is no uid 0 or gid 0
in the mapping, it's impossible to restore mm->exe_file
of the processes belonging to this user namespace.

Also, there is no a workaround. It's impossible
to create a temporary uid/gid mapping, because
only one write to /proc/[pid]/uid_map and gid_map
is allowed during a namespace lifetime.
If there is an entry, then no more mapings can't be
written. If there isn't an entry, we can't write
there too, otherwise user task won't be able
to do that in the future.

The patch changes the check, and looks for CAP_SYS_ADMIN
instead of zero uid and gid. This allows to restore
a task independently of its user namespace mappings.

Signed-off-by: Kirill Tkhai <[email protected]>
CC: Andrew Morton <[email protected]>
CC: Serge Hallyn <[email protected]>
CC: "Eric W. Biederman" <[email protected]>
CC: Oleg Nesterov <[email protected]>
CC: Michal Hocko <[email protected]>
CC: Andrei Vagin <[email protected]>
CC: Cyrill Gorcunov <[email protected]>
CC: Stanislav Kinsburskiy <[email protected]>
CC: Pavel Tikhomirov <[email protected]>
Reviewed-by: Cyrill Gorcunov <[email protected]>
Signed-off-by: Eric W. Biederman <[email protected]>
  • Loading branch information
Kirill Tkhai authored and ebiederm committed Jul 20, 2017
1 parent 64db4c7 commit 4d28df6
Showing 1 changed file with 2 additions and 6 deletions.
8 changes: 2 additions & 6 deletions kernel/sys.c
Original file line number Diff line number Diff line change
Expand Up @@ -1896,15 +1896,11 @@ static int validate_prctl_map(struct prctl_mm_map *prctl_map)

/*
* Finally, make sure the caller has the rights to
* change /proc/pid/exe link: only local root should
* change /proc/pid/exe link: only local sys admin should
* be allowed to.
*/
if (prctl_map->exe_fd != (u32)-1) {
struct user_namespace *ns = current_user_ns();
const struct cred *cred = current_cred();

if (!uid_eq(cred->uid, make_kuid(ns, 0)) ||
!gid_eq(cred->gid, make_kgid(ns, 0)))
if (!ns_capable(current_user_ns(), CAP_SYS_ADMIN))
goto out;
}

Expand Down

0 comments on commit 4d28df6

Please sign in to comment.