| /linux/kernel/ |
| H A D | utsname.c | 36 static struct uts_namespace *clone_uts_ns(struct user_namespace *user_ns, in clone_uts_ns() argument
44 ucounts = inc_uts_namespaces(user_ns); in clone_uts_ns()
60 ns->user_ns = get_user_ns(user_ns); in clone_uts_ns()
80 struct user_namespace *user_ns, struct uts_namespace *old_ns) in copy_utsname() argument
90 new_ns = clone_uts_ns(user_ns, old_ns); in copy_utsname()
100 put_user_ns(ns->user_ns); in free_uts_ns()
132 if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN) || in utsns_install()
133 !ns_capable(nsset->cred->user_ns, CAP_SYS_ADMIN)) in utsns_install()
144 return to_uts_ns(ns)->user_ns; in utsns_owner()
|
| H A D | uid16.c | 70 ruid = high2lowuid(from_kuid_munged(cred->user_ns, cred->uid)); in SYSCALL_DEFINE3()
71 euid = high2lowuid(from_kuid_munged(cred->user_ns, cred->euid)); in SYSCALL_DEFINE3()
72 suid = high2lowuid(from_kuid_munged(cred->user_ns, cred->suid)); in SYSCALL_DEFINE3()
93 rgid = high2lowgid(from_kgid_munged(cred->user_ns, cred->gid)); in SYSCALL_DEFINE3()
94 egid = high2lowgid(from_kgid_munged(cred->user_ns, cred->egid)); in SYSCALL_DEFINE3()
95 sgid = high2lowgid(from_kgid_munged(cred->user_ns, cred->sgid)); in SYSCALL_DEFINE3()
117 struct user_namespace *user_ns = current_user_ns(); in groups16_to_user() local
124 group = high2lowgid(from_kgid_munged(user_ns, kgid)); in groups16_to_user()
135 struct user_namespace *user_ns = current_user_ns(); in groups16_from_user() local
144 kgid = make_kgid(user_ns, low2highgid(group)); in groups16_from_user()
|
| H A D | groups.c | 40 struct user_namespace *user_ns = current_user_ns(); in groups_to_user() local
46 gid = from_kgid_munged(user_ns, group_info->gid[i]); in groups_to_user()
57 struct user_namespace *user_ns = current_user_ns(); in groups_from_user() local
67 kgid = make_kgid(user_ns, gid); in groups_from_user()
187 struct user_namespace *user_ns = current_user_ns(); in may_setgroups() local
189 return ns_capable_setid(user_ns, CAP_SETGID) && in may_setgroups()
190 userns_may_setgroups(user_ns); in may_setgroups()
|
| H A D | nstree.c | 214 struct user_namespace *user_ns; in __ns_tree_add_raw() local
217 user_ns = ops->owner(ns); in __ns_tree_add_raw()
218 if (user_ns) { in __ns_tree_add_raw()
219 struct ns_common *owner = &user_ns->ns; in __ns_tree_add_raw()
236 struct user_namespace *user_ns; in __ns_tree_remove() local
251 user_ns = ops->owner(ns); in __ns_tree_remove()
252 if (user_ns) { in __ns_tree_remove()
253 struct ns_common *owner = &user_ns->ns; in __ns_tree_remove()
409 struct user_namespace *user_ns; member
417 put_user_ns(kls->user_ns); in __free_klistns_free()
[all …]
|
| H A D | user_namespace.c | 44 static void set_cred_user_ns(struct cred *cred, struct user_namespace *user_ns) in set_cred_user_ns() argument
60 cred->user_ns = user_ns; in set_cred_user_ns()
85 struct user_namespace *ns, *parent_ns = new->user_ns; in create_user_ns()
895 const struct user_namespace *file_ns = file->f_cred->user_ns; in verify_root_map()
1329 struct user_namespace *user_ns; in userns_get() local
1332 user_ns = get_user_ns(__task_cred(task)->user_ns); in userns_get()
1335 return user_ns ? &user_ns->ns : NULL; in userns_get()
1345 struct user_namespace *user_ns = to_user_ns(ns); in userns_install() local
1351 if (user_ns == current_user_ns()) in userns_install()
1361 if (!ns_capable(user_ns, CAP_SYS_ADMIN)) in userns_install()
[all …]
|
| H A D | sys.c | 226 if (ns_capable(pcred->user_ns, CAP_SYS_NICE)) in set_one_prio_perm()
300 uid = make_kuid(cred->user_ns, who); in SYSCALL_DEFINE3()
368 uid = make_kuid(cred->user_ns, who); in SYSCALL_DEFINE2()
438 ns_capable_setid(old->user_ns, CAP_SETGID)) in __sys_setregid()
447 ns_capable_setid(old->user_ns, CAP_SETGID)) in __sys_setregid()
497 if (ns_capable_setid(old->user_ns, CAP_SETGID)) in __sys_setgid()
596 !ns_capable_setid(old->user_ns, CAP_SETUID)) in __sys_setreuid()
605 !ns_capable_setid(old->user_ns, CAP_SETUID)) in __sys_setreuid()
669 if (ns_capable_setid(old->user_ns, CAP_SETUID)) { in __sys_setuid()
746 !ns_capable_setid(old->user_ns, CAP_SETUID)) in __sys_setresuid()
[all …]
|
| /linux/kernel/cgroup/ |
| H A D | namespace.c | 41 put_user_ns(ns->user_ns); in free_cgroup_ns()
49 struct user_namespace *user_ns, in copy_cgroup_ns() argument
64 if (!ns_capable(user_ns, CAP_SYS_ADMIN)) in copy_cgroup_ns()
67 ucounts = inc_cgroup_namespaces(user_ns); in copy_cgroup_ns()
84 new_ns->user_ns = get_user_ns(user_ns); in copy_cgroup_ns()
97 if (!ns_capable(nsset->cred->user_ns, CAP_SYS_ADMIN) || in cgroupns_install()
98 !ns_capable(cgroup_ns->user_ns, CAP_SYS_ADMIN)) in cgroupns_install()
135 return to_cg_ns(ns)->user_ns; in cgroupns_owner()
|
| /linux/ipc/ |
| H A D | namespace.c | 39 static struct ipc_namespace *create_ipc_ns(struct user_namespace *user_ns, in create_ipc_ns() argument
48 ucounts = inc_ipc_namespaces(user_ns); in create_ipc_ns()
70 ns->user_ns = get_user_ns(user_ns); in create_ipc_ns()
101 put_user_ns(ns->user_ns); in create_ipc_ns()
112 struct user_namespace *user_ns, struct ipc_namespace *ns) in copy_ipcs() argument
116 return create_ipc_ns(user_ns, ns); in copy_ipcs()
165 put_user_ns(ns->user_ns); in free_ipc_ns()
237 if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN) || in ipcns_install()
238 !ns_capable(nsset->cred->user_ns, CAP_SYS_ADMIN)) in ipcns_install()
248 return to_ipc_ns(ns)->user_ns; in ipcns_owner()
|
| /linux/net/bridge/ |
| H A D | br_ioctl.c | 91 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in add_del_if()
219 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in br_dev_siocdevprivate()
226 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in br_dev_siocdevprivate()
233 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in br_dev_siocdevprivate()
240 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in br_dev_siocdevprivate()
280 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in br_dev_siocdevprivate()
287 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in br_dev_siocdevprivate()
296 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in br_dev_siocdevprivate()
310 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in br_dev_siocdevprivate()
379 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in old_deviceless()
[all …]
|
| /linux/security/keys/ |
| H A D | proc.c | 66 struct user_namespace *user_ns = seq_user_ns(p); in key_serial_next() local
71 if (kuid_has_mapping(user_ns, key->user->uid)) in key_serial_next()
80 struct user_namespace *user_ns = seq_user_ns(p); in find_ge_key() local
103 if (kuid_has_mapping(user_ns, minkey->user->uid)) in find_ge_key()
252 static struct rb_node *__key_user_next(struct user_namespace *user_ns, struct rb_node *n) in __key_user_next() argument
256 if (kuid_has_mapping(user_ns, user->uid)) in __key_user_next()
263 static struct rb_node *key_user_next(struct user_namespace *user_ns, struct rb_node *n) in key_user_next() argument
265 return __key_user_next(user_ns, rb_next(n)); in key_user_next()
268 static struct rb_node *key_user_first(struct user_namespace *user_ns, struct rb_root *r) in key_user_first() argument
271 return __key_user_next(user_ns, n); in key_user_first()
|
| H A D | process_keys.c | 38 static struct key *get_user_register(struct user_namespace *user_ns) in get_user_register() argument
40 struct key *reg_keyring = READ_ONCE(user_ns->user_keyring_register); in get_user_register()
45 down_write(&user_ns->keyring_sem); in get_user_register()
50 reg_keyring = user_ns->user_keyring_register; in get_user_register()
53 user_ns->owner, INVALID_GID, in get_user_register()
60 smp_store_release(&user_ns->user_keyring_register, in get_user_register()
64 up_write(&user_ns->keyring_sem); in get_user_register()
78 struct user_namespace *user_ns = current_user_ns(); in look_up_user_keyrings() local
82 uid_t uid = from_kuid(user_ns, cred->user->uid); in look_up_user_keyrings()
90 reg_keyring = get_user_register(user_ns); in look_up_user_keyrings()
[all …]
|
| /linux/fs/proc/ |
| H A D | root.c | 154 if (!ns_capable(target->user_ns, CAP_SYS_ADMIN)) { in proc_parse_pidns_param()
163 put_user_ns(fc->user_ns); in proc_parse_pidns_param()
164 fc->user_ns = get_user_ns(ctx->pid_ns->user_ns); in proc_parse_pidns_param()
228 struct user_namespace *user_ns) in proc_apply_options() argument
233 fs_info->pid_gid = make_kgid(user_ns, ctx->gid); in proc_apply_options()
339 put_user_ns(fc->user_ns); in proc_init_fs_context()
340 fc->user_ns = get_user_ns(ctx->pid_ns->user_ns); in proc_init_fs_context()
|
| /linux/security/ |
| H A D | commoncap.c | 127 const struct user_namespace *cred_ns = cred->user_ns; in cap_capable()
155 * If we are in the same or an ancestor user_ns and have all the target
157 * If we have the ptrace capability to the target user_ns, then ptrace
177 if (cred->user_ns == child_cred->user_ns && in cap_ptrace_access_check()
180 if (ns_capable(child_cred->user_ns, CAP_SYS_PTRACE)) in cap_ptrace_access_check()
192 * If parent is in the same or an ancestor user_ns and has all current's
194 * If parent has the ptrace capability to current's user_ns, then ptrace
209 if (cred->user_ns == child_cred->user_ns in cap_ptrace_traceme()
1028 struct user_namespace *user_ns = dentry->d_sb->s_user_ns; cap_inode_setxattr() local
1069 struct user_namespace *user_ns = dentry->d_sb->s_user_ns; cap_inode_removexattr() local
[all...] |
| /linux/include/linux/ |
| H A D | cgroup_namespace.h | 9 struct user_namespace *user_ns; member
26 struct user_namespace *user_ns,
47 copy_cgroup_ns(u64 flags, struct user_namespace *user_ns, in copy_cgroup_ns() argument
|
| H A D | uts_namespace.h | 13 struct user_namespace *user_ns; member
32 struct user_namespace *user_ns, struct uts_namespace *old_ns);
52 struct user_namespace *user_ns, struct uts_namespace *old_ns) in copy_utsname() argument
|
| H A D | ipc_namespace.h | 75 struct user_namespace *user_ns; member
138 struct user_namespace *user_ns, struct ipc_namespace *ns);
160 struct user_namespace *user_ns, struct ipc_namespace *ns) in copy_ipcs() argument
|
| H A D | tsacct_kern.h | 14 extern void bacct_add_tsk(struct user_namespace *user_ns,
18 static inline void bacct_add_tsk(struct user_namespace *user_ns, in bacct_add_tsk() argument
|
| /linux/fs/ |
| H A D | binfmt_misc.c | 184 const struct user_namespace *user_ns; in load_binfmt_misc() local
187 user_ns = current_user_ns(); in load_binfmt_misc()
188 while (user_ns) { in load_binfmt_misc()
190 misc = smp_load_acquire(&user_ns->binfmt_misc); in load_binfmt_misc()
194 user_ns = user_ns->parent; in load_binfmt_misc()
915 struct user_namespace *user_ns = sb->s_fs_info; in bm_put_super() local
918 put_user_ns(user_ns); in bm_put_super()
930 struct user_namespace *user_ns = sb->s_user_ns; in bm_fill_super() local
938 if (WARN_ON(user_ns != current_user_ns())) in bm_fill_super()
956 misc = user_ns->binfmt_misc; in bm_fill_super()
[all …]
|
| H A D | pidfs.c | 374 struct user_namespace *user_ns; in pidfd_info() local
448 user_ns = current_user_ns(); in pidfd_info()
449 kinfo.ruid = from_kuid_munged(user_ns, c->uid); in pidfd_info()
450 kinfo.rgid = from_kgid_munged(user_ns, c->gid); in pidfd_info()
451 kinfo.euid = from_kuid_munged(user_ns, c->euid); in pidfd_info()
452 kinfo.egid = from_kgid_munged(user_ns, c->egid); in pidfd_info()
453 kinfo.suid = from_kuid_munged(user_ns, c->suid); in pidfd_info()
454 kinfo.sgid = from_kgid_munged(user_ns, c->sgid); in pidfd_info()
455 kinfo.fsuid = from_kuid_munged(user_ns, c->fsuid); in pidfd_info()
456 kinfo.fsgid = from_kgid_munged(user_ns, c->fsgid); in pidfd_info()
[all …]
|
| H A D | nsfs.c | 216 struct user_namespace *user_ns; in ns_ioctl() local
244 user_ns = container_of(ns, struct user_namespace, ns); in ns_ioctl()
246 uid = from_kuid_munged(current_user_ns(), user_ns->owner); in ns_ioctl()
579 owning_ns = to_cg_ns(ns)->user_ns; in nsfs_fh_to_dentry()
585 owning_ns = to_ipc_ns(ns)->user_ns; in nsfs_fh_to_dentry()
590 owning_ns = to_mnt_ns(ns)->user_ns; in nsfs_fh_to_dentry()
595 owning_ns = to_net_ns(ns)->user_ns; in nsfs_fh_to_dentry()
601 owning_ns = to_pid_ns(ns)->user_ns; in nsfs_fh_to_dentry()
611 owning_ns = to_time_ns(ns)->user_ns; in nsfs_fh_to_dentry()
623 owning_ns = to_uts_ns(ns)->user_ns; in nsfs_fh_to_dentry()
|
| H A D | fhandle.c | 202 struct user_namespace *user_ns = current_user_ns(); in vfs_dentry_acceptable() local
219 if (!privileged_wrt_inode_uidgid(user_ns, idmap, d_inode(dentry))) in vfs_dentry_acceptable()
241 if (!privileged_wrt_inode_uidgid(user_ns, idmap, in vfs_dentry_acceptable()
323 ns_capable(real_mount(root->mnt)->mnt_ns->user_ns, in may_decode_fh()
|
| /linux/fs/sysfs/ |
| H A D | mount.c | 77 put_user_ns(fc->user_ns); in sysfs_init_fs_context()
78 fc->user_ns = get_user_ns(netns->user_ns); in sysfs_init_fs_context()
|
| /linux/net/ |
| H A D | sysctl_net.c | 48 if (ns_capable_noaudit(net->user_ns, CAP_NET_ADMIN)) { in net_ctl_permissions()
63 ns_root_uid = make_kuid(net->user_ns, 0); in net_ctl_set_ownership()
67 ns_root_gid = make_kgid(net->user_ns, 0); in net_ctl_set_ownership()
|
| /linux/fs/nfs/ |
| H A D | nfs4idmap.c | 73 struct user_namespace *user_ns; member
78 if (idmap && idmap->user_ns) in idmap_userns()
79 return idmap->user_ns; in idmap_userns()
290 if (!idmap->user_ns || idmap->user_ns == &init_user_ns) in nfs_idmap_request_key()
453 idmap->user_ns = get_user_ns(clp->cl_rpcclient->cl_cred->user_ns); in nfs_idmap_new()
477 put_user_ns(idmap->user_ns); in nfs_idmap_new()
494 put_user_ns(idmap->user_ns); in nfs_idmap_delete()
|
| /linux/net/core/ |
| H A D | net_namespace.c | 402 static __net_init int preinit_net(struct net *net, struct user_namespace *user_ns) in preinit_net() argument
416 net->user_ns = user_ns; in preinit_net()
550 struct user_namespace *user_ns, struct net *old_net) in copy_net_ns() argument
559 ucounts = inc_net_namespaces(user_ns); in copy_net_ns()
569 rv = preinit_net(net, user_ns); in copy_net_ns()
573 get_user_ns(user_ns); in copy_net_ns()
589 put_user_ns(user_ns); in copy_net_ns()
610 kuid_t ns_root_uid = make_kuid(net->user_ns, 0); in net_ns_get_ownership()
611 kgid_t ns_root_gid = make_kgid(net->user_ns, 0); in net_ns_get_ownership()
721 put_user_ns(net->user_ns); in cleanup_net()
[all …]
|