userns xt_recent: Specify the owner/group of ip_list_perms in the initial user namespace
xt_recent creates a bunch of proc files and initializes their uid and gids to the values of ip_list_uid and ip_list_gid. When initialize those proc files convert those values to kuids so they can continue to reside on the /proc inode. Cc: Pablo Neira Ayuso <pablo@netfilter.org> Cc: Patrick McHardy <kaber@trash.net> Cc: Jan Engelhardt <jengelh@medozas.de> Acked-by: David S. Miller <davem@davemloft.net> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
This commit is contained in:
parent
8c6e2a941a
commit
da7428080a
2 changed files with 11 additions and 3 deletions
|
@ -944,7 +944,6 @@ config UIDGID_CONVERTED
|
|||
# Networking
|
||||
depends on NET_9P = n
|
||||
depends on NETFILTER_XT_MATCH_OWNER = n
|
||||
depends on NETFILTER_XT_MATCH_RECENT = n
|
||||
depends on AF_RXRPC = n
|
||||
depends on NET_KEY = n
|
||||
depends on DNS_RESOLVER = n
|
||||
|
|
|
@ -317,6 +317,8 @@ static int recent_mt_check(const struct xt_mtchk_param *par,
|
|||
struct recent_table *t;
|
||||
#ifdef CONFIG_PROC_FS
|
||||
struct proc_dir_entry *pde;
|
||||
kuid_t uid;
|
||||
kgid_t gid;
|
||||
#endif
|
||||
unsigned int i;
|
||||
int ret = -EINVAL;
|
||||
|
@ -372,6 +374,13 @@ static int recent_mt_check(const struct xt_mtchk_param *par,
|
|||
for (i = 0; i < ip_list_hash_size; i++)
|
||||
INIT_LIST_HEAD(&t->iphash[i]);
|
||||
#ifdef CONFIG_PROC_FS
|
||||
uid = make_kuid(&init_user_ns, ip_list_uid);
|
||||
gid = make_kgid(&init_user_ns, ip_list_gid);
|
||||
if (!uid_valid(uid) || !gid_valid(gid)) {
|
||||
kfree(t);
|
||||
ret = -EINVAL;
|
||||
goto out;
|
||||
}
|
||||
pde = proc_create_data(t->name, ip_list_perms, recent_net->xt_recent,
|
||||
&recent_mt_fops, t);
|
||||
if (pde == NULL) {
|
||||
|
@ -379,8 +388,8 @@ static int recent_mt_check(const struct xt_mtchk_param *par,
|
|||
ret = -ENOMEM;
|
||||
goto out;
|
||||
}
|
||||
pde->uid = ip_list_uid;
|
||||
pde->gid = ip_list_gid;
|
||||
pde->uid = uid;
|
||||
pde->gid = gid;
|
||||
#endif
|
||||
spin_lock_bh(&recent_lock);
|
||||
list_add_tail(&t->list, &recent_net->tables);
|
||||
|
|
Loading…
Reference in a new issue