Home
last modified time | relevance | path

Searched refs:user_ns (Results 1 – 25 of 168) sorted by relevance

1234567

/Linux-v5.4/kernel/
Dnsproxy.c61 struct task_struct *tsk, struct user_namespace *user_ns, in create_new_namespaces() argument
71 new_nsp->mnt_ns = copy_mnt_ns(flags, tsk->nsproxy->mnt_ns, user_ns, new_fs); in create_new_namespaces()
77 new_nsp->uts_ns = copy_utsname(flags, user_ns, tsk->nsproxy->uts_ns); in create_new_namespaces()
83 new_nsp->ipc_ns = copy_ipcs(flags, user_ns, tsk->nsproxy->ipc_ns); in create_new_namespaces()
90 copy_pid_ns(flags, user_ns, tsk->nsproxy->pid_ns_for_children); in create_new_namespaces()
96 new_nsp->cgroup_ns = copy_cgroup_ns(flags, user_ns, in create_new_namespaces()
103 new_nsp->net_ns = copy_net_ns(flags, user_ns, tsk->nsproxy->net_ns); in create_new_namespaces()
137 struct user_namespace *user_ns = task_cred_xxx(tsk, user_ns); in copy_namespaces() local
147 if (!ns_capable(user_ns, CAP_SYS_ADMIN)) in copy_namespaces()
161 new_ns = create_new_namespaces(flags, tsk, user_ns, tsk->fs); in copy_namespaces()
[all …]
Dutsname.c45 static struct uts_namespace *clone_uts_ns(struct user_namespace *user_ns, in clone_uts_ns() argument
53 ucounts = inc_uts_namespaces(user_ns); in clone_uts_ns()
71 ns->user_ns = get_user_ns(user_ns); in clone_uts_ns()
90 struct user_namespace *user_ns, struct uts_namespace *old_ns) in copy_utsname() argument
100 new_ns = clone_uts_ns(user_ns, old_ns); in copy_utsname()
112 put_user_ns(ns->user_ns); in free_uts_ns()
147 if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN) || in utsns_install()
159 return to_uts_ns(ns)->user_ns; in utsns_owner()
Duid16.c70 ruid = high2lowuid(from_kuid_munged(cred->user_ns, cred->uid)); in SYSCALL_DEFINE3()
71 euid = high2lowuid(from_kuid_munged(cred->user_ns, cred->euid)); in SYSCALL_DEFINE3()
72 suid = high2lowuid(from_kuid_munged(cred->user_ns, cred->suid)); in SYSCALL_DEFINE3()
93 rgid = high2lowgid(from_kgid_munged(cred->user_ns, cred->gid)); in SYSCALL_DEFINE3()
94 egid = high2lowgid(from_kgid_munged(cred->user_ns, cred->egid)); in SYSCALL_DEFINE3()
95 sgid = high2lowgid(from_kgid_munged(cred->user_ns, cred->sgid)); in SYSCALL_DEFINE3()
117 struct user_namespace *user_ns = current_user_ns(); in groups16_to_user() local
124 group = high2lowgid(from_kgid_munged(user_ns, kgid)); in groups16_to_user()
135 struct user_namespace *user_ns = current_user_ns(); in groups16_from_user() local
144 kgid = make_kgid(user_ns, low2highgid(group)); in groups16_from_user()
Dpid_namespace.c78 static struct pid_namespace *create_pid_namespace(struct user_namespace *user_ns, in create_pid_namespace() argument
87 if (!in_userns(parent_pid_ns->user_ns, user_ns)) in create_pid_namespace()
93 ucounts = inc_pid_namespaces(user_ns); in create_pid_namespace()
116 ns->user_ns = get_user_ns(user_ns); in create_pid_namespace()
137 put_user_ns(ns->user_ns); in delayed_free_pidns()
151 struct user_namespace *user_ns, struct pid_namespace *old_ns) in copy_pid_ns() argument
157 return create_pid_namespace(user_ns, old_ns); in copy_pid_ns()
274 if (write && !ns_capable(pid_ns->user_ns, CAP_SYS_ADMIN)) in pid_ns_ctl_handler()
388 if (!ns_capable(new->user_ns, CAP_SYS_ADMIN) || in pidns_install()
434 return to_pid_ns(ns)->user_ns; in pidns_owner()
Dgroups.c45 struct user_namespace *user_ns = current_user_ns(); in groups_to_user() local
51 gid = from_kgid_munged(user_ns, group_info->gid[i]); in groups_to_user()
62 struct user_namespace *user_ns = current_user_ns(); in groups_from_user() local
72 kgid = make_kgid(user_ns, gid); in groups_from_user()
179 struct user_namespace *user_ns = current_user_ns(); in may_setgroups() local
181 return ns_capable(user_ns, CAP_SETGID) && in may_setgroups()
182 userns_may_setgroups(user_ns); in may_setgroups()
Duser_namespace.c42 static void set_cred_user_ns(struct cred *cred, struct user_namespace *user_ns) in set_cred_user_ns() argument
58 cred->user_ns = user_ns; in set_cred_user_ns()
71 struct user_namespace *ns, *parent_ns = new->user_ns; in create_user_ns()
1242 struct user_namespace *user_ns; in userns_get() local
1245 user_ns = get_user_ns(__task_cred(task)->user_ns); in userns_get()
1248 return user_ns ? &user_ns->ns : NULL; in userns_get()
1258 struct user_namespace *user_ns = to_user_ns(ns); in userns_install() local
1264 if (user_ns == current_user_ns()) in userns_install()
1274 if (!ns_capable(user_ns, CAP_SYS_ADMIN)) in userns_install()
1281 put_user_ns(cred->user_ns); in userns_install()
[all …]
Dsys.c163 if (ns_capable(pcred->user_ns, CAP_SYS_NICE)) in set_one_prio_perm()
236 uid = make_kuid(cred->user_ns, who); in SYSCALL_DEFINE3()
304 uid = make_kuid(cred->user_ns, who); in SYSCALL_DEFINE2()
375 ns_capable(old->user_ns, CAP_SETGID)) in __sys_setregid()
384 ns_capable(old->user_ns, CAP_SETGID)) in __sys_setregid()
430 if (ns_capable(old->user_ns, CAP_SETGID)) in __sys_setgid()
519 !ns_capable_setid(old->user_ns, CAP_SETUID)) in __sys_setreuid()
528 !ns_capable_setid(old->user_ns, CAP_SETUID)) in __sys_setreuid()
587 if (ns_capable_setid(old->user_ns, CAP_SETUID)) { in __sys_setuid()
649 if (!ns_capable_setid(old->user_ns, CAP_SETUID)) { in __sys_setresuid()
[all …]
/Linux-v5.4/ipc/
Dnamespace.c32 static struct ipc_namespace *create_ipc_ns(struct user_namespace *user_ns, in create_ipc_ns() argument
40 ucounts = inc_ipc_namespaces(user_ns); in create_ipc_ns()
55 ns->user_ns = get_user_ns(user_ns); in create_ipc_ns()
69 put_user_ns(ns->user_ns); in create_ipc_ns()
80 struct user_namespace *user_ns, struct ipc_namespace *ns) in copy_ipcs() argument
84 return create_ipc_ns(user_ns, ns); in copy_ipcs()
125 put_user_ns(ns->user_ns); in free_ipc_ns()
183 if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN) || in ipcns_install()
196 return to_ipc_ns(ns)->user_ns; in ipcns_owner()
/Linux-v5.4/net/netfilter/
Dxt_owner.c32 (current_user_ns() != net->user_ns)) in owner_check()
37 kuid_t uid_min = make_kuid(net->user_ns, info->uid_min); in owner_check()
38 kuid_t uid_max = make_kuid(net->user_ns, info->uid_max); in owner_check()
49 kgid_t gid_min = make_kgid(net->user_ns, info->gid_min); in owner_check()
50 kgid_t gid_max = make_kgid(net->user_ns, info->gid_max); in owner_check()
85 kuid_t uid_min = make_kuid(net->user_ns, info->uid_min); in owner_mt()
86 kuid_t uid_max = make_kuid(net->user_ns, info->uid_max); in owner_mt()
95 kgid_t gid_min = make_kgid(net->user_ns, info->gid_min); in owner_mt()
96 kgid_t gid_max = make_kgid(net->user_ns, info->gid_max); in owner_mt()
/Linux-v5.4/kernel/cgroup/
Dnamespace.c44 put_user_ns(ns->user_ns); in free_cgroup_ns()
51 struct user_namespace *user_ns, in copy_cgroup_ns() argument
66 if (!ns_capable(user_ns, CAP_SYS_ADMIN)) in copy_cgroup_ns()
69 ucounts = inc_cgroup_namespaces(user_ns); in copy_cgroup_ns()
86 new_ns->user_ns = get_user_ns(user_ns); in copy_cgroup_ns()
103 !ns_capable(cgroup_ns->user_ns, CAP_SYS_ADMIN)) in cgroupns_install()
140 return to_cg_ns(ns)->user_ns; in cgroupns_owner()
/Linux-v5.4/fs/proc/
Droot.c88 struct user_namespace *user_ns) in proc_apply_options() argument
93 pid_ns->pid_gid = make_kgid(user_ns, ctx->gid); in proc_apply_options()
187 put_user_ns(fc->user_ns); in proc_init_fs_context()
188 fc->user_ns = get_user_ns(ctx->pid_ns->user_ns); in proc_init_fs_context()
311 if (fc->user_ns != ns->user_ns) { in pid_ns_prepare_proc()
312 put_user_ns(fc->user_ns); in pid_ns_prepare_proc()
313 fc->user_ns = get_user_ns(ns->user_ns); in pid_ns_prepare_proc()
Darray.c155 struct user_namespace *user_ns = seq_user_ns(m); in task_state() local
193 seq_put_decimal_ull(m, "\nUid:\t", from_kuid_munged(user_ns, cred->uid)); in task_state()
194 seq_put_decimal_ull(m, "\t", from_kuid_munged(user_ns, cred->euid)); in task_state()
195 seq_put_decimal_ull(m, "\t", from_kuid_munged(user_ns, cred->suid)); in task_state()
196 seq_put_decimal_ull(m, "\t", from_kuid_munged(user_ns, cred->fsuid)); in task_state()
197 seq_put_decimal_ull(m, "\nGid:\t", from_kgid_munged(user_ns, cred->gid)); in task_state()
198 seq_put_decimal_ull(m, "\t", from_kgid_munged(user_ns, cred->egid)); in task_state()
199 seq_put_decimal_ull(m, "\t", from_kgid_munged(user_ns, cred->sgid)); in task_state()
200 seq_put_decimal_ull(m, "\t", from_kgid_munged(user_ns, cred->fsgid)); in task_state()
207 from_kgid_munged(user_ns, group_info->gid[g])); in task_state()
/Linux-v5.4/net/bridge/
Dbr_ioctl.c89 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in add_del_if()
181 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in old_dev_ioctl()
188 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in old_dev_ioctl()
195 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in old_dev_ioctl()
202 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in old_dev_ioctl()
242 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in old_dev_ioctl()
250 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in old_dev_ioctl()
259 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in old_dev_ioctl()
273 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) in old_dev_ioctl()
336 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) in old_deviceless()
[all …]
/Linux-v5.4/security/keys/
Dproc.c66 struct user_namespace *user_ns = seq_user_ns(p); in key_serial_next() local
71 if (kuid_has_mapping(user_ns, key->user->uid)) in key_serial_next()
80 struct user_namespace *user_ns = seq_user_ns(p); in find_ge_key() local
103 if (kuid_has_mapping(user_ns, minkey->user->uid)) in find_ge_key()
250 static struct rb_node *__key_user_next(struct user_namespace *user_ns, struct rb_node *n) in __key_user_next() argument
254 if (kuid_has_mapping(user_ns, user->uid)) in __key_user_next()
261 static struct rb_node *key_user_next(struct user_namespace *user_ns, struct rb_node *n) in key_user_next() argument
263 return __key_user_next(user_ns, rb_next(n)); in key_user_next()
266 static struct rb_node *key_user_first(struct user_namespace *user_ns, struct rb_root *r) in key_user_first() argument
269 return __key_user_next(user_ns, n); in key_user_first()
Dprocess_keys.c38 static struct key *get_user_register(struct user_namespace *user_ns) in get_user_register() argument
40 struct key *reg_keyring = READ_ONCE(user_ns->user_keyring_register); in get_user_register()
45 down_write(&user_ns->keyring_sem); in get_user_register()
50 reg_keyring = user_ns->user_keyring_register; in get_user_register()
53 user_ns->owner, INVALID_GID, in get_user_register()
60 smp_store_release(&user_ns->user_keyring_register, in get_user_register()
64 up_write(&user_ns->keyring_sem); in get_user_register()
78 struct user_namespace *user_ns = current_user_ns(); in look_up_user_keyrings() local
82 uid_t uid = from_kuid(user_ns, cred->user->uid); in look_up_user_keyrings()
90 reg_keyring = get_user_register(user_ns); in look_up_user_keyrings()
[all …]
/Linux-v5.4/security/
Dcommoncap.c76 if (ns == cred->user_ns) in cap_capable()
83 if (ns->level <= cred->user_ns->level) in cap_capable()
90 if ((ns->parent == cred->user_ns) && uid_eq(ns->owner, cred->euid)) in cap_capable()
146 if (cred->user_ns == child_cred->user_ns && in cap_ptrace_access_check()
149 if (ns_capable(child_cred->user_ns, CAP_SYS_PTRACE)) in cap_ptrace_access_check()
178 if (cred->user_ns == child_cred->user_ns && in cap_ptrace_traceme()
181 if (has_ns_capability(parent, child_cred->user_ns, CAP_SYS_PTRACE)) in cap_ptrace_traceme()
223 if (cap_capable(current_cred(), current_cred()->user_ns, in cap_inh_is_capped()
822 root_uid = make_kuid(new->user_ns, 0); in cap_bprm_set_creds()
839 !ptracer_capable(current, new->user_ns))) { in cap_bprm_set_creds()
[all …]
/Linux-v5.4/include/linux/
Dutsname.h27 struct user_namespace *user_ns; member
40 struct user_namespace *user_ns, struct uts_namespace *old_ns);
59 struct user_namespace *user_ns, struct uts_namespace *old_ns) in copy_utsname() argument
Dpid_namespace.h41 struct user_namespace *user_ns; member
63 struct user_namespace *user_ns, struct pid_namespace *ns);
77 struct user_namespace *user_ns, struct pid_namespace *ns) in copy_pid_ns() argument
Dipc_namespace.h68 struct user_namespace *user_ns; member
124 struct user_namespace *user_ns, struct ipc_namespace *ns);
136 struct user_namespace *user_ns, struct ipc_namespace *ns) in copy_ipcs() argument
Dtsacct_kern.h14 extern void bacct_add_tsk(struct user_namespace *user_ns,
18 static inline void bacct_add_tsk(struct user_namespace *user_ns, in bacct_add_tsk() argument
Dposix_acl_xattr.h47 struct posix_acl *posix_acl_from_xattr(struct user_namespace *user_ns,
49 int posix_acl_to_xattr(struct user_namespace *user_ns,
/Linux-v5.4/fs/
Dposix_acl.c210 posix_acl_valid(struct user_namespace *user_ns, const struct posix_acl *acl) in posix_acl_valid() argument
230 if (!kuid_has_mapping(user_ns, pa->e_uid)) in posix_acl_valid()
245 if (!kgid_has_mapping(user_ns, pa->e_gid)) in posix_acl_valid()
707 struct user_namespace *user_ns = current_user_ns(); in posix_acl_fix_xattr_from_user() local
708 if (user_ns == &init_user_ns) in posix_acl_fix_xattr_from_user()
710 posix_acl_fix_xattr_userns(&init_user_ns, user_ns, value, size); in posix_acl_fix_xattr_from_user()
715 struct user_namespace *user_ns = current_user_ns(); in posix_acl_fix_xattr_to_user() local
716 if (user_ns == &init_user_ns) in posix_acl_fix_xattr_to_user()
718 posix_acl_fix_xattr_userns(user_ns, &init_user_ns, value, size); in posix_acl_fix_xattr_to_user()
725 posix_acl_from_xattr(struct user_namespace *user_ns, in posix_acl_from_xattr() argument
[all …]
/Linux-v5.4/fs/sysfs/
Dmount.c75 put_user_ns(fc->user_ns); in sysfs_init_fs_context()
76 fc->user_ns = get_user_ns(netns->user_ns); in sysfs_init_fs_context()
/Linux-v5.4/net/
Dsysctl_net.c48 if (ns_capable_noaudit(net->user_ns, CAP_NET_ADMIN)) { in net_ctl_permissions()
64 ns_root_uid = make_kuid(net->user_ns, 0); in net_ctl_set_ownership()
68 ns_root_gid = make_kgid(net->user_ns, 0); in net_ctl_set_ownership()
/Linux-v5.4/net/core/
Dscm.c48 kuid_t uid = make_kuid(cred->user_ns, creds->uid); in scm_check_creds()
49 kgid_t gid = make_kgid(cred->user_ns, creds->gid); in scm_check_creds()
55 ns_capable(task_active_pid_ns(current)->user_ns, CAP_SYS_ADMIN)) && in scm_check_creds()
57 uid_eq(uid, cred->suid)) || ns_capable(cred->user_ns, CAP_SETUID)) && in scm_check_creds()
59 gid_eq(gid, cred->sgid)) || ns_capable(cred->user_ns, CAP_SETGID))) { in scm_check_creds()

1234567