[PATCH RFC] User namespaces: general cleanups

Mon Oct 13 14:41:08 PDT 2008

Quoting Serge E. Hallyn (serue at us.ibm.com):
> Quoting David Howells (dhowells at redhat.com):
> > Serge E. Hallyn <serue at us.ibm.com> wrote:
> > 
> > > +		new->uid = new->euid = new->suid = new->fsuid = 0;
> > > +		new->gid = new->egid = new->sgid = new->fsgid = 0;
> > 
> > Should the supplementary groups be zapped too?  Do the GIDs therein still have
> > meaning in the new user namespace?
> > 
> > Note also that eCryptFS is broken by your patch. 
> > 
> > I suggest adding the attached incremental patch.  It makes the following
> > changes:
> > 
> >  (1) Provides a current_user_ns() macro to wrap accesses to current's user
> >      namespace.
> > 
> >  (2) Fixes eCryptFS.
> > 
> >  (3) Renames create_new_userns() to create_user_ns() to be more consistent
> >      with the other associated functions and because the 'new' in the name is
> >      superfluous.
> > 
> >  (4) Moves the argument and permission checks made for CLONE_NEWUSER to the
> >      beginning of do_fork() so that they're done prior to making any attempts
> >      at allocation.
> > 
> >  (5) Calls create_user_ns() after prepare_creds(), and gives it the new creds
> >      to fill in rather than have it return the new root user.  I don't imagine
> >      the new root user being used for anything other than filling in a cred
> >      struct.
> > 
> >      This also permits me to get rid of a get_uid() and a free_uid(), as the
> >      reference the creds were holding on the old user_struct can just be
> >      transferred to the new namespace's creator pointer.
> > 
> >  (6) Makes create_user_ns() reset the UIDs and GIDs of the creds under
> >      preparation rather than doing it in copy_creds().
> 
> Hmm, with this patch, with CONFIG_KEYS=y users in child user_namespaces
> never get freed.  Ones in the init_user_ns do, and with CONFIG_KEYS=n,
> those in child user_namespaces do as well.
> 
> I don't see anything obvious in copy_creds() that would cause this...

Ok, actually I was mis-interpreting through inconsistent testing.  User
namespaces have nothing to do with it.

With the following patch applied to the base next-creds-subsys branch,
you can track that if you login as root, then do 'su hallyn', where
hallyn is uid 500, then uid 500 gets allocated twice.  So free is never
called on it.

I assume the problem is somewhere in kernel/sys.c and kernel/cred.c, but
haven't quite figured it out yet.

-serge