Keyrings, user namespaces and the user_struct

Eric W. Biederman ebiederm at xmission.com
Wed Oct 26 06:48:59 UTC 2016


ebiederm at xmission.com (Eric W. Biederman) writes:

> David Howells <dhowells at redhat.com> writes:
>
>> Andy Lutomirski <luto at amacapital.net> wrote:
>>
>>> ... Perhaps we could simply *remove* the concept of named keys and keyrings.
>>
>> See Linus's dictum about breaking userspace.
>>
>> The problem isn't named keys: keys have to be named - the description is how
>> they're looked up typically.  Further, non-keyring keys can't be looked up
>> directly by name - you have to search for them in a keyring.
>>
>> The issue here is named keyrings and keyctl_join_session_keyring().  It might
>> well have been a bad idea - though I've seen some people arguing for a single
>> session keyring shared across all a user's logins, in which case, we might
>> want this after all (or use the user-default session).
>>
>> One thing we perhaps do want to do, though, is restrict the names of keyrings
>> to the user_namespace in which the keyring was created.
>
> Grr...
>
> The first round of user namespace support had actually restricted the
> description lookup to a single user namespace.  Then I missed a detail
> and converted the code to it's current form.  Ooops!
>
> I think the answer for all of the issues raised in this conversation is
> to just make the keyring names and the keyring name lookup per user
> namespace.
>
> Maybe a few small additional tweaks to install_user_keyrings to notice
> if we have the user keyring from the wrong user namespace.
>
> Something like the untested patch below.

Ugh but that approach runs into the fact that the uid_keyring lives
in user_struct.

So in the short term it is probably better to use the uid in the initial
user namespace in install_user_keyrings.  Then in
keyctl_join_session_keyring look for names that start with _uid. and
_uid_ses. and change the strings to have the numbers in the initial user
namespace instead of the current user namespace.

That would be the smallest change we could make, that would result
in correct code.

Eric



More information about the Containers mailing list