Line data    Source code

       1             : /* SPDX-License-Identifier: GPL-2.0 */
       2             : #ifndef _LINUX_USER_NAMESPACE_H
       3             : #define _LINUX_USER_NAMESPACE_H
       4             : 
       5             : #include <linux/kref.h>
       6             : #include <linux/nsproxy.h>
       7             : #include <linux/ns_common.h>
       8             : #include <linux/sched.h>
       9             : #include <linux/workqueue.h>
      10             : #include <linux/rwsem.h>
      11             : #include <linux/sysctl.h>
      12             : #include <linux/err.h>
      13             : 
      14             : #define UID_GID_MAP_MAX_BASE_EXTENTS 5
      15             : #define UID_GID_MAP_MAX_EXTENTS 340
      16             : 
      17             : struct uid_gid_extent {
      18             :         u32 first;
      19             :         u32 lower_first;
      20             :         u32 count;
      21             : };
      22             : 
      23             : struct uid_gid_map { /* 64 bytes -- 1 cache line */
      24             :         u32 nr_extents;
      25             :         union {
      26             :                 struct uid_gid_extent extent[UID_GID_MAP_MAX_BASE_EXTENTS];
      27             :                 struct {
      28             :                         struct uid_gid_extent *forward;
      29             :                         struct uid_gid_extent *reverse;
      30             :                 };
      31             :         };
      32             : };
      33             : 
      34             : #define USERNS_SETGROUPS_ALLOWED 1UL
      35             : 
      36             : #define USERNS_INIT_FLAGS USERNS_SETGROUPS_ALLOWED
      37             : 
      38             : struct ucounts;
      39             : 
      40             : enum ucount_type {
      41             :         UCOUNT_USER_NAMESPACES,
      42             :         UCOUNT_PID_NAMESPACES,
      43             :         UCOUNT_UTS_NAMESPACES,
      44             :         UCOUNT_IPC_NAMESPACES,
      45             :         UCOUNT_NET_NAMESPACES,
      46             :         UCOUNT_MNT_NAMESPACES,
      47             :         UCOUNT_CGROUP_NAMESPACES,
      48             :         UCOUNT_TIME_NAMESPACES,
      49             : #ifdef CONFIG_INOTIFY_USER
      50             :         UCOUNT_INOTIFY_INSTANCES,
      51             :         UCOUNT_INOTIFY_WATCHES,
      52             : #endif
      53             :         UCOUNT_COUNTS,
      54             : };
      55             : 
      56             : struct user_namespace {
      57             :         struct uid_gid_map      uid_map;
      58             :         struct uid_gid_map      gid_map;
      59             :         struct uid_gid_map      projid_map;
      60             :         struct user_namespace   *parent;
      61             :         int                     level;
      62             :         kuid_t                  owner;
      63             :         kgid_t                  group;
      64             :         struct ns_common        ns;
      65             :         unsigned long           flags;
      66             : 
      67             : #ifdef CONFIG_KEYS
      68             :         /* List of joinable keyrings in this namespace.  Modification access of
      69             :          * these pointers is controlled by keyring_sem.  Once
      70             :          * user_keyring_register is set, it won't be changed, so it can be
      71             :          * accessed directly with READ_ONCE().
      72             :          */
      73             :         struct list_head        keyring_name_list;
      74             :         struct key              *user_keyring_register;
      75             :         struct rw_semaphore     keyring_sem;
      76             : #endif
      77             : 
      78             :         /* Register of per-UID persistent keyrings for this namespace */
      79             : #ifdef CONFIG_PERSISTENT_KEYRINGS
      80             :         struct key              *persistent_keyring_register;
      81             : #endif
      82             :         struct work_struct      work;
      83             : #ifdef CONFIG_SYSCTL
      84             :         struct ctl_table_set    set;
      85             :         struct ctl_table_header *sysctls;
      86             : #endif
      87             :         struct ucounts          *ucounts;
      88             :         int ucount_max[UCOUNT_COUNTS];
      89             : } __randomize_layout;
      90             : 
      91             : struct ucounts {
      92             :         struct hlist_node node;
      93             :         struct user_namespace *ns;
      94             :         kuid_t uid;
      95             :         int count;
      96             :         atomic_t ucount[UCOUNT_COUNTS];
      97             : };
      98             : 
      99             : extern struct user_namespace init_user_ns;
     100             : 
     101             : bool setup_userns_sysctls(struct user_namespace *ns);
     102             : void retire_userns_sysctls(struct user_namespace *ns);
     103             : struct ucounts *inc_ucount(struct user_namespace *ns, kuid_t uid, enum ucount_type type);
     104             : void dec_ucount(struct ucounts *ucounts, enum ucount_type type);
     105             : 
     106             : #ifdef CONFIG_USER_NS
     107             : 
     108             : static inline struct user_namespace *get_user_ns(struct user_namespace *ns)
     109             : {
     110             :         if (ns)
     111             :                 refcount_inc(&ns->ns.count);
     112             :         return ns;
     113             : }
     114             : 
     115             : extern int create_user_ns(struct cred *new);
     116             : extern int unshare_userns(unsigned long unshare_flags, struct cred **new_cred);
     117             : extern void __put_user_ns(struct user_namespace *ns);
     118             : 
     119             : static inline void put_user_ns(struct user_namespace *ns)
     120             : {
     121             :         if (ns && refcount_dec_and_test(&ns->ns.count))
     122             :                 __put_user_ns(ns);
     123             : }
     124             : 
     125             : struct seq_operations;
     126             : extern const struct seq_operations proc_uid_seq_operations;
     127             : extern const struct seq_operations proc_gid_seq_operations;
     128             : extern const struct seq_operations proc_projid_seq_operations;
     129             : extern ssize_t proc_uid_map_write(struct file *, const char __user *, size_t, loff_t *);
     130             : extern ssize_t proc_gid_map_write(struct file *, const char __user *, size_t, loff_t *);
     131             : extern ssize_t proc_projid_map_write(struct file *, const char __user *, size_t, loff_t *);
     132             : extern ssize_t proc_setgroups_write(struct file *, const char __user *, size_t, loff_t *);
     133             : extern int proc_setgroups_show(struct seq_file *m, void *v);
     134             : extern bool userns_may_setgroups(const struct user_namespace *ns);
     135             : extern bool in_userns(const struct user_namespace *ancestor,
     136             :                        const struct user_namespace *child);
     137             : extern bool current_in_userns(const struct user_namespace *target_ns);
     138             : struct ns_common *ns_get_owner(struct ns_common *ns);
     139             : #else
     140             : 
     141        8517 : static inline struct user_namespace *get_user_ns(struct user_namespace *ns)
     142             : {
     143        8517 :         return &init_user_ns;
     144             : }
     145             : 
     146           0 : static inline int create_user_ns(struct cred *new)
     147             : {
     148           0 :         return -EINVAL;
     149             : }
     150             : 
     151          50 : static inline int unshare_userns(unsigned long unshare_flags,
     152             :                                  struct cred **new_cred)
     153             : {
     154          50 :         if (unshare_flags & CLONE_NEWUSER)
     155           0 :                 return -EINVAL;
     156             :         return 0;
     157             : }
     158             : 
     159        8327 : static inline void put_user_ns(struct user_namespace *ns)
     160             : {
     161        8327 : }
     162             : 
     163             : static inline bool userns_may_setgroups(const struct user_namespace *ns)
     164             : {
     165             :         return true;
     166             : }
     167             : 
     168             : static inline bool in_userns(const struct user_namespace *ancestor,
     169             :                              const struct user_namespace *child)
     170             : {
     171             :         return true;
     172             : }
     173             : 
     174        3461 : static inline bool current_in_userns(const struct user_namespace *target_ns)
     175             : {
     176        3461 :         return true;
     177             : }
     178             : 
     179           0 : static inline struct ns_common *ns_get_owner(struct ns_common *ns)
     180             : {
     181           0 :         return ERR_PTR(-EPERM);
     182             : }
     183             : #endif
     184             : 
     185             : #endif /* _LINUX_USER_H */