)]}' { "log": [ { "commit": "22d917d80e842829d0ca0a561967d728eb1d6303", "tree": "b01e0566e136d3004fa9198e4cb1969fc6feff6c", "parents": [ "783291e6900292521a3895583785e0c04a56c5b3" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Thu Nov 17 00:11:58 2011 -0800" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Thu Apr 26 02:01:39 2012 -0700" }, "message": "userns: Rework the user_namespace adding uid/gid mapping support\n\n- Convert the old uid mapping functions into compatibility wrappers\n- Add a uid/gid mapping layer from user space uid and gids to kernel\n internal uids and gids that is extent based for simplicty and speed.\n * Working with number space after mapping uids/gids into their kernel\n internal version adds only mapping complexity over what we have today,\n leaving the kernel code easy to understand and test.\n- Add proc files /proc/self/uid_map /proc/self/gid_map\n These files display the mapping and allow a mapping to be added\n if a mapping does not exist.\n- Allow entering the user namespace without a uid or gid mapping.\n Since we are starting with an existing user our uids and gids\n still have global mappings so are still valid and useful they just don\u0027t\n have local mappings. The requirement for things to work are global uid\n and gid so it is odd but perfectly fine not to have a local uid\n and gid mapping.\n Not requiring global uid and gid mappings greatly simplifies\n the logic of setting up the uid and gid mappings by allowing\n the mappings to be set after the namespace is created which makes the\n slight weirdness worth it.\n- Make the mappings in the initial user namespace to the global\n uid/gid space explicit. Today it is an identity mapping\n but in the future we may want to twist this for debugging, similar\n to what we do with jiffies.\n- Document the memory ordering requirements of setting the uid and\n gid mappings. We only allow the mappings to be set once\n and there are no pointers involved so the requirments are\n trivial but a little atypical.\n\nPerformance:\n\nIn this scheme for the permission checks the performance is expected to\nstay the same as the actuall machine instructions should remain the same.\n\nThe worst case I could think of is ls -l on a large directory where\nall of the stat results need to be translated with from kuids and\nkgids to uids and gids. So I benchmarked that case on my laptop\nwith a dual core hyperthread Intel i5-2520M cpu with 3M of cpu cache.\n\nMy benchmark consisted of going to single user mode where nothing else\nwas running. On an ext4 filesystem opening 1,000,000 files and looping\nthrough all of the files 1000 times and calling fstat on the\nindividuals files. This was to ensure I was benchmarking stat times\nwhere the inodes were in the kernels cache, but the inode values were\nnot in the processors cache. My results:\n\nv3.4-rc1: ~\u003d 156ns (unmodified v3.4-rc1 with user namespace support disabled)\nv3.4-rc1-userns-: ~\u003d 155ns (v3.4-rc1 with my user namespace patches and user namespace support disabled)\nv3.4-rc1-userns+: ~\u003d 164ns (v3.4-rc1 with my user namespace patches and user namespace support enabled)\n\nAll of the configurations ran in roughly 120ns when I performed tests\nthat ran in the cpu cache.\n\nSo in summary the performance impact is:\n1ns improvement in the worst case with user namespace support compiled out.\n8ns aka 5% slowdown in the worst case with user namespace support compiled in.\n\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\n" }, { "commit": "5673a94c14574d7c6495c320c6b0e480673d54bd", "tree": "bb715a6551732475aaa6870f08da8d49529ee82d", "parents": [ "7a4e7408c5cadb240e068a662251754a562355e3" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Thu Nov 17 10:23:55 2011 -0800" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Sat Apr 07 17:11:01 2012 -0700" }, "message": "userns: Add a Kconfig option to enforce strict kuid and kgid type checks\n\nMake it possible to easily switch between strong mandatory\ntype checks and relaxed type checks so that the code can\neasily be tested with the type checks and then built\nwith the strong type checks disabled so the resulting\ncode can be used.\n\nRequire strong mandatory type checks when enabling the user namespace.\nIt is very simple to make a typo and use the wrong type allowing\nconversions to/from userspace values to be bypassed by accident,\nthe strong type checks prevent this.\n\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\n" }, { "commit": "7a4e7408c5cadb240e068a662251754a562355e3", "tree": "349f10e0aa1d590ece86deabf4f3025035b2fbde", "parents": [ "1a48e2ac034d47ed843081c4523b63c46b46888b" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Mon Nov 14 14:29:51 2011 -0800" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Sat Apr 07 17:09:52 2012 -0700" }, "message": "userns: Add kuid_t and kgid_t and associated infrastructure in uidgid.h\n\nStart distinguishing between internal kernel uids and gids and\nvalues that userspace can use. This is done by introducing two\nnew types: kuid_t and kgid_t. These types and their associated\nfunctions are infrastructure are declared in the new header\nuidgid.h.\n\nUltimately there will be a different implementation of the mapping\nfunctions for use with user namespaces. But to keep it simple\nwe introduce the mapping functions first to separate the meat\nfrom the mechanical code conversions.\n\nExport overflowuid and overflowgid so we can use from_kuid_munged\nand from_kgid_munged in modular code.\n\nAcked-by: Serge Hallyn \u003cserge.hallyn@canonical.com\u003e\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\n" } ] }