[PATCH 07/24] task_diag: add a new group to get process credentials

[PATCH 0/24] kernel: add a netlink interface to get information about processes (v2) · Andrey Vagin <hidden> · 2015-07-06
[PATCH 02/24] kernel: add a netlink interface to get information about tasks (v2) · Andrey Vagin <hidden> · 2015-07-06
[PATCH 04/24] kernel: move next_tgid from fs/proc · Andrey Vagin <hidden> · 2015-07-06
[PATCH 03/24] kernel: make taskstats available from all net namespaces · Andrey Vagin <hidden> · 2015-07-06
[PATCH 05/24] task_diag: add ability to get information about all tasks · Andrey Vagin <hidden> · 2015-07-06
[PATCH 06/24] task_diag: add ability to split per-task data on a few netlink messages · Andrey Vagin <hidden> · 2015-07-06
[PATCH 09/24] proc: move task_next_child() from fs/proc · Andrey Vagin <hidden> · 2015-07-06
[PATCH 11/24] task_diag: add a new group to get task statistics · Andrey Vagin <hidden> · 2015-07-06
[PATCH 14/24] task_diag: add a marcos to enumirate memory mappings · Andrey Vagin <hidden> · 2015-07-06
[PATCH 13/24] task_diag: shows memory consumption for memory mappings (v2) · Andrey Vagin <hidden> · 2015-07-06
[PATCH 17/24] task_diag: add ability to dump theads · Andrey Vagin <hidden> · 2015-07-06
[PATCH 19/24] task_diag: Add option to dump all threads for all tasks · Andrey Vagin <hidden> · 2015-07-06
[PATCH 21/24] task diag: Add support for TGID attribute · Andrey Vagin <hidden> · 2015-07-06
[PATCH 24/24] task_diag: Enhance fork tool to spawn threads · Andrey Vagin <hidden> · 2015-07-06
[PATCH 23/24] selftest: check the task_diag functinonality · Andrey Vagin <hidden> · 2015-07-06
[PATCH 20/24] task_diag: Only add VMAs for thread_group leader · Andrey Vagin <hidden> · 2015-07-06
Re: [PATCH 20/24] task_diag: Only add VMAs for thread_group leader · Oleg Nesterov <oleg@redhat.com> · 2015-07-14
Re: [PATCH 20/24] task_diag: Only add VMAs for thread_group leader · David Ahern <hidden> · 2015-07-15
Re: [PATCH 20/24] task_diag: Only add VMAs for thread_group leader · Oleg Nesterov <oleg@redhat.com> · 2015-07-15
[PATCH 22/24] Documentation: add documentation for task_diag · Andrey Vagin <hidden> · 2015-07-06
[PATCH 18/24] task_diag: add ability to handle one task in a continious mode · Andrey Vagin <hidden> · 2015-07-06
[PATCH 12/24] task_diag: add a new group to get tasks memory mappings (v2) · Andrey Vagin <hidden> · 2015-07-06
Re: [PATCH 12/24] task_diag: add a new group to get tasks memory mappings (v2) · Oleg Nesterov <oleg@redhat.com> · 2015-07-14
Re: [PATCH 12/24] task_diag: add a new group to get tasks memory mappings (v2) · David Ahern <hidden> · 2015-07-15
[PATCH 16/24] proc: move first_tid and next_tid out of proc · Andrey Vagin <hidden> · 2015-07-06
[PATCH 15/24] proc: give task_struct instead of pid into first_tid · Andrey Vagin <hidden> · 2015-07-06
Re: [PATCH 15/24] proc: give task_struct instead of pid into first_tid · Oleg Nesterov <oleg@redhat.com> · 2015-07-14
[PATCH 10/24] task_diag: add ability to dump children (v2) · Andrey Vagin <hidden> · 2015-07-06
[PATCH 08/24] proc: pick out a function to iterate task children · Andrey Vagin <hidden> · 2015-07-06
Re: [PATCH 08/24] proc: pick out a function to iterate task children · Oleg Nesterov <oleg@redhat.com> · 2015-07-14
Re: [PATCH 08/24] proc: pick out a function to iterate task children · Andrew Vagin <hidden> · 2015-07-17
Re: [PATCH 08/24] proc: pick out a function to iterate task children · Oleg Nesterov <oleg@redhat.com> · 2015-07-18
[PATCH 07/24] task_diag: add a new group to get process credentials · Andrey Vagin <hidden> · 2015-07-06
[PATCH 01/24] kernel: define taststats commands in the one place · Andrey Vagin <hidden> · 2015-07-06
Re: [PATCH 0/24] kernel: add a netlink interface to get information about processes (v2) · Andy Lutomirski <luto@amacapital.net> · 2015-07-06
Re: [PATCH 0/24] kernel: add a netlink interface to get information about processes (v2) · Andrew Vagin <hidden> · 2015-07-07
Re: [PATCH 0/24] kernel: add a netlink interface to get information about processes (v2) · Andy Lutomirski <luto@amacapital.net> · 2015-07-07
Re: [PATCH 0/24] kernel: add a netlink interface to get information about processes (v2) · David Ahern <hidden> · 2015-07-07
Re: [PATCH 0/24] kernel: add a netlink interface to get information about processes (v2) · Andy Lutomirski <luto@amacapital.net> · 2015-07-07
Re: [PATCH 0/24] kernel: add a netlink interface to get information about processes (v2) · David Ahern <hidden> · 2015-07-07
Re: [PATCH 0/24] kernel: add a netlink interface to get information about processes (v2) · Andrew Vagin <hidden> · 2015-07-08
Re: [PATCH 0/24] kernel: add a netlink interface to get information about processes (v2) · Andy Lutomirski <luto@amacapital.net> · 2015-07-08
Re: [PATCH 0/24] kernel: add a netlink interface to get information about processes (v2) · Andrey Vagin <hidden> · 2015-07-08
Re: [PATCH 0/24] kernel: add a netlink interface to get information about processes (v2) · Andy Lutomirski <luto@amacapital.net> · 2015-07-08
Re: [PATCH 0/24] kernel: add a netlink interface to get information about processes (v2) · Arnaldo Carvalho de Melo <acme@kernel.org> · 2015-07-07
Re: [PATCH 0/24] kernel: add a netlink interface to get information about processes (v2) · Andy Lutomirski <luto@amacapital.net> · 2015-07-07
Re: [PATCH 0/24] kernel: add a netlink interface to get information about processes (v2) · David Ahern <hidden> · 2015-07-07
Re: [PATCH 0/24] kernel: add a netlink interface to get information about processes (v2) · Andrew Vagin <hidden> · 2015-11-24
Re: [PATCH 0/24] kernel: add a netlink interface to get information about processes (v2) · Andy Lutomirski <luto@amacapital.net> · 2015-12-03
Re: [PATCH 0/24] kernel: add a netlink interface to get information about processes (v2) · Arnd Bergmann <arnd@arndb.de> · 2015-12-03
Re: [PATCH 0/24] kernel: add a netlink interface to get information about processes (v2) · Andrew Vagin <hidden> · 2015-12-14
Re: [PATCH 0/24] kernel: add a netlink interface to get information about processes (v2) · Andrew Vagin <hidden> · 2015-12-14
Re: [PATCH 0/24] kernel: add a netlink interface to get information about processes (v2) · Andy Lutomirski <luto@amacapital.net> · 2015-12-14
Re: [PATCH 0/24] kernel: add a netlink interface to get information about processes (v2) · Andrew Vagin <hidden> · 2015-12-15
Re: [PATCH 0/24] kernel: add a netlink interface to get information about processes (v2) · Andy Lutomirski <luto@amacapital.net> · 2015-12-15

STALE3825d

From: Andrey Vagin <hidden>
Date: 2015-07-06 08:56:44
Also in: lkml
Subsystem: the rest · Maintainer: Linus Torvalds

A response is represented by the task_diag_creds structure:

struct task_diag_creds {
       struct task_diag_caps cap_inheritable;
       struct task_diag_caps cap_permitted;
       struct task_diag_caps cap_effective;
       struct task_diag_caps cap_bset;

       __u32 uid;
       __u32 euid;
       __u32 suid;
       __u32 fsuid;
       __u32 gid;
       __u32 egid;
       __u32 sgid;
       __u32 fsgid;
};

This group is optional and it's filled only if show_flags contains
TASK_DIAG_SHOW_CRED.

Signed-off-by: Andrey Vagin <redacted>
---
 include/uapi/linux/task_diag.h | 22 ++++++++++++++++++
 kernel/taskdiag.c              | 53 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 75 insertions(+)

diff --git a/include/uapi/linux/task_diag.h b/include/uapi/linux/task_diag.h
index 3a1e6c4..0e659d6 100644
--- a/include/uapi/linux/task_diag.h
+++ b/include/uapi/linux/task_diag.h

@@ -7,6 +7,7 @@
 enum {
 	/* optional attributes which can be specified in show_flags */
 	TASK_DIAG_BASE	= 0,
+	TASK_DIAG_CRED,
 
 	/* other attributes */
 	TASK_DIAG_PID	= 64,	/* u32 */

@@ -16,6 +17,7 @@ enum {
 };
 
 #define TASK_DIAG_SHOW_BASE	(1ULL << TASK_DIAG_BASE)
+#define TASK_DIAG_SHOW_CRED	(1ULL << TASK_DIAG_CRED)
 
 enum {
 	TASK_DIAG_RUNNING,

@@ -40,6 +42,26 @@ struct task_diag_base {
 	char	comm[TASK_DIAG_COMM_LEN];
 };
 
+struct task_diag_caps {
+	__u32 cap[_LINUX_CAPABILITY_U32S_3];
+};
+
+struct task_diag_creds {
+	struct task_diag_caps cap_inheritable;
+	struct task_diag_caps cap_permitted;
+	struct task_diag_caps cap_effective;
+	struct task_diag_caps cap_bset;
+
+	__u32 uid;
+	__u32 euid;
+	__u32 suid;
+	__u32 fsuid;
+	__u32 gid;
+	__u32 egid;
+	__u32 sgid;
+	__u32 fsgid;
+};
+
 #define TASK_DIAG_DUMP_ALL	0
 
 struct task_diag_pid {

diff --git a/kernel/taskdiag.c b/kernel/taskdiag.c
index 5771baf..5123e12 100644
--- a/kernel/taskdiag.c
+++ b/kernel/taskdiag.c

@@ -16,6 +16,9 @@ static size_t taskdiag_packet_size(u64 show_flags)
 	if (show_flags & TASK_DIAG_SHOW_BASE)
 		size += nla_total_size(sizeof(struct task_diag_base));
 
+	if (show_flags & TASK_DIAG_SHOW_CRED)
+		size += nla_total_size(sizeof(struct task_diag_creds));
+
 	return size;
 }

@@ -83,6 +86,48 @@ static int fill_task_base(struct task_struct *p, struct sk_buff *skb)
 	return 0;
 }
 
+static inline void caps2diag(struct task_diag_caps *diag, const kernel_cap_t *cap)
+{
+	int i;
+
+	for (i = 0; i < _LINUX_CAPABILITY_U32S_3; i++)
+		diag->cap[i] = cap->cap[i];
+}
+
+static int fill_creds(struct task_struct *p, struct sk_buff *skb)
+{
+	struct user_namespace *user_ns = current_user_ns();
+	struct task_diag_creds *diag_cred;
+	const struct cred *cred;
+	struct nlattr *attr;
+
+	attr = nla_reserve(skb, TASK_DIAG_CRED, sizeof(struct task_diag_creds));
+	if (!attr)
+		return -EMSGSIZE;
+
+	diag_cred = nla_data(attr);
+
+	cred = get_task_cred(p);
+
+	caps2diag(&diag_cred->cap_inheritable, &cred->cap_inheritable);
+	caps2diag(&diag_cred->cap_permitted, &cred->cap_permitted);
+	caps2diag(&diag_cred->cap_effective, &cred->cap_effective);
+	caps2diag(&diag_cred->cap_bset, &cred->cap_bset);
+
+	diag_cred->uid   = from_kuid_munged(user_ns, cred->uid);
+	diag_cred->euid  = from_kuid_munged(user_ns, cred->euid);
+	diag_cred->suid  = from_kuid_munged(user_ns, cred->suid);
+	diag_cred->fsuid = from_kuid_munged(user_ns, cred->fsuid);
+	diag_cred->gid   = from_kgid_munged(user_ns, cred->gid);
+	diag_cred->egid  = from_kgid_munged(user_ns, cred->egid);
+	diag_cred->sgid  = from_kgid_munged(user_ns, cred->sgid);
+	diag_cred->fsgid = from_kgid_munged(user_ns, cred->fsgid);
+
+	put_cred(cred);
+
+	return 0;
+}
+
 static int task_diag_fill(struct task_struct *tsk, struct sk_buff *skb,
 				u64 show_flags, u32 portid, u32 seq,
 				struct netlink_callback *cb)

@@ -115,6 +160,14 @@ static int task_diag_fill(struct task_struct *tsk, struct sk_buff *skb,
 		i++;
 	}
 
+	if (show_flags & TASK_DIAG_SHOW_CRED) {
+		if (i >= n)
+			err = fill_creds(tsk, skb);
+		if (err)
+			goto err;
+		i++;
+	}
+
 	genlmsg_end(skb, reply);
 	if (cb)
 		cb->args[2] = 0;

-- 
2.1.0

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help