git.baikalelectronics.ru Git - kernel.git/commit

author	Andrei Vagin <avagin@gmail.com>
	Tue, 13 Sep 2022 10:25:51 +0000 (03:25 -0700)
committer	Kees Cook <keescook@chromium.org>
	Tue, 13 Sep 2022 17:38:43 +0000 (10:38 -0700)
commit	c5492b45ac0d6dbc26b4d88e14cbd560a59447a0
tree	466386c55362d0c87eefaa71305d21908190df46	tree \| snapshot
parent	9cd7d728b10061634f7da344d157fef643f87107	commit \| diff

Revert "fs/exec: allow to unshare a time namespace on vfork+exec"

This reverts commit 6718a0918b49354e792e8beb7e432d59ea03c65f.

Alexey pointed out a few undesirable side effects of the reverted change.
First, it doesn't take into account that CLONE_VFORK can be used with
CLONE_THREAD. Second, a child process doesn't enter a target time name-space,
if its parent dies before the child calls exec. It happens because the parent
clears vfork_done.

Eric W. Biederman suggests installing a time namespace as a task gets a new mm.
It includes all new processes cloned without CLONE_VM and all tasks that call
exec(). This is an user API change, but we think there aren't users that depend
on the old behavior.

It is too late to make such changes in this release, so let's roll back
this patch and introduce the right one in the next release.

Cc: Alexey Izbyshev <izbyshev@ispras.ru>
Cc: Christian Brauner <brauner@kernel.org>
Cc: Dmitry Safonov <0x7f454c46@gmail.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Florian Weimer <fweimer@redhat.com>
Cc: Kees Cook <keescook@chromium.org>
Signed-off-by: Andrei Vagin <avagin@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20220913102551.1121611-3-avagin@google.com

fs/exec.c		diff \| blob \| history
kernel/fork.c		diff \| blob \| history
kernel/nsproxy.c		diff \| blob \| history