Linux kernel source tree
Go to file
David Herrmann 28b5ba2aa0 net: introduce SO_PEERGROUPS getsockopt
This adds the new getsockopt(2) option SO_PEERGROUPS on SOL_SOCKET to
retrieve the auxiliary groups of the remote peer. It is designed to
naturally extend SO_PEERCRED. That is, the underlying data is from the
same credentials. Regarding its syntax, it is based on SO_PEERSEC. That
is, if the provided buffer is too small, ERANGE is returned and @optlen
is updated. Otherwise, the information is copied, @optlen is set to the
actual size, and 0 is returned.

While SO_PEERCRED (and thus `struct ucred') already returns the primary
group, it lacks the auxiliary group vector. However, nearly all access
controls (including kernel side VFS and SYSVIPC, but also user-space
polkit, DBus, ...) consider the entire set of groups, rather than just
the primary group. But this is currently not possible with pure
SO_PEERCRED. Instead, user-space has to work around this and query the
system database for the auxiliary groups of a UID retrieved via
SO_PEERCRED.

Unfortunately, there is no race-free way to query the auxiliary groups
of the PID/UID retrieved via SO_PEERCRED. Hence, the current user-space
solution is to use getgrouplist(3p), which itself falls back to NSS and
whatever is configured in nsswitch.conf(3). This effectively checks
which groups we *would* assign to the user if it logged in *now*. On
normal systems it is as easy as reading /etc/group, but with NSS it can
resort to quering network databases (eg., LDAP), using IPC or network
communication.

Long story short: Whenever we want to use auxiliary groups for access
checks on IPC, we need further IPC to talk to the user/group databases,
rather than just relying on SO_PEERCRED and the incoming socket. This
is unfortunate, and might even result in dead-locks if the database
query uses the same IPC as the original request.

So far, those recursions / dead-locks have been avoided by using
primitive IPC for all crucial NSS modules. However, we want to avoid
re-inventing the wheel for each NSS module that might be involved in
user/group queries. Hence, we would preferably make DBus (and other IPC
that supports access-management based on groups) work without resorting
to the user/group database. This new SO_PEERGROUPS ioctl would allow us
to make dbus-daemon work without ever calling into NSS.

Cc: Michal Sekletar <msekleta@redhat.com>
Cc: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Tom Gundersen <teg@jklm.no>
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-06-21 11:38:41 -04:00
arch net: introduce SO_PEERGROUPS getsockopt 2017-06-21 11:38:41 -04:00
block block, bfq: access and cache blkg data only when safe 2017-06-08 09:51:10 -06:00
certs scripts/spelling.txt: add "intialise(d)" pattern and fix typo instances 2017-05-08 17:15:13 -07:00
crypto crypto : asymmetric_keys : verify_pefile:zero memory content before freeing 2017-06-09 13:29:50 +10:00
Documentation dt-bindings: syscon: Add DT bindings documentation for Allwinner V3s syscon 2017-06-20 13:23:05 -04:00
drivers r8152: correct the definition 2017-06-21 11:32:57 -04:00
firmware firmware/Makefile: force recompilation if makefile changes 2017-05-08 17:15:10 -07:00
fs Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-06-15 11:59:32 -04:00
include net: introduce SO_PEERGROUPS getsockopt 2017-06-21 11:38:41 -04:00
init Merge branch 'core-rcu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-05-10 10:30:46 -07:00
ipc mm: introduce kv[mz]alloc helpers 2017-05-08 17:15:12 -07:00
kernel Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-06-15 11:59:32 -04:00
lib net: manual clean code which call skb_put_[data:zero] 2017-06-20 13:30:15 -04:00
mm mm: consider memblock reservations for deferred memory initialization sizing 2017-06-02 15:07:38 -07:00
net net: introduce SO_PEERGROUPS getsockopt 2017-06-21 11:38:41 -04:00
samples pktgen: Specify the index of first thread 2017-06-16 12:32:34 -04:00
scripts scripts/gdb: make lx-dmesg command work (reliably) 2017-06-02 15:07:38 -07:00
security rtnetlink: add NEWCACHEREPORT message type 2017-06-21 11:22:52 -04:00
sound ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT 2017-06-07 10:25:23 +02:00
tools selftests: Introduce tc testsuite 2017-06-20 13:15:10 -04:00
usr initramfs: fix disabling of initramfs (and its compression) 2017-06-02 15:07:37 -07:00
virt KVM: arm/arm64: Handle possible NULL stage2 pud when ageing pages 2017-06-06 15:28:40 +02:00
.cocciconfig scripts: add Linux .cocciconfig for coccinelle 2016-07-22 12:13:39 +02:00
.get_maintainer.ignore
.gitattributes .gitattributes: set git diff driver for C source code files 2016-10-07 18:46:30 -07:00
.gitignore kbuild: Add support to generate LLVM assembly files 2017-04-25 08:13:52 +09:00
.mailmap power supply and reset changes for the v4.12 series (part 2) 2017-05-12 12:02:21 -07:00
COPYING
CREDITS avr32: remove support for AVR32 architecture 2017-05-01 09:27:15 +02:00
Kbuild kbuild: Consolidate header generation from ASM offset information 2017-04-13 05:43:37 +09:00
Kconfig
MAINTAINERS tls: kernel TLS support 2017-06-15 12:12:40 -04:00
Makefile Linux 4.12-rc5 2017-06-11 16:48:20 -07:00
README README: add a new README file, pointing to the Documentation/ 2016-10-24 08:12:35 -02:00

Linux kernel
============

This file was moved to Documentation/admin-guide/README.rst

Please notice that there are several guides for kernel developers and users.
These guides can be rendered in a number of formats, like HTML and PDF.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.
See Documentation/00-INDEX for a list of what is contained in each file.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.