Missing header for routes patch, caused vs2.3 route.h mixing --- a/net/ipv4/netfilter/nf_nat_core.c~ 2008-01-24 23:58:37.000000000 +0100 +++ a/net/ipv4/netfilter/nf_nat_core.c 2008-03-30 21:00:19.349593833 +0200 @@ -15,6 +15,7 @@ #include #include #include +#include #include /* For tcp_prot in getorigdst */ #include #include --- linux-2.6.33/arch/x86/kernel/process.c~ 2010-02-24 19:52:17.000000000 +0100 +++ linux-2.6.33/arch/x86/kernel/process.c 2010-02-25 23:44:56.487156216 +0100 @@ -104,8 +104,8 @@ product = ""; printk(KERN_CONT "\n"); - printk(KERN_DEFAULT "Pid: %d, comm: %.20s %s %s %.*s %s/%s\n", - current->pid, current->comm, print_tainted(), + printk(KERN_DEFAULT "Pid: %d, xid: #%u, comm: %.20s %s %s %.*s %s/%s\n", + task_pid_nr(current), current->xid, current->comm, print_tainted(), init_utsname()->release, (int)strcspn(init_utsname()->version, " "), init_utsname()->version, board, product); --- linux-2.6.31/arch/x86/kernel/dumpstack.c~ 2009-09-16 08:32:02.000000000 +0200 +++ linux-2.6.31/arch/x86/kernel/dumpstack.c 2009-09-17 21:58:13.778791960 +0200 @@ -180,8 +180,8 @@ get_bp(bp); #endif - printk("Pid: %d, comm: %.20s %s %s %.*s\n", - current->pid, current->comm, print_tainted(), + printk("Pid: %d, comm: %.20s xid: #%u %s %s %.*s\n", + current->pid, current->comm, current->xid, print_tainted(), init_utsname()->release, (int)strcspn(init_utsname()->version, " "), init_utsname()->version); --- linux-2.6.35.4/security/commoncap.c 2010-08-02 16:53:03.000000000 +0200 +++ linux-2.6.35.4-vs2.3.0.36.32/security/commoncap.c 2010-08-02 17:05:06.000000000 +0200 @@ -951,4 +969,3 @@ int cap_file_mmap(struct file *file, uns } return ret; } - diff -NurpP linux-2.6.36-vs2.3.0.36.38/include/linux/cred.h linux-2.6.36-vs2.3.0.36.38.2/include/linux/cred.h --- linux-2.6.36-vs2.3.0.36.38/include/linux/cred.h 2010-08-02 16:52:53.000000000 +0200 +++ linux-2.6.36-vs2.3.0.36.38.2/include/linux/cred.h 2010-12-01 17:26:52.000000000 +0100 @@ -208,6 +208,31 @@ static inline void validate_process_cred } #endif +static inline void set_cred_subscribers(struct cred *cred, int n) +{ +#ifdef CONFIG_DEBUG_CREDENTIALS + atomic_set(&cred->subscribers, n); +#endif +} + +static inline int read_cred_subscribers(const struct cred *cred) +{ +#ifdef CONFIG_DEBUG_CREDENTIALS + return atomic_read(&cred->subscribers); +#else + return 0; +#endif +} + +static inline void alter_cred_subscribers(const struct cred *_cred, int n) +{ +#ifdef CONFIG_DEBUG_CREDENTIALS + struct cred *cred = (struct cred *) _cred; + + atomic_add(n, &cred->subscribers); +#endif +} + /** * get_new_cred - Get a reference on a new set of credentials * @cred: The new credentials to reference diff -NurpP linux-2.6.36-vs2.3.0.36.38/include/linux/vserver/context.h linux-2.6.36-vs2.3.0.36.38.2/include/linux/vserver/context.h --- linux-2.6.36-vs2.3.0.36.38/include/linux/vserver/context.h 2010-10-21 13:09:36.000000000 +0200 +++ linux-2.6.36-vs2.3.0.36.38.2/include/linux/vserver/context.h 2010-12-01 17:36:51.000000000 +0100 @@ -110,6 +110,8 @@ struct vx_info { unsigned long vx_nsmask[VX_SPACES]; /* assignment mask */ struct nsproxy *vx_nsproxy[VX_SPACES]; /* private namespaces */ struct fs_struct *vx_fs[VX_SPACES]; /* private namespace fs */ + const struct cred *vx_real_cred; /* real task credentials */ + const struct cred *vx_cred; /* task credentials */ uint64_t vx_flags; /* context flags */ uint64_t vx_ccaps; /* context caps (vserver) */ diff -NurpP linux-2.6.36-vs2.3.0.36.38/kernel/cred.c linux-2.6.36-vs2.3.0.36.38.2/kernel/cred.c --- linux-2.6.36-vs2.3.0.36.38/kernel/cred.c 2010-10-21 13:07:56.000000000 +0200 +++ linux-2.6.36-vs2.3.0.36.38.2/kernel/cred.c 2010-12-01 17:25:55.000000000 +0100 @@ -60,31 +60,6 @@ struct cred init_cred = { #endif }; -static inline void set_cred_subscribers(struct cred *cred, int n) -{ -#ifdef CONFIG_DEBUG_CREDENTIALS - atomic_set(&cred->subscribers, n); -#endif -} - -static inline int read_cred_subscribers(const struct cred *cred) -{ -#ifdef CONFIG_DEBUG_CREDENTIALS - return atomic_read(&cred->subscribers); -#else - return 0; -#endif -} - -static inline void alter_cred_subscribers(const struct cred *_cred, int n) -{ -#ifdef CONFIG_DEBUG_CREDENTIALS - struct cred *cred = (struct cred *) _cred; - - atomic_add(n, &cred->subscribers); -#endif -} - /* * Dispose of the shared task group credentials */ diff -NurpP linux-2.6.36-vs2.3.0.36.38/kernel/vserver/context.c linux-2.6.36-vs2.3.0.36.38.2/kernel/vserver/context.c --- linux-2.6.36-vs2.3.0.36.38/kernel/vserver/context.c 2010-10-21 14:39:59.000000000 +0200 +++ linux-2.6.36-vs2.3.0.36.38.2/kernel/vserver/context.c 2010-12-01 20:34:45.000000000 +0100 @@ -3,7 +3,7 @@ * * Virtual Server: Context Support * - * Copyright (C) 2003-2007 Herbert Pötzl + * Copyright (C) 2003-2010 Herbert Pötzl * * V0.01 context helper * V0.02 vx_ctx_kill syscall command @@ -22,6 +22,7 @@ * V0.15 added context stat * V0.16 have __create claim() the vxi * V0.17 removed older and legacy stuff + * V0.18 added user credentials * */ @@ -38,6 +39,7 @@ #include #include #include +#include #include #include @@ -127,6 +129,10 @@ static struct vx_info *__alloc_vx_info(x new->vx_fs[index] = &init_fs; } + /* FIXME: we want defaults */ + new->vx_real_cred = 0; + new->vx_cred = 0; + vxdprintk(VXD_CBIT(xid, 0), "alloc_vx_info(%d) = %p", xid, new); vxh_alloc_vx_info(new); @@ -183,6 +189,7 @@ static void __shutdown_vx_info(struct vx { struct nsproxy *nsproxy; struct fs_struct *fs; + const struct cred *cred; int index, kill; might_sleep(); @@ -202,6 +209,18 @@ static void __shutdown_vx_info(struct vx if (kill) free_fs_struct(fs); } + + cred = xchg(&vxi->vx_real_cred, NULL); + if (cred) { + alter_cred_subscribers(cred, -1); + put_cred(cred); + } + + cred = xchg(&vxi->vx_cred, NULL); + if (cred) { + alter_cred_subscribers(cred, -1); + put_cred(cred); + } } /* exported stuff */ diff -NurpP linux-2.6.36-vs2.3.0.36.38/kernel/vserver/space.c linux-2.6.36-vs2.3.0.36.38.2/kernel/vserver/space.c --- linux-2.6.36-vs2.3.0.36.38/kernel/vserver/space.c 2010-10-21 14:41:06.000000000 +0200 +++ linux-2.6.36-vs2.3.0.36.38.2/kernel/vserver/space.c 2010-12-01 20:39:35.000000000 +0100 @@ -3,12 +3,13 @@ * * Virtual Server: Context Space Support * - * Copyright (C) 2003-2007 Herbert Pötzl + * Copyright (C) 2003-2010 Herbert Pötzl * * V0.01 broken out from context.c 0.07 * V0.02 added task locking for namespace * V0.03 broken out vx_enter_namespace * V0.04 added *space support and commands + * V0.05 added credential support * */ @@ -16,6 +17,7 @@ #include #include #include +#include #include #include @@ -238,6 +240,19 @@ int vx_enter_space(struct vx_info *vxi, } proxy_new = xchg(¤t->nsproxy, proxy_new); + + if (mask & CLONE_NEWUSER) { + vxdprintk(VXD_CBIT(space, 10), + "vx_enter_space(%p[#%u],%p,%p) cred (%p,%p)", + vxi, vxi->vx_id, vxi->vx_real_cred, vxi->vx_cred, + current->real_cred, current->cred); + exit_creds(current); + current->real_cred = get_cred(vxi->vx_real_cred); + alter_cred_subscribers(current->real_cred, 1); + current->cred = get_cred(vxi->vx_cred); + alter_cred_subscribers(current->cred, 1); + } + ret = 0; if (proxy_new) @@ -297,6 +312,38 @@ int vx_set_space(struct vx_info *vxi, un proxy_new = xchg(&vxi->vx_nsproxy[index], proxy_new); vxi->vx_nsmask[index] |= mask; + + if (mask & CLONE_NEWUSER) { + const struct cred *cred; + + vxdprintk(VXD_CBIT(space, 10), + "vx_set_space(%p[#%u],%p,%p) cred (%p,%p)", + vxi, vxi->vx_id, vxi->vx_real_cred, vxi->vx_cred, + current->real_cred, current->cred); + + if (current->real_cred) { + cred = get_cred(current->real_cred); + alter_cred_subscribers(cred, 1); + } else + cred = NULL; + cred = xchg(&vxi->vx_real_cred, cred); + if (cred) { + alter_cred_subscribers(cred, -1); + put_cred(cred); + } + + if (current->cred) { + cred = get_cred(current->cred); + alter_cred_subscribers(cred, 1); + } else + cred = NULL; + cred = xchg(&vxi->vx_cred, cred); + if (cred) { + alter_cred_subscribers(cred, -1); + put_cred(cred); + } + } + ret = 0; if (proxy_new)