[RH7] ve/exec: reverce the meaning of trusted_exec variable

Submitted by Pavel Tikhomirov on Nov. 11, 2019, 12:53 p.m.

Details

Message ID 20191111125331.4936-1-ptikhomirov@virtuozzo.com
State New
Series "ve/exec: reverce the meaning of trusted_exec variable"
Headers show

Commit Message

Pavel Tikhomirov Nov. 11, 2019, 12:53 p.m.
Now trusted_exec == 1 means that we trust the host, and if someone
executes container binaries from host he knows what he's doing (the
defense is "off"). By default trusted_exec == 0 and the defense is "on".

These way it is more consistent with ve_exec_trusted function name and
the semantics of ptune/trusted sysfs entry.

https://jira.sw.ru/browse/PSBM-98702

Fixes: 761c2dfe68e7 ("ve/exec: allow trusted exec change both on boot
and on running system")

Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
---
 fs/exec.c       | 2 +-
 kernel/sysctl.c | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

Patch hide | download patch | download mbox

diff --git a/fs/exec.c b/fs/exec.c
index 7efa415649da..492560ed0fef 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -128,7 +128,7 @@  bool ve_exec_trusted(struct file *file, struct filename *name)
 	static DEFINE_RATELIMIT_STATE(sigsegv_rs, SIGSEGV_RATELIMIT_INTERVAL,
 						  SIGSEGV_RATELIMIT_BURST);
 
-	if (!trusted_exec)
+	if (trusted_exec)
 		return true;
 
 	if (exec_from_ct || (!file_on_ploop && !file_on_ct_mount))
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index d8d7aaee744a..aa50bff7c027 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -117,13 +117,13 @@  extern int sysctl_nr_trim_pages;
 
 int ve_allow_module_load = 1;
 EXPORT_SYMBOL(ve_allow_module_load);
-int trusted_exec = 1;
-static int __init set_no_trusted_exec(char *str)
+int trusted_exec = 0;
+static int __init set_trusted_exec(char *str)
 {
-        trusted_exec = 0;
+        trusted_exec = 1;
         return 1;
 }
-__setup("no_trusted_exec", set_no_trusted_exec);
+__setup("trusted_exec", set_trusted_exec);
 
 /* Constants used for minimum and  maximum */
 #ifdef CONFIG_LOCKUP_DETECTOR

Comments

Pavel Tikhomirov Nov. 11, 2019, 12:57 p.m.
On 11/11/19 3:53 PM, Pavel Tikhomirov wrote:
> Now trusted_exec == 1 means that we trust the host, and if someone
> executes container binaries from host he knows what he's doing (the
> defense is "off"). By default trusted_exec == 0 and the defense is "on".
> 

Sysfs option to disable defence on boot is now called "trusted_exec".

> These way it is more consistent with ve_exec_trusted function name and
> the semantics of ptune/trusted sysfs entry.
> 
> https://jira.sw.ru/browse/PSBM-98702
> 
> Fixes: 761c2dfe68e7 ("ve/exec: allow trusted exec change both on boot
> and on running system")
> 
> Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
> ---
>   fs/exec.c       | 2 +-
>   kernel/sysctl.c | 8 ++++----
>   2 files changed, 5 insertions(+), 5 deletions(-)
> 
> diff --git a/fs/exec.c b/fs/exec.c
> index 7efa415649da..492560ed0fef 100644
> --- a/fs/exec.c
> +++ b/fs/exec.c
> @@ -128,7 +128,7 @@ bool ve_exec_trusted(struct file *file, struct filename *name)
>   	static DEFINE_RATELIMIT_STATE(sigsegv_rs, SIGSEGV_RATELIMIT_INTERVAL,
>   						  SIGSEGV_RATELIMIT_BURST);
>   
> -	if (!trusted_exec)
> +	if (trusted_exec)
>   		return true;
>   
>   	if (exec_from_ct || (!file_on_ploop && !file_on_ct_mount))
> diff --git a/kernel/sysctl.c b/kernel/sysctl.c
> index d8d7aaee744a..aa50bff7c027 100644
> --- a/kernel/sysctl.c
> +++ b/kernel/sysctl.c
> @@ -117,13 +117,13 @@ extern int sysctl_nr_trim_pages;
>   
>   int ve_allow_module_load = 1;
>   EXPORT_SYMBOL(ve_allow_module_load);
> -int trusted_exec = 1;
> -static int __init set_no_trusted_exec(char *str)
> +int trusted_exec = 0;
> +static int __init set_trusted_exec(char *str)
>   {
> -        trusted_exec = 0;
> +        trusted_exec = 1;
>           return 1;
>   }
> -__setup("no_trusted_exec", set_no_trusted_exec);
> +__setup("trusted_exec", set_trusted_exec);
>   
>   /* Constants used for minimum and  maximum */
>   #ifdef CONFIG_LOCKUP_DETECTOR
>