Message ID | 20191111125331.4936-1-ptikhomirov@virtuozzo.com |
---|---|
State | New |
Series | "ve/exec: reverce the meaning of trusted_exec variable" |
Headers | show |
diff --git a/fs/exec.c b/fs/exec.c index 7efa415649da..492560ed0fef 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -128,7 +128,7 @@ bool ve_exec_trusted(struct file *file, struct filename *name) static DEFINE_RATELIMIT_STATE(sigsegv_rs, SIGSEGV_RATELIMIT_INTERVAL, SIGSEGV_RATELIMIT_BURST); - if (!trusted_exec) + if (trusted_exec) return true; if (exec_from_ct || (!file_on_ploop && !file_on_ct_mount)) diff --git a/kernel/sysctl.c b/kernel/sysctl.c index d8d7aaee744a..aa50bff7c027 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -117,13 +117,13 @@ extern int sysctl_nr_trim_pages; int ve_allow_module_load = 1; EXPORT_SYMBOL(ve_allow_module_load); -int trusted_exec = 1; -static int __init set_no_trusted_exec(char *str) +int trusted_exec = 0; +static int __init set_trusted_exec(char *str) { - trusted_exec = 0; + trusted_exec = 1; return 1; } -__setup("no_trusted_exec", set_no_trusted_exec); +__setup("trusted_exec", set_trusted_exec); /* Constants used for minimum and maximum */ #ifdef CONFIG_LOCKUP_DETECTOR
On 11/11/19 3:53 PM, Pavel Tikhomirov wrote: > Now trusted_exec == 1 means that we trust the host, and if someone > executes container binaries from host he knows what he's doing (the > defense is "off"). By default trusted_exec == 0 and the defense is "on". > Sysfs option to disable defence on boot is now called "trusted_exec". > These way it is more consistent with ve_exec_trusted function name and > the semantics of ptune/trusted sysfs entry. > > https://jira.sw.ru/browse/PSBM-98702 > > Fixes: 761c2dfe68e7 ("ve/exec: allow trusted exec change both on boot > and on running system") > > Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com> > --- > fs/exec.c | 2 +- > kernel/sysctl.c | 8 ++++---- > 2 files changed, 5 insertions(+), 5 deletions(-) > > diff --git a/fs/exec.c b/fs/exec.c > index 7efa415649da..492560ed0fef 100644 > --- a/fs/exec.c > +++ b/fs/exec.c > @@ -128,7 +128,7 @@ bool ve_exec_trusted(struct file *file, struct filename *name) > static DEFINE_RATELIMIT_STATE(sigsegv_rs, SIGSEGV_RATELIMIT_INTERVAL, > SIGSEGV_RATELIMIT_BURST); > > - if (!trusted_exec) > + if (trusted_exec) > return true; > > if (exec_from_ct || (!file_on_ploop && !file_on_ct_mount)) > diff --git a/kernel/sysctl.c b/kernel/sysctl.c > index d8d7aaee744a..aa50bff7c027 100644 > --- a/kernel/sysctl.c > +++ b/kernel/sysctl.c > @@ -117,13 +117,13 @@ extern int sysctl_nr_trim_pages; > > int ve_allow_module_load = 1; > EXPORT_SYMBOL(ve_allow_module_load); > -int trusted_exec = 1; > -static int __init set_no_trusted_exec(char *str) > +int trusted_exec = 0; > +static int __init set_trusted_exec(char *str) > { > - trusted_exec = 0; > + trusted_exec = 1; > return 1; > } > -__setup("no_trusted_exec", set_no_trusted_exec); > +__setup("trusted_exec", set_trusted_exec); > > /* Constants used for minimum and maximum */ > #ifdef CONFIG_LOCKUP_DETECTOR >
Now trusted_exec == 1 means that we trust the host, and if someone executes container binaries from host he knows what he's doing (the defense is "off"). By default trusted_exec == 0 and the defense is "on". These way it is more consistent with ve_exec_trusted function name and the semantics of ptune/trusted sysfs entry. https://jira.sw.ru/browse/PSBM-98702 Fixes: 761c2dfe68e7 ("ve/exec: allow trusted exec change both on boot and on running system") Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com> --- fs/exec.c | 2 +- kernel/sysctl.c | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-)