[RH7] ve/exec: reverce the meaning of trusted_exec variable

Details

Message ID	20191111125331.4936-1-ptikhomirov@virtuozzo.com
State	New
Series	"ve/exec: reverce the meaning of trusted_exec variable"
Headers	show Delivered-To: criupatchwork@gmail.com Received-SPF: pass (google.com: domain of devel-bounces@openvz.org designates 185.231.241.50 as permitted sender) client-ip=185.231.241.50; Received-SPF: Pass (protection.outlook.com: domain of virtuozzo.com designates 185.231.240.75 as permitted sender) receiver=protection.outlook.com; client-ip=185.231.240.75; helo=relay.sw.ru; From: Pavel Tikhomirov <ptikhomirov@virtuozzo.com> To: Konstantin Khorenko <khorenko@virtuozzo.com> Date: Mon, 11 Nov 2019 15:53:31 +0300 Message-Id: <20191111125331.4936-1-ptikhomirov@virtuozzo.com> MIME-Version: 1.0 Cc: devel@openvz.org Subject: [Devel] [PATCH RH7] ve/exec: reverce the meaning of trusted_exec variable Precedence: list Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: devel-bounces@openvz.org Errors-To: devel-bounces@openvz.org

Message ID

20191111125331.4936-1-ptikhomirov@virtuozzo.com

State

New

Series

"ve/exec: reverce the meaning of trusted_exec variable"

Headers

show

Delivered-To: criupatchwork@gmail.com
Received: from gmail-imap.l.google.com [74.125.131.108]
	by patchwork.criu.org with IMAP (fetchmail-6.3.26)
	for <root@localhost> (single-drop);
	Mon, 11 Nov 2019 13:55:50 +0100 (CET)
Received: by 2002:a6b:6312:0:0:0:0:0 with SMTP id p18csp6768971iog; Mon, 11
	Nov 2019 04:55:44 -0800 (PST)
X-Google-Smtp-Source: APXvYqyU2BoHN8cXmLVzqmTYe53gboxt9ck6Sy1XRSMh88Muj1v1BNfE72YCkP2c2HYrbvzxhYva
X-Received: by 2002:a2e:99c2:: with SMTP id
	l2mr16140432ljj.145.1573476943874; 
	Mon, 11 Nov 2019 04:55:43 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1573476943; cv=none; d=google.com;
	s=arc-20160816;
	b=ShVQX4b6VabkL7U0dP7CKy3+RwzxbCXXBIVk0mnyiQIVGKW5fS36c7OGJeujVusSe7
	VcEXB3r3sC2tNuf3n+YWRoBTda4zik0gLnNxjlrtpWUVkpahRHKfrZBEFAsf2Y6ESyQY
	3FmJPai9kAWBI/XUNHQXT801TgBVZlcCuOYHSPT1xiVqV1HSjp0H82srkaL2xbzv/ds6
	2/ZxEDUb3WbAodkxUv/eiMat/JuySAPfxyVxCLeAyHs6rcwjGLtwq87ZgmOzHmSD75k0
	jmxXbE7vU9sYrsij6N67HlNympQpm6uaVk5Flr7ES7ZtElpz3MbLxEkyIqYEvPhxFinf
	b1ww==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
	s=arc-20160816;
	h=errors-to:sender:content-transfer-encoding:list-subscribe:list-help
	:list-post:list-archive:list-unsubscribe:list-id:precedence:subject
	:cc:mime-version:message-id:date:to:from;
	bh=Leqj3vbPwvsUPPL3a+DDktmYYvai8LNw1Pvwiwp52xs=;
	b=TvBO3rjxHU8xIKv/DWUFftxn7eQzVDkf+bRYID8K68oyoAyEMNAZv7hV5/Kilb8Tc5
	8SvZni7b8M16pEELuEI/+S7IS5cWzrajZ3TXtTE7V7YyobmJKUT1xIHDu8KVd8k/MZ40
	KZgvKZNRNTTylN06PhTmgqiG1FmfdkP2y1Nyq1hSyczSPO+GeCoCYkaPKMnmPjtwhPif
	pShfsoZORS/xFqZM9ZdEWDGXmBTmoP/cX6ASyHcfUPHEhf30jY9GimhzRTSf15nCvRwl
	HjHsYft9l+Onmzh+zrmKbKT1Zhd0Iajfb/M/rijtYoCP/ns3c9p1fg9wojdoHf3WVKIn
	BLDg==
ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain
	of devel-bounces@openvz.org designates
	185.231.241.50 as permitted sender)
	smtp.mailfrom=devel-bounces@openvz.org;
	dmarc=fail (p=NONE sp=NONE dis=NONE)
	header.from=virtuozzo.com
Return-Path: <devel-bounces@openvz.org>
Received: from mail.openvz.org (mail.openvz.org. [185.231.241.50]) by
	mx.google.com with ESMTPS id w11si8777756ljw.85.2019.11.11.04.55.43
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Mon, 11 Nov 2019 04:55:43 -0800 (PST)
Received-SPF: pass (google.com: domain of devel-bounces@openvz.org designates
	185.231.241.50 as permitted sender) client-ip=185.231.241.50;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of
	devel-bounces@openvz.org designates 185.231.241.50 as permitted
	sender) smtp.mailfrom=devel-bounces@openvz.org;
	dmarc=fail (p=NONE sp=NONE dis=NONE)
	header.from=virtuozzo.com
Received: from localhost.localdomain (localhost [127.0.0.1]) by
	mail.openvz.org (8.14.4/8.14.4) with ESMTP id xABCrcLI017560;
	Mon, 11 Nov 2019 15:53:43 +0300
Received: from EUR02-AM5-obe.outbound.protection.outlook.com
	(mail-am5eur02lp2053.outbound.protection.outlook.com [104.47.4.53])
	by mail.openvz.org (8.14.4/8.14.4) with ESMTP id xABCrZha017556 for
	<devel@openvz.org>; Mon, 11 Nov 2019 15:53:35 +0300
Received: from AM6PR08CA0015.eurprd08.prod.outlook.com (2603:10a6:20b:b2::27)
	by VE1PR08MB4895.eurprd08.prod.outlook.com (2603:10a6:802:ac::19)
	with Microsoft SMTP Server (version=TLS1_2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2430.20;
	Mon, 11 Nov 2019 12:53:36 +0000
Received: from VE1EUR01FT048.eop-EUR01.prod.protection.outlook.com
	(2a01:111:f400:7e01::203) by AM6PR08CA0015.outlook.office365.com
	(2603:10a6:20b:b2::27) with Microsoft SMTP Server (version=TLS1_2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2430.22 via
	Frontend Transport; Mon, 11 Nov 2019 12:53:36 +0000
Authentication-Results: spf=pass (sender IP is 185.231.240.75)
	smtp.mailfrom=virtuozzo.com; openvz.org;
	dkim=none (message not signed)
	header.d=none; openvz.org;
	dmarc=pass action=none header.from=virtuozzo.com; 
Received-SPF: Pass (protection.outlook.com: domain of virtuozzo.com
	designates
	185.231.240.75 as permitted sender) receiver=protection.outlook.com; 
	client-ip=185.231.240.75; helo=relay.sw.ru;
Received: from relay.sw.ru (185.231.240.75) by
	VE1EUR01FT048.mail.protection.outlook.com (10.152.3.69) with
	Microsoft SMTP Server (version=TLS1_2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
	15.20.2430.22 via Frontend Transport; Mon, 11 Nov 2019 12:53:36 +0000
Received: from dhcp-172-16-24-163.sw.ru ([172.16.24.163] helo=snorch.sw.ru)
	by relay.sw.ru with esmtp (Exim 4.92.3) (envelope-from
	<ptikhomirov@virtuozzo.com>) id 1iU9CJ-0002mr-9U;
	Mon, 11 Nov 2019 15:53:35 +0300
From: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
To: Konstantin Khorenko <khorenko@virtuozzo.com>
Date: Mon, 11 Nov 2019 15:53:31 +0300
Message-Id: <20191111125331.4936-1-ptikhomirov@virtuozzo.com>
X-Mailer: git-send-email 2.21.0
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: SFV:SKI; SFV:SKN; SFS:; DIR:INB; SFP:; SCL:-1; 
	SRVR:VE1PR08MB4895; H:relay.sw.ru; FPR:;
	SPF:None; LANG:en; 
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 2b0b427e-db09-4a03-fa5f-08d766a62ab7
X-MS-TrafficTypeDiagnostic: VE1PR08MB4895:
X-MS-Exchange-PUrlCount: 1
X-MS-Oob-TLC-OOBClassifiers: OLM:6108;
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?oGelpcZeptDHywo5/m1B7qYrDJ+oBCTr3ht0hh2Pk4FbtWOy+y9bfcDssuLI?=
	=?us-ascii?Q?ZuFc6f43SnlszPDSNkg8ZnaU42xKn+whyxIdIrOcmPCGnwrErghnsAMq9aaM?=
	=?us-ascii?Q?v6pZvmfmPV+rNEOo4/yZEVm1Xf1s9zQ4mQImmCDyqvgVb5ljjJm1vWy2jIiH?=
	=?us-ascii?Q?li0SmQQE9zLbmBSyW1AJzyZnoD/CFRdkEIf9DnG9PQLt3Hb4ClITV1PVZadI?=
	=?us-ascii?Q?4o/q+LXsfBvWzFlb7pr+j0F2EBXNZUXnzI1IUzapi6xHBlwNeLN4CGuZr2Eo?=
	=?us-ascii?Q?/MK35GgqPTnVdrQXxmnEh9XgNkfKxsuk0RMeZ/51t23bHKK/+EwRpTvKLVOW?=
	=?us-ascii?Q?H/xdb9iqFXmatqKcIZAhlU957CzeWTp4KtlojhwscD9Ur2IJjufqtPLxjZ44?=
	=?us-ascii?Q?EXu57MHTmN57791a0GVdIloS1WLw6enVBRfIKIYA477xmPuqfcbijB4C5g7A?=
	=?us-ascii?Q?6wCDkvzwhRQ3yAm+i/gpLsMzIR6FAjzAKI3xby85H5ZUCn37Og7m3EkN5g2R?=
	=?us-ascii?Q?VyUVIXfSCl9go0FxGuZFuNTzTG1DG9L0fMQOJbABaIY0XzkP/INa+fw7wtuY?=
	=?us-ascii?Q?9bhCUrDZdEM7aUnTOQqVdmD36UiewMUaNyISNjldeG2dwYNET6Ug4sUucFym?=
	=?us-ascii?Q?Jwqzj4ymMU9mqaKzkprAaEdyRywj4WYTXI4YSnddPEk6UcfAlYUffwHiDAb/?=
	=?us-ascii?Q?7We5nmhcQ3Cv3e6lXe1pUqCLEDbaI7UtxOae8fTLQDqfHGaIlw+uxsh+Ywe6?=
	=?us-ascii?Q?8MMGxInKoTZ9TYdPclV9MOhumlB7F6ywEYL6iYjBLe6PJRbyRVj0HxxX8MHk?=
	=?us-ascii?Q?akojR5hD94t0UFrQb43Fu9Jt2r1g9MyeUJjR+2JBhGJhMpDjJXJu23QU3wY6?=
	=?us-ascii?Q?1Xkj7qJzeuP1zvpi/owtn0yWS3Pv05TLaj9zgZ1dBdqX2TAaECpxSgI1zAkW?=
	=?us-ascii?Q?OY17UQXU9FIFeIrRoXSfIuHs5/3BOHJjjBj8SMPL1GFJ+Vuo/yX/qcb98I8K?=
	=?us-ascii?Q?mU6/2Q5l8Mnq8xnuLh91VmUGuc5BE3xBGM7zg6zNS9K1lgwlBtlnVFu60DVg?=
	=?us-ascii?Q?T9IRhzq6zq3gSmKJFXn+2rH3kzvDSXp5vDSpEGbOGZNz7f9ey6GlQLOYOc++?=
	=?us-ascii?Q?QKZg3i/2h4uefo07ZgDp0R1Jz6fKtTFb5TgxezCi/KgUyEIj2IlhHxl67zjG?=
	=?us-ascii?Q?hBJ/WbYGTqzEm+Dv?=
X-OriginatorOrg: virtuozzo.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Nov 2019 12:53:36.3489
	(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 2b0b427e-db09-4a03-fa5f-08d766a62ab7
X-MS-Exchange-CrossTenant-Id: 0bc7f26d-0264-416e-a6fc-8352af79c58f
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=0bc7f26d-0264-416e-a6fc-8352af79c58f; 
	Ip=[185.231.240.75]; Helo=[relay.sw.ru]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VE1PR08MB4895
X-MS-Exchange-CrossPremises-OriginalClientIPAddress: 185.231.240.75
X-MS-Exchange-CrossPremises-SCL: -1
X-MS-Exchange-CrossPremises-AuthSource: VE1EUR01FT048.eop-EUR01.prod.protection.outlook.com
X-MS-Exchange-CrossPremises-AuthAs: Anonymous
X-MS-Exchange-CrossPremises-TransportTrafficType: Email
X-MS-Exchange-CrossPremises-TransportTrafficSubType: 
X-MS-Exchange-CrossPremises-Antispam-ScanContext: DIR:Originating; SFV:SKN; 
	SKIP:0;
X-MS-Exchange-CrossPremises-Processed-By-Journaling: Journal Agent
X-OrganizationHeadersPreserved: VE1PR08MB4895.eurprd08.prod.outlook.com
Cc: devel@openvz.org
Subject: [Devel] [PATCH RH7] ve/exec: reverce the meaning of trusted_exec
	variable
X-BeenThere: devel@openvz.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OpenVZ development <devel.openvz.org>
List-Unsubscribe: <https://lists.openvz.org/mailman/options/devel>,
	<mailto:devel-request@openvz.org?subject=unsubscribe>
List-Archive: <http://lists.openvz.org/pipermail/devel/>
List-Post: <mailto:devel@openvz.org>
List-Help: <mailto:devel-request@openvz.org?subject=help>
List-Subscribe: <https://lists.openvz.org/mailman/listinfo/devel>,
	<mailto:devel-request@openvz.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: devel-bounces@openvz.org
Errors-To: devel-bounces@openvz.org

Commit Message

Pavel Tikhomirov Nov. 11, 2019, 12:53 p.m.

Now trusted_exec == 1 means that we trust the host, and if someone
executes container binaries from host he knows what he's doing (the
defense is "off"). By default trusted_exec == 0 and the defense is "on".

These way it is more consistent with ve_exec_trusted function name and
the semantics of ptune/trusted sysfs entry.

https://jira.sw.ru/browse/PSBM-98702

Fixes: 761c2dfe68e7 ("ve/exec: allow trusted exec change both on boot
and on running system")

Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
---
 fs/exec.c       | 2 +-
 kernel/sysctl.c | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

Patch hide | download patch | download mbox

diff --git a/fs/exec.c b/fs/exec.c
index 7efa415649da..492560ed0fef 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -128,7 +128,7 @@  bool ve_exec_trusted(struct file *file, struct filename *name)
 	static DEFINE_RATELIMIT_STATE(sigsegv_rs, SIGSEGV_RATELIMIT_INTERVAL,
 						  SIGSEGV_RATELIMIT_BURST);
 
-	if (!trusted_exec)
+	if (trusted_exec)
 		return true;
 
 	if (exec_from_ct || (!file_on_ploop && !file_on_ct_mount))
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index d8d7aaee744a..aa50bff7c027 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -117,13 +117,13 @@  extern int sysctl_nr_trim_pages;
 
 int ve_allow_module_load = 1;
 EXPORT_SYMBOL(ve_allow_module_load);
-int trusted_exec = 1;
-static int __init set_no_trusted_exec(char *str)
+int trusted_exec = 0;
+static int __init set_trusted_exec(char *str)
 {
-        trusted_exec = 0;
+        trusted_exec = 1;
         return 1;
 }
-__setup("no_trusted_exec", set_no_trusted_exec);
+__setup("trusted_exec", set_trusted_exec);
 
 /* Constants used for minimum and  maximum */
 #ifdef CONFIG_LOCKUP_DETECTOR

Comments

Pavel Tikhomirov Nov. 11, 2019, 12:57 p.m.

On 11/11/19 3:53 PM, Pavel Tikhomirov wrote:
> Now trusted_exec == 1 means that we trust the host, and if someone
> executes container binaries from host he knows what he's doing (the
> defense is "off"). By default trusted_exec == 0 and the defense is "on".
> 

Sysfs option to disable defence on boot is now called "trusted_exec".

> These way it is more consistent with ve_exec_trusted function name and
> the semantics of ptune/trusted sysfs entry.
> 
> https://jira.sw.ru/browse/PSBM-98702
> 
> Fixes: 761c2dfe68e7 ("ve/exec: allow trusted exec change both on boot
> and on running system")
> 
> Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
> ---
>   fs/exec.c       | 2 +-
>   kernel/sysctl.c | 8 ++++----
>   2 files changed, 5 insertions(+), 5 deletions(-)
> 
> diff --git a/fs/exec.c b/fs/exec.c
> index 7efa415649da..492560ed0fef 100644
> --- a/fs/exec.c
> +++ b/fs/exec.c
> @@ -128,7 +128,7 @@ bool ve_exec_trusted(struct file *file, struct filename *name)
>   	static DEFINE_RATELIMIT_STATE(sigsegv_rs, SIGSEGV_RATELIMIT_INTERVAL,
>   						  SIGSEGV_RATELIMIT_BURST);
>   
> -	if (!trusted_exec)
> +	if (trusted_exec)
>   		return true;
>   
>   	if (exec_from_ct || (!file_on_ploop && !file_on_ct_mount))
> diff --git a/kernel/sysctl.c b/kernel/sysctl.c
> index d8d7aaee744a..aa50bff7c027 100644
> --- a/kernel/sysctl.c
> +++ b/kernel/sysctl.c
> @@ -117,13 +117,13 @@ extern int sysctl_nr_trim_pages;
>   
>   int ve_allow_module_load = 1;
>   EXPORT_SYMBOL(ve_allow_module_load);
> -int trusted_exec = 1;
> -static int __init set_no_trusted_exec(char *str)
> +int trusted_exec = 0;
> +static int __init set_trusted_exec(char *str)
>   {
> -        trusted_exec = 0;
> +        trusted_exec = 1;
>           return 1;
>   }
> -__setup("no_trusted_exec", set_no_trusted_exec);
> +__setup("trusted_exec", set_trusted_exec);
>   
>   /* Constants used for minimum and  maximum */
>   #ifdef CONFIG_LOCKUP_DETECTOR
>