Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm...

[mirror_ubuntu-jammy-kernel.git] / net / netfilter / nfnetlink_log.c

diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c
index 5cfb5bedb2b8e8f2fa44ed936a7cab265b5878e6..8cfc401e197e83092b12d4c9b6395889e4752239 100644 (file)
--- a/net/netfilter/nfnetlink_log.c
+++ b/net/netfilter/nfnetlink_log.c
@@ -55,6 +55,7 @@ struct nfulnl_instance {
        unsigned int qlen;              /* number of nlmsgs in skb */
        struct sk_buff *skb;            /* pre-allocatd skb */
        struct timer_list timer;
+       struct user_namespace *peer_user_ns;    /* User namespace of the peer process */
        int peer_pid;                   /* PID of the peer process */
 
        /* configurable parameters */
@@ -132,7 +133,7 @@ instance_put(struct nfulnl_instance *inst)
 static void nfulnl_timer(unsigned long data);
 
 static struct nfulnl_instance *
-instance_create(u_int16_t group_num, int pid)
+instance_create(u_int16_t group_num, int pid, struct user_namespace *user_ns)
 {
        struct nfulnl_instance *inst;
        int err;
@@ -162,6 +163,7 @@ instance_create(u_int16_t group_num, int pid)
 
        setup_timer(&inst->timer, nfulnl_timer, (unsigned long)inst);
 
+       inst->peer_user_ns = user_ns;
        inst->peer_pid = pid;
        inst->group_num = group_num;
 
@@ -505,8 +507,10 @@ __build_packet_message(struct nfulnl_instance *inst,
                read_lock_bh(&sk->sk_callback_lock);
                if (sk->sk_socket && sk->sk_socket->file) {
                        struct file *file = sk->sk_socket->file;
-                       __be32 uid = htonl(file->f_cred->fsuid);
-                       __be32 gid = htonl(file->f_cred->fsgid);
+                       const struct cred *cred = file->f_cred;
+                       struct user_namespace *user_ns = inst->peer_user_ns;
+                       __be32 uid = htonl(from_kuid_munged(user_ns, cred->fsuid));
+                       __be32 gid = htonl(from_kgid_munged(user_ns, cred->fsgid));
                        read_unlock_bh(&sk->sk_callback_lock);
                        if (nla_put_be32(inst->skb, NFULA_UID, uid) ||
                            nla_put_be32(inst->skb, NFULA_GID, gid))
@@ -785,7 +789,8 @@ nfulnl_recv_config(struct sock *ctnl, struct sk_buff *skb,
                        }
 
                        inst = instance_create(group_num,
-                                              NETLINK_CB(skb).pid);
+                                              NETLINK_CB(skb).pid,
+                                              sk_user_ns(NETLINK_CB(skb).ssk));
                        if (IS_ERR(inst)) {
                                ret = PTR_ERR(inst);
                                goto out;