HomeFreeBSD

cred: proc_set_cred(), proc_unset_cred(): Update user's process count

Description

cred: proc_set_cred(), proc_unset_cred(): Update user's process count

As a process really changes credentials at the moment proc_set_cred() or
proc_unset_cred() is called, these functions are the proper locations to
perform the update of the new and old real users' process count (using
chgproccnt()).

Before this change, change_ruid() instead would perform that update,
although it operates only on a passed credential which is a priori not
tied to the calling process (or not to any process at all). This was
arguably a flaw of commit b1fc0ec1a7a49ded, r77183, based on its commit
message, and in particular the portion "(...) In each case, the call now
acts on a credential not a process (...)".

Fixing this makes using change_ruid() more natural when building
candidate credentials that in the end are not applied to a process,
e.g., because of some intervening privilege check. Also, it removes
a hack around this unwanted process count change in unionfs.

We also introduce the new proc_set_cred_enforce_proc_lim() so that
callers can respect the per-user process limit, and will use it for the
upcoming setcred(). We plan to change all callers of proc_set_cred() to
call this new function instead at some point. In the meantime, both
proc_set_cred() and the new function will coexist.

As detailed in some proc_set_cred_enforce_proc_lim()'s comment, checking
against the process limit is currently flawed as the kernel doesn't
really maintain the number of processes per UID (besides RLIMIT_NPROC,
this in fact also applies to RLIMIT_KQUEUES, RLIMIT_NPTS, RLIMIT_SBSIZE
and RLIMIT_SWAP). The applied limit is currently that of the old real
UID. Root (or a process granted with PRIV_PROC_LIMIT) is not subject to
this limit.

Approved by: markj (mentor)
Fixes: b1fc0ec1a7a49ded
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D46923

(cherry picked from commit d2be7ed63affd8af5fe6203002b7cc3cbe7f7891)

Additional changes for this MFC:

  1. <sys/types.h> was added as an include in <sys/ucred.h>, as some of its types are necessary whether the header is included by the kernel or userland. Some later -CURRENT commits added it, but are not planned to be MFCed (mac_do(4) series, which doesn't exist in stable/13).
  2. A number of files in 'lib/libprocstat' that include (indirectly) <sys/ucred.h> with _KERNEL defined were patched to include <stdbool.h> beforehand, so that 'bool', which is part of the new signature for proc_set_cred*(), is defined when <sys/ucred.h> is processed (<sys/types.h> does not define it when _KERNEL is defined).

Details

Provenance
olceAuthored on Aug 2 2024, 3:57 PM
Differential Revision
D46923: cred: proc_set_cred(), proc_unset_cred(): Update user's process count
Parents
rG5c09fafd8398: cred: proc_set_cred(): Remove obsolete comments
Branches
Unknown
Tags
Unknown