diff options
author | Serge E. Hallyn <serue@us.ibm.com> | 2006-10-02 02:18:06 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-10-02 07:57:20 -0700 |
commit | ab516013ad9ca47f1d3a936fa81303bfbf734d52 (patch) | |
tree | 643ea9c4c3d28958cb42dd87b1856f74edd22b11 | |
parent | b1ba4ddde0cf67991d89f039365eaaeda61aa027 (diff) | |
download | linux-3.10-ab516013ad9ca47f1d3a936fa81303bfbf734d52.tar.gz linux-3.10-ab516013ad9ca47f1d3a936fa81303bfbf734d52.tar.bz2 linux-3.10-ab516013ad9ca47f1d3a936fa81303bfbf734d52.zip |
[PATCH] namespaces: add nsproxy
This patch adds a nsproxy structure to the task struct. Later patches will
move the fs namespace pointer into this structure, and introduce a new utsname
namespace into the nsproxy.
The vserver and openvz functionality, then, would be implemented in large part
by virtualizing/isolating more and more resources into namespaces, each
contained in the nsproxy.
[akpm@osdl.org: build fix]
Signed-off-by: Serge Hallyn <serue@us.ibm.com>
Cc: Kirill Korotaev <dev@openvz.org>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Herbert Poetzl <herbert@13thfloor.at>
Cc: Andrey Savochkin <saw@sw.ru>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
27 files changed, 196 insertions, 2 deletions
diff --git a/arch/alpha/kernel/init_task.c b/arch/alpha/kernel/init_task.c index 835d09a7b33..83d09021ed9 100644 --- a/arch/alpha/kernel/init_task.c +++ b/arch/alpha/kernel/init_task.c @@ -5,6 +5,7 @@ #include <linux/init_task.h> #include <linux/fs.h> #include <linux/mqueue.h> +#include <linux/nsproxy.h> #include <asm/uaccess.h> @@ -13,6 +14,7 @@ static struct files_struct init_files = INIT_FILES; static struct signal_struct init_signals = INIT_SIGNALS(init_signals); static struct sighand_struct init_sighand = INIT_SIGHAND(init_sighand); struct mm_struct init_mm = INIT_MM(init_mm); +struct nsproxy init_nsproxy = INIT_NSPROXY(init_nsproxy); struct task_struct init_task = INIT_TASK(init_task); EXPORT_SYMBOL(init_mm); diff --git a/arch/arm/kernel/init_task.c b/arch/arm/kernel/init_task.c index a00cca0000b..80f5eeb6d3a 100644 --- a/arch/arm/kernel/init_task.c +++ b/arch/arm/kernel/init_task.c @@ -8,6 +8,7 @@ #include <linux/init.h> #include <linux/init_task.h> #include <linux/mqueue.h> +#include <linux/nsproxy.h> #include <asm/uaccess.h> #include <asm/pgtable.h> @@ -17,6 +18,7 @@ static struct files_struct init_files = INIT_FILES; static struct signal_struct init_signals = INIT_SIGNALS(init_signals); static struct sighand_struct init_sighand = INIT_SIGHAND(init_sighand); struct mm_struct init_mm = INIT_MM(init_mm); +struct nsproxy init_nsproxy = INIT_NSPROXY(init_nsproxy); EXPORT_SYMBOL(init_mm); diff --git a/arch/arm26/kernel/init_task.c b/arch/arm26/kernel/init_task.c index 4191565b889..678c7b57f9c 100644 --- a/arch/arm26/kernel/init_task.c +++ b/arch/arm26/kernel/init_task.c @@ -11,6 +11,7 @@ #include <linux/init.h> #include <linux/init_task.h> #include <linux/mqueue.h> +#include <linux/nsproxy.h> #include <asm/uaccess.h> #include <asm/pgtable.h> @@ -20,6 +21,7 @@ static struct files_struct init_files = INIT_FILES; static struct signal_struct init_signals = INIT_SIGNALS(init_signals); static struct sighand_struct init_sighand = INIT_SIGHAND(init_sighand); struct mm_struct init_mm = INIT_MM(init_mm); +struct nsproxy init_nsproxy = INIT_NSPROXY(init_nsproxy); EXPORT_SYMBOL(init_mm); diff --git a/arch/frv/kernel/init_task.c b/arch/frv/kernel/init_task.c index 22993932b3f..5ec27422bfe 100644 --- a/arch/frv/kernel/init_task.c +++ b/arch/frv/kernel/init_task.c @@ -5,6 +5,7 @@ #include <linux/init_task.h> #include <linux/fs.h> #include <linux/mqueue.h> +#include <linux/nsproxy.h> #include <asm/uaccess.h> #include <asm/pgtable.h> @@ -15,6 +16,7 @@ static struct files_struct init_files = INIT_FILES; static struct signal_struct init_signals = INIT_SIGNALS(init_signals); static struct sighand_struct init_sighand = INIT_SIGHAND(init_sighand); struct mm_struct init_mm = INIT_MM(init_mm); +struct nsproxy init_nsproxy = INIT_NSPROXY(init_nsproxy); EXPORT_SYMBOL(init_mm); diff --git a/arch/h8300/kernel/init_task.c b/arch/h8300/kernel/init_task.c index 19272c2ac56..ef5755af6e2 100644 --- a/arch/h8300/kernel/init_task.c +++ b/arch/h8300/kernel/init_task.c @@ -8,6 +8,7 @@ #include <linux/init_task.h> #include <linux/fs.h> #include <linux/mqueue.h> +#include <linux/nsproxy.h> #include <asm/uaccess.h> #include <asm/pgtable.h> @@ -17,6 +18,7 @@ static struct files_struct init_files = INIT_FILES; static struct signal_struct init_signals = INIT_SIGNALS(init_signals); static struct sighand_struct init_sighand = INIT_SIGHAND(init_sighand); struct mm_struct init_mm = INIT_MM(init_mm); +struct nsproxy init_nsproxy = INIT_NSPROXY(init_nsproxy); EXPORT_SYMBOL(init_mm); diff --git a/arch/i386/kernel/init_task.c b/arch/i386/kernel/init_task.c index cff95d10a4d..bd97f69ac34 100644 --- a/arch/i386/kernel/init_task.c +++ b/arch/i386/kernel/init_task.c @@ -5,6 +5,7 @@ #include <linux/init_task.h> #include <linux/fs.h> #include <linux/mqueue.h> +#include <linux/nsproxy.h> #include <asm/uaccess.h> #include <asm/pgtable.h> @@ -15,6 +16,7 @@ static struct files_struct init_files = INIT_FILES; static struct signal_struct init_signals = INIT_SIGNALS(init_signals); static struct sighand_struct init_sighand = INIT_SIGHAND(init_sighand); struct mm_struct init_mm = INIT_MM(init_mm); +struct nsproxy init_nsproxy = INIT_NSPROXY(init_nsproxy); EXPORT_SYMBOL(init_mm); diff --git a/arch/ia64/kernel/init_task.c b/arch/ia64/kernel/init_task.c index b69c397ed1b..2d62471bfd0 100644 --- a/arch/ia64/kernel/init_task.c +++ b/arch/ia64/kernel/init_task.c @@ -12,6 +12,7 @@ #include <linux/sched.h> #include <linux/init_task.h> #include <linux/mqueue.h> +#include <linux/nsproxy.h> #include <asm/uaccess.h> #include <asm/pgtable.h> @@ -21,6 +22,7 @@ static struct files_struct init_files = INIT_FILES; static struct signal_struct init_signals = INIT_SIGNALS(init_signals); static struct sighand_struct init_sighand = INIT_SIGHAND(init_sighand); struct mm_struct init_mm = INIT_MM(init_mm); +struct nsproxy init_nsproxy = INIT_NSPROXY(init_nsproxy); EXPORT_SYMBOL(init_mm); diff --git a/arch/m32r/kernel/init_task.c b/arch/m32r/kernel/init_task.c index 9e508fd9d97..005747590da 100644 --- a/arch/m32r/kernel/init_task.c +++ b/arch/m32r/kernel/init_task.c @@ -7,6 +7,7 @@ #include <linux/init_task.h> #include <linux/fs.h> #include <linux/mqueue.h> +#include <linux/nsproxy.h> #include <asm/uaccess.h> #include <asm/pgtable.h> @@ -16,6 +17,7 @@ static struct files_struct init_files = INIT_FILES; static struct signal_struct init_signals = INIT_SIGNALS(init_signals); static struct sighand_struct init_sighand = INIT_SIGHAND(init_sighand); struct mm_struct init_mm = INIT_MM(init_mm); +struct nsproxy init_nsproxy = INIT_NSPROXY(init_nsproxy); EXPORT_SYMBOL(init_mm); diff --git a/arch/m68knommu/kernel/init_task.c b/arch/m68knommu/kernel/init_task.c index 3897043a126..b99fc6d6b7c 100644 --- a/arch/m68knommu/kernel/init_task.c +++ b/arch/m68knommu/kernel/init_task.c @@ -8,6 +8,7 @@ #include <linux/init_task.h> #include <linux/fs.h> #include <linux/mqueue.h> +#include <linux/nsproxy.h> #include <asm/uaccess.h> #include <asm/pgtable.h> @@ -17,6 +18,7 @@ static struct files_struct init_files = INIT_FILES; static struct signal_struct init_signals = INIT_SIGNALS(init_signals); static struct sighand_struct init_sighand = INIT_SIGHAND(init_sighand); struct mm_struct init_mm = INIT_MM(init_mm); +struct nsproxy init_nsproxy = INIT_NSPROXY(init_nsproxy); EXPORT_SYMBOL(init_mm); diff --git a/arch/mips/kernel/init_task.c b/arch/mips/kernel/init_task.c index aeda7f58391..dfe47e6a8b3 100644 --- a/arch/mips/kernel/init_task.c +++ b/arch/mips/kernel/init_task.c @@ -4,6 +4,7 @@ #include <linux/init_task.h> #include <linux/fs.h> #include <linux/mqueue.h> +#include <linux/nsproxy.h> #include <asm/thread_info.h> #include <asm/uaccess.h> @@ -14,6 +15,7 @@ static struct files_struct init_files = INIT_FILES; static struct signal_struct init_signals = INIT_SIGNALS(init_signals); static struct sighand_struct init_sighand = INIT_SIGHAND(init_sighand); struct mm_struct init_mm = INIT_MM(init_mm); +struct nsproxy init_nsproxy = INIT_NSPROXY(init_nsproxy); EXPORT_SYMBOL(init_mm); diff --git a/arch/parisc/kernel/init_task.c b/arch/parisc/kernel/init_task.c index 8384bf9cecd..c0c43e29973 100644 --- a/arch/parisc/kernel/init_task.c +++ b/arch/parisc/kernel/init_task.c @@ -28,6 +28,7 @@ #include <linux/init.h> #include <linux/init_task.h> #include <linux/mqueue.h> +#include <linux/nsproxy.h> #include <asm/uaccess.h> #include <asm/pgtable.h> @@ -38,6 +39,7 @@ static struct files_struct init_files = INIT_FILES; static struct signal_struct init_signals = INIT_SIGNALS(init_signals); static struct sighand_struct init_sighand = INIT_SIGHAND(init_sighand); struct mm_struct init_mm = INIT_MM(init_mm); +struct nsproxy init_nsproxy = INIT_NSPROXY(init_nsproxy); EXPORT_SYMBOL(init_mm); diff --git a/arch/powerpc/kernel/init_task.c b/arch/powerpc/kernel/init_task.c index 941043ae040..e24ace61898 100644 --- a/arch/powerpc/kernel/init_task.c +++ b/arch/powerpc/kernel/init_task.c @@ -5,6 +5,7 @@ #include <linux/init_task.h> #include <linux/fs.h> #include <linux/mqueue.h> +#include <linux/nsproxy.h> #include <asm/uaccess.h> static struct fs_struct init_fs = INIT_FS; @@ -12,6 +13,7 @@ static struct files_struct init_files = INIT_FILES; static struct signal_struct init_signals = INIT_SIGNALS(init_signals); static struct sighand_struct init_sighand = INIT_SIGHAND(init_sighand); struct mm_struct init_mm = INIT_MM(init_mm); +struct nsproxy init_nsproxy = INIT_NSPROXY(init_nsproxy); EXPORT_SYMBOL(init_mm); diff --git a/arch/s390/kernel/init_task.c b/arch/s390/kernel/init_task.c index d73a74013e7..0918921763b 100644 --- a/arch/s390/kernel/init_task.c +++ b/arch/s390/kernel/init_task.c @@ -11,6 +11,7 @@ #include <linux/sched.h> #include <linux/init_task.h> #include <linux/mqueue.h> +#include <linux/nsproxy.h> #include <asm/uaccess.h> #include <asm/pgtable.h> @@ -20,6 +21,7 @@ static struct files_struct init_files = INIT_FILES; static struct signal_struct init_signals = INIT_SIGNALS(init_signals); static struct sighand_struct init_sighand = INIT_SIGHAND(init_sighand); struct mm_struct init_mm = INIT_MM(init_mm); +struct nsproxy init_nsproxy = INIT_NSPROXY(init_nsproxy); EXPORT_SYMBOL(init_mm); diff --git a/arch/sh/kernel/init_task.c b/arch/sh/kernel/init_task.c index 44053ea9293..81caf0fd3be 100644 --- a/arch/sh/kernel/init_task.c +++ b/arch/sh/kernel/init_task.c @@ -3,6 +3,7 @@ #include <linux/sched.h> #include <linux/init_task.h> #include <linux/mqueue.h> +#include <linux/nsproxy.h> #include <asm/uaccess.h> #include <asm/pgtable.h> @@ -12,6 +13,7 @@ static struct files_struct init_files = INIT_FILES; static struct signal_struct init_signals = INIT_SIGNALS(init_signals); static struct sighand_struct init_sighand = INIT_SIGHAND(init_sighand); struct mm_struct init_mm = INIT_MM(init_mm); +struct nsproxy init_nsproxy = INIT_NSPROXY(init_nsproxy); EXPORT_SYMBOL(init_mm); diff --git a/arch/sh64/kernel/init_task.c b/arch/sh64/kernel/init_task.c index de2d07db1f8..0c95f40c540 100644 --- a/arch/sh64/kernel/init_task.c +++ b/arch/sh64/kernel/init_task.c @@ -14,6 +14,7 @@ #include <linux/sched.h> #include <linux/init_task.h> #include <linux/mqueue.h> +#include <linux/nsproxy.h> #include <asm/uaccess.h> #include <asm/pgtable.h> @@ -23,6 +24,7 @@ static struct files_struct init_files = INIT_FILES; static struct signal_struct init_signals = INIT_SIGNALS(init_signals); static struct sighand_struct init_sighand = INIT_SIGHAND(init_sighand); struct mm_struct init_mm = INIT_MM(init_mm); +struct nsproxy init_nsproxy = INIT_NSPROXY(init_nsproxy); struct pt_regs fake_swapper_regs; diff --git a/arch/sparc/kernel/init_task.c b/arch/sparc/kernel/init_task.c index fc31de66b1c..a73926d5176 100644 --- a/arch/sparc/kernel/init_task.c +++ b/arch/sparc/kernel/init_task.c @@ -3,6 +3,7 @@ #include <linux/sched.h> #include <linux/init_task.h> #include <linux/mqueue.h> +#include <linux/nsproxy.h> #include <asm/pgtable.h> #include <asm/uaccess.h> @@ -12,6 +13,7 @@ static struct files_struct init_files = INIT_FILES; static struct signal_struct init_signals = INIT_SIGNALS(init_signals); static struct sighand_struct init_sighand = INIT_SIGHAND(init_sighand); struct mm_struct init_mm = INIT_MM(init_mm); +struct nsproxy init_nsproxy = INIT_NSPROXY(init_nsproxy); struct task_struct init_task = INIT_TASK(init_task); EXPORT_SYMBOL(init_mm); diff --git a/arch/sparc64/kernel/init_task.c b/arch/sparc64/kernel/init_task.c index 329b38fa5c8..f1e9a4b021a 100644 --- a/arch/sparc64/kernel/init_task.c +++ b/arch/sparc64/kernel/init_task.c @@ -3,6 +3,7 @@ #include <linux/sched.h> #include <linux/init_task.h> #include <linux/mqueue.h> +#include <linux/nsproxy.h> #include <asm/pgtable.h> #include <asm/uaccess.h> @@ -13,6 +14,7 @@ static struct files_struct init_files = INIT_FILES; static struct signal_struct init_signals = INIT_SIGNALS(init_signals); static struct sighand_struct init_sighand = INIT_SIGHAND(init_sighand); struct mm_struct init_mm = INIT_MM(init_mm); +struct nsproxy init_nsproxy = INIT_NSPROXY(init_nsproxy); EXPORT_SYMBOL(init_mm); diff --git a/arch/um/kernel/init_task.c b/arch/um/kernel/init_task.c index 49ed5ddf070..11188af64d8 100644 --- a/arch/um/kernel/init_task.c +++ b/arch/um/kernel/init_task.c @@ -9,6 +9,7 @@ #include "linux/sched.h" #include "linux/init_task.h" #include "linux/mqueue.h" +#include "linux/nsproxy.h" #include "asm/uaccess.h" #include "asm/pgtable.h" #include "user_util.h" @@ -17,6 +18,7 @@ static struct fs_struct init_fs = INIT_FS; struct mm_struct init_mm = INIT_MM(init_mm); +struct nsproxy init_nsproxy = INIT_NSPROXY(init_nsproxy); static struct files_struct init_files = INIT_FILES; static struct signal_struct init_signals = INIT_SIGNALS(init_signals); static struct sighand_struct init_sighand = INIT_SIGHAND(init_sighand); diff --git a/arch/v850/kernel/init_task.c b/arch/v850/kernel/init_task.c index ed2f93cf7c6..9d2de759084 100644 --- a/arch/v850/kernel/init_task.c +++ b/arch/v850/kernel/init_task.c @@ -16,6 +16,7 @@ #include <linux/init_task.h> #include <linux/fs.h> #include <linux/mqueue.h> +#include <linux/nsproxy.h> #include <asm/uaccess.h> #include <asm/pgtable.h> @@ -25,6 +26,7 @@ static struct files_struct init_files = INIT_FILES; static struct signal_struct init_signals = INIT_SIGNALS (init_signals); static struct sighand_struct init_sighand = INIT_SIGHAND(init_sighand); struct mm_struct init_mm = INIT_MM (init_mm); +struct nsproxy init_nsproxy = INIT_NSPROXY(init_nsproxy); EXPORT_SYMBOL(init_mm); diff --git a/arch/x86_64/kernel/init_task.c b/arch/x86_64/kernel/init_task.c index 3dc5854ba21..879728bff73 100644 --- a/arch/x86_64/kernel/init_task.c +++ b/arch/x86_64/kernel/init_task.c @@ -5,6 +5,7 @@ #include <linux/init_task.h> #include <linux/fs.h> #include <linux/mqueue.h> +#include <linux/nsproxy.h> #include <asm/uaccess.h> #include <asm/pgtable.h> @@ -15,6 +16,7 @@ static struct files_struct init_files = INIT_FILES; static struct signal_struct init_signals = INIT_SIGNALS(init_signals); static struct sighand_struct init_sighand = INIT_SIGHAND(init_sighand); struct mm_struct init_mm = INIT_MM(init_mm); +struct nsproxy init_nsproxy = INIT_NSPROXY(init_nsproxy); EXPORT_SYMBOL(init_mm); diff --git a/include/linux/init_task.h b/include/linux/init_task.h index 60aac2cea0c..8f8bb422a5c 100644 --- a/include/linux/init_task.h +++ b/include/linux/init_task.h @@ -68,6 +68,12 @@ .session = 1, \ } +extern struct nsproxy init_nsproxy; +#define INIT_NSPROXY(nsproxy) { \ + .count = ATOMIC_INIT(1), \ + .nslock = SPIN_LOCK_UNLOCKED, \ +} + #define INIT_SIGHAND(sighand) { \ .count = ATOMIC_INIT(1), \ .action = { { { .sa_handler = NULL, } }, }, \ @@ -117,6 +123,7 @@ extern struct group_info init_groups; .files = &init_files, \ .signal = &init_signals, \ .sighand = &init_sighand, \ + .nsproxy = &init_nsproxy, \ .pending = { \ .list = LIST_HEAD_INIT(tsk.pending.list), \ .signal = {{0}}}, \ diff --git a/include/linux/nsproxy.h b/include/linux/nsproxy.h new file mode 100644 index 00000000000..7bdebfaab6a --- /dev/null +++ b/include/linux/nsproxy.h @@ -0,0 +1,45 @@ +#ifndef _LINUX_NSPROXY_H +#define _LINUX_NSPROXY_H + +#include <linux/spinlock.h> +#include <linux/sched.h> + +/* + * A structure to contain pointers to all per-process + * namespaces - fs (mount), uts, network, sysvipc, etc. + * + * 'count' is the number of tasks holding a reference. + * The count for each namespace, then, will be the number + * of nsproxies pointing to it, not the number of tasks. + * + * The nsproxy is shared by tasks which share all namespaces. + * As soon as a single namespace is cloned or unshared, the + * nsproxy is copied. + */ +struct nsproxy { + atomic_t count; + spinlock_t nslock; +}; +extern struct nsproxy init_nsproxy; + +struct nsproxy *dup_namespaces(struct nsproxy *orig); +int copy_namespaces(int flags, struct task_struct *tsk); +void get_task_namespaces(struct task_struct *tsk); +void free_nsproxy(struct nsproxy *ns); + +static inline void put_nsproxy(struct nsproxy *ns) +{ + if (atomic_dec_and_test(&ns->count)) { + free_nsproxy(ns); + } +} + +static inline void exit_task_namespaces(struct task_struct *p) +{ + struct nsproxy *ns = p->nsproxy; + if (ns) { + put_nsproxy(ns); + p->nsproxy = NULL; + } +} +#endif diff --git a/include/linux/sched.h b/include/linux/sched.h index a7fff3304bd..4fa631fa55e 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h @@ -239,6 +239,7 @@ extern signed long schedule_timeout_uninterruptible(signed long timeout); asmlinkage void schedule(void); struct namespace; +struct nsproxy; /* Maximum number of active map areas.. This is a random (large) number */ #define DEFAULT_MAX_MAP_COUNT 65536 @@ -898,6 +899,7 @@ struct task_struct { struct files_struct *files; /* namespace */ struct namespace *namespace; + struct nsproxy *nsproxy; /* signal handlers */ struct signal_struct *signal; struct sighand_struct *sighand; diff --git a/kernel/Makefile b/kernel/Makefile index aacaafb28b9..6ec53009b86 100644 --- a/kernel/Makefile +++ b/kernel/Makefile @@ -8,7 +8,7 @@ obj-y = sched.o fork.o exec_domain.o panic.o printk.o profile.o \ signal.o sys.o kmod.o workqueue.o pid.o \ rcupdate.o extable.o params.o posix-timers.o \ kthread.o wait.o kfifo.o sys_ni.o posix-cpu-timers.o mutex.o \ - hrtimer.o rwsem.o latency.o + hrtimer.o rwsem.o latency.o nsproxy.o obj-$(CONFIG_STACKTRACE) += stacktrace.o obj-y += time/ diff --git a/kernel/exit.c b/kernel/exit.c index 3b47f26985f..1d0e9ea1fa0 100644 --- a/kernel/exit.c +++ b/kernel/exit.c @@ -21,6 +21,7 @@ #include <linux/tsacct_kern.h> #include <linux/file.h> #include <linux/binfmts.h> +#include <linux/nsproxy.h> #include <linux/ptrace.h> #include <linux/profile.h> #include <linux/mount.h> @@ -397,9 +398,14 @@ void daemonize(const char *name, ...) fs = init_task.fs; current->fs = fs; atomic_inc(&fs->count); + exit_namespace(current); + exit_task_namespaces(current); current->namespace = init_task.namespace; + current->nsproxy = init_task.nsproxy; get_namespace(current->namespace); + get_task_namespaces(current); + exit_files(current); current->files = init_task.files; atomic_inc(¤t->files->count); @@ -918,6 +924,7 @@ fastcall NORET_TYPE void do_exit(long code) __exit_files(tsk); __exit_fs(tsk); exit_namespace(tsk); + exit_task_namespaces(tsk); exit_thread(); cpuset_exit(tsk); exit_keys(tsk); diff --git a/kernel/fork.c b/kernel/fork.c index 89f666491d1..c9e660ae47a 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -27,6 +27,7 @@ #include <linux/binfmts.h> #include <linux/mman.h> #include <linux/fs.h> +#include <linux/nsproxy.h> #include <linux/capability.h> #include <linux/cpu.h> #include <linux/cpuset.h> @@ -1116,8 +1117,10 @@ static struct task_struct *copy_process(unsigned long clone_flags, goto bad_fork_cleanup_signal; if ((retval = copy_keys(clone_flags, p))) goto bad_fork_cleanup_mm; - if ((retval = copy_namespace(clone_flags, p))) + if ((retval = copy_namespaces(clone_flags, p))) goto bad_fork_cleanup_keys; + if ((retval = copy_namespace(clone_flags, p))) + goto bad_fork_cleanup_namespaces; retval = copy_thread(0, clone_flags, stack_start, stack_size, p, regs); if (retval) goto bad_fork_cleanup_namespace; @@ -1262,6 +1265,8 @@ static struct task_struct *copy_process(unsigned long clone_flags, bad_fork_cleanup_namespace: exit_namespace(p); +bad_fork_cleanup_namespaces: + exit_task_namespaces(p); bad_fork_cleanup_keys: exit_keys(p); bad_fork_cleanup_mm: @@ -1606,6 +1611,7 @@ asmlinkage long sys_unshare(unsigned long unshare_flags) struct mm_struct *mm, *new_mm = NULL, *active_mm = NULL; struct files_struct *fd, *new_fd = NULL; struct sem_undo_list *new_ulist = NULL; + struct nsproxy *new_nsproxy, *old_nsproxy; check_unshare_flags(&unshare_flags); @@ -1632,7 +1638,15 @@ asmlinkage long sys_unshare(unsigned long unshare_flags) if (new_fs || new_ns || new_sigh || new_mm || new_fd || new_ulist) { + old_nsproxy = current->nsproxy; + new_nsproxy = dup_namespaces(old_nsproxy); + if (!new_nsproxy) { + err = -ENOMEM; + goto bad_unshare_cleanup_semundo; + } + task_lock(current); + current->nsproxy = new_nsproxy; if (new_fs) { fs = current->fs; @@ -1668,8 +1682,10 @@ asmlinkage long sys_unshare(unsigned long unshare_flags) } task_unlock(current); + put_nsproxy(old_nsproxy); } +bad_unshare_cleanup_semundo: bad_unshare_cleanup_fd: if (new_fd) put_files_struct(new_fd); diff --git a/kernel/nsproxy.c b/kernel/nsproxy.c new file mode 100644 index 00000000000..ad950886547 --- /dev/null +++ b/kernel/nsproxy.c @@ -0,0 +1,77 @@ +/* + * Copyright (C) 2006 IBM Corporation + * + * Author: Serge Hallyn <serue@us.ibm.com> + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation, version 2 of the + * License. + */ + +#include <linux/module.h> +#include <linux/version.h> +#include <linux/nsproxy.h> + +static inline void get_nsproxy(struct nsproxy *ns) +{ + atomic_inc(&ns->count); +} + +void get_task_namespaces(struct task_struct *tsk) +{ + struct nsproxy *ns = tsk->nsproxy; + if (ns) { + get_nsproxy(ns); + } +} + +/* + * creates a copy of "orig" with refcount 1. + * This does not grab references to the contained namespaces, + * so that needs to be done by dup_namespaces. + */ +static inline struct nsproxy *clone_namespaces(struct nsproxy *orig) +{ + struct nsproxy *ns; + + ns = kmalloc(sizeof(struct nsproxy), GFP_KERNEL); + if (ns) { + memcpy(ns, orig, sizeof(struct nsproxy)); + atomic_set(&ns->count, 1); + } + return ns; +} + +/* + * copies the nsproxy, setting refcount to 1, and grabbing a + * reference to all contained namespaces. Called from + * sys_unshare() + */ +struct nsproxy *dup_namespaces(struct nsproxy *orig) +{ + struct nsproxy *ns = clone_namespaces(orig); + + return ns; +} + +/* + * called from clone. This now handles copy for nsproxy and all + * namespaces therein. + */ +int copy_namespaces(int flags, struct task_struct *tsk) +{ + struct nsproxy *old_ns = tsk->nsproxy; + + if (!old_ns) + return 0; + + get_nsproxy(old_ns); + + return 0; +} + +void free_nsproxy(struct nsproxy *ns) +{ + kfree(ns); +} |