Unverified Commit 2f5243cb authored by Christian Brauner's avatar Christian Brauner
Browse files

user: support ns lookup 



Support the generic ns lookup infrastructure to support file handles for
namespaces.

Signed-off-by: default avatarChristian Brauner <brauner@kernel.org>
parent b36c823b

kernel/user_namespace.c

+6 −1
Original line number Diff line number Diff line
@@ -21,6 +21,7 @@ 
#include <linux/fs_struct.h>

#include <linux/bsearch.h>

#include <linux/sort.h>

#include <linux/nstree.h>



static struct kmem_cache *user_ns_cachep __ro_after_init;

static DEFINE_MUTEX(userns_state_mutex);
@@ -158,6 +159,7 @@ int create_user_ns(struct cred *new) 
		goto fail_keyring;



	set_cred_user_ns(new, ns);

	ns_tree_add(ns);

	return 0;

fail_keyring:

#ifdef CONFIG_PERSISTENT_KEYRINGS
@@ -200,6 +202,7 @@ static void free_user_ns(struct work_struct *work) 
	do {

		struct ucounts *ucounts = ns->ucounts;

		parent = ns->parent;

		ns_tree_remove(ns);

		if (ns->gid_map.nr_extents > UID_GID_MAP_MAX_BASE_EXTENTS) {

			kfree(ns->gid_map.forward);

			kfree(ns->gid_map.reverse);
@@ -218,7 +221,8 @@ static void free_user_ns(struct work_struct *work) 
		retire_userns_sysctls(ns);

		key_free_user_ns(ns);

		ns_free_inum(&ns->ns);

		kmem_cache_free(user_ns_cachep, ns);

		/* Concurrent nstree traversal depends on a grace period. */

		kfree_rcu(ns, ns.ns_rcu);

		dec_user_namespaces(ucounts);

		ns = parent;

	} while (refcount_dec_and_test(&parent->ns.count));
@@ -1412,6 +1416,7 @@ const struct proc_ns_operations userns_operations = { 
static __init int user_namespaces_init(void)

{

	user_ns_cachep = KMEM_CACHE(user_namespace, SLAB_PANIC | SLAB_ACCOUNT);

	ns_tree_add(&init_user_ns);

	return 0;

}

subsys_initcall(user_namespaces_init);