ns proc: Add support for the user namespace
Add the basic namespace file support, but do not
add support for setns.
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
diff --git a/fs/proc/namespaces.c b/fs/proc/namespaces.c
index 65bfeec..f500ed9 100644
--- a/fs/proc/namespaces.c
+++ b/fs/proc/namespaces.c
@@ -26,6 +26,9 @@
&ipcns_operations,
#endif
&mntns_operations,
+#ifdef CONFIG_USER_NS
+ &userns_operations,
+#endif
};
static const struct file_operations ns_file_operations = {
diff --git a/include/linux/proc_fs.h b/include/linux/proc_fs.h
index 9ca36ea..86d4b39 100644
--- a/include/linux/proc_fs.h
+++ b/include/linux/proc_fs.h
@@ -31,6 +31,7 @@
PROC_ROOT_INO = 1,
PROC_IPC_INIT_INO = 0xEFFFFFFFU,
PROC_UTS_INIT_INO = 0xEFFFFFFEU,
+ PROC_USER_INIT_INO = 0xEFFFFFFDU,
};
@@ -272,6 +273,7 @@
extern const struct proc_ns_operations utsns_operations;
extern const struct proc_ns_operations ipcns_operations;
extern const struct proc_ns_operations mntns_operations;
+extern const struct proc_ns_operations userns_operations;
union proc_op {
int (*proc_get_link)(struct inode *, struct path *);
diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h
index faf4679..5ecc988 100644
--- a/include/linux/user_namespace.h
+++ b/include/linux/user_namespace.h
@@ -14,6 +14,7 @@
struct hlist_head uidhash_table[UIDHASH_SZ];
struct user_struct *creator;
struct work_struct destroyer;
+ unsigned int proc_inum;
};
extern struct user_namespace init_user_ns;
diff --git a/kernel/user.c b/kernel/user.c
index 9e03e9c..867fc65 100644
--- a/kernel/user.c
+++ b/kernel/user.c
@@ -16,6 +16,7 @@
#include <linux/interrupt.h>
#include <linux/module.h>
#include <linux/user_namespace.h>
+#include <linux/proc_fs.h>
/*
* userns count is 1 for root user, 1 for init_uts_ns,
@@ -26,6 +27,7 @@
.refcount = ATOMIC_INIT(3),
},
.creator = &root_user,
+ .proc_inum = PROC_USER_INIT_INO,
};
EXPORT_SYMBOL_GPL(init_user_ns);
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
index 9da289c..3c2e8f8 100644
--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
@@ -11,6 +11,7 @@
#include <linux/user_namespace.h>
#include <linux/highuid.h>
#include <linux/cred.h>
+#include <linux/proc_fs.h>
static struct kmem_cache *user_ns_cachep __read_mostly;
@@ -27,11 +28,18 @@
struct user_namespace *ns;
struct user_struct *root_user;
int n;
+ int ret;
ns = kmem_cache_alloc(user_ns_cachep, GFP_KERNEL);
if (!ns)
return -ENOMEM;
+ ret = proc_alloc_inum(&ns->proc_inum);
+ if (ret) {
+ kmem_cache_free(user_ns_cachep, ns);
+ return ret;
+ }
+
kref_init(&ns->kref);
for (n = 0; n < UIDHASH_SZ; ++n)
@@ -40,6 +48,7 @@
/* Alloc new root user. */
root_user = alloc_uid(ns, 0);
if (!root_user) {
+ proc_free_inum(ns->proc_inum);
kmem_cache_free(user_ns_cachep, ns);
return -ENOMEM;
}
@@ -73,6 +82,7 @@
struct user_namespace *ns =
container_of(work, struct user_namespace, destroyer);
free_uid(ns->creator);
+ proc_free_inum(ns->proc_inum);
kmem_cache_free(user_ns_cachep, ns);
}
@@ -135,3 +145,33 @@
return 0;
}
module_init(user_namespaces_init);
+
+static void *userns_get(struct task_struct *task)
+{
+ return get_user_ns(task_cred_xxx(task, user)->user_ns);
+}
+
+static void userns_put(void *ns)
+{
+ put_user_ns(ns);
+}
+
+static int userns_install(struct nsproxy *nsproxy, void *ns)
+{
+ return -EINVAL;
+}
+
+static unsigned int userns_inum(void *ns)
+{
+ struct user_namespace *user_ns = ns;
+ return user_ns->proc_inum;
+}
+
+const struct proc_ns_operations userns_operations = {
+ .name = "user",
+ .type = CLONE_NEWNS,
+ .get = userns_get,
+ .put = userns_put,
+ .install = userns_install,
+ .inum = userns_inum,
+};
