~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/kernel/nsproxy.c

Version: ~ [ linux-5.5-rc1 ] ~ [ linux-5.4.2 ] ~ [ linux-5.3.15 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.88 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.158 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.206 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.206 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.19.8 ] ~ [ linux-3.18.140 ] ~ [ linux-3.17.8 ] ~ [ linux-3.16.78 ] ~ [ linux-3.15.10 ] ~ [ linux-3.14.79 ] ~ [ linux-3.13.11 ] ~ [ linux-3.12.74 ] ~ [ linux-3.11.10 ] ~ [ linux-3.10.108 ] ~ [ linux-3.9.11 ] ~ [ linux-3.8.13 ] ~ [ linux-3.7.10 ] ~ [ linux-3.6.11 ] ~ [ linux-3.5.7 ] ~ [ linux-3.4.113 ] ~ [ linux-3.3.8 ] ~ [ linux-3.2.102 ] ~ [ linux-3.1.10 ] ~ [ linux-3.0.101 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /*
  2  *  Copyright (C) 2006 IBM Corporation
  3  *
  4  *  Author: Serge Hallyn <serue@us.ibm.com>
  5  *
  6  *  This program is free software; you can redistribute it and/or
  7  *  modify it under the terms of the GNU General Public License as
  8  *  published by the Free Software Foundation, version 2 of the
  9  *  License.
 10  *
 11  *  Jun 2006 - namespaces support
 12  *             OpenVZ, SWsoft Inc.
 13  *             Pavel Emelianov <xemul@openvz.org>
 14  */
 15 
 16 #include <linux/slab.h>
 17 #include <linux/export.h>
 18 #include <linux/nsproxy.h>
 19 #include <linux/init_task.h>
 20 #include <linux/mnt_namespace.h>
 21 #include <linux/utsname.h>
 22 #include <linux/pid_namespace.h>
 23 #include <net/net_namespace.h>
 24 #include <linux/ipc_namespace.h>
 25 #include <linux/proc_fs.h>
 26 #include <linux/file.h>
 27 #include <linux/syscalls.h>
 28 
 29 static struct kmem_cache *nsproxy_cachep;
 30 
 31 struct nsproxy init_nsproxy = {
 32         .count  = ATOMIC_INIT(1),
 33         .uts_ns = &init_uts_ns,
 34 #if defined(CONFIG_POSIX_MQUEUE) || defined(CONFIG_SYSVIPC)
 35         .ipc_ns = &init_ipc_ns,
 36 #endif
 37         .mnt_ns = NULL,
 38         .pid_ns = &init_pid_ns,
 39 #ifdef CONFIG_NET
 40         .net_ns = &init_net,
 41 #endif
 42 };
 43 
 44 static inline struct nsproxy *create_nsproxy(void)
 45 {
 46         struct nsproxy *nsproxy;
 47 
 48         nsproxy = kmem_cache_alloc(nsproxy_cachep, GFP_KERNEL);
 49         if (nsproxy)
 50                 atomic_set(&nsproxy->count, 1);
 51         return nsproxy;
 52 }
 53 
 54 /*
 55  * Create new nsproxy and all of its the associated namespaces.
 56  * Return the newly created nsproxy.  Do not attach this to the task,
 57  * leave it to the caller to do proper locking and attach it to task.
 58  */
 59 static struct nsproxy *create_new_namespaces(unsigned long flags,
 60                         struct task_struct *tsk, struct fs_struct *new_fs)
 61 {
 62         struct nsproxy *new_nsp;
 63         int err;
 64 
 65         new_nsp = create_nsproxy();
 66         if (!new_nsp)
 67                 return ERR_PTR(-ENOMEM);
 68 
 69         new_nsp->mnt_ns = copy_mnt_ns(flags, tsk->nsproxy->mnt_ns, new_fs);
 70         if (IS_ERR(new_nsp->mnt_ns)) {
 71                 err = PTR_ERR(new_nsp->mnt_ns);
 72                 goto out_ns;
 73         }
 74 
 75         new_nsp->uts_ns = copy_utsname(flags, tsk);
 76         if (IS_ERR(new_nsp->uts_ns)) {
 77                 err = PTR_ERR(new_nsp->uts_ns);
 78                 goto out_uts;
 79         }
 80 
 81         new_nsp->ipc_ns = copy_ipcs(flags, tsk);
 82         if (IS_ERR(new_nsp->ipc_ns)) {
 83                 err = PTR_ERR(new_nsp->ipc_ns);
 84                 goto out_ipc;
 85         }
 86 
 87         new_nsp->pid_ns = copy_pid_ns(flags, task_active_pid_ns(tsk));
 88         if (IS_ERR(new_nsp->pid_ns)) {
 89                 err = PTR_ERR(new_nsp->pid_ns);
 90                 goto out_pid;
 91         }
 92 
 93         new_nsp->net_ns = copy_net_ns(flags, tsk->nsproxy->net_ns);
 94         if (IS_ERR(new_nsp->net_ns)) {
 95                 err = PTR_ERR(new_nsp->net_ns);
 96                 goto out_net;
 97         }
 98 
 99         return new_nsp;
100 
101 out_net:
102         if (new_nsp->pid_ns)
103                 put_pid_ns(new_nsp->pid_ns);
104 out_pid:
105         if (new_nsp->ipc_ns)
106                 put_ipc_ns(new_nsp->ipc_ns);
107 out_ipc:
108         if (new_nsp->uts_ns)
109                 put_uts_ns(new_nsp->uts_ns);
110 out_uts:
111         if (new_nsp->mnt_ns)
112                 put_mnt_ns(new_nsp->mnt_ns);
113 out_ns:
114         kmem_cache_free(nsproxy_cachep, new_nsp);
115         return ERR_PTR(err);
116 }
117 
118 /*
119  * called from clone.  This now handles copy for nsproxy and all
120  * namespaces therein.
121  */
122 int copy_namespaces(unsigned long flags, struct task_struct *tsk)
123 {
124         struct nsproxy *old_ns = tsk->nsproxy;
125         struct nsproxy *new_ns;
126         int err = 0;
127 
128         if (!old_ns)
129                 return 0;
130 
131         get_nsproxy(old_ns);
132 
133         if (!(flags & (CLONE_NEWNS | CLONE_NEWUTS | CLONE_NEWIPC |
134                                 CLONE_NEWPID | CLONE_NEWNET)))
135                 return 0;
136 
137         if (!capable(CAP_SYS_ADMIN)) {
138                 err = -EPERM;
139                 goto out;
140         }
141 
142         /*
143          * CLONE_NEWIPC must detach from the undolist: after switching
144          * to a new ipc namespace, the semaphore arrays from the old
145          * namespace are unreachable.  In clone parlance, CLONE_SYSVSEM
146          * means share undolist with parent, so we must forbid using
147          * it along with CLONE_NEWIPC.
148          */
149         if ((flags & CLONE_NEWIPC) && (flags & CLONE_SYSVSEM)) {
150                 err = -EINVAL;
151                 goto out;
152         }
153 
154         new_ns = create_new_namespaces(flags, tsk, tsk->fs);
155         if (IS_ERR(new_ns)) {
156                 err = PTR_ERR(new_ns);
157                 goto out;
158         }
159 
160         tsk->nsproxy = new_ns;
161 
162 out:
163         put_nsproxy(old_ns);
164         return err;
165 }
166 
167 void free_nsproxy(struct nsproxy *ns)
168 {
169         if (ns->mnt_ns)
170                 put_mnt_ns(ns->mnt_ns);
171         if (ns->uts_ns)
172                 put_uts_ns(ns->uts_ns);
173         if (ns->ipc_ns)
174                 put_ipc_ns(ns->ipc_ns);
175         if (ns->pid_ns)
176                 put_pid_ns(ns->pid_ns);
177         put_net(ns->net_ns);
178         kmem_cache_free(nsproxy_cachep, ns);
179 }
180 
181 /*
182  * Called from unshare. Unshare all the namespaces part of nsproxy.
183  * On success, returns the new nsproxy.
184  */
185 int unshare_nsproxy_namespaces(unsigned long unshare_flags,
186                 struct nsproxy **new_nsp, struct fs_struct *new_fs)
187 {
188         int err = 0;
189 
190         if (!(unshare_flags & (CLONE_NEWNS | CLONE_NEWUTS | CLONE_NEWIPC |
191                                CLONE_NEWNET)))
192                 return 0;
193 
194         if (!capable(CAP_SYS_ADMIN))
195                 return -EPERM;
196 
197         *new_nsp = create_new_namespaces(unshare_flags, current,
198                                 new_fs ? new_fs : current->fs);
199         if (IS_ERR(*new_nsp)) {
200                 err = PTR_ERR(*new_nsp);
201                 goto out;
202         }
203 
204 out:
205         return err;
206 }
207 
208 void switch_task_namespaces(struct task_struct *p, struct nsproxy *new)
209 {
210         struct nsproxy *ns;
211 
212         might_sleep();
213 
214         ns = p->nsproxy;
215 
216         rcu_assign_pointer(p->nsproxy, new);
217 
218         if (ns && atomic_dec_and_test(&ns->count)) {
219                 /*
220                  * wait for others to get what they want from this nsproxy.
221                  *
222                  * cannot release this nsproxy via the call_rcu() since
223                  * put_mnt_ns() will want to sleep
224                  */
225                 synchronize_rcu();
226                 free_nsproxy(ns);
227         }
228 }
229 
230 void exit_task_namespaces(struct task_struct *p)
231 {
232         switch_task_namespaces(p, NULL);
233 }
234 
235 SYSCALL_DEFINE2(setns, int, fd, int, nstype)
236 {
237         const struct proc_ns_operations *ops;
238         struct task_struct *tsk = current;
239         struct nsproxy *new_nsproxy;
240         struct proc_inode *ei;
241         struct file *file;
242         int err;
243 
244         if (!capable(CAP_SYS_ADMIN))
245                 return -EPERM;
246 
247         file = proc_ns_fget(fd);
248         if (IS_ERR(file))
249                 return PTR_ERR(file);
250 
251         err = -EINVAL;
252         ei = PROC_I(file->f_dentry->d_inode);
253         ops = ei->ns_ops;
254         if (nstype && (ops->type != nstype))
255                 goto out;
256 
257         new_nsproxy = create_new_namespaces(0, tsk, tsk->fs);
258         if (IS_ERR(new_nsproxy)) {
259                 err = PTR_ERR(new_nsproxy);
260                 goto out;
261         }
262 
263         err = ops->install(new_nsproxy, ei->ns);
264         if (err) {
265                 free_nsproxy(new_nsproxy);
266                 goto out;
267         }
268         switch_task_namespaces(tsk, new_nsproxy);
269 out:
270         fput(file);
271         return err;
272 }
273 
274 int __init nsproxy_cache_init(void)
275 {
276         nsproxy_cachep = KMEM_CACHE(nsproxy, SLAB_PANIC);
277         return 0;
278 }
279 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp