[PATCH] namespaces: incorporate fs namespace into nsproxy
This moves the mount namespace into the nsproxy. The mount namespace count now refers to the number of nsproxies point to it, rather than the number of tasks. As a result, the unshare_namespace() function in kernel/fork.c no longer checks whether it is being shared. Signed-off-by: Serge Hallyn <serue@us.ibm.com> Cc: Kirill Korotaev <dev@openvz.org> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Cc: Herbert Poetzl <herbert@13thfloor.at> Cc: Andrey Savochkin <saw@sw.ru> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This commit is contained in:
Serge E. Hallyn
zatwierdzone przez
Linus Torvalds
Linus Torvalds
rodzic
0437eb594e
commit
1651e14e28
@@ -399,11 +399,8 @@ void daemonize(const char *name, ...)
|
||||
current->fs = fs;
|
||||
atomic_inc(&fs->count);
|
||||
|
||||
exit_namespace(current);
|
||||
exit_task_namespaces(current);
|
||||
current->namespace = init_task.namespace;
|
||||
current->nsproxy = init_task.nsproxy;
|
||||
get_namespace(current->namespace);
|
||||
get_task_namespaces(current);
|
||||
|
||||
exit_files(current);
|
||||
@@ -923,7 +920,6 @@ fastcall NORET_TYPE void do_exit(long code)
|
||||
exit_sem(tsk);
|
||||
__exit_files(tsk);
|
||||
__exit_fs(tsk);
|
||||
exit_namespace(tsk);
|
||||
exit_task_namespaces(tsk);
|
||||
exit_thread();
|
||||
cpuset_exit(tsk);
|
||||
|
||||
@@ -1119,11 +1119,9 @@ static struct task_struct *copy_process(unsigned long clone_flags,
|
||||
goto bad_fork_cleanup_mm;
|
||||
if ((retval = copy_namespaces(clone_flags, p)))
|
||||
goto bad_fork_cleanup_keys;
|
||||
if ((retval = copy_namespace(clone_flags, p)))
|
||||
goto bad_fork_cleanup_namespaces;
|
||||
retval = copy_thread(0, clone_flags, stack_start, stack_size, p, regs);
|
||||
if (retval)
|
||||
goto bad_fork_cleanup_namespace;
|
||||
goto bad_fork_cleanup_namespaces;
|
||||
|
||||
p->set_child_tid = (clone_flags & CLONE_CHILD_SETTID) ? child_tidptr : NULL;
|
||||
/*
|
||||
@@ -1215,7 +1213,7 @@ static struct task_struct *copy_process(unsigned long clone_flags,
|
||||
spin_unlock(¤t->sighand->siglock);
|
||||
write_unlock_irq(&tasklist_lock);
|
||||
retval = -ERESTARTNOINTR;
|
||||
goto bad_fork_cleanup_namespace;
|
||||
goto bad_fork_cleanup_namespaces;
|
||||
}
|
||||
|
||||
if (clone_flags & CLONE_THREAD) {
|
||||
@@ -1263,8 +1261,6 @@ static struct task_struct *copy_process(unsigned long clone_flags,
|
||||
proc_fork_connector(p);
|
||||
return p;
|
||||
|
||||
bad_fork_cleanup_namespace:
|
||||
exit_namespace(p);
|
||||
bad_fork_cleanup_namespaces:
|
||||
exit_task_namespaces(p);
|
||||
bad_fork_cleanup_keys:
|
||||
@@ -1519,10 +1515,9 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp)
|
||||
*/
|
||||
static int unshare_namespace(unsigned long unshare_flags, struct namespace **new_nsp, struct fs_struct *new_fs)
|
||||
{
|
||||
struct namespace *ns = current->namespace;
|
||||
struct namespace *ns = current->nsproxy->namespace;
|
||||
|
||||
if ((unshare_flags & CLONE_NEWNS) &&
|
||||
(ns && atomic_read(&ns->count) > 1)) {
|
||||
if ((unshare_flags & CLONE_NEWNS) && ns) {
|
||||
if (!capable(CAP_SYS_ADMIN))
|
||||
return -EPERM;
|
||||
|
||||
@@ -1655,8 +1650,8 @@ asmlinkage long sys_unshare(unsigned long unshare_flags)
|
||||
}
|
||||
|
||||
if (new_ns) {
|
||||
ns = current->namespace;
|
||||
current->namespace = new_ns;
|
||||
ns = current->nsproxy->namespace;
|
||||
current->nsproxy->namespace = new_ns;
|
||||
new_ns = ns;
|
||||
}
|
||||
|
||||
|
||||
@@ -13,6 +13,7 @@
|
||||
#include <linux/version.h>
|
||||
#include <linux/nsproxy.h>
|
||||
#include <linux/init_task.h>
|
||||
#include <linux/namespace.h>
|
||||
|
||||
struct nsproxy init_nsproxy = INIT_NSPROXY(init_nsproxy);
|
||||
|
||||
@@ -55,6 +56,11 @@ struct nsproxy *dup_namespaces(struct nsproxy *orig)
|
||||
{
|
||||
struct nsproxy *ns = clone_namespaces(orig);
|
||||
|
||||
if (ns) {
|
||||
if (ns->namespace)
|
||||
get_namespace(ns->namespace);
|
||||
}
|
||||
|
||||
return ns;
|
||||
}
|
||||
|
||||
@@ -65,16 +71,40 @@ struct nsproxy *dup_namespaces(struct nsproxy *orig)
|
||||
int copy_namespaces(int flags, struct task_struct *tsk)
|
||||
{
|
||||
struct nsproxy *old_ns = tsk->nsproxy;
|
||||
struct nsproxy *new_ns;
|
||||
int err = 0;
|
||||
|
||||
if (!old_ns)
|
||||
return 0;
|
||||
|
||||
get_nsproxy(old_ns);
|
||||
|
||||
return 0;
|
||||
if (!(flags & CLONE_NEWNS))
|
||||
return 0;
|
||||
|
||||
new_ns = clone_namespaces(old_ns);
|
||||
if (!new_ns) {
|
||||
err = -ENOMEM;
|
||||
goto out;
|
||||
}
|
||||
|
||||
tsk->nsproxy = new_ns;
|
||||
|
||||
err = copy_namespace(flags, tsk);
|
||||
if (err) {
|
||||
tsk->nsproxy = old_ns;
|
||||
put_nsproxy(new_ns);
|
||||
goto out;
|
||||
}
|
||||
|
||||
out:
|
||||
put_nsproxy(old_ns);
|
||||
return err;
|
||||
}
|
||||
|
||||
void free_nsproxy(struct nsproxy *ns)
|
||||
{
|
||||
if (ns->namespace)
|
||||
put_namespace(ns->namespace);
|
||||
kfree(ns);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user