Merge sys_clone()/sys_unshare() nsproxy and namespace handling
sys_clone() and sys_unshare() both makes copies of nsproxy and its associated namespaces. But they have different code paths. This patch merges all the nsproxy and its associated namespace copy/clone handling (as much as possible). Posted on container list earlier for feedback. - Create a new nsproxy and its associated namespaces and pass it back to caller to attach it to right process. - Changed all copy_*_ns() routines to return a new copy of namespace instead of attaching it to task->nsproxy. - Moved the CAP_SYS_ADMIN checks out of copy_*_ns() routines. - Removed unnessary !ns checks from copy_*_ns() and added BUG_ON() just incase. - Get rid of all individual unshare_*_ns() routines and make use of copy_*_ns() instead. [akpm@osdl.org: cleanups, warning fix] [clg@fr.ibm.com: remove dup_namespaces() declaration] [serue@us.ibm.com: fix CONFIG_IPC_NS=n, clone(CLONE_NEWIPC) retval] [akpm@linux-foundation.org: fix build with CONFIG_SYSVIPC=n] Signed-off-by: Badari Pulavarty <pbadari@us.ibm.com> Signed-off-by: Serge Hallyn <serue@us.ibm.com> Cc: Cedric Le Goater <clg@fr.ibm.com> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Cc: <containers@lists.osdl.org> Signed-off-by: Cedric Le Goater <clg@fr.ibm.com> Cc: Oleg Nesterov <oleg@tv-sign.ru> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Этот коммит содержится в:
Badari Pulavarty
коммит произвёл
Linus Torvalds
Linus Torvalds
родитель
4fc75ff481
Коммит
e3222c4ecc
53
ipc/util.c
53
ipc/util.c
@@ -85,53 +85,20 @@ err_mem:
|
||||
return ERR_PTR(err);
|
||||
}
|
||||
|
||||
int unshare_ipcs(unsigned long unshare_flags, struct ipc_namespace **new_ipc)
|
||||
struct ipc_namespace *copy_ipcs(unsigned long flags, struct ipc_namespace *ns)
|
||||
{
|
||||
struct ipc_namespace *new;
|
||||
|
||||
if (unshare_flags & CLONE_NEWIPC) {
|
||||
if (!capable(CAP_SYS_ADMIN))
|
||||
return -EPERM;
|
||||
|
||||
new = clone_ipc_ns(current->nsproxy->ipc_ns);
|
||||
if (IS_ERR(new))
|
||||
return PTR_ERR(new);
|
||||
|
||||
*new_ipc = new;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int copy_ipcs(unsigned long flags, struct task_struct *tsk)
|
||||
{
|
||||
struct ipc_namespace *old_ns = tsk->nsproxy->ipc_ns;
|
||||
struct ipc_namespace *new_ns;
|
||||
int err = 0;
|
||||
|
||||
if (!old_ns)
|
||||
return 0;
|
||||
|
||||
get_ipc_ns(old_ns);
|
||||
BUG_ON(!ns);
|
||||
get_ipc_ns(ns);
|
||||
|
||||
if (!(flags & CLONE_NEWIPC))
|
||||
return 0;
|
||||
return ns;
|
||||
|
||||
if (!capable(CAP_SYS_ADMIN)) {
|
||||
err = -EPERM;
|
||||
goto out;
|
||||
}
|
||||
new_ns = clone_ipc_ns(ns);
|
||||
|
||||
new_ns = clone_ipc_ns(old_ns);
|
||||
if (!new_ns) {
|
||||
err = -ENOMEM;
|
||||
goto out;
|
||||
}
|
||||
|
||||
tsk->nsproxy->ipc_ns = new_ns;
|
||||
out:
|
||||
put_ipc_ns(old_ns);
|
||||
return err;
|
||||
put_ipc_ns(ns);
|
||||
return new_ns;
|
||||
}
|
||||
|
||||
void free_ipc_ns(struct kref *kref)
|
||||
@@ -145,11 +112,11 @@ void free_ipc_ns(struct kref *kref)
|
||||
kfree(ns);
|
||||
}
|
||||
#else
|
||||
int copy_ipcs(unsigned long flags, struct task_struct *tsk)
|
||||
struct ipc_namespace *copy_ipcs(unsigned long flags, struct ipc_namespace *ns)
|
||||
{
|
||||
if (flags & CLONE_NEWIPC)
|
||||
return -EINVAL;
|
||||
return 0;
|
||||
return ERR_PTR(-EINVAL);
|
||||
return ns;
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
Ссылка в новой задаче
Block a user