nsfs: add ioctl to get a parent namespace

Pid and user namepaces are hierarchical. There is no way to discover
parent-child relationships.

In a future we will use this interface to dump and restore nested
namespaces.

Acked-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Andrei Vagin <avagin@openvz.org>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>

5 files changed, 27 insertions, 0 deletions

diff --git a/fs/nsfs.c b/fs/nsfs.c
index 3887da470f7e..fb7b397a1297 100644
--- a/fs/nsfs.c
+++ b/fs/nsfs.c
@@ -171,6 +171,10 @@ static long ns_ioctl(struct file *filp, unsigned int ioctl,
         switch (ioctl) {
         case NS_GET_USERNS:
                 return open_related_ns(ns, ns_get_owner);
+        case NS_GET_PARENT:
+                if (!ns->ops->get_parent)
+                        return -EINVAL;
+                return open_related_ns(ns, ns->ops->get_parent);
         default:
                 return -ENOTTY;
         }
diff --git a/include/linux/proc_ns.h b/include/linux/proc_ns.h
index ca85a4348ffc..12cb8bd81d2d 100644
--- a/include/linux/proc_ns.h
+++ b/include/linux/proc_ns.h
@@ -19,6 +19,7 @@ struct proc_ns_operations {
         void (*put)(struct ns_common *ns);
         int (*install)(struct nsproxy *nsproxy, struct ns_common *ns);
         struct user_namespace *(*owner)(struct ns_common *ns);
+        struct ns_common *(*get_parent)(struct ns_common *ns);
 };
 
 extern const struct proc_ns_operations netns_operations;
diff --git a/include/uapi/linux/nsfs.h b/include/uapi/linux/nsfs.h
index 5cacd5c1b5d7..3af617230d1b 100644
--- a/include/uapi/linux/nsfs.h
+++ b/include/uapi/linux/nsfs.h
@@ -7,5 +7,7 @@
 
 /* Returns a file descriptor that refers to an owning user namespace */
 #define NS_GET_USERNS   _IO(NSIO, 0x1)
+/* Returns a file descriptor that refers to a parent namespace */
+#define NS_GET_PARENT   _IO(NSIO, 0x2)
 
 #endif /* __LINUX_NSFS_H */
diff --git a/kernel/pid_namespace.c b/kernel/pid_namespace.c
index c02d744225e1..4fa2d56a936c 100644
--- a/kernel/pid_namespace.c
+++ b/kernel/pid_namespace.c
@@ -388,6 +388,24 @@ static int pidns_install(struct nsproxy *nsproxy, struct ns_common *ns)
         return 0;
 }
 
+static struct ns_common *pidns_get_parent(struct ns_common *ns)
+{
+        struct pid_namespace *active = task_active_pid_ns(current);
+        struct pid_namespace *pid_ns, *p;
+
+        /* See if the parent is in the current namespace */
+        pid_ns = p = to_pid_ns(ns)->parent;
+        for (;;) {
+                if (!p)
+                        return ERR_PTR(-EPERM);
+                if (p == active)
+                        break;
+                p = p->parent;
+        }
+
+        return &get_pid_ns(pid_ns)->ns;
+}
+
 static struct user_namespace *pidns_owner(struct ns_common *ns)
 {
         return to_pid_ns(ns)->user_ns;
@@ -400,6 +418,7 @@ const struct proc_ns_operations pidns_operations = {
         .put            = pidns_put,
         .install        = pidns_install,
         .owner          = pidns_owner,
+        .get_parent     = pidns_get_parent,
 };
 
 static __init int pid_namespaces_init(void)
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
index 0ef683a03c20..a58a219b99c6 100644
--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
@@ -1034,6 +1034,7 @@ const struct proc_ns_operations userns_operations = {
         .put            = userns_put,
         .install        = userns_install,
         .owner          = userns_owner,
+        .get_parent     = ns_get_owner,
 };
 
 static __init int user_namespaces_init(void)