Merge git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/linux-2.6-nsfd

* git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/linux-2.6-nsfd: net: fix get_net_ns_by_fd for !CONFIG_NET_NS ns proc: Return -ENOENT for a nonexistent /proc/self/ns/ entry. ns: Declare sys_setns in syscalls.h net: Allow setting the network namespace by fd ns proc: Add support for the ipc namespace ns proc: Add support for the uts namespace ns proc: Add support for the network namespace. ns: Introduce the setns syscall ns: proc files for namespace naming policy.
author: Linus Torvalds <torvalds@linux-foundation.org> 2011-05-25 21:10:16 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2011-05-25 21:10:16 -0400
commit: 14d74e0cab7a7779a7ff0c3863c04c8a8e507106 (patch)
tree: 5e27d7495f8f7ce178b637d588ec42bd7b4173d8 /fs/proc
parent: 49a78d085fa6b44d6ed791923c7172a6433589c2 (diff)
parent: 956c920786694f51601a0ef7ee12956fd6aa216e (diff)
5 files changed, 233 insertions, 11 deletions
diff --git a/fs/proc/Makefile b/fs/proc/Makefile
index df434c5f28fb..c1c729335924 100644
--- a/fs/proc/Makefile
+++ b/fs/proc/Makefile
@@ -20,6 +20,7 @@ proc-y	+= stat.o
 proc-y  += uptime.o
 proc-y  += version.o
 proc-y  += softirqs.o
+proc-y  += namespaces.o
 proc-$(CONFIG_PROC_SYSCTL)      += proc_sysctl.o
 proc-$(CONFIG_NET)              += proc_net.o
 proc-$(CONFIG_PROC_KCORE)       += kcore.o
diff --git a/fs/proc/base.c b/fs/proc/base.c
index dfa532730e55..dc8bca72b002 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -600,7 +600,7 @@ static int proc_fd_access_allowed(struct inode *inode)
        return allowed;
 }
-static int proc_setattr(struct dentry *dentry, struct iattr *attr)
+int proc_setattr(struct dentry *dentry, struct iattr *attr)
 {
        int error;
        struct inode *inode = dentry->d_inode;
@@ -1736,8 +1736,7 @@ static int task_dumpable(struct task_struct *task)
        return 0;
 }
+struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *task)
-static struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *task)
 {
        struct inode * inode;
        struct proc_inode *ei;
@@ -1779,7 +1778,7 @@ out_unlock:
        return NULL;
 }
-static int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat)
+int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat)
 {
        struct inode *inode = dentry->d_inode;
        struct task_struct *task;
@@ -1820,7 +1819,7 @@ static int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat
 * made this apply to all per process world readable and executable
 * directories.
 */
-static int pid_revalidate(struct dentry *dentry, struct nameidata *nd)
+int pid_revalidate(struct dentry *dentry, struct nameidata *nd)
 {
        struct inode *inode;
        struct task_struct *task;
@@ -1862,7 +1861,7 @@ static int pid_delete_dentry(const struct dentry * dentry)
        return !proc_pid(dentry->d_inode)->tasks[PIDTYPE_PID].first;
 }
-static const struct dentry_operations pid_dentry_operations =
+const struct dentry_operations pid_dentry_operations =
 {
        .d_revalidate   = pid_revalidate,
        .d_delete       = pid_delete_dentry,
@@ -1870,9 +1869,6 @@ static const struct dentry_operations pid_dentry_operations =
 /* Lookups */
-typedef struct dentry *instantiate_t(struct inode *, struct dentry *,
-                                struct task_struct *, const void *);
 /*
 * Fill a directory entry.
 *
@@ -1885,8 +1881,8 @@ typedef struct dentry *instantiate_t(struct inode *, struct dentry *,
 * reported by readdir in sync with the inode numbers reported
 * by stat.
 */
-static int proc_fill_cache(struct file *filp, void *dirent, filldir_t filldir,
+int proc_fill_cache(struct file *filp, void *dirent, filldir_t filldir,
-        char *name, int len,
+        const char *name, int len,
        instantiate_t instantiate, struct task_struct *task, const void *ptr)
 {
        struct dentry *child, *dir = filp->f_path.dentry;
@@ -2820,6 +2816,7 @@ static const struct pid_entry tgid_base_stuff[] = {
        DIR("task",       S_IRUGO|S_IXUGO, proc_task_inode_operations, proc_task_operations),
        DIR("fd",         S_IRUSR|S_IXUSR, proc_fd_inode_operations, proc_fd_operations),
        DIR("fdinfo",     S_IRUSR|S_IXUSR, proc_fdinfo_inode_operations, proc_fdinfo_operations),
+        DIR("ns",         S_IRUSR|S_IXUGO, proc_ns_dir_inode_operations, proc_ns_dir_operations),
 #ifdef CONFIG_NET
        DIR("net",        S_IRUGO|S_IXUGO, proc_net_inode_operations, proc_net_operations),
 #endif
@@ -3168,6 +3165,7 @@ out_no_task:
 static const struct pid_entry tid_base_stuff[] = {
        DIR("fd",        S_IRUSR|S_IXUSR, proc_fd_inode_operations, proc_fd_operations),
        DIR("fdinfo",    S_IRUSR|S_IXUSR, proc_fdinfo_inode_operations, proc_fdinfo_operations),
+        DIR("ns",        S_IRUSR|S_IXUGO, proc_ns_dir_inode_operations, proc_ns_dir_operations),
        REG("environ",   S_IRUSR, proc_environ_operations),
        INF("auxv",      S_IRUSR, proc_pid_auxv),
        ONE("status",    S_IRUGO, proc_pid_status),
diff --git a/fs/proc/inode.c b/fs/proc/inode.c
index d15aa1b1cc8f..74b48cfa1bb2 100644
--- a/fs/proc/inode.c
+++ b/fs/proc/inode.c
@@ -28,6 +28,7 @@ static void proc_evict_inode(struct inode *inode)
 {
        struct proc_dir_entry *de;
        struct ctl_table_header *head;
+        const struct proc_ns_operations *ns_ops;
        truncate_inode_pages(&inode->i_data, 0);
        end_writeback(inode);
@@ -44,6 +45,10 @@ static void proc_evict_inode(struct inode *inode)
                rcu_assign_pointer(PROC_I(inode)->sysctl, NULL);
                sysctl_head_put(head);
        }
+        /* Release any associated namespace */
+        ns_ops = PROC_I(inode)->ns_ops;
+        if (ns_ops && ns_ops->put)
+                ns_ops->put(PROC_I(inode)->ns);
 }
 static struct kmem_cache * proc_inode_cachep;
@@ -62,6 +67,8 @@ static struct inode *proc_alloc_inode(struct super_block *sb)
        ei->pde = NULL;
        ei->sysctl = NULL;
        ei->sysctl_entry = NULL;
+        ei->ns = NULL;
+        ei->ns_ops = NULL;
        inode = &ei->vfs_inode;
        inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME;
        return inode;
diff --git a/fs/proc/internal.h b/fs/proc/internal.h
index 3763b436e69d..7838e5cfec14 100644
--- a/fs/proc/internal.h
+++ b/fs/proc/internal.h
@@ -127,3 +127,21 @@ struct inode *proc_get_inode(struct super_block *, struct proc_dir_entry *);
 */
 int proc_readdir(struct file *, void *, filldir_t);
 struct dentry *proc_lookup(struct inode *, struct dentry *, struct nameidata *);
+/* Lookups */
+typedef struct dentry *instantiate_t(struct inode *, struct dentry *,
+                                struct task_struct *, const void *);
+int proc_fill_cache(struct file *filp, void *dirent, filldir_t filldir,
+        const char *name, int len,
+        instantiate_t instantiate, struct task_struct *task, const void *ptr);
+int pid_revalidate(struct dentry *dentry, struct nameidata *nd);
+struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *task);
+extern const struct dentry_operations pid_dentry_operations;
+int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat);
+int proc_setattr(struct dentry *dentry, struct iattr *attr);
+extern const struct inode_operations proc_ns_dir_inode_operations;
+extern const struct file_operations proc_ns_dir_operations;
diff --git a/fs/proc/namespaces.c b/fs/proc/namespaces.c
new file mode 100644
index 000000000000..781dec5bd682
--- /dev/null
+++ b/fs/proc/namespaces.c
@@ -0,0 +1,198 @@
+#include <linux/proc_fs.h>
+#include <linux/nsproxy.h>
+#include <linux/sched.h>
+#include <linux/ptrace.h>
+#include <linux/fs_struct.h>
+#include <linux/mount.h>
+#include <linux/path.h>
+#include <linux/namei.h>
+#include <linux/file.h>
+#include <linux/utsname.h>
+#include <net/net_namespace.h>
+#include <linux/mnt_namespace.h>
+#include <linux/ipc_namespace.h>
+#include <linux/pid_namespace.h>
+#include "internal.h"
+static const struct proc_ns_operations *ns_entries[] = {
+#ifdef CONFIG_NET_NS
+        &netns_operations,
+#endif
+#ifdef CONFIG_UTS_NS
+        &utsns_operations,
+#endif
+#ifdef CONFIG_IPC_NS
+        &ipcns_operations,
+#endif
+};
+static const struct file_operations ns_file_operations = {
+        .llseek         = no_llseek,
+};
+static struct dentry *proc_ns_instantiate(struct inode *dir,
+        struct dentry *dentry, struct task_struct *task, const void *ptr)
+{
+        const struct proc_ns_operations *ns_ops = ptr;
+        struct inode *inode;
+        struct proc_inode *ei;
+        struct dentry *error = ERR_PTR(-ENOENT);
+        inode = proc_pid_make_inode(dir->i_sb, task);
+        if (!inode)
+                goto out;
+        ei = PROC_I(inode);
+        inode->i_mode = S_IFREG|S_IRUSR;
+        inode->i_fop  = &ns_file_operations;
+        ei->ns_ops    = ns_ops;
+        ei->ns        = ns_ops->get(task);
+        if (!ei->ns)
+                goto out_iput;
+        dentry->d_op = &pid_dentry_operations;
+        d_add(dentry, inode);
+        /* Close the race of the process dying before we return the dentry */
+        if (pid_revalidate(dentry, NULL))
+                error = NULL;
+out:
+        return error;
+out_iput:
+        iput(inode);
+        goto out;
+}
+static int proc_ns_fill_cache(struct file *filp, void *dirent,
+        filldir_t filldir, struct task_struct *task,
+        const struct proc_ns_operations *ops)
+{
+        return proc_fill_cache(filp, dirent, filldir,
+                                ops->name, strlen(ops->name),
+                                proc_ns_instantiate, task, ops);
+}
+static int proc_ns_dir_readdir(struct file *filp, void *dirent,
+                                filldir_t filldir)
+{
+        int i;
+        struct dentry *dentry = filp->f_path.dentry;
+        struct inode *inode = dentry->d_inode;
+        struct task_struct *task = get_proc_task(inode);
+        const struct proc_ns_operations **entry, **last;
+        ino_t ino;
+        int ret;
+        ret = -ENOENT;
+        if (!task)
+                goto out_no_task;
+        ret = -EPERM;
+        if (!ptrace_may_access(task, PTRACE_MODE_READ))
+                goto out;
+        ret = 0;
+        i = filp->f_pos;
+        switch (i) {
+        case 0:
+                ino = inode->i_ino;
+                if (filldir(dirent, ".", 1, i, ino, DT_DIR) < 0)
+                        goto out;
+                i++;
+                filp->f_pos++;
+                /* fall through */
+        case 1:
+                ino = parent_ino(dentry);
+                if (filldir(dirent, "..", 2, i, ino, DT_DIR) < 0)
+                        goto out;
+                i++;
+                filp->f_pos++;
+                /* fall through */
+        default:
+                i -= 2;
+                if (i >= ARRAY_SIZE(ns_entries)) {
+                        ret = 1;
+                        goto out;
+                }
+                entry = ns_entries + i;
+                last = &ns_entries[ARRAY_SIZE(ns_entries) - 1];
+                while (entry <= last) {
+                        if (proc_ns_fill_cache(filp, dirent, filldir,
+                                                task, *entry) < 0)
+                                goto out;
+                        filp->f_pos++;
+                        entry++;
+                }
+        }
+        ret = 1;
+out:
+        put_task_struct(task);
+out_no_task:
+        return ret;
+}
+const struct file_operations proc_ns_dir_operations = {
+        .read           = generic_read_dir,
+        .readdir        = proc_ns_dir_readdir,
+};
+static struct dentry *proc_ns_dir_lookup(struct inode *dir,
+                                struct dentry *dentry, struct nameidata *nd)
+{
+        struct dentry *error;
+        struct task_struct *task = get_proc_task(dir);
+        const struct proc_ns_operations **entry, **last;
+        unsigned int len = dentry->d_name.len;
+        error = ERR_PTR(-ENOENT);
+        if (!task)
+                goto out_no_task;
+        error = ERR_PTR(-EPERM);
+        if (!ptrace_may_access(task, PTRACE_MODE_READ))
+                goto out;
+        last = &ns_entries[ARRAY_SIZE(ns_entries) - 1];
+        for (entry = ns_entries; entry <= last; entry++) {
+                if (strlen((*entry)->name) != len)
+                        continue;
+                if (!memcmp(dentry->d_name.name, (*entry)->name, len))
+                        break;
+        }
+        error = ERR_PTR(-ENOENT);
+        if (entry > last)
+                goto out;
+        error = proc_ns_instantiate(dir, dentry, task, *entry);
+out:
+        put_task_struct(task);
+out_no_task:
+        return error;
+}
+const struct inode_operations proc_ns_dir_inode_operations = {
+        .lookup         = proc_ns_dir_lookup,
+        .getattr        = pid_getattr,
+        .setattr        = proc_setattr,
+};
+struct file *proc_ns_fget(int fd)
+{
+        struct file *file;
+        file = fget(fd);
+        if (!file)
+                return ERR_PTR(-EBADF);
+        if (file->f_op != &ns_file_operations)
+                goto out_invalid;
+        return file;
+out_invalid:
+        fput(file);
+        return ERR_PTR(-EINVAL);
+}
author	Linus Torvalds <torvalds@linux-foundation.org>	2011-05-25 21:10:16 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2011-05-25 21:10:16 -0400
commit	14d74e0cab7a7779a7ff0c3863c04c8a8e507106 (patch)
tree	5e27d7495f8f7ce178b637d588ec42bd7b4173d8 /fs/proc
parent	49a78d085fa6b44d6ed791923c7172a6433589c2 (diff)
parent	956c920786694f51601a0ef7ee12956fd6aa216e (diff)

diff --git a/fs/proc/Makefile b/fs/proc/Makefile index df434c5f28fb..c1c729335924 100644 --- a/fs/proc/Makefile +++ b/fs/proc/Makefile
@@ -20,6 +20,7 @@ proc-y += stat.o
20	proc-y += uptime.o	20	proc-y += uptime.o
21	proc-y += version.o	21	proc-y += version.o
22	proc-y += softirqs.o	22	proc-y += softirqs.o
		23	proc-y += namespaces.o
23	proc-$(CONFIG_PROC_SYSCTL) += proc_sysctl.o	24	proc-$(CONFIG_PROC_SYSCTL) += proc_sysctl.o
24	proc-$(CONFIG_NET) += proc_net.o	25	proc-$(CONFIG_NET) += proc_net.o
25	proc-$(CONFIG_PROC_KCORE) += kcore.o	26	proc-$(CONFIG_PROC_KCORE) += kcore.o


diff --git a/fs/proc/base.c b/fs/proc/base.c index dfa532730e55..dc8bca72b002 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c
@@ -600,7 +600,7 @@ static int proc_fd_access_allowed(struct inode *inode)
600	return allowed;	600	return allowed;
601	}	601	}
602		602
603	static int proc_setattr(struct dentry dentry, struct iattr attr)	603	int proc_setattr(struct dentry dentry, struct iattr attr)
604	{	604	{
605	int error;	605	int error;
606	struct inode *inode = dentry->d_inode;	606	struct inode *inode = dentry->d_inode;
@@ -1736,8 +1736,7 @@ static int task_dumpable(struct task_struct *task)
1736	return 0;	1736	return 0;
1737	}	1737	}
1738		1738
1739		1739	struct inode proc_pid_make_inode(struct super_block sb, struct task_struct *task)
1740	static struct inode proc_pid_make_inode(struct super_block sb, struct task_struct *task)
1741	{	1740	{
1742	struct inode * inode;	1741	struct inode * inode;
1743	struct proc_inode *ei;	1742	struct proc_inode *ei;
@@ -1779,7 +1778,7 @@ out_unlock:
1779	return NULL;	1778	return NULL;
1780	}	1779	}
1781		1780
1782	static int pid_getattr(struct vfsmount mnt, struct dentry dentry, struct kstat *stat)	1781	int pid_getattr(struct vfsmount mnt, struct dentry dentry, struct kstat *stat)
1783	{	1782	{
1784	struct inode *inode = dentry->d_inode;	1783	struct inode *inode = dentry->d_inode;
1785	struct task_struct *task;	1784	struct task_struct *task;
@@ -1820,7 +1819,7 @@ static int pid_getattr(struct vfsmount mnt, struct dentry dentry, struct kstat
1820	* made this apply to all per process world readable and executable	1819	* made this apply to all per process world readable and executable
1821	* directories.	1820	* directories.
1822	*/	1821	*/
1823	static int pid_revalidate(struct dentry dentry, struct nameidata nd)	1822	int pid_revalidate(struct dentry dentry, struct nameidata nd)
1824	{	1823	{
1825	struct inode *inode;	1824	struct inode *inode;
1826	struct task_struct *task;	1825	struct task_struct *task;
@@ -1862,7 +1861,7 @@ static int pid_delete_dentry(const struct dentry * dentry)
1862	return !proc_pid(dentry->d_inode)->tasks[PIDTYPE_PID].first;	1861	return !proc_pid(dentry->d_inode)->tasks[PIDTYPE_PID].first;
1863	}	1862	}
1864		1863
1865	static const struct dentry_operations pid_dentry_operations =	1864	const struct dentry_operations pid_dentry_operations =
1866	{	1865	{
1867	.d_revalidate = pid_revalidate,	1866	.d_revalidate = pid_revalidate,
1868	.d_delete = pid_delete_dentry,	1867	.d_delete = pid_delete_dentry,
@@ -1870,9 +1869,6 @@ static const struct dentry_operations pid_dentry_operations =
1870		1869
1871	/* Lookups */	1870	/* Lookups */
1872		1871
1873	typedef struct dentry instantiate_t(struct inode , struct dentry *,
1874	struct task_struct , const void );
1875
1876	/*	1872	/*
1877	* Fill a directory entry.	1873	* Fill a directory entry.
1878	*	1874	*
@@ -1885,8 +1881,8 @@ typedef struct dentry instantiate_t(struct inode , struct dentry *,
1885	* reported by readdir in sync with the inode numbers reported	1881	* reported by readdir in sync with the inode numbers reported
1886	* by stat.	1882	* by stat.
1887	*/	1883	*/
1888	static int proc_fill_cache(struct file filp, void dirent, filldir_t filldir,	1884	int proc_fill_cache(struct file filp, void dirent, filldir_t filldir,
1889	char *name, int len,	1885	const char *name, int len,
1890	instantiate_t instantiate, struct task_struct task, const void ptr)	1886	instantiate_t instantiate, struct task_struct task, const void ptr)
1891	{	1887	{
1892	struct dentry child, dir = filp->f_path.dentry;	1888	struct dentry child, dir = filp->f_path.dentry;
@@ -2820,6 +2816,7 @@ static const struct pid_entry tgid_base_stuff[] = {
2820	DIR("task", S_IRUGO\|S_IXUGO, proc_task_inode_operations, proc_task_operations),	2816	DIR("task", S_IRUGO\|S_IXUGO, proc_task_inode_operations, proc_task_operations),
2821	DIR("fd", S_IRUSR\|S_IXUSR, proc_fd_inode_operations, proc_fd_operations),	2817	DIR("fd", S_IRUSR\|S_IXUSR, proc_fd_inode_operations, proc_fd_operations),
2822	DIR("fdinfo", S_IRUSR\|S_IXUSR, proc_fdinfo_inode_operations, proc_fdinfo_operations),	2818	DIR("fdinfo", S_IRUSR\|S_IXUSR, proc_fdinfo_inode_operations, proc_fdinfo_operations),
		2819	DIR("ns", S_IRUSR\|S_IXUGO, proc_ns_dir_inode_operations, proc_ns_dir_operations),
2823	#ifdef CONFIG_NET	2820	#ifdef CONFIG_NET
2824	DIR("net", S_IRUGO\|S_IXUGO, proc_net_inode_operations, proc_net_operations),	2821	DIR("net", S_IRUGO\|S_IXUGO, proc_net_inode_operations, proc_net_operations),
2825	#endif	2822	#endif
@@ -3168,6 +3165,7 @@ out_no_task:
3168	static const struct pid_entry tid_base_stuff[] = {	3165	static const struct pid_entry tid_base_stuff[] = {
3169	DIR("fd", S_IRUSR\|S_IXUSR, proc_fd_inode_operations, proc_fd_operations),	3166	DIR("fd", S_IRUSR\|S_IXUSR, proc_fd_inode_operations, proc_fd_operations),
3170	DIR("fdinfo", S_IRUSR\|S_IXUSR, proc_fdinfo_inode_operations, proc_fdinfo_operations),	3167	DIR("fdinfo", S_IRUSR\|S_IXUSR, proc_fdinfo_inode_operations, proc_fdinfo_operations),
		3168	DIR("ns", S_IRUSR\|S_IXUGO, proc_ns_dir_inode_operations, proc_ns_dir_operations),
3171	REG("environ", S_IRUSR, proc_environ_operations),	3169	REG("environ", S_IRUSR, proc_environ_operations),
3172	INF("auxv", S_IRUSR, proc_pid_auxv),	3170	INF("auxv", S_IRUSR, proc_pid_auxv),
3173	ONE("status", S_IRUGO, proc_pid_status),	3171	ONE("status", S_IRUGO, proc_pid_status),


diff --git a/fs/proc/inode.c b/fs/proc/inode.c index d15aa1b1cc8f..74b48cfa1bb2 100644 --- a/fs/proc/inode.c +++ b/fs/proc/inode.c
@@ -28,6 +28,7 @@ static void proc_evict_inode(struct inode *inode)
28	{	28	{
29	struct proc_dir_entry *de;	29	struct proc_dir_entry *de;
30	struct ctl_table_header *head;	30	struct ctl_table_header *head;
		31	const struct proc_ns_operations *ns_ops;
31		32
32	truncate_inode_pages(&inode->i_data, 0);	33	truncate_inode_pages(&inode->i_data, 0);
33	end_writeback(inode);	34	end_writeback(inode);
@@ -44,6 +45,10 @@ static void proc_evict_inode(struct inode *inode)
44	rcu_assign_pointer(PROC_I(inode)->sysctl, NULL);	45	rcu_assign_pointer(PROC_I(inode)->sysctl, NULL);
45	sysctl_head_put(head);	46	sysctl_head_put(head);
46	}	47	}
		48	/* Release any associated namespace */
		49	ns_ops = PROC_I(inode)->ns_ops;
		50	if (ns_ops && ns_ops->put)
		51	ns_ops->put(PROC_I(inode)->ns);
47	}	52	}
48		53
49	static struct kmem_cache * proc_inode_cachep;	54	static struct kmem_cache * proc_inode_cachep;
@@ -62,6 +67,8 @@ static struct inode proc_alloc_inode(struct super_block sb)
62	ei->pde = NULL;	67	ei->pde = NULL;
63	ei->sysctl = NULL;	68	ei->sysctl = NULL;
64	ei->sysctl_entry = NULL;	69	ei->sysctl_entry = NULL;
		70	ei->ns = NULL;
		71	ei->ns_ops = NULL;
65	inode = &ei->vfs_inode;	72	inode = &ei->vfs_inode;
66	inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME;	73	inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME;
67	return inode;	74	return inode;


diff --git a/fs/proc/internal.h b/fs/proc/internal.h index 3763b436e69d..7838e5cfec14 100644 --- a/fs/proc/internal.h +++ b/fs/proc/internal.h
@@ -127,3 +127,21 @@ struct inode proc_get_inode(struct super_block , struct proc_dir_entry *);
127	*/	127	*/
128	int proc_readdir(struct file , void , filldir_t);	128	int proc_readdir(struct file , void , filldir_t);
129	struct dentry proc_lookup(struct inode , struct dentry , struct nameidata );	129	struct dentry proc_lookup(struct inode , struct dentry , struct nameidata );
		130
		131
		132
		133	/* Lookups */
		134	typedef struct dentry instantiate_t(struct inode , struct dentry *,
		135	struct task_struct , const void );
		136	int proc_fill_cache(struct file filp, void dirent, filldir_t filldir,
		137	const char *name, int len,
		138	instantiate_t instantiate, struct task_struct task, const void ptr);
		139	int pid_revalidate(struct dentry dentry, struct nameidata nd);
		140	struct inode proc_pid_make_inode(struct super_block sb, struct task_struct *task);
		141	extern const struct dentry_operations pid_dentry_operations;
		142	int pid_getattr(struct vfsmount mnt, struct dentry dentry, struct kstat *stat);
		143	int proc_setattr(struct dentry dentry, struct iattr attr);
		144
		145	extern const struct inode_operations proc_ns_dir_inode_operations;
		146	extern const struct file_operations proc_ns_dir_operations;
		147


diff --git a/fs/proc/namespaces.c b/fs/proc/namespaces.c new file mode 100644 index 000000000000..781dec5bd682 --- /dev/null +++ b/fs/proc/namespaces.c
@@ -0,0 +1,198 @@
		1	#include <linux/proc_fs.h>
		2	#include <linux/nsproxy.h>
		3	#include <linux/sched.h>
		4	#include <linux/ptrace.h>
		5	#include <linux/fs_struct.h>
		6	#include <linux/mount.h>
		7	#include <linux/path.h>
		8	#include <linux/namei.h>
		9	#include <linux/file.h>
		10	#include <linux/utsname.h>
		11	#include <net/net_namespace.h>
		12	#include <linux/mnt_namespace.h>
		13	#include <linux/ipc_namespace.h>
		14	#include <linux/pid_namespace.h>
		15	#include "internal.h"
		16
		17
		18	static const struct proc_ns_operations *ns_entries[] = {
		19	#ifdef CONFIG_NET_NS
		20	&netns_operations,
		21	#endif
		22	#ifdef CONFIG_UTS_NS
		23	&utsns_operations,
		24	#endif
		25	#ifdef CONFIG_IPC_NS
		26	&ipcns_operations,
		27	#endif
		28	};
		29
		30	static const struct file_operations ns_file_operations = {
		31	.llseek = no_llseek,
		32	};
		33
		34	static struct dentry proc_ns_instantiate(struct inode dir,
		35	struct dentry dentry, struct task_struct task, const void *ptr)
		36	{
		37	const struct proc_ns_operations *ns_ops = ptr;
		38	struct inode *inode;
		39	struct proc_inode *ei;
		40	struct dentry *error = ERR_PTR(-ENOENT);
		41
		42	inode = proc_pid_make_inode(dir->i_sb, task);
		43	if (!inode)
		44	goto out;
		45
		46	ei = PROC_I(inode);
		47	inode->i_mode = S_IFREG\|S_IRUSR;
		48	inode->i_fop = &ns_file_operations;
		49	ei->ns_ops = ns_ops;
		50	ei->ns = ns_ops->get(task);
		51	if (!ei->ns)
		52	goto out_iput;
		53
		54	dentry->d_op = &pid_dentry_operations;
		55	d_add(dentry, inode);
		56	/* Close the race of the process dying before we return the dentry */
		57	if (pid_revalidate(dentry, NULL))
		58	error = NULL;
		59	out:
		60	return error;
		61	out_iput:
		62	iput(inode);
		63	goto out;
		64	}
		65
		66	static int proc_ns_fill_cache(struct file filp, void dirent,
		67	filldir_t filldir, struct task_struct *task,
		68	const struct proc_ns_operations *ops)
		69	{
		70	return proc_fill_cache(filp, dirent, filldir,
		71	ops->name, strlen(ops->name),
		72	proc_ns_instantiate, task, ops);
		73	}
		74
		75	static int proc_ns_dir_readdir(struct file filp, void dirent,
		76	filldir_t filldir)
		77	{
		78	int i;
		79	struct dentry *dentry = filp->f_path.dentry;
		80	struct inode *inode = dentry->d_inode;
		81	struct task_struct *task = get_proc_task(inode);
		82	const struct proc_ns_operations entry, last;
		83	ino_t ino;
		84	int ret;
		85
		86	ret = -ENOENT;
		87	if (!task)
		88	goto out_no_task;
		89
		90	ret = -EPERM;
		91	if (!ptrace_may_access(task, PTRACE_MODE_READ))
		92	goto out;
		93
		94	ret = 0;
		95	i = filp->f_pos;
		96	switch (i) {
		97	case 0:
		98	ino = inode->i_ino;
		99	if (filldir(dirent, ".", 1, i, ino, DT_DIR) < 0)
		100	goto out;
		101	i++;
		102	filp->f_pos++;
		103	/* fall through */
		104	case 1:
		105	ino = parent_ino(dentry);
		106	if (filldir(dirent, "..", 2, i, ino, DT_DIR) < 0)
		107	goto out;
		108	i++;
		109	filp->f_pos++;
		110	/* fall through */
		111	default:
		112	i -= 2;
		113	if (i >= ARRAY_SIZE(ns_entries)) {
		114	ret = 1;
		115	goto out;
		116	}
		117	entry = ns_entries + i;
		118	last = &ns_entries[ARRAY_SIZE(ns_entries) - 1];
		119	while (entry <= last) {
		120	if (proc_ns_fill_cache(filp, dirent, filldir,
		121	task, *entry) < 0)
		122	goto out;
		123	filp->f_pos++;
		124	entry++;
		125	}
		126	}
		127
		128	ret = 1;
		129	out:
		130	put_task_struct(task);
		131	out_no_task:
		132	return ret;
		133	}
		134
		135	const struct file_operations proc_ns_dir_operations = {
		136	.read = generic_read_dir,
		137	.readdir = proc_ns_dir_readdir,
		138	};
		139
		140	static struct dentry proc_ns_dir_lookup(struct inode dir,
		141	struct dentry dentry, struct nameidata nd)
		142	{
		143	struct dentry *error;
		144	struct task_struct *task = get_proc_task(dir);
		145	const struct proc_ns_operations entry, last;
		146	unsigned int len = dentry->d_name.len;
		147
		148	error = ERR_PTR(-ENOENT);
		149
		150	if (!task)
		151	goto out_no_task;
		152
		153	error = ERR_PTR(-EPERM);
		154	if (!ptrace_may_access(task, PTRACE_MODE_READ))
		155	goto out;
		156
		157	last = &ns_entries[ARRAY_SIZE(ns_entries) - 1];
		158	for (entry = ns_entries; entry <= last; entry++) {
		159	if (strlen((*entry)->name) != len)
		160	continue;
		161	if (!memcmp(dentry->d_name.name, (*entry)->name, len))
		162	break;
		163	}
		164	error = ERR_PTR(-ENOENT);
		165	if (entry > last)
		166	goto out;
		167
		168	error = proc_ns_instantiate(dir, dentry, task, *entry);
		169	out:
		170	put_task_struct(task);
		171	out_no_task:
		172	return error;
		173	}
		174
		175	const struct inode_operations proc_ns_dir_inode_operations = {
		176	.lookup = proc_ns_dir_lookup,
		177	.getattr = pid_getattr,
		178	.setattr = proc_setattr,
		179	};
		180
		181	struct file *proc_ns_fget(int fd)
		182	{
		183	struct file *file;
		184
		185	file = fget(fd);
		186	if (!file)
		187	return ERR_PTR(-EBADF);
		188
		189	if (file->f_op != &ns_file_operations)
		190	goto out_invalid;
		191
		192	return file;
		193
		194	out_invalid:
		195	fput(file);
		196	return ERR_PTR(-EINVAL);
		197	}
		198