diff options
| author | Eric W. Biederman <ebiederm@xmission.com> | 2012-08-02 07:25:10 -0400 |
|---|---|---|
| committer | Eric W. Biederman <ebiederm@xmission.com> | 2012-11-19 08:57:31 -0500 |
| commit | 49f4d8b93ccf9454284b6f524b96c66d8d7fbccc (patch) | |
| tree | 06540b59a9d302687fd0519239729c1612d0e2b7 /include/linux/pid_namespace.h | |
| parent | ae06c7c83fc6e97ba247a261921c101960f3d28f (diff) | |
pidns: Capture the user namespace and filter ns_last_pid
- Capture the the user namespace that creates the pid namespace
- Use that user namespace to test if it is ok to write to
/proc/sys/kernel/ns_last_pid.
Zhao Hongjiang <zhaohongjiang@huawei.com> noticed I was missing a put_user_ns
in when destroying a pid_ns. I have foloded his patch into this one
so that bisects will work properly.
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Diffstat (limited to 'include/linux/pid_namespace.h')
| -rw-r--r-- | include/linux/pid_namespace.h | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/include/linux/pid_namespace.h b/include/linux/pid_namespace.h index 65e3e87eacc5..c89c9cfcd247 100644 --- a/include/linux/pid_namespace.h +++ b/include/linux/pid_namespace.h | |||
| @@ -31,6 +31,7 @@ struct pid_namespace { | |||
| 31 | #ifdef CONFIG_BSD_PROCESS_ACCT | 31 | #ifdef CONFIG_BSD_PROCESS_ACCT |
| 32 | struct bsd_acct_struct *bacct; | 32 | struct bsd_acct_struct *bacct; |
| 33 | #endif | 33 | #endif |
| 34 | struct user_namespace *user_ns; | ||
| 34 | kgid_t pid_gid; | 35 | kgid_t pid_gid; |
| 35 | int hide_pid; | 36 | int hide_pid; |
| 36 | int reboot; /* group exit code if this pidns was rebooted */ | 37 | int reboot; /* group exit code if this pidns was rebooted */ |
| @@ -46,7 +47,8 @@ static inline struct pid_namespace *get_pid_ns(struct pid_namespace *ns) | |||
| 46 | return ns; | 47 | return ns; |
| 47 | } | 48 | } |
| 48 | 49 | ||
| 49 | extern struct pid_namespace *copy_pid_ns(unsigned long flags, struct pid_namespace *ns); | 50 | extern struct pid_namespace *copy_pid_ns(unsigned long flags, |
| 51 | struct user_namespace *user_ns, struct pid_namespace *ns); | ||
| 50 | extern void zap_pid_ns_processes(struct pid_namespace *pid_ns); | 52 | extern void zap_pid_ns_processes(struct pid_namespace *pid_ns); |
| 51 | extern int reboot_pid_ns(struct pid_namespace *pid_ns, int cmd); | 53 | extern int reboot_pid_ns(struct pid_namespace *pid_ns, int cmd); |
| 52 | extern void put_pid_ns(struct pid_namespace *ns); | 54 | extern void put_pid_ns(struct pid_namespace *ns); |
| @@ -59,8 +61,8 @@ static inline struct pid_namespace *get_pid_ns(struct pid_namespace *ns) | |||
| 59 | return ns; | 61 | return ns; |
| 60 | } | 62 | } |
| 61 | 63 | ||
| 62 | static inline struct pid_namespace * | 64 | static inline struct pid_namespace *copy_pid_ns(unsigned long flags, |
| 63 | copy_pid_ns(unsigned long flags, struct pid_namespace *ns) | 65 | struct user_namespace *user_ns, struct pid_namespace *ns) |
| 64 | { | 66 | { |
| 65 | if (flags & CLONE_NEWPID) | 67 | if (flags & CLONE_NEWPID) |
| 66 | ns = ERR_PTR(-EINVAL); | 68 | ns = ERR_PTR(-EINVAL); |