proc: Usable inode numbers for the namespace file descriptors.

Assign a unique proc inode to each namespace, and use that
inode number to ensure we only allocate at most one proc
inode for every namespace in proc.

A single proc inode per namespace allows userspace to test
to see if two processes are in the same namespace.

This has been a long requested feature and only blocked because
a naive implementation would put the id in a global space and
would ultimately require having a namespace for the names of
namespaces, making migration and certain virtualization tricks
impossible.

We still don't have per superblock inode numbers for proc, which
appears necessary for application unaware checkpoint/restart and
migrations (if the application is using namespace file descriptors)
but that is now allowd by the design if it becomes important.

I have preallocated the ipc and uts initial proc inode numbers so
their structures can be statically initialized.

Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>

6 files changed, 13 insertions, 1 deletions

diff --git a/include/linux/ipc_namespace.h b/include/linux/ipc_namespace.h
index f03af702a39d..fe771978e877 100644
--- a/include/linux/ipc_namespace.h
+++ b/include/linux/ipc_namespace.h
@@ -67,6 +67,8 @@ struct ipc_namespace {
 
         /* user_ns which owns the ipc ns */
         struct user_namespace *user_ns;
+
+        unsigned int    proc_inum;
 };
 
 extern struct ipc_namespace init_ipc_ns;
diff --git a/include/linux/pid_namespace.h b/include/linux/pid_namespace.h
index 4c96acdb2489..bf285999273a 100644
--- a/include/linux/pid_namespace.h
+++ b/include/linux/pid_namespace.h
@@ -37,6 +37,7 @@ struct pid_namespace {
         kgid_t pid_gid;
         int hide_pid;
         int reboot;     /* group exit code if this pidns was rebooted */
+        unsigned int proc_inum;
 };
 
 extern struct pid_namespace init_pid_ns;
diff --git a/include/linux/proc_fs.h b/include/linux/proc_fs.h
index bf1d000fbba6..2e24018b7cec 100644
--- a/include/linux/proc_fs.h
+++ b/include/linux/proc_fs.h
@@ -28,7 +28,11 @@ struct mm_struct;
  */
 
 enum {
-        PROC_ROOT_INO = 1,
+        PROC_ROOT_INO           = 1,
+        PROC_IPC_INIT_INO       = 0xEFFFFFFFU,
+        PROC_UTS_INIT_INO       = 0xEFFFFFFEU,
+        PROC_USER_INIT_INO      = 0xEFFFFFFDU,
+        PROC_PID_INIT_INO       = 0xEFFFFFFCU,
 };
 
 /*
@@ -263,6 +267,7 @@ struct proc_ns_operations {
         void *(*get)(struct task_struct *task);
         void (*put)(void *ns);
         int (*install)(struct nsproxy *nsproxy, void *ns);
+        unsigned int (*inum)(void *ns);
 };
 extern const struct proc_ns_operations netns_operations;
 extern const struct proc_ns_operations utsns_operations;
diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h
index 17651f08d67f..b9bd2e6c73cc 100644
--- a/include/linux/user_namespace.h
+++ b/include/linux/user_namespace.h
@@ -25,6 +25,7 @@ struct user_namespace {
         struct user_namespace   *parent;
         kuid_t                  owner;
         kgid_t                  group;
+        unsigned int            proc_inum;
 };
 
 extern struct user_namespace init_user_ns;
diff --git a/include/linux/utsname.h b/include/linux/utsname.h
index 221f4a0a7502..239e27733d6c 100644
--- a/include/linux/utsname.h
+++ b/include/linux/utsname.h
@@ -23,6 +23,7 @@ struct uts_namespace {
         struct kref kref;
         struct new_utsname name;
         struct user_namespace *user_ns;
+        unsigned int proc_inum;
 };
 extern struct uts_namespace init_uts_ns;
 
diff --git a/include/net/net_namespace.h b/include/net/net_namespace.h
index c5a43f56b796..de644bcd8613 100644
--- a/include/net/net_namespace.h
+++ b/include/net/net_namespace.h
@@ -56,6 +56,8 @@ struct net {
 
         struct user_namespace   *user_ns;       /* Owning user namespace */
 
+        unsigned int            proc_inum;
+
         struct proc_dir_entry   *proc_net;
         struct proc_dir_entry   *proc_net_stat;