Merge sys_clone()/sys_unshare() nsproxy and namespace handling

sys_clone() and sys_unshare() both makes copies of nsproxy and its associated namespaces. But they have different code paths. This patch merges all the nsproxy and its associated namespace copy/clone handling (as much as possible). Posted on container list earlier for feedback. - Create a new nsproxy and its associated namespaces and pass it back to caller to attach it to right process. - Changed all copy_*_ns() routines to return a new copy of namespace instead of attaching it to task->nsproxy. - Moved the CAP_SYS_ADMIN checks out of copy_*_ns() routines. - Removed unnessary !ns checks from copy_*_ns() and added BUG_ON() just incase. - Get rid of all individual unshare_*_ns() routines and make use of copy_*_ns() instead. [akpm@osdl.org: cleanups, warning fix] [clg@fr.ibm.com: remove dup_namespaces() declaration] [serue@us.ibm.com: fix CONFIG_IPC_NS=n, clone(CLONE_NEWIPC) retval] [akpm@linux-foundation.org: fix build with CONFIG_SYSVIPC=n] Signed-off-by: Badari Pulavarty <pbadari@us.ibm.com> Signed-off-by: Serge Hallyn <serue@us.ibm.com> Cc: Cedric Le Goater <clg@fr.ibm.com> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Cc: <containers@lists.osdl.org> Signed-off-by: Cedric Le Goater <clg@fr.ibm.com> Cc: Oleg Nesterov <oleg@tv-sign.ru> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
author: Badari Pulavarty <pbadari@us.ibm.com> 2007-05-08 03:25:21 -0400
committer: Linus Torvalds <torvalds@woody.linux-foundation.org> 2007-05-08 14:15:00 -0400
commit: e3222c4ecc649c4ae568e61dda9349482401b501 (patch)
tree: d96614ef67d947a3dd8ab0929a4755bce9fdbcc1 /ipc
parent: 4fc75ff4816c3483b4b772b2f6cb3d8fd88ca547 (diff)
1 files changed, 10 insertions, 43 deletions
diff --git a/ipc/util.c b/ipc/util.c
index 0b652387d169..0ad5b1c3ca01 100644
--- a/ipc/util.c
+++ b/ipc/util.c
@@ -85,53 +85,20 @@ err_mem:
        return ERR_PTR(err);
 }
-int unshare_ipcs(unsigned long unshare_flags, struct ipc_namespace **new_ipc)
+struct ipc_namespace *copy_ipcs(unsigned long flags, struct ipc_namespace *ns)
 {
-        struct ipc_namespace *new;
-        if (unshare_flags & CLONE_NEWIPC) {
-                if (!capable(CAP_SYS_ADMIN))
-                        return -EPERM;
-                new = clone_ipc_ns(current->nsproxy->ipc_ns);
-                if (IS_ERR(new))
-                        return PTR_ERR(new);
-                *new_ipc = new;
-        }
-        return 0;
-}
-int copy_ipcs(unsigned long flags, struct task_struct *tsk)
-{
-        struct ipc_namespace *old_ns = tsk->nsproxy->ipc_ns;
        struct ipc_namespace *new_ns;
-        int err = 0;
-        if (!old_ns)
+        BUG_ON(!ns);
-                return 0;
+        get_ipc_ns(ns);
-        get_ipc_ns(old_ns);
        if (!(flags & CLONE_NEWIPC))
-                return 0;
+                return ns;
-        if (!capable(CAP_SYS_ADMIN)) {
+        new_ns = clone_ipc_ns(ns);
-                err = -EPERM;
-                goto out;
-        }
-        new_ns = clone_ipc_ns(old_ns);
+        put_ipc_ns(ns);
-        if (!new_ns) {
+        return new_ns;
-                err = -ENOMEM;
-                goto out;
-        }
-        tsk->nsproxy->ipc_ns = new_ns;
-out:
-        put_ipc_ns(old_ns);
-        return err;
 }
 void free_ipc_ns(struct kref *kref)
@@ -145,11 +112,11 @@ void free_ipc_ns(struct kref *kref)
        kfree(ns);
 }
 #else
-int copy_ipcs(unsigned long flags, struct task_struct *tsk)
+struct ipc_namespace *copy_ipcs(unsigned long flags, struct ipc_namespace *ns)
 {
        if (flags & CLONE_NEWIPC)
-                return -EINVAL;
+                return ERR_PTR(-EINVAL);
-        return 0;
+        return ns;
 }
 #endif
author	Badari Pulavarty <pbadari@us.ibm.com>	2007-05-08 03:25:21 -0400
committer	Linus Torvalds <torvalds@woody.linux-foundation.org>	2007-05-08 14:15:00 -0400
commit	e3222c4ecc649c4ae568e61dda9349482401b501 (patch)
tree	d96614ef67d947a3dd8ab0929a4755bce9fdbcc1 /ipc
parent	4fc75ff4816c3483b4b772b2f6cb3d8fd88ca547 (diff)

diff --git a/ipc/util.c b/ipc/util.c index 0b652387d169..0ad5b1c3ca01 100644 --- a/ipc/util.c +++ b/ipc/util.c
@@ -85,53 +85,20 @@ err_mem:
85	return ERR_PTR(err);	85	return ERR_PTR(err);
86	}	86	}
87		87
88	int unshare_ipcs(unsigned long unshare_flags, struct ipc_namespace **new_ipc)	88	struct ipc_namespace copy_ipcs(unsigned long flags, struct ipc_namespace ns)
89	{	89	{
90	struct ipc_namespace *new;
91
92	if (unshare_flags & CLONE_NEWIPC) {
93	if (!capable(CAP_SYS_ADMIN))
94	return -EPERM;
95
96	new = clone_ipc_ns(current->nsproxy->ipc_ns);
97	if (IS_ERR(new))
98	return PTR_ERR(new);
99
100	*new_ipc = new;
101	}
102
103	return 0;
104	}
105
106	int copy_ipcs(unsigned long flags, struct task_struct *tsk)
107	{
108	struct ipc_namespace *old_ns = tsk->nsproxy->ipc_ns;
109	struct ipc_namespace *new_ns;	90	struct ipc_namespace *new_ns;
110	int err = 0;
111		91
112	if (!old_ns)	92	BUG_ON(!ns);
113	return 0;	93	get_ipc_ns(ns);
114
115	get_ipc_ns(old_ns);
116		94
117	if (!(flags & CLONE_NEWIPC))	95	if (!(flags & CLONE_NEWIPC))
118	return 0;	96	return ns;
119		97
120	if (!capable(CAP_SYS_ADMIN)) {	98	new_ns = clone_ipc_ns(ns);
121	err = -EPERM;
122	goto out;
123	}
124		99
125	new_ns = clone_ipc_ns(old_ns);	100	put_ipc_ns(ns);
126	if (!new_ns) {	101	return new_ns;
127	err = -ENOMEM;
128	goto out;
129	}
130
131	tsk->nsproxy->ipc_ns = new_ns;
132	out:
133	put_ipc_ns(old_ns);
134	return err;
135	}	102	}
136		103
137	void free_ipc_ns(struct kref *kref)	104	void free_ipc_ns(struct kref *kref)
@@ -145,11 +112,11 @@ void free_ipc_ns(struct kref *kref)
145	kfree(ns);	112	kfree(ns);
146	}	113	}
147	#else	114	#else
148	int copy_ipcs(unsigned long flags, struct task_struct *tsk)	115	struct ipc_namespace copy_ipcs(unsigned long flags, struct ipc_namespace ns)
149	{	116	{
150	if (flags & CLONE_NEWIPC)	117	if (flags & CLONE_NEWIPC)
151	return -EINVAL;	118	return ERR_PTR(-EINVAL);
152	return 0;	119	return ns;
153	}	120	}
154	#endif	121	#endif
155		122