diff options
| author | Eric W. Biederman <ebiederm@xmission.com> | 2007-09-27 01:04:26 -0400 |
|---|---|---|
| committer | David S. Miller <davem@sunset.davemloft.net> | 2007-10-10 19:52:46 -0400 |
| commit | 9dd776b6d7b0b85966b6ddd03e2b2aae59012ab1 (patch) | |
| tree | ed92aee1f242bb31a0965a4156063eac916ae15e /kernel/nsproxy.c | |
| parent | 8b41d1887db718be9a2cd9e18c58ce25a4c7fd93 (diff) | |
[NET]: Add network namespace clone & unshare support.
This patch allows you to create a new network namespace
using sys_clone, or sys_unshare.
As the network namespace is still experimental and under development
clone and unshare support is only made available when CONFIG_NET_NS is
selected at compile time.
As this patch introduces network namespace support into code paths
that exist when the CONFIG_NET is not selected there are a few
additions made to net_namespace.h to allow a few more functions
to be used when the networking stack is not compiled in.
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'kernel/nsproxy.c')
| -rw-r--r-- | kernel/nsproxy.c | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/kernel/nsproxy.c b/kernel/nsproxy.c index a4fb7d46971f..f1decd21a534 100644 --- a/kernel/nsproxy.c +++ b/kernel/nsproxy.c | |||
| @@ -20,6 +20,7 @@ | |||
| 20 | #include <linux/mnt_namespace.h> | 20 | #include <linux/mnt_namespace.h> |
| 21 | #include <linux/utsname.h> | 21 | #include <linux/utsname.h> |
| 22 | #include <linux/pid_namespace.h> | 22 | #include <linux/pid_namespace.h> |
| 23 | #include <net/net_namespace.h> | ||
| 23 | 24 | ||
| 24 | static struct kmem_cache *nsproxy_cachep; | 25 | static struct kmem_cache *nsproxy_cachep; |
| 25 | 26 | ||
| @@ -98,8 +99,17 @@ static struct nsproxy *create_new_namespaces(unsigned long flags, | |||
| 98 | goto out_user; | 99 | goto out_user; |
| 99 | } | 100 | } |
| 100 | 101 | ||
| 102 | new_nsp->net_ns = copy_net_ns(flags, tsk->nsproxy->net_ns); | ||
| 103 | if (IS_ERR(new_nsp->net_ns)) { | ||
| 104 | err = PTR_ERR(new_nsp->net_ns); | ||
| 105 | goto out_net; | ||
| 106 | } | ||
| 107 | |||
| 101 | return new_nsp; | 108 | return new_nsp; |
| 102 | 109 | ||
| 110 | out_net: | ||
| 111 | if (new_nsp->user_ns) | ||
| 112 | put_user_ns(new_nsp->user_ns); | ||
| 103 | out_user: | 113 | out_user: |
| 104 | if (new_nsp->pid_ns) | 114 | if (new_nsp->pid_ns) |
| 105 | put_pid_ns(new_nsp->pid_ns); | 115 | put_pid_ns(new_nsp->pid_ns); |
| @@ -132,7 +142,7 @@ int copy_namespaces(unsigned long flags, struct task_struct *tsk) | |||
| 132 | 142 | ||
| 133 | get_nsproxy(old_ns); | 143 | get_nsproxy(old_ns); |
| 134 | 144 | ||
| 135 | if (!(flags & (CLONE_NEWNS | CLONE_NEWUTS | CLONE_NEWIPC | CLONE_NEWUSER))) | 145 | if (!(flags & (CLONE_NEWNS | CLONE_NEWUTS | CLONE_NEWIPC | CLONE_NEWUSER | CLONE_NEWNET))) |
| 136 | return 0; | 146 | return 0; |
| 137 | 147 | ||
| 138 | if (!capable(CAP_SYS_ADMIN)) { | 148 | if (!capable(CAP_SYS_ADMIN)) { |
| @@ -164,6 +174,7 @@ void free_nsproxy(struct nsproxy *ns) | |||
| 164 | put_pid_ns(ns->pid_ns); | 174 | put_pid_ns(ns->pid_ns); |
| 165 | if (ns->user_ns) | 175 | if (ns->user_ns) |
| 166 | put_user_ns(ns->user_ns); | 176 | put_user_ns(ns->user_ns); |
| 177 | put_net(ns->net_ns); | ||
| 167 | kmem_cache_free(nsproxy_cachep, ns); | 178 | kmem_cache_free(nsproxy_cachep, ns); |
| 168 | } | 179 | } |
| 169 | 180 | ||
| @@ -177,7 +188,7 @@ int unshare_nsproxy_namespaces(unsigned long unshare_flags, | |||
| 177 | int err = 0; | 188 | int err = 0; |
| 178 | 189 | ||
| 179 | if (!(unshare_flags & (CLONE_NEWNS | CLONE_NEWUTS | CLONE_NEWIPC | | 190 | if (!(unshare_flags & (CLONE_NEWNS | CLONE_NEWUTS | CLONE_NEWIPC | |
| 180 | CLONE_NEWUSER))) | 191 | CLONE_NEWUSER | CLONE_NEWNET))) |
| 181 | return 0; | 192 | return 0; |
| 182 | 193 | ||
| 183 | if (!capable(CAP_SYS_ADMIN)) | 194 | if (!capable(CAP_SYS_ADMIN)) |