sysctl: Infrastructure for per namespace sysctls

This patch implements the basic infrastructure for per namespace sysctls. A list of lists of sysctl headers is added, allowing each namespace to have it's own list of sysctl headers. Each list of sysctl headers has a lookup function to find the first sysctl header in the list, allowing the lists to have a per namespace instance. register_sysct_root is added to tell sysctl.c about additional lists of sysctl_headers. As all of the users are expected to be in kernel no unregister function is provided. sysctl_head_next is updated to walk through the list of lists. __register_sysctl_paths is added to add a new sysctl table on a non-default sysctl list. The only intrusive part of this patch is propagating the information to decided which list of sysctls to use for sysctl_check_table. Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Cc: Serge Hallyn <serue@us.ibm.com> Cc: Daniel Lezcano <dlezcano@fr.ibm.com> Cc: Cedric Le Goater <clg@fr.ibm.com> Cc: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Eric W. Biederman <ebiederm@xmission.com> 2007-11-30 07:54:00 -0500
committer: David S. Miller <davem@davemloft.net> 2008-01-28 17:55:17 -0500
commit: e51b6ba077791f2f8c876022b37419be7a2ceec3 (patch)
tree: 9d8ca18f3239eff84cad5b79b715c332970fa89d /kernel/sysctl_check.c
parent: 23eb06de7d2d333a0f7ebba2da663e00c9c9483e (diff)
1 files changed, 14 insertions, 11 deletions
diff --git a/kernel/sysctl_check.c b/kernel/sysctl_check.c
index d8a5558a47b4..c3206fa50048 100644
--- a/kernel/sysctl_check.c
+++ b/kernel/sysctl_check.c
@@ -1342,7 +1342,8 @@ static void sysctl_repair_table(struct ctl_table *table)
        }
 }
-static struct ctl_table *sysctl_check_lookup(struct ctl_table *table)
+static struct ctl_table *sysctl_check_lookup(struct nsproxy *namespaces,
+                                                struct ctl_table *table)
 {
        struct ctl_table_header *head;
        struct ctl_table *ref, *test;
@@ -1350,8 +1351,8 @@ static struct ctl_table *sysctl_check_lookup(struct ctl_table *table)
        depth = sysctl_depth(table);
-        for (head = sysctl_head_next(NULL); head;
+        for (head = __sysctl_head_next(namespaces, NULL); head;
-             head = sysctl_head_next(head)) {
+             head = __sysctl_head_next(namespaces, head)) {
                cur_depth = depth;
                ref = head->ctl_table;
 repeat:
@@ -1396,13 +1397,14 @@ static void set_fail(const char **fail, struct ctl_table *table, const char *str
        *fail = str;
 }
-static int sysctl_check_dir(struct ctl_table *table)
+static int sysctl_check_dir(struct nsproxy *namespaces,
+                                struct ctl_table *table)
 {
        struct ctl_table *ref;
        int error;
        error = 0;
-        ref = sysctl_check_lookup(table);
+        ref = sysctl_check_lookup(namespaces, table);
        if (ref) {
                int match = 0;
                if ((!table->procname && !ref->procname) ||
@@ -1427,11 +1429,12 @@ static int sysctl_check_dir(struct ctl_table *table)
        return error;
 }
-static void sysctl_check_leaf(struct ctl_table *table, const char **fail)
+static void sysctl_check_leaf(struct nsproxy *namespaces,
+                                struct ctl_table *table, const char **fail)
 {
        struct ctl_table *ref;
-        ref = sysctl_check_lookup(table);
+        ref = sysctl_check_lookup(namespaces, table);
        if (ref && (ref != table))
                set_fail(fail, table, "Sysctl already exists");
 }
@@ -1455,7 +1458,7 @@ static void sysctl_check_bin_path(struct ctl_table *table, const char **fail)
        }
 }
-int sysctl_check_table(struct ctl_table *table)
+int sysctl_check_table(struct nsproxy *namespaces, struct ctl_table *table)
 {
        int error = 0;
        for (; table->ctl_name || table->procname; table++) {
@@ -1485,7 +1488,7 @@ int sysctl_check_table(struct ctl_table *table)
                                set_fail(&fail, table, "Directory with extra1");
                        if (table->extra2)
                                set_fail(&fail, table, "Directory with extra2");
-                        if (sysctl_check_dir(table))
+                        if (sysctl_check_dir(namespaces, table))
                                set_fail(&fail, table, "Inconsistent directory names");
                } else {
                        if ((table->strategy == sysctl_data) ||
@@ -1534,7 +1537,7 @@ int sysctl_check_table(struct ctl_table *table)
                        if (!table->procname && table->proc_handler)
                                set_fail(&fail, table, "proc_handler without procname");
 #endif
-                        sysctl_check_leaf(table, &fail);
+                        sysctl_check_leaf(namespaces, table, &fail);
                }
                sysctl_check_bin_path(table, &fail);
                if (fail) {
@@ -1542,7 +1545,7 @@ int sysctl_check_table(struct ctl_table *table)
                        error = -EINVAL;
                }
                if (table->child)
-                        error |= sysctl_check_table(table->child);
+                        error |= sysctl_check_table(namespaces, table->child);
        }
        return error;
 }
author	Eric W. Biederman <ebiederm@xmission.com>	2007-11-30 07:54:00 -0500
committer	David S. Miller <davem@davemloft.net>	2008-01-28 17:55:17 -0500
commit	e51b6ba077791f2f8c876022b37419be7a2ceec3 (patch)
tree	9d8ca18f3239eff84cad5b79b715c332970fa89d /kernel/sysctl_check.c
parent	23eb06de7d2d333a0f7ebba2da663e00c9c9483e (diff)