aboutsummaryrefslogtreecommitdiffstats
path: root/lib/kobject.c
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2013-09-07 17:35:32 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2013-09-07 17:35:32 -0400
commitc7c4591db64dbd1e504bc4e2806d7ef290a3c81b (patch)
treea2fb124f9760eec668d20541383e762822d7cc7b /lib/kobject.c
parent11c7b03d42a847db90862d0f9d8be6ce9b2f0553 (diff)
parentc7b96acf1456ef127fef461fcfedb54b81fecfbb (diff)
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
Pull namespace changes from Eric Biederman: "This is an assorted mishmash of small cleanups, enhancements and bug fixes. The major theme is user namespace mount restrictions. nsown_capable is killed as it encourages not thinking about details that need to be considered. A very hard to hit pid namespace exiting bug was finally tracked and fixed. A couple of cleanups to the basic namespace infrastructure. Finally there is an enhancement that makes per user namespace capabilities usable as capabilities, and an enhancement that allows the per userns root to nice other processes in the user namespace" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace: userns: Kill nsown_capable it makes the wrong thing easy capabilities: allow nice if we are privileged pidns: Don't have unshare(CLONE_NEWPID) imply CLONE_THREAD userns: Allow PR_CAPBSET_DROP in a user namespace. namespaces: Simplify copy_namespaces so it is clear what is going on. pidns: Fix hang in zap_pid_ns_processes by sending a potentially extra wakeup sysfs: Restrict mounting sysfs userns: Better restrictions on when proc and sysfs can be mounted vfs: Don't copy mount bind mounts of /proc/<pid>/ns/mnt between namespaces kernel/nsproxy.c: Improving a snippet of code. proc: Restrict mounting the proc filesystem vfs: Lock in place mounts from more privileged users
Diffstat (limited to 'lib/kobject.c')
-rw-r--r--lib/kobject.c15
1 files changed, 15 insertions, 0 deletions
diff --git a/lib/kobject.c b/lib/kobject.c
index 1d46c151a4ae..962175134702 100644
--- a/lib/kobject.c
+++ b/lib/kobject.c
@@ -931,6 +931,21 @@ const struct kobj_ns_type_operations *kobj_ns_ops(struct kobject *kobj)
931 return kobj_child_ns_ops(kobj->parent); 931 return kobj_child_ns_ops(kobj->parent);
932} 932}
933 933
934bool kobj_ns_current_may_mount(enum kobj_ns_type type)
935{
936 bool may_mount = false;
937
938 if (type == KOBJ_NS_TYPE_NONE)
939 return true;
940
941 spin_lock(&kobj_ns_type_lock);
942 if ((type > KOBJ_NS_TYPE_NONE) && (type < KOBJ_NS_TYPES) &&
943 kobj_ns_ops_tbl[type])
944 may_mount = kobj_ns_ops_tbl[type]->current_may_mount();
945 spin_unlock(&kobj_ns_type_lock);
946
947 return may_mount;
948}
934 949
935void *kobj_ns_grab_current(enum kobj_ns_type type) 950void *kobj_ns_grab_current(enum kobj_ns_type type)
936{ 951{