diff options
| author | Eric W. Biederman <ebiederm@xmission.com> | 2011-06-15 13:21:48 -0400 |
|---|---|---|
| committer | Eric W. Biederman <ebiederm@xmission.com> | 2012-11-20 07:19:49 -0500 |
| commit | 98f842e675f96ffac96e6c50315790912b2812be (patch) | |
| tree | ed4dee9a6e54e3443e9f3f1614c8a2fcf9b31e0a /net/core | |
| parent | bf056bfa80596a5d14b26b17276a56a0dcb080e5 (diff) | |
proc: Usable inode numbers for the namespace file descriptors.
Assign a unique proc inode to each namespace, and use that
inode number to ensure we only allocate at most one proc
inode for every namespace in proc.
A single proc inode per namespace allows userspace to test
to see if two processes are in the same namespace.
This has been a long requested feature and only blocked because
a naive implementation would put the id in a global space and
would ultimately require having a namespace for the names of
namespaces, making migration and certain virtualization tricks
impossible.
We still don't have per superblock inode numbers for proc, which
appears necessary for application unaware checkpoint/restart and
migrations (if the application is using namespace file descriptors)
but that is now allowd by the design if it becomes important.
I have preallocated the ipc and uts initial proc inode numbers so
their structures can be statically initialized.
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Diffstat (limited to 'net/core')
| -rw-r--r-- | net/core/net_namespace.c | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c index ec2870b44c1f..2e9a3132b8dd 100644 --- a/net/core/net_namespace.c +++ b/net/core/net_namespace.c | |||
| @@ -381,6 +381,21 @@ struct net *get_net_ns_by_pid(pid_t pid) | |||
| 381 | } | 381 | } |
| 382 | EXPORT_SYMBOL_GPL(get_net_ns_by_pid); | 382 | EXPORT_SYMBOL_GPL(get_net_ns_by_pid); |
| 383 | 383 | ||
| 384 | static __net_init int net_ns_net_init(struct net *net) | ||
| 385 | { | ||
| 386 | return proc_alloc_inum(&net->proc_inum); | ||
| 387 | } | ||
| 388 | |||
| 389 | static __net_exit void net_ns_net_exit(struct net *net) | ||
| 390 | { | ||
| 391 | proc_free_inum(net->proc_inum); | ||
| 392 | } | ||
| 393 | |||
| 394 | static struct pernet_operations __net_initdata net_ns_ops = { | ||
| 395 | .init = net_ns_net_init, | ||
| 396 | .exit = net_ns_net_exit, | ||
| 397 | }; | ||
| 398 | |||
| 384 | static int __init net_ns_init(void) | 399 | static int __init net_ns_init(void) |
| 385 | { | 400 | { |
| 386 | struct net_generic *ng; | 401 | struct net_generic *ng; |
| @@ -412,6 +427,8 @@ static int __init net_ns_init(void) | |||
| 412 | 427 | ||
| 413 | mutex_unlock(&net_mutex); | 428 | mutex_unlock(&net_mutex); |
| 414 | 429 | ||
| 430 | register_pernet_subsys(&net_ns_ops); | ||
| 431 | |||
| 415 | return 0; | 432 | return 0; |
| 416 | } | 433 | } |
| 417 | 434 | ||
| @@ -640,11 +657,18 @@ static int netns_install(struct nsproxy *nsproxy, void *ns) | |||
| 640 | return 0; | 657 | return 0; |
| 641 | } | 658 | } |
| 642 | 659 | ||
| 660 | static unsigned int netns_inum(void *ns) | ||
| 661 | { | ||
| 662 | struct net *net = ns; | ||
| 663 | return net->proc_inum; | ||
| 664 | } | ||
| 665 | |||
| 643 | const struct proc_ns_operations netns_operations = { | 666 | const struct proc_ns_operations netns_operations = { |
| 644 | .name = "net", | 667 | .name = "net", |
| 645 | .type = CLONE_NEWNET, | 668 | .type = CLONE_NEWNET, |
| 646 | .get = netns_get, | 669 | .get = netns_get, |
| 647 | .put = netns_put, | 670 | .put = netns_put, |
| 648 | .install = netns_install, | 671 | .install = netns_install, |
| 672 | .inum = netns_inum, | ||
| 649 | }; | 673 | }; |
| 650 | #endif | 674 | #endif |