diff options
-rw-r--r-- | init/Kconfig | 17 | ||||
-rw-r--r-- | kernel/Makefile | 5 | ||||
-rw-r--r-- | kernel/user.c | 10 | ||||
-rw-r--r-- | kernel/user_namespace.c | 13 |
4 files changed, 21 insertions, 24 deletions
diff --git a/init/Kconfig b/init/Kconfig index 47879a874966..2a6499d6f283 100644 --- a/init/Kconfig +++ b/init/Kconfig | |||
@@ -214,15 +214,6 @@ config TASK_IO_ACCOUNTING | |||
214 | 214 | ||
215 | Say N if unsure. | 215 | Say N if unsure. |
216 | 216 | ||
217 | config USER_NS | ||
218 | bool "User Namespaces (EXPERIMENTAL)" | ||
219 | default n | ||
220 | depends on EXPERIMENTAL | ||
221 | help | ||
222 | Support user namespaces. This allows containers, i.e. | ||
223 | vservers, to use user namespaces to provide different | ||
224 | user info for different servers. If unsure, say N. | ||
225 | |||
226 | config PID_NS | 217 | config PID_NS |
227 | bool "PID Namespaces (EXPERIMENTAL)" | 218 | bool "PID Namespaces (EXPERIMENTAL)" |
228 | default n | 219 | default n |
@@ -443,6 +434,14 @@ config IPC_NS | |||
443 | In this namespace tasks work with IPC ids which correspond to | 434 | In this namespace tasks work with IPC ids which correspond to |
444 | different IPC objects in different namespaces | 435 | different IPC objects in different namespaces |
445 | 436 | ||
437 | config USER_NS | ||
438 | bool "User namespace (EXPERIMENTAL)" | ||
439 | depends on NAMESPACES && EXPERIMENTAL | ||
440 | help | ||
441 | This allows containers, i.e. vservers, to use user namespaces | ||
442 | to provide different user info for different servers. | ||
443 | If unsure, say N. | ||
444 | |||
446 | config BLK_DEV_INITRD | 445 | config BLK_DEV_INITRD |
447 | bool "Initial RAM filesystem and RAM disk (initramfs/initrd) support" | 446 | bool "Initial RAM filesystem and RAM disk (initramfs/initrd) support" |
448 | depends on BROKEN || !FRV | 447 | depends on BROKEN || !FRV |
diff --git a/kernel/Makefile b/kernel/Makefile index 0f15bd409367..30a957a35c91 100644 --- a/kernel/Makefile +++ b/kernel/Makefile | |||
@@ -4,7 +4,7 @@ | |||
4 | 4 | ||
5 | obj-y = sched.o fork.o exec_domain.o panic.o printk.o profile.o \ | 5 | obj-y = sched.o fork.o exec_domain.o panic.o printk.o profile.o \ |
6 | exit.o itimer.o time.o softirq.o resource.o \ | 6 | exit.o itimer.o time.o softirq.o resource.o \ |
7 | sysctl.o capability.o ptrace.o timer.o user.o user_namespace.o \ | 7 | sysctl.o capability.o ptrace.o timer.o user.o \ |
8 | signal.o sys.o kmod.o workqueue.o pid.o \ | 8 | signal.o sys.o kmod.o workqueue.o pid.o \ |
9 | rcupdate.o extable.o params.o posix-timers.o \ | 9 | rcupdate.o extable.o params.o posix-timers.o \ |
10 | kthread.o wait.o kfifo.o sys_ni.o posix-cpu-timers.o mutex.o \ | 10 | kthread.o wait.o kfifo.o sys_ni.o posix-cpu-timers.o mutex.o \ |
@@ -33,7 +33,6 @@ obj-$(CONFIG_PROVE_LOCKING) += spinlock.o | |||
33 | obj-$(CONFIG_UID16) += uid16.o | 33 | obj-$(CONFIG_UID16) += uid16.o |
34 | obj-$(CONFIG_MODULES) += module.o | 34 | obj-$(CONFIG_MODULES) += module.o |
35 | obj-$(CONFIG_KALLSYMS) += kallsyms.o | 35 | obj-$(CONFIG_KALLSYMS) += kallsyms.o |
36 | obj-$(CONFIG_UTS_NS) += utsname.o | ||
37 | obj-$(CONFIG_PM) += power/ | 36 | obj-$(CONFIG_PM) += power/ |
38 | obj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o | 37 | obj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o |
39 | obj-$(CONFIG_KEXEC) += kexec.o | 38 | obj-$(CONFIG_KEXEC) += kexec.o |
@@ -43,6 +42,8 @@ obj-$(CONFIG_CGROUPS) += cgroup.o | |||
43 | obj-$(CONFIG_CGROUP_DEBUG) += cgroup_debug.o | 42 | obj-$(CONFIG_CGROUP_DEBUG) += cgroup_debug.o |
44 | obj-$(CONFIG_CPUSETS) += cpuset.o | 43 | obj-$(CONFIG_CPUSETS) += cpuset.o |
45 | obj-$(CONFIG_CGROUP_NS) += ns_cgroup.o | 44 | obj-$(CONFIG_CGROUP_NS) += ns_cgroup.o |
45 | obj-$(CONFIG_UTS_NS) += utsname.o | ||
46 | obj-$(CONFIG_USER_NS) += user_namespace.o | ||
46 | obj-$(CONFIG_IKCONFIG) += configs.o | 47 | obj-$(CONFIG_IKCONFIG) += configs.o |
47 | obj-$(CONFIG_RESOURCE_COUNTERS) += res_counter.o | 48 | obj-$(CONFIG_RESOURCE_COUNTERS) += res_counter.o |
48 | obj-$(CONFIG_STOP_MACHINE) += stop_machine.o | 49 | obj-$(CONFIG_STOP_MACHINE) += stop_machine.o |
diff --git a/kernel/user.c b/kernel/user.c index bc1c48d35cb3..7d7900c5a1fd 100644 --- a/kernel/user.c +++ b/kernel/user.c | |||
@@ -17,6 +17,14 @@ | |||
17 | #include <linux/module.h> | 17 | #include <linux/module.h> |
18 | #include <linux/user_namespace.h> | 18 | #include <linux/user_namespace.h> |
19 | 19 | ||
20 | struct user_namespace init_user_ns = { | ||
21 | .kref = { | ||
22 | .refcount = ATOMIC_INIT(2), | ||
23 | }, | ||
24 | .root_user = &root_user, | ||
25 | }; | ||
26 | EXPORT_SYMBOL_GPL(init_user_ns); | ||
27 | |||
20 | /* | 28 | /* |
21 | * UID task count cache, to get fast user lookup in "alloc_uid" | 29 | * UID task count cache, to get fast user lookup in "alloc_uid" |
22 | * when changing user ID's (ie setuid() and friends). | 30 | * when changing user ID's (ie setuid() and friends). |
@@ -427,6 +435,7 @@ void switch_uid(struct user_struct *new_user) | |||
427 | suid_keys(current); | 435 | suid_keys(current); |
428 | } | 436 | } |
429 | 437 | ||
438 | #ifdef CONFIG_USER_NS | ||
430 | void release_uids(struct user_namespace *ns) | 439 | void release_uids(struct user_namespace *ns) |
431 | { | 440 | { |
432 | int i; | 441 | int i; |
@@ -451,6 +460,7 @@ void release_uids(struct user_namespace *ns) | |||
451 | 460 | ||
452 | free_uid(ns->root_user); | 461 | free_uid(ns->root_user); |
453 | } | 462 | } |
463 | #endif | ||
454 | 464 | ||
455 | static int __init uid_cache_init(void) | 465 | static int __init uid_cache_init(void) |
456 | { | 466 | { |
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c index 7af90fc4f0fd..4c9006275df7 100644 --- a/kernel/user_namespace.c +++ b/kernel/user_namespace.c | |||
@@ -10,17 +10,6 @@ | |||
10 | #include <linux/nsproxy.h> | 10 | #include <linux/nsproxy.h> |
11 | #include <linux/user_namespace.h> | 11 | #include <linux/user_namespace.h> |
12 | 12 | ||
13 | struct user_namespace init_user_ns = { | ||
14 | .kref = { | ||
15 | .refcount = ATOMIC_INIT(2), | ||
16 | }, | ||
17 | .root_user = &root_user, | ||
18 | }; | ||
19 | |||
20 | EXPORT_SYMBOL_GPL(init_user_ns); | ||
21 | |||
22 | #ifdef CONFIG_USER_NS | ||
23 | |||
24 | /* | 13 | /* |
25 | * Clone a new ns copying an original user ns, setting refcount to 1 | 14 | * Clone a new ns copying an original user ns, setting refcount to 1 |
26 | * @old_ns: namespace to clone | 15 | * @old_ns: namespace to clone |
@@ -84,5 +73,3 @@ void free_user_ns(struct kref *kref) | |||
84 | release_uids(ns); | 73 | release_uids(ns); |
85 | kfree(ns); | 74 | kfree(ns); |
86 | } | 75 | } |
87 | |||
88 | #endif /* CONFIG_USER_NS */ | ||