linux/include/linux/user_namespace.h
<<
>>
Prefs 
   1#ifndef _LINUX_USER_NAMESPACE_H
   2#define _LINUX_USER_NAMESPACE_H
   3
   4#include <linux/kref.h>
   5#include <linux/nsproxy.h>
   6#include <linux/sched.h>
   7#include <linux/err.h>
   8#include <linux/rh_kabi.h>
   9
  10#define UID_GID_MAP_MAX_EXTENTS 5
  11
  12struct uid_gid_map {    /* 64 bytes -- 1 cache line */
  13        u32 nr_extents;
  14        struct uid_gid_extent {
  15                u32 first;
  16                u32 lower_first;
  17                u32 count;
  18        } extent[UID_GID_MAP_MAX_EXTENTS];
  19};
  20
  21#define USERNS_SETGROUPS_ALLOWED 1UL
  22
  23#define USERNS_INIT_FLAGS USERNS_SETGROUPS_ALLOWED
  24
  25struct ucounts;
  26
  27enum ucount_type {
  28        UCOUNT_USER_NAMESPACES,
  29        UCOUNT_PID_NAMESPACES,
  30        UCOUNT_UTS_NAMESPACES,
  31        UCOUNT_IPC_NAMESPACES,
  32        UCOUNT_NET_NAMESPACES,
  33        UCOUNT_MNT_NAMESPACES,
  34        UCOUNT_KABI_RESERVE_6,
  35        UCOUNT_KABI_RESERVE_7,
  36        UCOUNT_KABI_RESERVE_8,
  37        UCOUNT_KABI_RESERVE_9,
  38        UCOUNT_KABI_RESERVE_10,
  39        UCOUNT_KABI_RESERVE_11,
  40        UCOUNT_KABI_RESERVE_12,
  41        UCOUNT_KABI_RESERVE_13,
  42        UCOUNT_KABI_RESERVE_14,
  43        UCOUNT_KABI_RESERVE_15,
  44        UCOUNT_COUNTS,
  45};
  46
  47struct user_namespace {
  48        struct uid_gid_map      uid_map;
  49        struct uid_gid_map      gid_map;
  50        struct uid_gid_map      projid_map;
  51        atomic_t                count;
  52        struct user_namespace   *parent;
  53        kuid_t                  owner;
  54        kgid_t                  group;
  55        unsigned int            proc_inum;
  56        RH_KABI_DEPRECATE(bool, may_mount_sysfs)
  57        RH_KABI_DEPRECATE(bool, may_mount_proc)
  58
  59        /* Register of per-UID persistent keyrings for this namespace */
  60#ifdef CONFIG_PERSISTENT_KEYRINGS
  61        struct key              *persistent_keyring_register;
  62        struct rw_semaphore     persistent_keyring_register_sem;
  63#endif
  64        RH_KABI_EXTEND(int level)
  65        RH_KABI_EXTEND(unsigned long flags)
  66        RH_KABI_EXTEND(struct work_struct work)
  67        RH_KABI_EXTEND(struct ctl_table_set set)
  68        RH_KABI_EXTEND(struct ctl_table_header *sysctls)
  69        RH_KABI_EXTEND(struct ucounts *ucounts)
  70        RH_KABI_EXTEND(int ucount_max[UCOUNT_COUNTS])
  71};
  72
  73struct ucounts {
  74        struct hlist_node node;
  75        struct user_namespace *ns;
  76        kuid_t uid;
  77        int count;
  78        atomic_t ucount[UCOUNT_COUNTS];
  79};
  80
  81extern struct user_namespace init_user_ns;
  82
  83bool setup_userns_sysctls(struct user_namespace *ns);
  84void retire_userns_sysctls(struct user_namespace *ns);
  85struct ucounts *inc_ucount(struct user_namespace *ns, kuid_t uid, enum ucount_type type);
  86void dec_ucount(struct ucounts *ucounts, enum ucount_type type);
  87
  88#ifdef CONFIG_USER_NS
  89
  90static inline struct user_namespace *get_user_ns(struct user_namespace *ns)
  91{
  92        if (ns)
  93                atomic_inc(&ns->count);
  94        return ns;
  95}
  96
  97extern int create_user_ns(struct cred *new);
  98extern int unshare_userns(unsigned long unshare_flags, struct cred **new_cred);
  99extern void __put_user_ns(struct user_namespace *ns);
 100
 101static inline void put_user_ns(struct user_namespace *ns)
 102{
 103        if (ns && atomic_dec_and_test(&ns->count))
 104                __put_user_ns(ns);
 105}
 106
 107struct seq_operations;
 108extern struct seq_operations proc_uid_seq_operations;
 109extern struct seq_operations proc_gid_seq_operations;
 110extern struct seq_operations proc_projid_seq_operations;
 111extern ssize_t proc_uid_map_write(struct file *, const char __user *, size_t, loff_t *);
 112extern ssize_t proc_gid_map_write(struct file *, const char __user *, size_t, loff_t *);
 113extern ssize_t proc_projid_map_write(struct file *, const char __user *, size_t, loff_t *);
 114extern ssize_t proc_setgroups_write(struct file *, const char __user *, size_t, loff_t *);
 115extern int proc_setgroups_show(struct seq_file *m, void *v);
 116extern bool userns_may_setgroups(const struct user_namespace *ns);
 117extern bool current_in_userns(const struct user_namespace *target_ns);
 118#else
 119
 120static inline struct user_namespace *get_user_ns(struct user_namespace *ns)
 121{
 122        return &init_user_ns;
 123}
 124
 125static inline int create_user_ns(struct cred *new)
 126{
 127        return -EINVAL;
 128}
 129
 130static inline int unshare_userns(unsigned long unshare_flags,
 131                                 struct cred **new_cred)
 132{
 133        if (unshare_flags & CLONE_NEWUSER)
 134                return -EINVAL;
 135        return 0;
 136}
 137
 138static inline void put_user_ns(struct user_namespace *ns)
 139{
 140}
 141
 142static inline bool userns_may_setgroups(const struct user_namespace *ns)
 143{
 144        return true;
 145}
 146
 147static inline bool current_in_userns(const struct user_namespace *target_ns)
 148{
 149        return true;
 150}
 151#endif
 152
 153#endif /* _LINUX_USER_H */
 154
Hosted by Missing Link Electronics. The original LXR software by the LXR community, this experimental version by lxr@linux.no.