linux/include/linux/user_namespace.h
<<
>>
Prefs 
   1#ifndef _LINUX_USER_NAMESPACE_H
   2#define _LINUX_USER_NAMESPACE_H
   3
   4#include <linux/kref.h>
   5#include <linux/nsproxy.h>
   6#include <linux/ns_common.h>
   7#include <linux/sched.h>
   8#include <linux/err.h>
   9
  10#define UID_GID_MAP_MAX_EXTENTS 5
  11
  12struct uid_gid_map {    /* 64 bytes -- 1 cache line */
  13        u32 nr_extents;
  14        struct uid_gid_extent {
  15                u32 first;
  16                u32 lower_first;
  17                u32 count;
  18        } extent[UID_GID_MAP_MAX_EXTENTS];
  19};
  20
  21#define USERNS_SETGROUPS_ALLOWED 1UL
  22
  23#define USERNS_INIT_FLAGS USERNS_SETGROUPS_ALLOWED
  24
  25struct user_namespace {
  26        struct uid_gid_map      uid_map;
  27        struct uid_gid_map      gid_map;
  28        struct uid_gid_map      projid_map;
  29        atomic_t                count;
  30        struct user_namespace   *parent;
  31        int                     level;
  32        kuid_t                  owner;
  33        kgid_t                  group;
  34        struct ns_common        ns;
  35        unsigned long           flags;
  36
  37        /* Register of per-UID persistent keyrings for this namespace */
  38#ifdef CONFIG_PERSISTENT_KEYRINGS
  39        struct key              *persistent_keyring_register;
  40        struct rw_semaphore     persistent_keyring_register_sem;
  41#endif
  42};
  43
  44extern struct user_namespace init_user_ns;
  45
  46#ifdef CONFIG_USER_NS
  47
  48static inline struct user_namespace *get_user_ns(struct user_namespace *ns)
  49{
  50        if (ns)
  51                atomic_inc(&ns->count);
  52        return ns;
  53}
  54
  55extern int create_user_ns(struct cred *new);
  56extern int unshare_userns(unsigned long unshare_flags, struct cred **new_cred);
  57extern void free_user_ns(struct user_namespace *ns);
  58
  59static inline void put_user_ns(struct user_namespace *ns)
  60{
  61        if (ns && atomic_dec_and_test(&ns->count))
  62                free_user_ns(ns);
  63}
  64
  65struct seq_operations;
  66extern const struct seq_operations proc_uid_seq_operations;
  67extern const struct seq_operations proc_gid_seq_operations;
  68extern const struct seq_operations proc_projid_seq_operations;
  69extern ssize_t proc_uid_map_write(struct file *, const char __user *, size_t, loff_t *);
  70extern ssize_t proc_gid_map_write(struct file *, const char __user *, size_t, loff_t *);
  71extern ssize_t proc_projid_map_write(struct file *, const char __user *, size_t, loff_t *);
  72extern ssize_t proc_setgroups_write(struct file *, const char __user *, size_t, loff_t *);
  73extern int proc_setgroups_show(struct seq_file *m, void *v);
  74extern bool userns_may_setgroups(const struct user_namespace *ns);
  75#else
  76
  77static inline struct user_namespace *get_user_ns(struct user_namespace *ns)
  78{
  79        return &init_user_ns;
  80}
  81
  82static inline int create_user_ns(struct cred *new)
  83{
  84        return -EINVAL;
  85}
  86
  87static inline int unshare_userns(unsigned long unshare_flags,
  88                                 struct cred **new_cred)
  89{
  90        if (unshare_flags & CLONE_NEWUSER)
  91                return -EINVAL;
  92        return 0;
  93}
  94
  95static inline void put_user_ns(struct user_namespace *ns)
  96{
  97}
  98
  99static inline bool userns_may_setgroups(const struct user_namespace *ns)
 100{
 101        return true;
 102}
 103#endif
 104
 105#endif /* _LINUX_USER_H */
 106
Hosted by Missing Link Electronics. The original LXR software by the LXR community, this experimental version by lxr@linux.no.