1#ifndef _LINUX_USER_NAMESPACE_H
2#define _LINUX_USER_NAMESPACE_H
3
4#include <linux/kref.h>
5#include <linux/nsproxy.h>
6#include <linux/ns_common.h>
7#include <linux/sched.h>
8#include <linux/err.h>
9
10#define UID_GID_MAP_MAX_EXTENTS 5
11
12struct uid_gid_map {
13 u32 nr_extents;
14 struct uid_gid_extent {
15 u32 first;
16 u32 lower_first;
17 u32 count;
18 } extent[UID_GID_MAP_MAX_EXTENTS];
19};
20
21#define USERNS_SETGROUPS_ALLOWED 1UL
22
23#define USERNS_INIT_FLAGS USERNS_SETGROUPS_ALLOWED
24
25struct ucounts;
26
27enum ucount_type {
28 UCOUNT_USER_NAMESPACES,
29 UCOUNT_PID_NAMESPACES,
30 UCOUNT_UTS_NAMESPACES,
31 UCOUNT_IPC_NAMESPACES,
32 UCOUNT_NET_NAMESPACES,
33 UCOUNT_MNT_NAMESPACES,
34 UCOUNT_CGROUP_NAMESPACES,
35 UCOUNT_COUNTS,
36};
37
38struct user_namespace {
39 struct uid_gid_map uid_map;
40 struct uid_gid_map gid_map;
41 struct uid_gid_map projid_map;
42 atomic_t count;
43 struct user_namespace *parent;
44 int level;
45 kuid_t owner;
46 kgid_t group;
47 struct ns_common ns;
48 unsigned long flags;
49
50
51#ifdef CONFIG_PERSISTENT_KEYRINGS
52 struct key *persistent_keyring_register;
53 struct rw_semaphore persistent_keyring_register_sem;
54#endif
55 struct work_struct work;
56#ifdef CONFIG_SYSCTL
57 struct ctl_table_set set;
58 struct ctl_table_header *sysctls;
59#endif
60 struct ucounts *ucounts;
61 int ucount_max[UCOUNT_COUNTS];
62};
63
64struct ucounts {
65 struct hlist_node node;
66 struct user_namespace *ns;
67 kuid_t uid;
68 atomic_t count;
69 atomic_t ucount[UCOUNT_COUNTS];
70};
71
72extern struct user_namespace init_user_ns;
73
74bool setup_userns_sysctls(struct user_namespace *ns);
75void retire_userns_sysctls(struct user_namespace *ns);
76struct ucounts *inc_ucount(struct user_namespace *ns, kuid_t uid, enum ucount_type type);
77void dec_ucount(struct ucounts *ucounts, enum ucount_type type);
78
79#ifdef CONFIG_USER_NS
80
81static inline struct user_namespace *get_user_ns(struct user_namespace *ns)
82{
83 if (ns)
84 atomic_inc(&ns->count);
85 return ns;
86}
87
88extern int create_user_ns(struct cred *new);
89extern int unshare_userns(unsigned long unshare_flags, struct cred **new_cred);
90extern void __put_user_ns(struct user_namespace *ns);
91
92static inline void put_user_ns(struct user_namespace *ns)
93{
94 if (ns && atomic_dec_and_test(&ns->count))
95 __put_user_ns(ns);
96}
97
98struct seq_operations;
99extern const struct seq_operations proc_uid_seq_operations;
100extern const struct seq_operations proc_gid_seq_operations;
101extern const struct seq_operations proc_projid_seq_operations;
102extern ssize_t proc_uid_map_write(struct file *, const char __user *, size_t, loff_t *);
103extern ssize_t proc_gid_map_write(struct file *, const char __user *, size_t, loff_t *);
104extern ssize_t proc_projid_map_write(struct file *, const char __user *, size_t, loff_t *);
105extern ssize_t proc_setgroups_write(struct file *, const char __user *, size_t, loff_t *);
106extern int proc_setgroups_show(struct seq_file *m, void *v);
107extern bool userns_may_setgroups(const struct user_namespace *ns);
108extern bool current_in_userns(const struct user_namespace *target_ns);
109
110struct ns_common *ns_get_owner(struct ns_common *ns);
111#else
112
113static inline struct user_namespace *get_user_ns(struct user_namespace *ns)
114{
115 return &init_user_ns;
116}
117
118static inline int create_user_ns(struct cred *new)
119{
120 return -EINVAL;
121}
122
123static inline int unshare_userns(unsigned long unshare_flags,
124 struct cred **new_cred)
125{
126 if (unshare_flags & CLONE_NEWUSER)
127 return -EINVAL;
128 return 0;
129}
130
131static inline void put_user_ns(struct user_namespace *ns)
132{
133}
134
135static inline bool userns_may_setgroups(const struct user_namespace *ns)
136{
137 return true;
138}
139
140static inline bool current_in_userns(const struct user_namespace *target_ns)
141{
142 return true;
143}
144
145static inline struct ns_common *ns_get_owner(struct ns_common *ns)
146{
147 return ERR_PTR(-EPERM);
148}
149#endif
150
151#endif
152
