linux/include/linux/nsproxy.h
<<
>>
Prefs 
   1/* SPDX-License-Identifier: GPL-2.0 */
   2#ifndef _LINUX_NSPROXY_H
   3#define _LINUX_NSPROXY_H
   4
   5#include <linux/spinlock.h>
   6#include <linux/sched.h>
   7
   8struct mnt_namespace;
   9struct uts_namespace;
  10struct ipc_namespace;
  11struct pid_namespace;
  12struct cgroup_namespace;
  13struct fs_struct;
  14
  15/*
  16 * A structure to contain pointers to all per-process
  17 * namespaces - fs (mount), uts, network, sysvipc, etc.
  18 *
  19 * The pid namespace is an exception -- it's accessed using
  20 * task_active_pid_ns.  The pid namespace here is the
  21 * namespace that children will use.
  22 *
  23 * 'count' is the number of tasks holding a reference.
  24 * The count for each namespace, then, will be the number
  25 * of nsproxies pointing to it, not the number of tasks.
  26 *
  27 * The nsproxy is shared by tasks which share all namespaces.
  28 * As soon as a single namespace is cloned or unshared, the
  29 * nsproxy is copied.
  30 */
  31struct nsproxy {
  32        atomic_t count;
  33        struct uts_namespace *uts_ns;
  34        struct ipc_namespace *ipc_ns;
  35        struct mnt_namespace *mnt_ns;
  36        struct pid_namespace *pid_ns_for_children;
  37        struct net           *net_ns;
  38        struct time_namespace *time_ns;
  39        struct time_namespace *time_ns_for_children;
  40        struct cgroup_namespace *cgroup_ns;
  41};
  42extern struct nsproxy init_nsproxy;
  43
  44/*
  45 * A structure to encompass all bits needed to install
  46 * a partial or complete new set of namespaces.
  47 *
  48 * If a new user namespace is requested cred will
  49 * point to a modifiable set of credentials. If a pointer
  50 * to a modifiable set is needed nsset_cred() must be
  51 * used and tested.
  52 */
  53struct nsset {
  54        unsigned flags;
  55        struct nsproxy *nsproxy;
  56        struct fs_struct *fs;
  57        const struct cred *cred;
  58};
  59
  60static inline struct cred *nsset_cred(struct nsset *set)
  61{
  62        if (set->flags & CLONE_NEWUSER)
  63                return (struct cred *)set->cred;
  64
  65        return NULL;
  66}
  67
  68/*
  69 * the namespaces access rules are:
  70 *
  71 *  1. only current task is allowed to change tsk->nsproxy pointer or
  72 *     any pointer on the nsproxy itself.  Current must hold the task_lock
  73 *     when changing tsk->nsproxy.
  74 *
  75 *  2. when accessing (i.e. reading) current task's namespaces - no
  76 *     precautions should be taken - just dereference the pointers
  77 *
  78 *  3. the access to other task namespaces is performed like this
  79 *     task_lock(task);
  80 *     nsproxy = task->nsproxy;
  81 *     if (nsproxy != NULL) {
  82 *             / *
  83 *               * work with the namespaces here
  84 *               * e.g. get the reference on one of them
  85 *               * /
  86 *     } / *
  87 *         * NULL task->nsproxy means that this task is
  88 *         * almost dead (zombie)
  89 *         * /
  90 *     task_unlock(task);
  91 *
  92 */
  93
  94int copy_namespaces(unsigned long flags, struct task_struct *tsk);
  95void exit_task_namespaces(struct task_struct *tsk);
  96void switch_task_namespaces(struct task_struct *tsk, struct nsproxy *new);
  97void free_nsproxy(struct nsproxy *ns);
  98int unshare_nsproxy_namespaces(unsigned long, struct nsproxy **,
  99        struct cred *, struct fs_struct *);
 100int __init nsproxy_cache_init(void);
 101
 102static inline void put_nsproxy(struct nsproxy *ns)
 103{
 104        if (atomic_dec_and_test(&ns->count)) {
 105                free_nsproxy(ns);
 106        }
 107}
 108
 109static inline void get_nsproxy(struct nsproxy *ns)
 110{
 111        atomic_inc(&ns->count);
 112}
 113
 114#endif
 115
Hosted by Missing Link Electronics. The original LXR software by the LXR community, this experimental version by lxr@linux.no.