pid_namespace.c - OpenGrok cross reference for /openbmc/linux/kernel/pid

Deleted Added

sdiffudifftextold (a8787645..)new (c7b96acf..)

pid_namespace.c (a8787645e14ce7bbc3db9788526ed0be968c0df2)	pid_namespace.c (c7b96acf1456ef127fef461fcfedb54b81fecfbb)
1/* 2 * Pid namespaces 3 * 4 * Authors: 5 * (C) 2007 Pavel Emelyanov <xemul@openvz.org>, OpenVZ, SWsoft Inc. 6 * (C) 2007 Sukadev Bhattiprolu <sukadev@us.ibm.com>, IBM 7 * Many thanks to Oleg Nesterov for comments and help 8 * --- 315 unchanged lines hidden (view full) --- 324} 325 326static int pidns_install(struct nsproxy nsproxy, void ns) 327{ 328 struct pid_namespace active = task_active_pid_ns(current); 329 struct pid_namespace ancestor, *new = ns; 330 331 if (!ns_capable(new->user_ns, CAP_SYS_ADMIN) \|\|	1/* 2 * Pid namespaces 3 * 4 * Authors: 5 * (C) 2007 Pavel Emelyanov <xemul@openvz.org>, OpenVZ, SWsoft Inc. 6 * (C) 2007 Sukadev Bhattiprolu <sukadev@us.ibm.com>, IBM 7 * Many thanks to Oleg Nesterov for comments and help 8 * --- 315 unchanged lines hidden (view full) --- 324} 325 326static int pidns_install(struct nsproxy nsproxy, void ns) 327{ 328 struct pid_namespace active = task_active_pid_ns(current); 329 struct pid_namespace ancestor, *new = ns; 330 331 if (!ns_capable(new->user_ns, CAP_SYS_ADMIN) \|\|
332 !nsown_capable(CAP_SYS_ADMIN))	332 !ns_capable(current_user_ns(), CAP_SYS_ADMIN))
333 return -EPERM; 334 335 /* 336 * Only allow entering the current active pid namespace 337 * or a child of the current active pid namespace. 338 * 339 * This is required for fork to return a usable pid value and 340 * this maintains the property that processes and their 341 * children can not escape their current pid namespace. 342 */ 343 if (new->level < active->level) 344 return -EINVAL; 345 346 ancestor = new; 347 while (ancestor->level > active->level) 348 ancestor = ancestor->parent; 349 if (ancestor != active) 350 return -EINVAL; 351	333 return -EPERM; 334 335 /* 336 * Only allow entering the current active pid namespace 337 * or a child of the current active pid namespace. 338 * 339 * This is required for fork to return a usable pid value and 340 * this maintains the property that processes and their 341 * children can not escape their current pid namespace. 342 */ 343 if (new->level < active->level) 344 return -EINVAL; 345 346 ancestor = new; 347 while (ancestor->level > active->level) 348 ancestor = ancestor->parent; 349 if (ancestor != active) 350 return -EINVAL; 351
352 put_pid_ns(nsproxy->pid_ns_for_children); 353 nsproxy->pid_ns_for_children = get_pid_ns(new);	352 put_pid_ns(nsproxy->pid_ns); 353 nsproxy->pid_ns = get_pid_ns(new);
354 return 0; 355} 356 357static unsigned int pidns_inum(void ns) 358{ 359 struct pid_namespace pid_ns = ns; 360 return pid_ns->proc_inum; 361} --- 21 unchanged lines hidden ---	354 return 0; 355} 356 357static unsigned int pidns_inum(void ns) 358{ 359 struct pid_namespace pid_ns = ns; 360 return pid_ns->proc_inum; 361} --- 21 unchanged lines hidden ---