| user_namespace.c (435d5f4bb2ccba3b791d9ef61d2590e30b8e806e) | user_namespace.c (3c0411846118a578de3a979faf2da3ab5fb81179) |
|---|---|
| 1/* 2 * This program is free software; you can redistribute it and/or 3 * modify it under the terms of the GNU General Public License as 4 * published by the Free Software Foundation, version 2 of the 5 * License. 6 */ 7 8#include <linux/export.h> --- 827 unchanged lines hidden (view full) --- 836 */ 837 if (ns_capable(ns->parent, cap_setid) && 838 file_ns_capable(file, ns->parent, cap_setid)) 839 return true; 840 841 return false; 842} 843 | 1/* 2 * This program is free software; you can redistribute it and/or 3 * modify it under the terms of the GNU General Public License as 4 * published by the Free Software Foundation, version 2 of the 5 * License. 6 */ 7 8#include <linux/export.h> --- 827 unchanged lines hidden (view full) --- 836 */ 837 if (ns_capable(ns->parent, cap_setid) && 838 file_ns_capable(file, ns->parent, cap_setid)) 839 return true; 840 841 return false; 842} 843 |
| 844static inline struct user_namespace *to_user_ns(struct ns_common *ns) 845{ 846 return container_of(ns, struct user_namespace, ns); 847} 848 |
|
| 844static void *userns_get(struct task_struct *task) 845{ 846 struct user_namespace *user_ns; 847 848 rcu_read_lock(); 849 user_ns = get_user_ns(__task_cred(task)->user_ns); 850 rcu_read_unlock(); 851 | 849static void *userns_get(struct task_struct *task) 850{ 851 struct user_namespace *user_ns; 852 853 rcu_read_lock(); 854 user_ns = get_user_ns(__task_cred(task)->user_ns); 855 rcu_read_unlock(); 856 |
| 852 return user_ns; | 857 return user_ns ? &user_ns->ns : NULL; |
| 853} 854 855static void userns_put(void *ns) 856{ | 858} 859 860static void userns_put(void *ns) 861{ |
| 857 put_user_ns(ns); | 862 put_user_ns(to_user_ns(ns)); |
| 858} 859 860static int userns_install(struct nsproxy *nsproxy, void *ns) 861{ | 863} 864 865static int userns_install(struct nsproxy *nsproxy, void *ns) 866{ |
| 862 struct user_namespace *user_ns = ns; | 867 struct user_namespace *user_ns = to_user_ns(ns); |
| 863 struct cred *cred; 864 865 /* Don't allow gaining capabilities by reentering 866 * the same user namespace. 867 */ 868 if (user_ns == current_user_ns()) 869 return -EINVAL; 870 --- 14 unchanged lines hidden (view full) --- 885 put_user_ns(cred->user_ns); 886 set_cred_user_ns(cred, get_user_ns(user_ns)); 887 888 return commit_creds(cred); 889} 890 891static unsigned int userns_inum(void *ns) 892{ | 868 struct cred *cred; 869 870 /* Don't allow gaining capabilities by reentering 871 * the same user namespace. 872 */ 873 if (user_ns == current_user_ns()) 874 return -EINVAL; 875 --- 14 unchanged lines hidden (view full) --- 890 put_user_ns(cred->user_ns); 891 set_cred_user_ns(cred, get_user_ns(user_ns)); 892 893 return commit_creds(cred); 894} 895 896static unsigned int userns_inum(void *ns) 897{ |
| 893 struct user_namespace *user_ns = ns; 894 return user_ns->ns.inum; | 898 return ((struct ns_common *)ns)->inum; |
| 895} 896 897const struct proc_ns_operations userns_operations = { 898 .name = "user", 899 .type = CLONE_NEWUSER, 900 .get = userns_get, 901 .put = userns_put, 902 .install = userns_install, 903 .inum = userns_inum, 904}; 905 906static __init int user_namespaces_init(void) 907{ 908 user_ns_cachep = KMEM_CACHE(user_namespace, SLAB_PANIC); 909 return 0; 910} 911subsys_initcall(user_namespaces_init); | 899} 900 901const struct proc_ns_operations userns_operations = { 902 .name = "user", 903 .type = CLONE_NEWUSER, 904 .get = userns_get, 905 .put = userns_put, 906 .install = userns_install, 907 .inum = userns_inum, 908}; 909 910static __init int user_namespaces_init(void) 911{ 912 user_ns_cachep = KMEM_CACHE(user_namespace, SLAB_PANIC); 913 return 0; 914} 915subsys_initcall(user_namespaces_init); |