nsset
static int mntns_install(struct nsset *nsset, struct ns_common *ns)
struct nsproxy *nsproxy = nsset->nsproxy;
struct fs_struct *fs = nsset->fs;
struct user_namespace *user_ns = nsset->cred->user_ns;
static inline struct cred *nsset_cred(struct nsset *set)
struct nsset;
int (*install)(struct nsset *nsset, struct ns_common *ns);
static int ipcns_install(struct nsset *nsset, struct ns_common *new)
struct nsproxy *nsproxy = nsset->nsproxy;
!ns_capable(nsset->cred->user_ns, CAP_SYS_ADMIN))
static int cgroupns_install(struct nsset *nsset, struct ns_common *ns)
struct nsproxy *nsproxy = nsset->nsproxy;
if (!ns_capable(nsset->cred->user_ns, CAP_SYS_ADMIN) ||
static void put_nsset(struct nsset *nsset)
unsigned flags = nsset->flags;
put_cred(nsset_cred(nsset));
if (nsset->fs && (flags & CLONE_NEWNS) && (flags & ~CLONE_NEWNS))
free_fs_struct(nsset->fs);
if (nsset->nsproxy)
nsproxy_free(nsset->nsproxy);
static int prepare_nsset(unsigned flags, struct nsset *nsset)
nsset->nsproxy = create_new_namespaces(0, me, current_user_ns(), me->fs);
if (IS_ERR(nsset->nsproxy))
return PTR_ERR(nsset->nsproxy);
nsset->cred = prepare_creds();
nsset->cred = current_cred();
if (!nsset->cred)
nsset->fs = me->fs;
nsset->fs = copy_fs_struct(me->fs);
if (!nsset->fs)
nsset->flags = flags;
put_nsset(nsset);
static inline int validate_ns(struct nsset *nsset, struct ns_common *ns)
return ns->ops->install(nsset, ns);
static int validate_nsset(struct nsset *nsset, struct pid *pid)
unsigned flags = nsset->flags;
ret = validate_ns(nsset, &user_ns->ns);
ret = validate_ns(nsset, from_mnt_ns(nsp->mnt_ns));
ret = validate_ns(nsset, &nsp->uts_ns->ns);
ret = validate_ns(nsset, &nsp->ipc_ns->ns);
ret = validate_ns(nsset, &pid_ns->ns);
ret = validate_ns(nsset, &nsp->cgroup_ns->ns);
ret = validate_ns(nsset, &nsp->net_ns->ns);
ret = validate_ns(nsset, &nsp->time_ns->ns);
static void commit_nsset(struct nsset *nsset)
unsigned flags = nsset->flags;
commit_creds(nsset_cred(nsset));
nsset->cred = NULL;
set_fs_root(me->fs, &nsset->fs->root);
set_fs_pwd(me->fs, &nsset->fs->pwd);
timens_commit(me, nsset->nsproxy->time_ns);
switch_task_namespaces(me, nsset->nsproxy);
nsset->nsproxy = NULL;
struct nsset nsset = {};
err = prepare_nsset(flags, &nsset);
err = validate_ns(&nsset, ns);
err = validate_nsset(&nsset, pidfd_pid(fd_file(f)));
commit_nsset(&nsset);
put_nsset(&nsset);
static int pidns_install(struct nsset *nsset, struct ns_common *ns)
struct nsproxy *nsproxy = nsset->nsproxy;
!ns_capable(nsset->cred->user_ns, CAP_SYS_ADMIN))
static int timens_install(struct nsset *nsset, struct ns_common *new)
struct nsproxy *nsproxy = nsset->nsproxy;
!ns_capable(nsset->cred->user_ns, CAP_SYS_ADMIN))
static int userns_install(struct nsset *nsset, struct ns_common *ns)
cred = nsset_cred(nsset);
static int utsns_install(struct nsset *nsset, struct ns_common *new)
struct nsproxy *nsproxy = nsset->nsproxy;
!ns_capable(nsset->cred->user_ns, CAP_SYS_ADMIN))
static int netns_install(struct nsset *nsset, struct ns_common *ns)
struct nsproxy *nsproxy = nsset->nsproxy;
!ns_capable(nsset->cred->user_ns, CAP_SYS_ADMIN))