nsproxy.h (3165B)
1/* SPDX-License-Identifier: GPL-2.0 */ 2#ifndef _LINUX_NSPROXY_H 3#define _LINUX_NSPROXY_H 4 5#include <linux/spinlock.h> 6#include <linux/sched.h> 7 8struct mnt_namespace; 9struct uts_namespace; 10struct ipc_namespace; 11struct pid_namespace; 12struct cgroup_namespace; 13struct fs_struct; 14 15/* 16 * A structure to contain pointers to all per-process 17 * namespaces - fs (mount), uts, network, sysvipc, etc. 18 * 19 * The pid namespace is an exception -- it's accessed using 20 * task_active_pid_ns. The pid namespace here is the 21 * namespace that children will use. 22 * 23 * 'count' is the number of tasks holding a reference. 24 * The count for each namespace, then, will be the number 25 * of nsproxies pointing to it, not the number of tasks. 26 * 27 * The nsproxy is shared by tasks which share all namespaces. 28 * As soon as a single namespace is cloned or unshared, the 29 * nsproxy is copied. 30 */ 31struct nsproxy { 32 atomic_t count; 33 struct uts_namespace *uts_ns; 34 struct ipc_namespace *ipc_ns; 35 struct mnt_namespace *mnt_ns; 36 struct pid_namespace *pid_ns_for_children; 37 struct net *net_ns; 38 struct time_namespace *time_ns; 39 struct time_namespace *time_ns_for_children; 40 struct cgroup_namespace *cgroup_ns; 41}; 42extern struct nsproxy init_nsproxy; 43 44/* 45 * A structure to encompass all bits needed to install 46 * a partial or complete new set of namespaces. 47 * 48 * If a new user namespace is requested cred will 49 * point to a modifiable set of credentials. If a pointer 50 * to a modifiable set is needed nsset_cred() must be 51 * used and tested. 52 */ 53struct nsset { 54 unsigned flags; 55 struct nsproxy *nsproxy; 56 struct fs_struct *fs; 57 const struct cred *cred; 58}; 59 60static inline struct cred *nsset_cred(struct nsset *set) 61{ 62 if (set->flags & CLONE_NEWUSER) 63 return (struct cred *)set->cred; 64 65 return NULL; 66} 67 68/* 69 * the namespaces access rules are: 70 * 71 * 1. only current task is allowed to change tsk->nsproxy pointer or 72 * any pointer on the nsproxy itself. Current must hold the task_lock 73 * when changing tsk->nsproxy. 74 * 75 * 2. when accessing (i.e. reading) current task's namespaces - no 76 * precautions should be taken - just dereference the pointers 77 * 78 * 3. the access to other task namespaces is performed like this 79 * task_lock(task); 80 * nsproxy = task->nsproxy; 81 * if (nsproxy != NULL) { 82 * / * 83 * * work with the namespaces here 84 * * e.g. get the reference on one of them 85 * * / 86 * } / * 87 * * NULL task->nsproxy means that this task is 88 * * almost dead (zombie) 89 * * / 90 * task_unlock(task); 91 * 92 */ 93 94int copy_namespaces(unsigned long flags, struct task_struct *tsk); 95void exit_task_namespaces(struct task_struct *tsk); 96void switch_task_namespaces(struct task_struct *tsk, struct nsproxy *new); 97void free_nsproxy(struct nsproxy *ns); 98int unshare_nsproxy_namespaces(unsigned long, struct nsproxy **, 99 struct cred *, struct fs_struct *); 100int __init nsproxy_cache_init(void); 101 102static inline void put_nsproxy(struct nsproxy *ns) 103{ 104 if (atomic_dec_and_test(&ns->count)) { 105 free_nsproxy(ns); 106 } 107} 108 109static inline void get_nsproxy(struct nsproxy *ns) 110{ 111 atomic_inc(&ns->count); 112} 113 114#endif