// SPDX-License-Identifier: GPL-2.0-only /* * Copyright (C) 2006 IBM Corporation * * Author: Serge Hallyn <[email protected]> * * Jun 2006 - namespaces support * OpenVZ, SWsoft Inc. * Pavel Emelianov <[email protected]> */ #include <linux/slab.h> #include <linux/export.h> #include <linux/nsproxy.h> #include <linux/init_task.h> #include <linux/mnt_namespace.h> #include <linux/utsname.h> #include <linux/pid_namespace.h> #include <net/net_namespace.h> #include <linux/ipc_namespace.h> #include <linux/time_namespace.h> #include <linux/fs_struct.h> #include <linux/proc_fs.h> #include <linux/proc_ns.h> #include <linux/file.h> #include <linux/syscalls.h> #include <linux/cgroup.h> #include <linux/perf_event.h> static struct kmem_cache *nsproxy_cachep; struct nsproxy init_nsproxy = …; static inline struct nsproxy *create_nsproxy(void) { … } /* * Create new nsproxy and all of its the associated namespaces. * Return the newly created nsproxy. Do not attach this to the task, * leave it to the caller to do proper locking and attach it to task. */ static struct nsproxy *create_new_namespaces(unsigned long flags, struct task_struct *tsk, struct user_namespace *user_ns, struct fs_struct *new_fs) { … } /* * called from clone. This now handles copy for nsproxy and all * namespaces therein. */ int copy_namespaces(unsigned long flags, struct task_struct *tsk) { … } void free_nsproxy(struct nsproxy *ns) { … } /* * Called from unshare. Unshare all the namespaces part of nsproxy. * On success, returns the new nsproxy. */ int unshare_nsproxy_namespaces(unsigned long unshare_flags, struct nsproxy **new_nsp, struct cred *new_cred, struct fs_struct *new_fs) { … } void switch_task_namespaces(struct task_struct *p, struct nsproxy *new) { … } void exit_task_namespaces(struct task_struct *p) { … } int exec_task_namespaces(void) { … } static int check_setns_flags(unsigned long flags) { … } static void put_nsset(struct nsset *nsset) { … } static int prepare_nsset(unsigned flags, struct nsset *nsset) { … } static inline int validate_ns(struct nsset *nsset, struct ns_common *ns) { … } /* * This is the inverse operation to unshare(). * Ordering is equivalent to the standard ordering used everywhere else * during unshare and process creation. The switch to the new set of * namespaces occurs at the point of no return after installation of * all requested namespaces was successful in commit_nsset(). */ static int validate_nsset(struct nsset *nsset, struct pid *pid) { … } /* * This is the point of no return. There are just a few namespaces * that do some actual work here and it's sufficiently minimal that * a separate ns_common operation seems unnecessary for now. * Unshare is doing the same thing. If we'll end up needing to do * more in a given namespace or a helper here is ultimately not * exported anymore a simple commit handler for each namespace * should be added to ns_common. */ static void commit_nsset(struct nsset *nsset) { … } SYSCALL_DEFINE2(setns, int, fd, int, flags) { … } int __init nsproxy_cache_init(void) { … }
Codebase Browser
linux