Lines Matching refs:ns
28 struct user_namespace *ns, int cap_setid,
32 static struct ucounts *inc_user_namespaces(struct user_namespace *ns, kuid_t uid) in inc_user_namespaces() argument
34 return inc_ucount(ns, uid, UCOUNT_USER_NAMESPACES); in inc_user_namespaces()
71 struct user_namespace *ns, *parent_ns = new->user_ns; in create_user_ns() local
105 ns = kmem_cache_zalloc(user_ns_cachep, GFP_KERNEL); in create_user_ns()
106 if (!ns) in create_user_ns()
109 ns->parent_could_setfcap = cap_raised(new->cap_effective, CAP_SETFCAP); in create_user_ns()
110 ret = ns_alloc_inum(&ns->ns); in create_user_ns()
113 ns->ns.ops = &userns_operations; in create_user_ns()
115 refcount_set(&ns->ns.count, 1); in create_user_ns()
117 ns->parent = parent_ns; in create_user_ns()
118 ns->level = parent_ns->level + 1; in create_user_ns()
119 ns->owner = owner; in create_user_ns()
120 ns->group = group; in create_user_ns()
121 INIT_WORK(&ns->work, free_user_ns); in create_user_ns()
123 ns->ucount_max[i] = INT_MAX; in create_user_ns()
125 set_rlimit_ucount_max(ns, UCOUNT_RLIMIT_NPROC, rlimit(RLIMIT_NPROC)); in create_user_ns()
126 set_rlimit_ucount_max(ns, UCOUNT_RLIMIT_MSGQUEUE, rlimit(RLIMIT_MSGQUEUE)); in create_user_ns()
127 set_rlimit_ucount_max(ns, UCOUNT_RLIMIT_SIGPENDING, rlimit(RLIMIT_SIGPENDING)); in create_user_ns()
128 set_rlimit_ucount_max(ns, UCOUNT_RLIMIT_MEMLOCK, rlimit(RLIMIT_MEMLOCK)); in create_user_ns()
129 ns->ucounts = ucounts; in create_user_ns()
133 ns->flags = parent_ns->flags; in create_user_ns()
137 INIT_LIST_HEAD(&ns->keyring_name_list); in create_user_ns()
138 init_rwsem(&ns->keyring_sem); in create_user_ns()
141 if (!setup_userns_sysctls(ns)) in create_user_ns()
144 set_cred_user_ns(new, ns); in create_user_ns()
148 key_put(ns->persistent_keyring_register); in create_user_ns()
150 ns_free_inum(&ns->ns); in create_user_ns()
152 kmem_cache_free(user_ns_cachep, ns); in create_user_ns()
181 struct user_namespace *parent, *ns = in free_user_ns() local
185 struct ucounts *ucounts = ns->ucounts; in free_user_ns()
186 parent = ns->parent; in free_user_ns()
187 if (ns->gid_map.nr_extents > UID_GID_MAP_MAX_BASE_EXTENTS) { in free_user_ns()
188 kfree(ns->gid_map.forward); in free_user_ns()
189 kfree(ns->gid_map.reverse); in free_user_ns()
191 if (ns->uid_map.nr_extents > UID_GID_MAP_MAX_BASE_EXTENTS) { in free_user_ns()
192 kfree(ns->uid_map.forward); in free_user_ns()
193 kfree(ns->uid_map.reverse); in free_user_ns()
195 if (ns->projid_map.nr_extents > UID_GID_MAP_MAX_BASE_EXTENTS) { in free_user_ns()
196 kfree(ns->projid_map.forward); in free_user_ns()
197 kfree(ns->projid_map.reverse); in free_user_ns()
199 retire_userns_sysctls(ns); in free_user_ns()
200 key_free_user_ns(ns); in free_user_ns()
201 ns_free_inum(&ns->ns); in free_user_ns()
202 kmem_cache_free(user_ns_cachep, ns); in free_user_ns()
204 ns = parent; in free_user_ns()
205 } while (refcount_dec_and_test(&parent->ns.count)); in free_user_ns()
208 void __put_user_ns(struct user_namespace *ns) in __put_user_ns() argument
210 schedule_work(&ns->work); in __put_user_ns()
391 kuid_t make_kuid(struct user_namespace *ns, uid_t uid) in make_kuid() argument
394 return KUIDT_INIT(map_id_down(&ns->uid_map, uid)); in make_kuid()
459 kgid_t make_kgid(struct user_namespace *ns, gid_t gid) in make_kgid() argument
462 return KGIDT_INIT(map_id_down(&ns->gid_map, gid)); in make_kgid()
526 kprojid_t make_kprojid(struct user_namespace *ns, projid_t projid) in make_kprojid() argument
529 return KPROJIDT_INIT(map_id_down(&ns->projid_map, projid)); in make_kprojid()
584 struct user_namespace *ns = seq->private; in uid_m_show() local
590 if ((lower_ns == ns) && lower_ns->parent) in uid_m_show()
605 struct user_namespace *ns = seq->private; in gid_m_show() local
611 if ((lower_ns == ns) && lower_ns->parent) in gid_m_show()
626 struct user_namespace *ns = seq->private; in projid_m_show() local
632 if ((lower_ns == ns) && lower_ns->parent) in projid_m_show()
663 struct user_namespace *ns = seq->private; in uid_m_start() local
665 return m_start(seq, ppos, &ns->uid_map); in uid_m_start()
670 struct user_namespace *ns = seq->private; in gid_m_start() local
672 return m_start(seq, ppos, &ns->gid_map); in gid_m_start()
677 struct user_namespace *ns = seq->private; in projid_m_start() local
679 return m_start(seq, ppos, &ns->projid_map); in projid_m_start()
1095 struct user_namespace *ns = seq->private; in proc_uid_map_write() local
1098 if (!ns->parent) in proc_uid_map_write()
1101 if ((seq_ns != ns) && (seq_ns != ns->parent)) in proc_uid_map_write()
1105 &ns->uid_map, &ns->parent->uid_map); in proc_uid_map_write()
1112 struct user_namespace *ns = seq->private; in proc_gid_map_write() local
1115 if (!ns->parent) in proc_gid_map_write()
1118 if ((seq_ns != ns) && (seq_ns != ns->parent)) in proc_gid_map_write()
1122 &ns->gid_map, &ns->parent->gid_map); in proc_gid_map_write()
1129 struct user_namespace *ns = seq->private; in proc_projid_map_write() local
1132 if (!ns->parent) in proc_projid_map_write()
1135 if ((seq_ns != ns) && (seq_ns != ns->parent)) in proc_projid_map_write()
1140 &ns->projid_map, &ns->parent->projid_map); in proc_projid_map_write()
1144 struct user_namespace *ns, int cap_setid, in new_idmap_permitted() argument
1149 if (cap_setid == CAP_SETUID && !verify_root_map(file, ns, new_map)) in new_idmap_permitted()
1156 uid_eq(ns->owner, cred->euid)) { in new_idmap_permitted()
1159 kuid_t uid = make_kuid(ns->parent, id); in new_idmap_permitted()
1163 kgid_t gid = make_kgid(ns->parent, id); in new_idmap_permitted()
1164 if (!(ns->flags & USERNS_SETGROUPS_ALLOWED) && in new_idmap_permitted()
1178 if (ns_capable(ns->parent, cap_setid) && in new_idmap_permitted()
1179 file_ns_capable(file, ns->parent, cap_setid)) in new_idmap_permitted()
1187 struct user_namespace *ns = seq->private; in proc_setgroups_show() local
1188 unsigned long userns_flags = READ_ONCE(ns->flags); in proc_setgroups_show()
1200 struct user_namespace *ns = seq->private; in proc_setgroups_write() local
1241 if (!(ns->flags & USERNS_SETGROUPS_ALLOWED)) in proc_setgroups_write()
1247 if (ns->gid_map.nr_extents != 0) in proc_setgroups_write()
1249 ns->flags &= ~USERNS_SETGROUPS_ALLOWED; in proc_setgroups_write()
1263 bool userns_may_setgroups(const struct user_namespace *ns) in userns_may_setgroups() argument
1271 allowed = ns->gid_map.nr_extents != 0; in userns_may_setgroups()
1273 allowed = allowed && (ns->flags & USERNS_SETGROUPS_ALLOWED); in userns_may_setgroups()
1286 const struct user_namespace *ns; in in_userns() local
1287 for (ns = child; ns->level > ancestor->level; ns = ns->parent) in in_userns()
1289 return (ns == ancestor); in in_userns()
1298 static inline struct user_namespace *to_user_ns(struct ns_common *ns) in to_user_ns() argument
1300 return container_of(ns, struct user_namespace, ns); in to_user_ns()
1311 return user_ns ? &user_ns->ns : NULL; in userns_get()
1314 static void userns_put(struct ns_common *ns) in userns_put() argument
1316 put_user_ns(to_user_ns(ns)); in userns_put()
1319 static int userns_install(struct nsset *nsset, struct ns_common *ns) in userns_install() argument
1321 struct user_namespace *user_ns = to_user_ns(ns); in userns_install()
1353 struct ns_common *ns_get_owner(struct ns_common *ns) in ns_get_owner() argument
1359 owner = p = ns->ops->owner(ns); in ns_get_owner()
1368 return &get_user_ns(owner)->ns; in ns_get_owner()
1371 static struct user_namespace *userns_owner(struct ns_common *ns) in userns_owner() argument
1373 return to_user_ns(ns)->parent; in userns_owner()