Line data Source code
1 : /* SPDX-License-Identifier: GPL-2.0 */ 2 : #ifndef _LINUX_NSPROXY_H 3 : #define _LINUX_NSPROXY_H 4 : 5 : #include <linux/spinlock.h> 6 : #include <linux/sched.h> 7 : 8 : struct mnt_namespace; 9 : struct uts_namespace; 10 : struct ipc_namespace; 11 : struct pid_namespace; 12 : struct cgroup_namespace; 13 : struct fs_struct; 14 : 15 : /* 16 : * A structure to contain pointers to all per-process 17 : * namespaces - fs (mount), uts, network, sysvipc, etc. 18 : * 19 : * The pid namespace is an exception -- it's accessed using 20 : * task_active_pid_ns. The pid namespace here is the 21 : * namespace that children will use. 22 : * 23 : * 'count' is the number of tasks holding a reference. 24 : * The count for each namespace, then, will be the number 25 : * of nsproxies pointing to it, not the number of tasks. 26 : * 27 : * The nsproxy is shared by tasks which share all namespaces. 28 : * As soon as a single namespace is cloned or unshared, the 29 : * nsproxy is copied. 30 : */ 31 : struct nsproxy { 32 : atomic_t count; 33 : struct uts_namespace *uts_ns; 34 : struct ipc_namespace *ipc_ns; 35 : struct mnt_namespace *mnt_ns; 36 : struct pid_namespace *pid_ns_for_children; 37 : struct net *net_ns; 38 : struct time_namespace *time_ns; 39 : struct time_namespace *time_ns_for_children; 40 : struct cgroup_namespace *cgroup_ns; 41 : }; 42 : extern struct nsproxy init_nsproxy; 43 : 44 : /* 45 : * A structure to encompass all bits needed to install 46 : * a partial or complete new set of namespaces. 47 : * 48 : * If a new user namespace is requested cred will 49 : * point to a modifiable set of credentials. If a pointer 50 : * to a modifiable set is needed nsset_cred() must be 51 : * used and tested. 52 : */ 53 : struct nsset { 54 : unsigned flags; 55 : struct nsproxy *nsproxy; 56 : struct fs_struct *fs; 57 : const struct cred *cred; 58 : }; 59 : 60 0 : static inline struct cred *nsset_cred(struct nsset *set) 61 : { 62 0 : if (set->flags & CLONE_NEWUSER) 63 0 : return (struct cred *)set->cred; 64 : 65 : return NULL; 66 : } 67 : 68 : /* 69 : * the namespaces access rules are: 70 : * 71 : * 1. only current task is allowed to change tsk->nsproxy pointer or 72 : * any pointer on the nsproxy itself. Current must hold the task_lock 73 : * when changing tsk->nsproxy. 74 : * 75 : * 2. when accessing (i.e. reading) current task's namespaces - no 76 : * precautions should be taken - just dereference the pointers 77 : * 78 : * 3. the access to other task namespaces is performed like this 79 : * task_lock(task); 80 : * nsproxy = task->nsproxy; 81 : * if (nsproxy != NULL) { 82 : * / * 83 : * * work with the namespaces here 84 : * * e.g. get the reference on one of them 85 : * * / 86 : * } / * 87 : * * NULL task->nsproxy means that this task is 88 : * * almost dead (zombie) 89 : * * / 90 : * task_unlock(task); 91 : * 92 : */ 93 : 94 : int copy_namespaces(unsigned long flags, struct task_struct *tsk); 95 : void exit_task_namespaces(struct task_struct *tsk); 96 : void switch_task_namespaces(struct task_struct *tsk, struct nsproxy *new); 97 : void free_nsproxy(struct nsproxy *ns); 98 : int unshare_nsproxy_namespaces(unsigned long, struct nsproxy **, 99 : struct cred *, struct fs_struct *); 100 : int __init nsproxy_cache_init(void); 101 : 102 928 : static inline void put_nsproxy(struct nsproxy *ns) 103 : { 104 1856 : if (atomic_dec_and_test(&ns->count)) { 105 47 : free_nsproxy(ns); 106 : } 107 928 : } 108 : 109 958 : static inline void get_nsproxy(struct nsproxy *ns) 110 : { 111 958 : atomic_inc(&ns->count); 112 958 : } 113 : 114 : #endif