[patch 05/10] add "permit user mounts in new namespace" clone flag

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

To: <akpm@...>, <serue@...>, <viro@...>, <linuxram@...>

Cc: <linux-fsdevel@...>, <linux-kernel@...>, <containers@...>

Subject: [patch 05/10] add "permit user mounts in new namespace" clone flag

Date: Thursday, April 12, 2007 - 12:45 pm

From: Miklos Szeredi <mszeredi@suse.cz>

If CLONE_NEWNS and CLONE_NEWNS_USERMNT are given to clone(2) or
unshare(2), then allow user mounts within the new namespace.

This is not flexible enough, because user mounts can't be enabled for
the initial namespace.

The remaining clone bits also getting dangerously few...

Alternatives are:

  - prctl() flag
  - setting through the containers filesystem

Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
---

Index: linux/fs/namespace.c
===================================================================
--- linux.orig/fs/namespace.c	2007-04-12 13:46:19.000000000 +0200
+++ linux/fs/namespace.c	2007-04-12 13:54:36.000000000 +0200
@@ -1617,6 +1617,8 @@ struct mnt_namespace *copy_mnt_ns(int fl
 		return ns;
 
 	new_ns = dup_mnt_ns(ns, new_fs);
+	if (new_ns && (flags & CLONE_NEWNS_USERMNT))
+		new_ns->flags |= MNT_NS_PERMIT_USERMOUNTS;
 
 	put_mnt_ns(ns);
 	return new_ns;
Index: linux/include/linux/sched.h
===================================================================
--- linux.orig/include/linux/sched.h	2007-04-12 13:26:48.000000000 +0200
+++ linux/include/linux/sched.h	2007-04-12 13:54:36.000000000 +0200
@@ -26,6 +26,7 @@
 #define CLONE_STOPPED		0x02000000	/* Start in stopped state */
 #define CLONE_NEWUTS		0x04000000	/* New utsname group? */
 #define CLONE_NEWIPC		0x08000000	/* New ipcs */
+#define CLONE_NEWNS_USERMNT	0x10000000	/* Allow user mounts in ns? */
 
 /*
  * Scheduling policies
Index: linux/kernel/fork.c
===================================================================
--- linux.orig/kernel/fork.c	2007-04-11 18:27:46.000000000 +0200
+++ linux/kernel/fork.c	2007-04-12 13:59:10.000000000 +0200
@@ -1586,7 +1586,7 @@ asmlinkage long sys_unshare(unsigned lon
 	err = -EINVAL;
 	if (unshare_flags & ~(CLONE_THREAD|CLONE_FS|CLONE_NEWNS|CLONE_SIGHAND|
 				CLONE_VM|CLONE_FILES|CLONE_SYSVSEM|
-				CLONE_NEWUTS|CLONE_NEWIPC))
+				CLONE_NEWUTS|CLONE_NEWIPC|CLONE_NEWNS_USERMNT))
 		goto bad_unshare_out;
 
 	if ((err = unshare_thread(unshare_flags)))

--
-
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

[patch 05/10] add "permit user mounts in new namespace" clon..., Miklos Szeredi, (Thu Apr 12, 12:45 pm)

Re: [patch 05/10] add "permit user mounts in new namespace" ..., Serge E. Hallyn, (Thu Apr 12, 4:32 pm)

Re: [patch 05/10] add "permit user mounts in new namespace" ..., Eric W. Biederman, (Fri Apr 13, 12:45 am)

Re: [patch 05/10] add "permit user mounts in new namespace" ..., Miklos Szeredi, (Fri Apr 13, 3:12 am)

Re: [patch 05/10] add "permit user mounts in new namespace" ..., Serge E. Hallyn, (Fri Apr 13, 9:47 am)

Re: [patch 05/10] add "permit user mounts in new namespace" ..., Eric W. Biederman, (Fri Apr 13, 10:22 am)

Re: [Devel] Re: [patch 05/10] add "permit user mounts in new..., Ram Pai, (Mon Apr 16, 4:47 am)

Re: [Devel] Re: [patch 05/10] add "permit user mounts in new..., Miklos Szeredi, (Mon Apr 16, 5:32 am)

Re: [Devel] Re: [patch 05/10] add "permit user mounts in new..., Ram Pai, (Mon Apr 16, 5:49 am)

Re: [Devel] Re: [patch 05/10] add "permit user mounts in new..., Miklos Szeredi, (Mon Apr 16, 5:56 am)

Re: [Devel] Re: [patch 05/10] add "permit user mounts in new..., Eric W. Biederman, (Mon Apr 16, 11:43 am)

Re: [Devel] Re: [patch 05/10] add "permit user mounts in new..., Miklos Szeredi, (Mon Apr 16, 11:58 am)

Re: [Devel] Re: [patch 05/10] add "permit user mounts in new..., Eric W. Biederman, (Mon Apr 16, 3:16 pm)

Re: [Devel] Re: [patch 05/10] add "permit user mounts in new..., Serge E. Hallyn, (Mon Apr 16, 3:56 pm)

Re: [Devel] Re: [patch 05/10] add "permit user mounts in new..., Eric W. Biederman, (Tue Apr 17, 5:04 am)

Re: [Devel] Re: [patch 05/10] add "permit user mounts in new..., Miklos Szeredi, (Tue Apr 17, 7:09 am)

Re: [Devel] Re: [patch 05/10] add "permit user mounts in new..., Eric W. Biederman, (Tue Apr 17, 2:16 pm)

Re: [Devel] Re: [patch 05/10] add "permit user mounts in new..., Miklos Szeredi, (Tue Apr 17, 2:36 pm)

Re: [Devel] Re: [patch 05/10] add "permit user mounts in new..., Eric W. Biederman, (Tue Apr 17, 3:54 pm)

Re: [Devel] Re: [patch 05/10] add "permit user mounts in new..., Miklos Szeredi, (Wed Apr 18, 5:11 am)

Re: [Devel] Re: [patch 05/10] add "permit user mounts in new..., Eric W. Biederman, (Wed Apr 18, 1:14 pm)

Re: [Devel] Re: [patch 05/10] add "permit user mounts in new..., Trond Myklebust, (Wed Apr 18, 9:55 am)

Re: [Devel] Re: [patch 05/10] add "permit user mounts in new..., Serge E. Hallyn, (Tue Apr 17, 10:28 am)

Re: [Devel] Re: [patch 05/10] add "permit user mounts in new..., Serge E. Hallyn, (Tue Apr 17, 10:25 am)

Re: [Devel] Re: [patch 05/10] add "permit user mounts in new..., Ram Pai, (Mon Apr 16, 1:14 pm)

Re: [Devel] Re: [patch 05/10] add "permit user mounts in new..., Miklos Szeredi, (Mon Apr 16, 1:50 pm)

Re: [Devel] Re: [patch 05/10] add "permit user mounts in new..., Serge E. Hallyn, (Tue Apr 17, 1:07 pm)

Re: [Devel] Re: [patch 05/10] add "permit user mounts in new..., Miklos Szeredi, (Tue Apr 17, 1:44 pm)

Re: [Devel] Re: [patch 05/10] add "permit user mounts in new..., Serge E. Hallyn, (Tue Apr 17, 2:15 pm)

Re: [Devel] Re: [patch 05/10] add "permit user mounts in new..., Miklos Szeredi, (Tue Apr 17, 2:58 pm)

Re: [Devel] Re: [patch 05/10] add "permit user mounts in new..., Ram Pai, (Tue Apr 17, 3:28 pm)

Re: [Devel] Re: [patch 05/10] add "permit user mounts in new..., Miklos Szeredi, (Tue Apr 17, 3:43 pm)

Re: [Devel] Re: [patch 05/10] add "permit user mounts in new..., Ram Pai, (Tue Apr 17, 4:25 pm)

Re: [Devel] Re: [patch 05/10] add "permit user mounts in new..., Miklos Szeredi, (Wed Apr 18, 5:19 am)

Re: [Devel] Re: [patch 05/10] add "permit user mounts in new..., Ram Pai, (Wed Apr 18, 2:35 pm)

Re: [Devel] Re: [patch 05/10] add "permit user mounts in new..., Miklos Szeredi, (Wed Apr 18, 3:14 pm)

Re: [Devel] Re: [patch 05/10] add "permit user mounts in new..., Ram Pai, (Wed Apr 18, 3:41 pm)

Re: [Devel] Re: [patch 05/10] add "permit user mounts in new..., Miklos Szeredi, (Thu Apr 19, 4:36 am)

Re: [patch 05/10] add "permit user mounts in new namespace" ..., Herbert Poetzl, (Fri Apr 13, 12:16 am)

Re: [patch 05/10] add "permit user mounts in new namespace" ..., Miklos Szeredi, (Fri Apr 13, 3:09 am)


linux-kernel:
Bart Van Assche	Integration of SCST in the mainstream Linux kernel
Greg Kroah-Hartman	[PATCH 002/196] Chinese: rephrase English introduction in HOWTO
David Woodhouse	[GIT *] Allow request_firmware() to be satisfied from in-kernel, use it in more dr...
KAMEZAWA Hiroyuki	Re: 2.6.23-mm1
git:

linux-netdev:
David Miller	Re: [PATCH 3/3] Convert the UDP hash lock to RCU
Jarek Poplawski	Re: [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Gerrit Renker	[PATCH 15/37] dccp: Set per-connection CCIDs via socket options
Evgeniy Polyakov	Re: 2.6.25-rc8: FTP transfer errors
openbsd-misc:

[patch 05/10] add "permit user mounts in new namespace" clone flag

Online users