[CRIU] [PATCH 09/28] ns: Add can_access_userns() helper

[Kirill Tkhai]

Returns true if argument is the same user_ns as current has,
or it's our descendant.

Signed-off-by: Kirill Tkhai <ktkhai at virtuozzo.com>
---
 criu/include/namespaces.h |    2 ++
 criu/namespaces.c         |   18 ++++++++++++++++++
 2 files changed, 20 insertions(+)

diff --git a/criu/include/namespaces.h b/criu/include/namespaces.h
index cafb10992..631d6228a 100644
--- a/criu/include/namespaces.h
+++ b/criu/include/namespaces.h
@@ -173,6 +173,8 @@ extern struct ns_id *root_user_ns;
 	}
 
 extern bool check_ns_proc(struct fd_link *link);
+extern bool is_subns(struct ns_id *sub_ns, struct ns_id *ns);
+extern bool can_access_userns(struct ns_id *user_ns);
 extern unsigned int child_userns_xid(unsigned int xid, UidGidExtent **map, int n);
 
 extern struct ns_desc pid_ns_desc;
diff --git a/criu/namespaces.c b/criu/namespaces.c
index ebb6d2fc4..d73b2d9f9 100644
--- a/criu/namespaces.c
+++ b/criu/namespaces.c
@@ -898,6 +898,24 @@ struct ns_id *root_user_ns = NULL;
 /* Mapping NS_ROOT to NS_CRIU */
 UsernsEntry *userns_entry;
 
+bool is_subns(struct ns_id *sub_ns, struct ns_id *ns)
+{
+	if (!current)
+		return true;
+
+	while (sub_ns) {
+		if (sub_ns == ns)
+			return true;
+		sub_ns = sub_ns->parent;
+	}
+	return false;
+}
+
+bool can_access_userns(struct ns_id *user_ns)
+{
+	return is_subns(user_ns, current->user_ns);
+}
+
 unsigned int child_userns_xid(unsigned int id, UidGidExtent **map, int n)
 {
 	int i;