[Devel] [PATCH rh7 v2 1/2] ve: introduce ve_init_user_ns() helper

Andrey Ryabinin aryabinin at virtuozzo.com
Wed Nov 11 08:09:38 PST 2015 

Add new helper ve_init_user_ns() which returns initial namespace for
current ve, and use it in do_new_mount()

https://jira.sw.ru/browse/PSBM-41075

Signed-off-by: Andrey Ryabinin <aryabinin at virtuozzo.com>
---
 fs/namespace.c     | 8 +-------
 include/linux/ve.h | 9 +++++++++
 kernel/ve/ve.c     | 9 +++++++++
 3 files changed, 19 insertions(+), 7 deletions(-)

diff --git a/fs/namespace.c b/fs/namespace.c
index 8909c13..c051e42 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -2167,7 +2167,6 @@ static int do_new_mount(struct path *path, const char *fstype, int flags,
 	struct file_system_type *type;
 	struct user_namespace *user_ns = current->nsproxy->mnt_ns->user_ns;
 	struct vfsmount *mnt;
-	struct user_namespace *root_user_ns;
 	int err;
 
 	if (!fstype)
@@ -2177,12 +2176,7 @@ static int do_new_mount(struct path *path, const char *fstype, int flags,
 	if (!type)
 		return -ENODEV;
 
-	if (get_exec_env()->init_cred)
-		root_user_ns = get_exec_env()->init_cred->user_ns;
-	else
-		root_user_ns = &init_user_ns;
-
-	if (user_ns != root_user_ns) {
+	if (user_ns != ve_init_user_ns()) {
 		if (!(type->fs_flags & FS_USERNS_MOUNT)) {
 			put_filesystem(type);
 			return -EPERM;
diff --git a/include/linux/ve.h b/include/linux/ve.h
index 86b95c3..2554337 100644
--- a/include/linux/ve.h
+++ b/include/linux/ve.h
@@ -31,6 +31,8 @@ struct file_system_type;
 struct veip_struct;
 struct ve_monitor;
 struct nsproxy;
+struct user_namespace;
+extern struct user_namespace init_user_ns;
 
 struct ve_struct {
 	struct cgroup_subsys_state	css;
@@ -215,6 +217,7 @@ void ve_exit_ns(struct pid_namespace *ns);
 int ve_start_container(struct ve_struct *ve);
 
 extern bool current_user_ns_initial(void);
+struct user_namespace *ve_init_user_ns(void);
 
 #ifdef CONFIG_TTY
 extern struct tty_driver *vtty_driver(dev_t dev, int *index);
@@ -242,6 +245,12 @@ static inline bool current_user_ns_initial(void)
 {
 	return current_user_ns() == init_cred.user_ns;
 }
+
+static inline struct user_namespace *ve_init_user_ns(void)
+{
+	return &init_user_ns;
+}
+
 #define kthread_create_on_node_ve(ve, threadfn, data, node, namefmt...)	\
 	kthread_create_on_node_ve(threadfn, data, node, namefmt...)
 
diff --git a/kernel/ve/ve.c b/kernel/ve/ve.c
index e9219e6..8f5f905 100644
--- a/kernel/ve/ve.c
+++ b/kernel/ve/ve.c
@@ -253,6 +253,15 @@ bool current_user_ns_initial(void)
 }
 EXPORT_SYMBOL(current_user_ns_initial);
 
+struct user_namespace *ve_init_user_ns(void)
+{
+	struct cred *init_cred;
+
+	init_cred = get_exec_env()->init_cred;
+	return init_cred ? init_cred->user_ns : &init_user_ns;
+}
+EXPORT_SYMBOL(ve_init_user_ns);
+
 int nr_threads_ve(struct ve_struct *ve)
 {
 	return cgroup_task_count(ve->css.cgroup);
-- 
2.4.10

More information about the Devel mailing list