[Devel] [PATCH rh7 v3 1/2] ve: Implement current_user_ns_initial() helper
Kirill Tkhai
ktkhai at odin.com
Tue Oct 6 02:35:41 PDT 2015
Add a helper which checks if current user_ns is
the same as ve init_cred's. Will be used in next
patch.
Signed-off-by: Kirill Tkhai <ktkhai at odin.com>
---
include/linux/ve.h | 6 ++++++
kernel/ve/ve.c | 16 ++++++++++++++++
2 files changed, 22 insertions(+)
diff --git a/include/linux/ve.h b/include/linux/ve.h
index 10c150a..86b95c3 100644
--- a/include/linux/ve.h
+++ b/include/linux/ve.h
@@ -214,6 +214,8 @@ void ve_stop_ns(struct pid_namespace *ns);
void ve_exit_ns(struct pid_namespace *ns);
int ve_start_container(struct ve_struct *ve);
+extern bool current_user_ns_initial(void);
+
#ifdef CONFIG_TTY
extern struct tty_driver *vtty_driver(dev_t dev, int *index);
extern struct tty_driver *vtty_console_driver(int *index);
@@ -236,6 +238,10 @@ static inline int vz_security_protocol_check(struct net *net, int protocol) { re
static inline void ve_stop_ns(struct pid_namespace *ns) { }
static inline void ve_exit_ns(struct pid_namespace *ns) { }
+static inline bool current_user_ns_initial(void)
+{
+ return current_user_ns() == init_cred.user_ns;
+}
#define kthread_create_on_node_ve(ve, threadfn, data, node, namefmt...) \
kthread_create_on_node_ve(threadfn, data, node, namefmt...)
diff --git a/kernel/ve/ve.c b/kernel/ve/ve.c
index aff3b03..12cfa33 100644
--- a/kernel/ve/ve.c
+++ b/kernel/ve/ve.c
@@ -238,6 +238,21 @@ int vz_security_protocol_check(struct net *net, int protocol)
}
EXPORT_SYMBOL_GPL(vz_security_protocol_check);
+/* Check if current user_ns is initial for current ve */
+bool current_user_ns_initial(void)
+{
+ struct ve_struct *ve = get_exec_env();
+ bool ret = false;
+
+ rcu_read_lock();
+ if (ve->ve_ns && ve->init_cred->user_ns == current_user_ns())
+ ret = true;
+ rcu_read_unlock();
+
+ return ret;
+}
+EXPORT_SYMBOL(current_user_ns_initial);
+
int nr_threads_ve(struct ve_struct *ve)
{
return cgroup_task_count(ve->css.cgroup);
@@ -408,6 +423,7 @@ static void ve_drop_context(struct ve_struct *ve)
put_net(ve->ve_netns);
ve->ve_netns = NULL;
+ /* Allows to dereference init_cred if ve_ns is set */
rcu_assign_pointer(ve->ve_ns, NULL);
synchronize_rcu();
put_nsproxy(ve_ns);
More information about the Devel
mailing list