projects / mirror_ubuntu-focal-kernel.git / blame
| Commit | Line | Data |
|---|---|---|
| acce292c CLG |
1 | #ifndef _LINUX_USER_NAMESPACE_H |
| 2 | #define _LINUX_USER_NAMESPACE_H | |
| 3 | ||
| 4 | #include <linux/kref.h> | |
| 5 | #include <linux/nsproxy.h> | |
| 435d5f4b | 6 | #include <linux/ns_common.h> |
| acce292c | 7 | #include <linux/sched.h> |
| 77ec739d | 8 | #include <linux/err.h> |
| acce292c | 9 | |
| 22d917d8 EB |
10 | #define UID_GID_MAP_MAX_EXTENTS 5 |
| 11 | ||
| 12 | struct uid_gid_map { /* 64 bytes -- 1 cache line */ | |
| 13 | u32 nr_extents; | |
| 14 | struct uid_gid_extent { | |
| 15 | u32 first; | |
| 16 | u32 lower_first; | |
| 17 | u32 count; | |
| 18 | } extent[UID_GID_MAP_MAX_EXTENTS]; | |
| 19 | }; | |
| 20 | ||
| 9cc46516 EB |
21 | #define USERNS_SETGROUPS_ALLOWED 1UL |
| 22 | ||
| 23 | #define USERNS_INIT_FLAGS USERNS_SETGROUPS_ALLOWED | |
| 24 | ||
| f6b2db1a | 25 | struct ucounts; |
| 25f9c081 EB |
26 | |
| 27 | enum ucount_type { | |
| 28 | UCOUNT_USER_NAMESPACES, | |
| f333c700 | 29 | UCOUNT_PID_NAMESPACES, |
| f7af3d1c | 30 | UCOUNT_UTS_NAMESPACES, |
| aba35661 | 31 | UCOUNT_IPC_NAMESPACES, |
| 70328660 | 32 | UCOUNT_NET_NAMESPACES, |
| d08311dd | 33 | UCOUNT_CGROUP_NAMESPACES, |
| 25f9c081 EB |
34 | UCOUNT_COUNTS, |
| 35 | }; | |
| 36 | ||
| acce292c | 37 | struct user_namespace { |
| 22d917d8 EB |
38 | struct uid_gid_map uid_map; |
| 39 | struct uid_gid_map gid_map; | |
| f76d207a | 40 | struct uid_gid_map projid_map; |
| c61a2810 | 41 | atomic_t count; |
| aeb3ae9d | 42 | struct user_namespace *parent; |
| 8742f229 | 43 | int level; |
| 783291e6 EB |
44 | kuid_t owner; |
| 45 | kgid_t group; | |
| 435d5f4b | 46 | struct ns_common ns; |
| 9cc46516 | 47 | unsigned long flags; |
| f36f8c75 DH |
48 | |
| 49 | /* Register of per-UID persistent keyrings for this namespace */ | |
| 50 | #ifdef CONFIG_PERSISTENT_KEYRINGS | |
| 51 | struct key *persistent_keyring_register; | |
| 52 | struct rw_semaphore persistent_keyring_register_sem; | |
| 53 | #endif | |
| b032132c | 54 | struct work_struct work; |
| dbec2846 EB |
55 | #ifdef CONFIG_SYSCTL |
| 56 | struct ctl_table_set set; | |
| 57 | struct ctl_table_header *sysctls; | |
| 58 | #endif | |
| f6b2db1a | 59 | struct ucounts *ucounts; |
| 25f9c081 | 60 | int ucount_max[UCOUNT_COUNTS]; |
| f6b2db1a EB |
61 | }; |
| 62 | ||
| 63 | struct ucounts { | |
| 64 | struct hlist_node node; | |
| 65 | struct user_namespace *ns; | |
| 66 | kuid_t uid; | |
| 67 | atomic_t count; | |
| 25f9c081 | 68 | atomic_t ucount[UCOUNT_COUNTS]; |
| acce292c CLG |
69 | }; |
| 70 | ||
| 71 | extern struct user_namespace init_user_ns; | |
| f6b2db1a EB |
72 | |
| 73 | bool setup_userns_sysctls(struct user_namespace *ns); | |
| 74 | void retire_userns_sysctls(struct user_namespace *ns); | |
| 25f9c081 EB |
75 | struct ucounts *inc_ucount(struct user_namespace *ns, kuid_t uid, enum ucount_type type); |
| 76 | void dec_ucount(struct ucounts *ucounts, enum ucount_type type); | |
| acce292c CLG |
77 | |
| 78 | #ifdef CONFIG_USER_NS | |
| 79 | ||
| 80 | static inline struct user_namespace *get_user_ns(struct user_namespace *ns) | |
| 81 | { | |
| 82 | if (ns) | |
| c61a2810 | 83 | atomic_inc(&ns->count); |
| acce292c CLG |
84 | return ns; |
| 85 | } | |
| 86 | ||
| 18b6e041 | 87 | extern int create_user_ns(struct cred *new); |
| b2e0d987 | 88 | extern int unshare_userns(unsigned long unshare_flags, struct cred **new_cred); |
| b032132c | 89 | extern void __put_user_ns(struct user_namespace *ns); |
| acce292c CLG |
90 | |
| 91 | static inline void put_user_ns(struct user_namespace *ns) | |
| 92 | { | |
| c61a2810 | 93 | if (ns && atomic_dec_and_test(&ns->count)) |
| b032132c | 94 | __put_user_ns(ns); |
| acce292c CLG |
95 | } |
| 96 | ||
| 22d917d8 | 97 | struct seq_operations; |
| ccf94f1b FF |
98 | extern const struct seq_operations proc_uid_seq_operations; |
| 99 | extern const struct seq_operations proc_gid_seq_operations; | |
| 100 | extern const struct seq_operations proc_projid_seq_operations; | |
| 22d917d8 EB |
101 | extern ssize_t proc_uid_map_write(struct file *, const char __user *, size_t, loff_t *); |
| 102 | extern ssize_t proc_gid_map_write(struct file *, const char __user *, size_t, loff_t *); | |
| f76d207a | 103 | extern ssize_t proc_projid_map_write(struct file *, const char __user *, size_t, loff_t *); |
| 9cc46516 EB |
104 | extern ssize_t proc_setgroups_write(struct file *, const char __user *, size_t, loff_t *); |
| 105 | extern int proc_setgroups_show(struct seq_file *m, void *v); | |
| 273d2c67 | 106 | extern bool userns_may_setgroups(const struct user_namespace *ns); |
| d07b846f | 107 | extern bool current_in_userns(const struct user_namespace *target_ns); |
| acce292c CLG |
108 | #else |
| 109 | ||
| 110 | static inline struct user_namespace *get_user_ns(struct user_namespace *ns) | |
| 111 | { | |
| 112 | return &init_user_ns; | |
| 113 | } | |
| 114 | ||
| 18b6e041 | 115 | static inline int create_user_ns(struct cred *new) |
| acce292c | 116 | { |
| 18b6e041 | 117 | return -EINVAL; |
| acce292c CLG |
118 | } |
| 119 | ||
| b2e0d987 EB |
120 | static inline int unshare_userns(unsigned long unshare_flags, |
| 121 | struct cred **new_cred) | |
| 122 | { | |
| 123 | if (unshare_flags & CLONE_NEWUSER) | |
| 124 | return -EINVAL; | |
| 125 | return 0; | |
| 126 | } | |
| 127 | ||
| acce292c CLG |
128 | static inline void put_user_ns(struct user_namespace *ns) |
| 129 | { | |
| 130 | } | |
| 131 | ||
| 273d2c67 EB |
132 | static inline bool userns_may_setgroups(const struct user_namespace *ns) |
| 133 | { | |
| 134 | return true; | |
| 135 | } | |
| d07b846f SF |
136 | |
| 137 | static inline bool current_in_userns(const struct user_namespace *target_ns) | |
| 138 | { | |
| 139 | return true; | |
| 140 | } | |
| 22d917d8 EB |
141 | #endif |
| 142 | ||
| acce292c | 143 | #endif /* _LINUX_USER_H */ |