summaryrefslogtreecommitdiffstats
path: root/kernel/user_namespace.c
diff options
context:
space:
mode:
authorAndrey Vagin <avagin@openvz.org>2016-09-06 09:47:14 +0200
committerEric W. Biederman <ebiederm@xmission.com>2016-09-23 02:59:40 +0200
commit6786741dbf99e44fb0c0ed85a37582b8a26f1c3b (patch)
treec6d4f7bbb9920c79f6a6393d0900bd850507c37a /kernel/user_namespace.c
parentkernel: add a helper to get an owning user namespace for a namespace (diff)
downloadlinux-6786741dbf99e44fb0c0ed85a37582b8a26f1c3b.tar.xz
linux-6786741dbf99e44fb0c0ed85a37582b8a26f1c3b.zip
nsfs: add ioctl to get an owning user namespace for ns file descriptor
Each namespace has an owning user namespace and now there is not way to discover these relationships. Understending namespaces relationships allows to answer the question: what capability does process X have to perform operations on a resource governed by namespace Y? After a long discussion, Eric W. Biederman proposed to use ioctl-s for this purpose. The NS_GET_USERNS ioctl returns a file descriptor to an owning user namespace. It returns EPERM if a target namespace is outside of a current user namespace. v2: rename parent to relative v3: Add a missing mntput when returning -EAGAIN --EWB Acked-by: Serge Hallyn <serge@hallyn.com> Link: https://lkml.org/lkml/2016/7/6/158 Signed-off-by: Andrei Vagin <avagin@openvz.org> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Diffstat (limited to 'kernel/user_namespace.c')
0 files changed, 0 insertions, 0 deletions