kernel: add a helper to get an owning user namespace for a namespace

Return -EPERM if an owning user namespace is outside of a process current user namespace. v2: In a first version ns_get_owner returned ENOENT for init_user_ns. This special cases was removed from this version. There is nothing outside of init_user_ns, so we can return EPERM. v3: rename ns->get_owner() to ns->owner(). get_* usually means that it grabs a reference. Acked-by: Serge Hallyn <serge@hallyn.com> Signed-off-by: Andrei Vagin <avagin@openvz.org> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: Chatur27 <jasonbright2709@gmail.com>
author: Andrey Vagin <avagin@openvz.org> 2016-09-06 00:47:13 -0700
committer: Michael Bestas <mkbestas@lineageos.org> 2022-04-19 00:51:06 +0300
commit: 6c69e3aa5f24178424da5e13dd704b15bb5d820d (patch)
tree: 840a5ee46ddd92b5da6eb9f71949b70b0b5768d0 /ipc/namespace.c
parent: 25ef12806840e0222a4f292021f39dfc8a054166 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/ipc/namespace.c b/ipc/namespace.c
index 068caf18d565..25b64530c042 100644
--- a/ipc/namespace.c
+++ b/ipc/namespace.c
@@ -166,10 +166,16 @@ static int ipcns_install(struct nsproxy *nsproxy, struct ns_common *new)
 	return 0;
 }
 
+static struct user_namespace *ipcns_owner(struct ns_common *ns)
+{
+	return to_ipc_ns(ns)->user_ns;
+}
+
 const struct proc_ns_operations ipcns_operations = {
 	.name		= "ipc",
 	.type		= CLONE_NEWIPC,
 	.get		= ipcns_get,
 	.put		= ipcns_put,
 	.install	= ipcns_install,
+	.owner		= ipcns_owner,
 };
author	Andrey Vagin <avagin@openvz.org>	2016-09-06 00:47:13 -0700
committer	Michael Bestas <mkbestas@lineageos.org>	2022-04-19 00:51:06 +0300
commit	6c69e3aa5f24178424da5e13dd704b15bb5d820d (patch)
tree	840a5ee46ddd92b5da6eb9f71949b70b0b5768d0 /ipc/namespace.c
parent	25ef12806840e0222a4f292021f39dfc8a054166 (diff)