Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm...

[linux-3.10.git] / ipc / namespace.c

diff --git a/ipc/namespace.c b/ipc/namespace.c
index 3c3e5223e7e50f2c376a6a2abc9979bb598a350e..7c1fa451b0b0d75ae5265fea8fbe1193cb865223 100644 (file)
--- a/ipc/namespace.c
+++ b/ipc/namespace.c
@@ -12,10 +12,11 @@
 #include <linux/fs.h>
 #include <linux/mount.h>
 #include <linux/user_namespace.h>
+#include <linux/proc_fs.h>
 
 #include "util.h"
 
-static struct ipc_namespace *create_ipc_ns(struct task_struct *tsk,
+static struct ipc_namespace *create_ipc_ns(struct user_namespace *user_ns,
                                           struct ipc_namespace *old_ns)
 {
        struct ipc_namespace *ns;
@@ -25,9 +26,16 @@ static struct ipc_namespace *create_ipc_ns(struct task_struct *tsk,
        if (ns == NULL)
                return ERR_PTR(-ENOMEM);
 
+       err = proc_alloc_inum(&ns->proc_inum);
+       if (err) {
+               kfree(ns);
+               return ERR_PTR(err);
+       }
+
        atomic_set(&ns->count, 1);
        err = mq_init_ns(ns);
        if (err) {
+               proc_free_inum(ns->proc_inum);
                kfree(ns);
                return ERR_PTR(err);
        }
@@ -45,19 +53,17 @@ static struct ipc_namespace *create_ipc_ns(struct task_struct *tsk,
        ipcns_notify(IPCNS_CREATED);
        register_ipcns_notifier(ns);
 
-       ns->user_ns = get_user_ns(task_cred_xxx(tsk, user)->user_ns);
+       ns->user_ns = get_user_ns(user_ns);
 
        return ns;
 }
 
 struct ipc_namespace *copy_ipcs(unsigned long flags,
-                               struct task_struct *tsk)
+       struct user_namespace *user_ns, struct ipc_namespace *ns)
 {
-       struct ipc_namespace *ns = tsk->nsproxy->ipc_ns;
-
        if (!(flags & CLONE_NEWIPC))
                return get_ipc_ns(ns);
-       return create_ipc_ns(tsk, ns);
+       return create_ipc_ns(user_ns, ns);
 }
 
 /*
@@ -104,7 +110,6 @@ static void free_ipc_ns(struct ipc_namespace *ns)
        sem_exit_ns(ns);
        msg_exit_ns(ns);
        shm_exit_ns(ns);
-       kfree(ns);
        atomic_dec(&nr_ipc_ns);
 
        /*
@@ -113,6 +118,8 @@ static void free_ipc_ns(struct ipc_namespace *ns)
         */
        ipcns_notify(IPCNS_REMOVED);
        put_user_ns(ns->user_ns);
+       proc_free_inum(ns->proc_inum);
+       kfree(ns);
 }
 
 /*
@@ -140,3 +147,52 @@ void put_ipc_ns(struct ipc_namespace *ns)
                free_ipc_ns(ns);
        }
 }
+
+static void *ipcns_get(struct task_struct *task)
+{
+       struct ipc_namespace *ns = NULL;
+       struct nsproxy *nsproxy;
+
+       rcu_read_lock();
+       nsproxy = task_nsproxy(task);
+       if (nsproxy)
+               ns = get_ipc_ns(nsproxy->ipc_ns);
+       rcu_read_unlock();
+
+       return ns;
+}
+
+static void ipcns_put(void *ns)
+{
+       return put_ipc_ns(ns);
+}
+
+static int ipcns_install(struct nsproxy *nsproxy, void *new)
+{
+       struct ipc_namespace *ns = new;
+       if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN) ||
+           !nsown_capable(CAP_SYS_ADMIN))
+               return -EPERM;
+
+       /* Ditch state from the old ipc namespace */
+       exit_sem(current);
+       put_ipc_ns(nsproxy->ipc_ns);
+       nsproxy->ipc_ns = get_ipc_ns(ns);
+       return 0;
+}
+
+static unsigned int ipcns_inum(void *vp)
+{
+       struct ipc_namespace *ns = vp;
+
+       return ns->proc_inum;
+}
+
+const struct proc_ns_operations ipcns_operations = {
+       .name           = "ipc",
+       .type           = CLONE_NEWIPC,
+       .get            = ipcns_get,
+       .put            = ipcns_put,
+       .install        = ipcns_install,
+       .inum           = ipcns_inum,
+};