diff options
author | Eric W. Biederman <ebiederm@xmission.com> | 2016-08-08 14:41:52 -0500 |
---|---|---|
committer | Eric W. Biederman <ebiederm@xmission.com> | 2016-08-08 14:41:52 -0500 |
commit | 25f9c0817c535a728c1088542230fa327c577c9e (patch) | |
tree | 50e60f8d962702d92b94392d536a1c71d77c851c /include/linux/user_namespace.h | |
parent | f6b2db1a3e8d141dd144df58900fb0444d5d7c53 (diff) | |
download | lwn-25f9c0817c535a728c1088542230fa327c577c9e.tar.gz lwn-25f9c0817c535a728c1088542230fa327c577c9e.zip |
userns: Generalize the user namespace count into ucount
The same kind of recursive sane default limit and policy
countrol that has been implemented for the user namespace
is desirable for the other namespaces, so generalize
the user namespace refernce count into a ucount.
Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Diffstat (limited to 'include/linux/user_namespace.h')
-rw-r--r-- | include/linux/user_namespace.h | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h index 826de7a12a20..9b676ead35c3 100644 --- a/include/linux/user_namespace.h +++ b/include/linux/user_namespace.h @@ -23,6 +23,12 @@ struct uid_gid_map { /* 64 bytes -- 1 cache line */ #define USERNS_INIT_FLAGS USERNS_SETGROUPS_ALLOWED struct ucounts; + +enum ucount_type { + UCOUNT_USER_NAMESPACES, + UCOUNT_COUNTS, +}; + struct user_namespace { struct uid_gid_map uid_map; struct uid_gid_map gid_map; @@ -46,7 +52,7 @@ struct user_namespace { struct ctl_table_header *sysctls; #endif struct ucounts *ucounts; - int max_user_namespaces; + int ucount_max[UCOUNT_COUNTS]; }; struct ucounts { @@ -54,15 +60,15 @@ struct ucounts { struct user_namespace *ns; kuid_t uid; atomic_t count; - atomic_t user_namespaces; + atomic_t ucount[UCOUNT_COUNTS]; }; extern struct user_namespace init_user_ns; bool setup_userns_sysctls(struct user_namespace *ns); void retire_userns_sysctls(struct user_namespace *ns); -struct ucounts *inc_user_namespaces(struct user_namespace *ns, kuid_t uid); -void dec_user_namespaces(struct ucounts *ucounts); +struct ucounts *inc_ucount(struct user_namespace *ns, kuid_t uid, enum ucount_type type); +void dec_ucount(struct ucounts *ucounts, enum ucount_type type); #ifdef CONFIG_USER_NS |