diff options
author | Eric W. Biederman <ebiederm@xmission.com> | 2016-08-08 14:41:52 -0500 |
---|---|---|
committer | Eric W. Biederman <ebiederm@xmission.com> | 2016-08-08 14:41:52 -0500 |
commit | 25f9c0817c535a728c1088542230fa327c577c9e (patch) | |
tree | 50e60f8d962702d92b94392d536a1c71d77c851c /kernel/fork.c | |
parent | f6b2db1a3e8d141dd144df58900fb0444d5d7c53 (diff) | |
download | lwn-25f9c0817c535a728c1088542230fa327c577c9e.tar.gz lwn-25f9c0817c535a728c1088542230fa327c577c9e.zip |
userns: Generalize the user namespace count into ucount
The same kind of recursive sane default limit and policy
countrol that has been implemented for the user namespace
is desirable for the other namespaces, so generalize
the user namespace refernce count into a ucount.
Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Diffstat (limited to 'kernel/fork.c')
-rw-r--r-- | kernel/fork.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/kernel/fork.c b/kernel/fork.c index d8cde533ace3..3cb4853a59aa 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -302,6 +302,7 @@ int arch_task_struct_size __read_mostly; void __init fork_init(void) { + int i; #ifndef CONFIG_ARCH_TASK_STRUCT_ALLOCATOR #ifndef ARCH_MIN_TASKALIGN #define ARCH_MIN_TASKALIGN L1_CACHE_BYTES @@ -322,7 +323,9 @@ void __init fork_init(void) init_task.signal->rlim[RLIMIT_SIGPENDING] = init_task.signal->rlim[RLIMIT_NPROC]; - init_user_ns.max_user_namespaces = max_threads/2; + for (i = 0; i < UCOUNT_COUNTS; i++) { + init_user_ns.ucount_max[i] = max_threads/2; + } } int __weak arch_dup_task_struct(struct task_struct *dst, |