userns: When the per user per user namespace limit is reached return ENOSPC

The current error codes returned when a the per user per user
namespace limit are hit (EINVAL, EUSERS, and ENFILE) are wrong.  I
asked for advice on linux-api and it we made clear that those were
the wrong error code, but a correct effor code was not suggested.

The best general error code I have found for hitting a resource limit
is ENOSPC.  It is not perfect but as it is unambiguous it will serve
until someone comes up with a better error code.

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>

diff --git a/fs/namespace.c b/fs/namespace.c
index 491b8f3e4c9a0fac5ea248eac833c07044915f3c..cf2cc234c8b46aa167648e010b7e17b749770656 100644 (file)
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -2754,7 +2754,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns)
 
        ucounts = inc_mnt_namespaces(user_ns);
        if (!ucounts)
-               return ERR_PTR(-ENFILE);
+               return ERR_PTR(-ENOSPC);
 
        new_ns = kmalloc(sizeof(struct mnt_namespace), GFP_KERNEL);
        if (!new_ns) {

diff --git a/ipc/namespace.c b/ipc/namespace.c
index 7309142141358e5fd4d4164ec9221594336356a0..fab727d9fe094c757431439aa22e2b906616c7fc 100644 (file)
--- a/ipc/namespace.c
+++ b/ipc/namespace.c
@@ -33,7 +33,7 @@ static struct ipc_namespace *create_ipc_ns(struct user_namespace *user_ns,
        struct ucounts *ucounts;
        int err;
 
-       err = -ENFILE;
+       err = -ENOSPC;
        ucounts = inc_ipc_namespaces(user_ns);
        if (!ucounts)
                goto fail;

diff --git a/kernel/cgroup.c b/kernel/cgroup.c
index e9e4427fec46c88d9f07e9fbbf20f69faf1c0e6a..f1dd4b07621004e9a5d4e01a0ed794a2c40fae11 100644 (file)
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
@@ -6354,7 +6354,7 @@ struct cgroup_namespace *copy_cgroup_ns(unsigned long flags,
 
        ucounts = inc_cgroup_namespaces(user_ns);
        if (!ucounts)
-               return ERR_PTR(-ENFILE);
+               return ERR_PTR(-ENOSPC);
 
        /* It is not safe to take cgroup_mutex here */
        spin_lock_irq(&css_set_lock);

diff --git a/kernel/pid_namespace.c b/kernel/pid_namespace.c
index 30a7f335193284d539f6b7cdc17bd488bec36488..7542b28cc9290f3040559aa2a72b02701a97b2f5 100644 (file)
--- a/kernel/pid_namespace.c
+++ b/kernel/pid_namespace.c
@@ -98,7 +98,7 @@ static struct pid_namespace *create_pid_namespace(struct user_namespace *user_ns
        int i;
        int err;
 
-       err = -EINVAL;
+       err = -ENOSPC;
        if (level > MAX_PID_NS_LEVEL)
                goto out;
        ucounts = inc_pid_namespaces(user_ns);

diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
index 0edafe305861e80aa40a0128bb91b90fde644dac..f2c5ba5505f14cac479d0f0658ed71d472f042b3 100644 (file)
--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
@@ -76,7 +76,7 @@ int create_user_ns(struct cred *new)
        struct ucounts *ucounts;
        int ret, i;
 
-       ret = -EUSERS;
+       ret = -ENOSPC;
        if (parent_ns->level > 32)
                goto fail;
 

diff --git a/kernel/utsname.c b/kernel/utsname.c
index f3b0bb4ac3ba7c02fec473e4b54001f29de87c54..35587b76faa33b1c0db188de29af0639137712f6 100644 (file)
--- a/kernel/utsname.c
+++ b/kernel/utsname.c
@@ -49,7 +49,7 @@ static struct uts_namespace *clone_uts_ns(struct user_namespace *user_ns,
        struct ucounts *ucounts;
        int err;
 
-       err = -ENFILE;
+       err = -ENOSPC;
        ucounts = inc_uts_namespaces(user_ns);
        if (!ucounts)
                goto fail;

diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c
index 3e2812aeceb78e518c04469bb37243bad8a00973..06af5d6a883cfeb6c67b7fb5d0e4bcb204a60a99 100644 (file)
--- a/net/core/net_namespace.c
+++ b/net/core/net_namespace.c
@@ -370,7 +370,7 @@ struct net *copy_net_ns(unsigned long flags,
 
        ucounts = inc_net_namespaces(user_ns);
        if (!ucounts)
-               return ERR_PTR(-ENFILE);
+               return ERR_PTR(-ENOSPC);
 
        net = net_alloc();
        if (!net) {