Commit | Line | Data |
---|---|---|
acce292c CLG |
1 | #ifndef _LINUX_USER_NAMESPACE_H |
2 | #define _LINUX_USER_NAMESPACE_H | |
3 | ||
4 | #include <linux/kref.h> | |
5 | #include <linux/nsproxy.h> | |
6 | #include <linux/sched.h> | |
77ec739d | 7 | #include <linux/err.h> |
acce292c | 8 | |
22d917d8 EB |
9 | #define UID_GID_MAP_MAX_EXTENTS 5 |
10 | ||
11 | struct uid_gid_map { /* 64 bytes -- 1 cache line */ | |
12 | u32 nr_extents; | |
13 | struct uid_gid_extent { | |
14 | u32 first; | |
15 | u32 lower_first; | |
16 | u32 count; | |
17 | } extent[UID_GID_MAP_MAX_EXTENTS]; | |
18 | }; | |
19 | ||
1c587ee5 EB |
20 | #define USERNS_SETGROUPS_ALLOWED 1UL |
21 | ||
22 | #define USERNS_INIT_FLAGS USERNS_SETGROUPS_ALLOWED | |
23 | ||
acce292c | 24 | struct user_namespace { |
22d917d8 EB |
25 | struct uid_gid_map uid_map; |
26 | struct uid_gid_map gid_map; | |
f76d207a | 27 | struct uid_gid_map projid_map; |
c61a2810 | 28 | atomic_t count; |
aeb3ae9d | 29 | struct user_namespace *parent; |
5c5f9cd2 | 30 | int level; |
783291e6 EB |
31 | kuid_t owner; |
32 | kgid_t group; | |
98f842e6 | 33 | unsigned int proc_inum; |
1c587ee5 | 34 | unsigned long flags; |
87a8ebd6 EB |
35 | bool may_mount_sysfs; |
36 | bool may_mount_proc; | |
acce292c CLG |
37 | }; |
38 | ||
39 | extern struct user_namespace init_user_ns; | |
40 | ||
41 | #ifdef CONFIG_USER_NS | |
42 | ||
43 | static inline struct user_namespace *get_user_ns(struct user_namespace *ns) | |
44 | { | |
45 | if (ns) | |
c61a2810 | 46 | atomic_inc(&ns->count); |
acce292c CLG |
47 | return ns; |
48 | } | |
49 | ||
18b6e041 | 50 | extern int create_user_ns(struct cred *new); |
b2e0d987 | 51 | extern int unshare_userns(unsigned long unshare_flags, struct cred **new_cred); |
c61a2810 | 52 | extern void free_user_ns(struct user_namespace *ns); |
acce292c CLG |
53 | |
54 | static inline void put_user_ns(struct user_namespace *ns) | |
55 | { | |
c61a2810 EB |
56 | if (ns && atomic_dec_and_test(&ns->count)) |
57 | free_user_ns(ns); | |
acce292c CLG |
58 | } |
59 | ||
22d917d8 EB |
60 | struct seq_operations; |
61 | extern struct seq_operations proc_uid_seq_operations; | |
62 | extern struct seq_operations proc_gid_seq_operations; | |
f76d207a | 63 | extern struct seq_operations proc_projid_seq_operations; |
22d917d8 EB |
64 | extern ssize_t proc_uid_map_write(struct file *, const char __user *, size_t, loff_t *); |
65 | extern ssize_t proc_gid_map_write(struct file *, const char __user *, size_t, loff_t *); | |
f76d207a | 66 | extern ssize_t proc_projid_map_write(struct file *, const char __user *, size_t, loff_t *); |
1c587ee5 EB |
67 | extern ssize_t proc_setgroups_write(struct file *, const char __user *, size_t, loff_t *); |
68 | extern int proc_setgroups_show(struct seq_file *m, void *v); | |
fc9b65e3 | 69 | extern bool userns_may_setgroups(const struct user_namespace *ns); |
acce292c CLG |
70 | #else |
71 | ||
72 | static inline struct user_namespace *get_user_ns(struct user_namespace *ns) | |
73 | { | |
74 | return &init_user_ns; | |
75 | } | |
76 | ||
18b6e041 | 77 | static inline int create_user_ns(struct cred *new) |
acce292c | 78 | { |
18b6e041 | 79 | return -EINVAL; |
acce292c CLG |
80 | } |
81 | ||
b2e0d987 EB |
82 | static inline int unshare_userns(unsigned long unshare_flags, |
83 | struct cred **new_cred) | |
84 | { | |
85 | if (unshare_flags & CLONE_NEWUSER) | |
86 | return -EINVAL; | |
87 | return 0; | |
88 | } | |
89 | ||
acce292c CLG |
90 | static inline void put_user_ns(struct user_namespace *ns) |
91 | { | |
92 | } | |
93 | ||
fc9b65e3 EB |
94 | static inline bool userns_may_setgroups(const struct user_namespace *ns) |
95 | { | |
96 | return true; | |
97 | } | |
22d917d8 EB |
98 | #endif |
99 | ||
87a8ebd6 EB |
100 | void update_mnt_policy(struct user_namespace *userns); |
101 | ||
acce292c | 102 | #endif /* _LINUX_USER_H */ |