[patch 05/10] add "permit user mounts in new namespace" clone flag

From: Miklos Szeredi <[email protected]>

If CLONE_NEWNS and CLONE_NEWNS_USERMNT are given to clone(2) or
unshare(2), then allow user mounts within the new namespace.

This is not flexible enough, because user mounts can't be enabled for
the initial namespace.

The remaining clone bits also getting dangerously few...

Alternatives are:

  - prctl() flag
  - setting through the containers filesystem

Signed-off-by: Miklos Szeredi <[email protected]>
---

Index: linux/fs/namespace.c
===================================================================
--- linux.orig/fs/namespace.c	2007-04-12 13:46:19.000000000 +0200
+++ linux/fs/namespace.c	2007-04-12 13:54:36.000000000 +0200
@@ -1617,6 +1617,8 @@ struct mnt_namespace *copy_mnt_ns(int fl
 		return ns;
 
 	new_ns = dup_mnt_ns(ns, new_fs);
+	if (new_ns && (flags & CLONE_NEWNS_USERMNT))
+		new_ns->flags |= MNT_NS_PERMIT_USERMOUNTS;
 
 	put_mnt_ns(ns);
 	return new_ns;
Index: linux/include/linux/sched.h
===================================================================
--- linux.orig/include/linux/sched.h	2007-04-12 13:26:48.000000000 +0200
+++ linux/include/linux/sched.h	2007-04-12 13:54:36.000000000 +0200
@@ -26,6 +26,7 @@
 #define CLONE_STOPPED		0x02000000	/* Start in stopped state */
 #define CLONE_NEWUTS		0x04000000	/* New utsname group? */
 #define CLONE_NEWIPC		0x08000000	/* New ipcs */
+#define CLONE_NEWNS_USERMNT	0x10000000	/* Allow user mounts in ns? */
 
 /*
  * Scheduling policies
Index: linux/kernel/fork.c
===================================================================
--- linux.orig/kernel/fork.c	2007-04-11 18:27:46.000000000 +0200
+++ linux/kernel/fork.c	2007-04-12 13:59:10.000000000 +0200
@@ -1586,7 +1586,7 @@ asmlinkage long sys_unshare(unsigned lon
 	err = -EINVAL;
 	if (unshare_flags & ~(CLONE_THREAD|CLONE_FS|CLONE_NEWNS|CLONE_SIGHAND|
 				CLONE_VM|CLONE_FILES|CLONE_SYSVSEM|
-				CLONE_NEWUTS|CLONE_NEWIPC))
+				CLONE_NEWUTS|CLONE_NEWIPC|CLONE_NEWNS_USERMNT))
 		goto bad_unshare_out;
 
 	if ((err = unshare_thread(unshare_flags)))

--
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• Follow-Ups:
  • Re: [patch 05/10] add "permit user mounts in new namespace" clone flag
    • From: "Serge E. Hallyn" <[email protected]>

• References:
  • [patch 00/10] (resend) mount ownership and unprivileged mount syscall
    • From: Miklos Szeredi <[email protected]>

• Prev by Date: Re: 2.6.21-rc6-mm1 USB related boot hang
• Next by Date: Re: [PATCH] i386 tsc: remove xtime_lock'ing around cpufreq notifier
• Previous by thread: [patch 02/10] allow unprivileged umount
• Next by thread: Re: [patch 05/10] add "permit user mounts in new namespace" clone flag
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]