From: Miklos Szeredi <[email protected]>
If CLONE_NEWNS and CLONE_NEWNS_USERMNT are given to clone(2) or
unshare(2), then allow user mounts within the new namespace.
This is not flexible enough, because user mounts can't be enabled for
the initial namespace.
The remaining clone bits also getting dangerously few...
Alternatives are:
- prctl() flag
- setting through the containers filesystem
Signed-off-by: Miklos Szeredi <[email protected]>
---
Index: linux/fs/namespace.c
===================================================================
--- linux.orig/fs/namespace.c 2007-04-12 13:46:19.000000000 +0200
+++ linux/fs/namespace.c 2007-04-12 13:54:36.000000000 +0200
@@ -1617,6 +1617,8 @@ struct mnt_namespace *copy_mnt_ns(int fl
return ns;
new_ns = dup_mnt_ns(ns, new_fs);
+ if (new_ns && (flags & CLONE_NEWNS_USERMNT))
+ new_ns->flags |= MNT_NS_PERMIT_USERMOUNTS;
put_mnt_ns(ns);
return new_ns;
Index: linux/include/linux/sched.h
===================================================================
--- linux.orig/include/linux/sched.h 2007-04-12 13:26:48.000000000 +0200
+++ linux/include/linux/sched.h 2007-04-12 13:54:36.000000000 +0200
@@ -26,6 +26,7 @@
#define CLONE_STOPPED 0x02000000 /* Start in stopped state */
#define CLONE_NEWUTS 0x04000000 /* New utsname group? */
#define CLONE_NEWIPC 0x08000000 /* New ipcs */
+#define CLONE_NEWNS_USERMNT 0x10000000 /* Allow user mounts in ns? */
/*
* Scheduling policies
Index: linux/kernel/fork.c
===================================================================
--- linux.orig/kernel/fork.c 2007-04-11 18:27:46.000000000 +0200
+++ linux/kernel/fork.c 2007-04-12 13:59:10.000000000 +0200
@@ -1586,7 +1586,7 @@ asmlinkage long sys_unshare(unsigned lon
err = -EINVAL;
if (unshare_flags & ~(CLONE_THREAD|CLONE_FS|CLONE_NEWNS|CLONE_SIGHAND|
CLONE_VM|CLONE_FILES|CLONE_SYSVSEM|
- CLONE_NEWUTS|CLONE_NEWIPC))
+ CLONE_NEWUTS|CLONE_NEWIPC|CLONE_NEWNS_USERMNT))
goto bad_unshare_out;
if ((err = unshare_thread(unshare_flags)))
--
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]