All of lore.kernel.org
 help / color / mirror / Atom feed
From: Vivien Chappelier <vivien.chappelier-L+G57L1VLRbR7s880joybQ@public.gmane.org>
To: containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org
Subject: [PATCH 4/6] add SO_NSID and SO_NETNS socket options
Date: Thu, 30 Oct 2008 14:09:17 +0100	[thread overview]
Message-ID: <20081030130917.GD17665@thomson.net> (raw)

SO_NSID: bind a socket to a network namespace, given its nsid

This allows a process to have individual sockets in different namespaces.
Also, calling setsockopt(SO_NSID) on a socket before using it for ioctl() make the ioctl() operations happen in the given namespace. This is very useful to configure or retrieve networking information in a different namespace.

SO_NETNS: bind a process to an already existing netns, given its nsid

This is an easy way to move a process to a different, already existing, network namespace without creating a new one.
---
 arch/alpha/include/asm/socket.h    |    4 +++
 arch/arm/include/asm/socket.h      |    4 +++
 arch/avr32/include/asm/socket.h    |    4 +++
 arch/blackfin/include/asm/socket.h |    4 +++
 arch/h8300/include/asm/socket.h    |    4 +++
 arch/ia64/include/asm/socket.h     |    4 +++
 arch/mips/include/asm/socket.h     |    4 +++
 arch/parisc/include/asm/socket.h   |    4 +++
 arch/powerpc/include/asm/socket.h  |    4 +++
 arch/s390/include/asm/socket.h     |    4 +++
 arch/sh/include/asm/socket.h       |    4 +++
 arch/sparc/include/asm/socket.h    |    4 +++
 arch/x86/include/asm/socket.h      |    4 +++
 include/asm-cris/socket.h          |    4 +++
 include/asm-frv/socket.h           |    4 +++
 include/asm-m32r/socket.h          |    4 +++
 include/asm-m68k/socket.h          |    4 +++
 include/asm-mn10300/socket.h       |    4 +++
 include/asm-xtensa/socket.h        |    4 +++
 net/core/sock.c                    |   47 +++++++++++++++++++++++++++++++++++-
 20 files changed, 122 insertions(+), 1 deletions(-)

diff --git a/arch/alpha/include/asm/socket.h b/arch/alpha/include/asm/socket.h
index a1057c2..e9f3f47 100644
--- a/arch/alpha/include/asm/socket.h
+++ b/arch/alpha/include/asm/socket.h
@@ -62,6 +62,10 @@
 
 #define SO_MARK			36
 
+/* Namespace management */
+#define SO_NETNS		37
+#define SO_NSID			38
+
 /* O_NONBLOCK clashes with the bits used for socket types.  Therefore we
  * have to define SOCK_NONBLOCK to a different value here.
  */
diff --git a/arch/arm/include/asm/socket.h b/arch/arm/include/asm/socket.h
index 6817be9..5162369 100644
--- a/arch/arm/include/asm/socket.h
+++ b/arch/arm/include/asm/socket.h
@@ -54,4 +54,8 @@
 
 #define SO_MARK			36
 
+/* Namespace management */
+#define SO_NETNS		37
+#define SO_NSID			38
+
 #endif /* _ASM_SOCKET_H */
diff --git a/arch/avr32/include/asm/socket.h b/arch/avr32/include/asm/socket.h
index 35863f2..d500536 100644
--- a/arch/avr32/include/asm/socket.h
+++ b/arch/avr32/include/asm/socket.h
@@ -54,4 +54,8 @@
 
 #define SO_MARK			36
 
+/* Namespace management */
+#define SO_NETNS		37
+#define SO_NSID			38
+
 #endif /* __ASM_AVR32_SOCKET_H */
diff --git a/arch/blackfin/include/asm/socket.h b/arch/blackfin/include/asm/socket.h
index 2ca702e..a56fc0f 100644
--- a/arch/blackfin/include/asm/socket.h
+++ b/arch/blackfin/include/asm/socket.h
@@ -53,4 +53,8 @@
 
 #define SO_MARK			36
 
+/* Namespace management */
+#define SO_NETNS		37
+#define SO_NSID			38
+
 #endif				/* _ASM_SOCKET_H */
diff --git a/arch/h8300/include/asm/socket.h b/arch/h8300/include/asm/socket.h
index da2520d..112c632 100644
--- a/arch/h8300/include/asm/socket.h
+++ b/arch/h8300/include/asm/socket.h
@@ -54,4 +54,8 @@
 
 #define SO_MARK			36
 
+/* Namespace management */
+#define SO_NETNS		37
+#define SO_NSID			38
+
 #endif /* _ASM_SOCKET_H */
diff --git a/arch/ia64/include/asm/socket.h b/arch/ia64/include/asm/socket.h
index d5ef0aa..246b075 100644
--- a/arch/ia64/include/asm/socket.h
+++ b/arch/ia64/include/asm/socket.h
@@ -63,4 +63,8 @@
 
 #define SO_MARK			36
 
+/* Namespace management */
+#define SO_NETNS		37
+#define SO_NSID			38
+
 #endif /* _ASM_IA64_SOCKET_H */
diff --git a/arch/mips/include/asm/socket.h b/arch/mips/include/asm/socket.h
index facc2d7..d90fadb 100644
--- a/arch/mips/include/asm/socket.h
+++ b/arch/mips/include/asm/socket.h
@@ -75,6 +75,10 @@ To add: #define SO_REUSEPORT 0x0200	/* Allow local address and port reuse.  */
 
 #define SO_MARK			36
 
+/* Namespace management */
+#define SO_NETNS		37
+#define SO_NSID			38
+
 #ifdef __KERNEL__
 
 /** sock_type - Socket types
diff --git a/arch/parisc/include/asm/socket.h b/arch/parisc/include/asm/socket.h
index fba402c..cebbd8b 100644
--- a/arch/parisc/include/asm/socket.h
+++ b/arch/parisc/include/asm/socket.h
@@ -54,6 +54,10 @@
 
 #define SO_MARK			0x401f
 
+/* Namespace management */
+#define SO_NETNS		0x4020
+#define SO_NSID			0x4021
+
 /* O_NONBLOCK clashes with the bits used for socket types.  Therefore we
  * have to define SOCK_NONBLOCK to a different value here.
  */
diff --git a/arch/powerpc/include/asm/socket.h b/arch/powerpc/include/asm/socket.h
index f5a4e16..68e9a53 100644
--- a/arch/powerpc/include/asm/socket.h
+++ b/arch/powerpc/include/asm/socket.h
@@ -61,4 +61,8 @@
 
 #define SO_MARK			36
 
+/* Namespace management */
+#define SO_NETNS		37
+#define SO_NSID			38
+
 #endif	/* _ASM_POWERPC_SOCKET_H */
diff --git a/arch/s390/include/asm/socket.h b/arch/s390/include/asm/socket.h
index c786ab6..48a2e1f 100644
--- a/arch/s390/include/asm/socket.h
+++ b/arch/s390/include/asm/socket.h
@@ -62,4 +62,8 @@
 
 #define SO_MARK			36
 
+/* Namespace management */
+#define SO_NETNS		37
+#define SO_NSID			38
+
 #endif /* _ASM_SOCKET_H */
diff --git a/arch/sh/include/asm/socket.h b/arch/sh/include/asm/socket.h
index 6d4bf65..3e1ae9a 100644
--- a/arch/sh/include/asm/socket.h
+++ b/arch/sh/include/asm/socket.h
@@ -54,4 +54,8 @@
 
 #define SO_MARK			36
 
+/* Namespace management */
+#define SO_NETNS		37
+#define SO_NSID			38
+
 #endif /* __ASM_SH_SOCKET_H */
diff --git a/arch/sparc/include/asm/socket.h b/arch/sparc/include/asm/socket.h
index bf50d0c..e64381c 100644
--- a/arch/sparc/include/asm/socket.h
+++ b/arch/sparc/include/asm/socket.h
@@ -50,6 +50,10 @@
 
 #define SO_MARK			0x0022
 
+/* Namespace management */
+#define SO_NETNS		0x0023
+#define SO_NSID			0x0024
+
 /* Security levels - as per NRL IPv6 - don't actually do anything */
 #define SO_SECURITY_AUTHENTICATION		0x5001
 #define SO_SECURITY_ENCRYPTION_TRANSPORT	0x5002
diff --git a/arch/x86/include/asm/socket.h b/arch/x86/include/asm/socket.h
index 8ab9cc8..9023180 100644
--- a/arch/x86/include/asm/socket.h
+++ b/arch/x86/include/asm/socket.h
@@ -54,4 +54,8 @@
 
 #define SO_MARK			36
 
+/* Namespace management */
+#define SO_NETNS		37
+#define SO_NSID			38
+
 #endif /* _ASM_X86_SOCKET_H */
diff --git a/include/asm-cris/socket.h b/include/asm-cris/socket.h
index 9df0ca8..7550720 100644
--- a/include/asm-cris/socket.h
+++ b/include/asm-cris/socket.h
@@ -56,6 +56,10 @@
 
 #define SO_MARK			36
 
+/* Namespace management */
+#define SO_NETNS		37
+#define SO_NSID			38
+
 #endif /* _ASM_SOCKET_H */
 
 
diff --git a/include/asm-frv/socket.h b/include/asm-frv/socket.h
index e51ca67..2ea7442 100644
--- a/include/asm-frv/socket.h
+++ b/include/asm-frv/socket.h
@@ -54,5 +54,9 @@
 
 #define SO_MARK			36
 
+/* Namespace management */
+#define SO_NETNS		37
+#define SO_NSID			38
+
 #endif /* _ASM_SOCKET_H */
 
diff --git a/include/asm-m32r/socket.h b/include/asm-m32r/socket.h
index 9a0e200..06de900 100644
--- a/include/asm-m32r/socket.h
+++ b/include/asm-m32r/socket.h
@@ -54,4 +54,8 @@
 
 #define SO_MARK			36
 
+/* Namespace management */
+#define SO_NETNS		37
+#define SO_NSID			38
+
 #endif /* _ASM_M32R_SOCKET_H */
diff --git a/include/asm-m68k/socket.h b/include/asm-m68k/socket.h
index dbc64e9..b208e7c 100644
--- a/include/asm-m68k/socket.h
+++ b/include/asm-m68k/socket.h
@@ -54,4 +54,8 @@
 
 #define SO_MARK			36
 
+/* Namespace management */
+#define SO_NETNS		37
+#define SO_NSID			38
+
 #endif /* _ASM_SOCKET_H */
diff --git a/include/asm-mn10300/socket.h b/include/asm-mn10300/socket.h
index 80af9c4..6665cb8 100644
--- a/include/asm-mn10300/socket.h
+++ b/include/asm-mn10300/socket.h
@@ -54,4 +54,8 @@
 
 #define SO_MARK			36
 
+/* Namespace management */
+#define SO_NETNS		37
+#define SO_NSID			38
+
 #endif /* _ASM_SOCKET_H */
diff --git a/include/asm-xtensa/socket.h b/include/asm-xtensa/socket.h
index 6100682..7882935 100644
--- a/include/asm-xtensa/socket.h
+++ b/include/asm-xtensa/socket.h
@@ -65,4 +65,8 @@
 
 #define SO_MARK			36
 
+/* Namespace management */
+#define SO_NETNS		37
+#define SO_NSID			38
+
 #endif	/* _XTENSA_SOCKET_H */
diff --git a/net/core/sock.c b/net/core/sock.c
index 5e2a313..b085f67 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -110,6 +110,7 @@
 #include <linux/tcp.h>
 #include <linux/init.h>
 #include <linux/highmem.h>
+#include <linux/nsproxy.h>
 
 #include <asm/uaccess.h>
 #include <asm/system.h>
@@ -668,7 +669,51 @@ set_rcvbuf:
 		}
 		break;
 
-		/* We implement the SO_SNDLOWAT etc to
+	case SO_NETNS:
+		if (!capable(CAP_NET_ADMIN)) {
+			ret = -EPERM;
+		} else {
+			struct nsproxy *new_nsproxy;
+			struct net *old_net, *new_net;
+
+			ret = -EINVAL;
+			new_net = get_net_ns_by_id(val);
+			if (new_net) {
+				ret = unshare_nsproxy_namespaces(CLONE_NEWNS,
+								 &new_nsproxy,
+								 NULL);
+				if (ret == 0) {
+					old_net = new_nsproxy->net_ns;
+					new_nsproxy->net_ns = new_net;
+					put_net(old_net);
+
+					switch_task_namespaces(current,
+							       new_nsproxy);
+				} else
+					put_net(new_net);
+			}
+		}
+		break;
+
+	case SO_NSID:
+		if (!capable(CAP_NET_ADMIN)) {
+			ret = -EPERM;
+		} else {
+			struct net *old_net, *new_net;
+
+			ret = -EINVAL;
+			new_net = get_net_ns_by_id(val);
+			if (new_net) {
+				ret = 0;
+				old_net = sock_net(sk);
+				sock_net_set(sk, get_net(new_net));
+				put_net(old_net);
+			}
+		}
+		break;
+
+
+	/* We implement the SO_SNDLOWAT etc to
 		   not be settable (1003.1g 5.3) */
 	default:
 		ret = -ENOPROTOOPT;
-- 
1.5.4.4

             reply	other threads:[~2008-10-30 13:09 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-10-30 13:09 Vivien Chappelier [this message]
     [not found] ` <20081030130917.GD17665-L+G57L1VLRbR7s880joybQ@public.gmane.org>
2008-10-30 23:02   ` [PATCH 4/6] add SO_NSID and SO_NETNS socket options Eric W. Biederman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20081030130917.GD17665@thomson.net \
    --to=vivien.chappelier-l+g57l1vlrbr7s880joybq@public.gmane.org \
    --cc=containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.