From: "Serge E. Hallyn" <serge-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org>
To: Richard Guy Briggs <rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
Cc: aviro-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
eparis-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
pmoore-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
linux-audit-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
sgrubb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org
Subject: Re: [PATCH V5 01/13] namespaces: assign each namespace instance a serial number
Date: Mon, 13 Oct 2014 12:30:57 +0200 [thread overview]
Message-ID: <20141013103057.GA24703@mail.hallyn.com> (raw)
In-Reply-To: <8bc6e9595dea17bba389f4d2ce4077c30b3eb137.1412543112.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
Quoting Richard Guy Briggs (rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org):
> Generate and assign a serial number per namespace instance since boot.
>
> Use a serial number per namespace (unique across one boot of one kernel)
> instead of the inode number (which is claimed to have had the right to change
> reserved and is not necessarily unique if there is more than one proc fs) to
> uniquely identify it per kernel boot.
>
> Signed-off-by: Richard Guy Briggs <rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
Acked-by: Serge Hallyn <serge.hallyn-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org>
> ---
> fs/mount.h | 1 +
> fs/namespace.c | 1 +
> include/linux/ipc_namespace.h | 1 +
> include/linux/nsproxy.h | 10 ++++++++++
> include/linux/pid_namespace.h | 1 +
> include/linux/user_namespace.h | 1 +
> include/linux/utsname.h | 1 +
> include/net/net_namespace.h | 1 +
> init/version.c | 1 +
> ipc/msgutil.c | 1 +
> ipc/namespace.c | 2 ++
> kernel/nsproxy.c | 18 ++++++++++++++++++
> kernel/pid.c | 1 +
> kernel/pid_namespace.c | 2 ++
> kernel/user.c | 1 +
> kernel/user_namespace.c | 2 ++
> kernel/utsname.c | 2 ++
> net/core/net_namespace.c | 8 +++++++-
> 18 files changed, 54 insertions(+), 1 deletions(-)
>
> diff --git a/fs/mount.h b/fs/mount.h
> index d55297f..c076f99 100644
> --- a/fs/mount.h
> +++ b/fs/mount.h
> @@ -5,6 +5,7 @@
> struct mnt_namespace {
> atomic_t count;
> unsigned int proc_inum;
> + long long serial_num;
> struct mount * root;
> struct list_head list;
> struct user_namespace *user_ns;
> diff --git a/fs/namespace.c b/fs/namespace.c
> index 182bc41..9af49ff 100644
> --- a/fs/namespace.c
> +++ b/fs/namespace.c
> @@ -2486,6 +2486,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns)
> kfree(new_ns);
> return ERR_PTR(ret);
> }
> + new_ns->serial_num = ns_serial();
> new_ns->seq = atomic64_add_return(1, &mnt_ns_seq);
> atomic_set(&new_ns->count, 1);
> new_ns->root = NULL;
> diff --git a/include/linux/ipc_namespace.h b/include/linux/ipc_namespace.h
> index 35e7eca..8ccfb2d 100644
> --- a/include/linux/ipc_namespace.h
> +++ b/include/linux/ipc_namespace.h
> @@ -69,6 +69,7 @@ struct ipc_namespace {
> struct user_namespace *user_ns;
>
> unsigned int proc_inum;
> + long long serial_num;
> };
>
> extern struct ipc_namespace init_ipc_ns;
> diff --git a/include/linux/nsproxy.h b/include/linux/nsproxy.h
> index b4ec59d..9d627b5 100644
> --- a/include/linux/nsproxy.h
> +++ b/include/linux/nsproxy.h
> @@ -66,6 +66,16 @@ static inline struct nsproxy *task_nsproxy(struct task_struct *tsk)
> return rcu_dereference(tsk->nsproxy);
> }
>
> +long long ns_serial(void);
> +enum {
> + NS_IPC_INIT_SN = 1,
> + NS_UTS_INIT_SN = 2,
> + NS_USER_INIT_SN = 3,
> + NS_PID_INIT_SN = 4,
> + __NS_MAX_INIT_SN= 5,
> +};
> +#define NS_DYN_INIT_SN (__NS_MAX_INIT_SN - 1)
> +
> int copy_namespaces(unsigned long flags, struct task_struct *tsk);
> void exit_task_namespaces(struct task_struct *tsk);
> void switch_task_namespaces(struct task_struct *tsk, struct nsproxy *new);
> diff --git a/include/linux/pid_namespace.h b/include/linux/pid_namespace.h
> index 7246ef3..4d8023e 100644
> --- a/include/linux/pid_namespace.h
> +++ b/include/linux/pid_namespace.h
> @@ -43,6 +43,7 @@ struct pid_namespace {
> int hide_pid;
> int reboot; /* group exit code if this pidns was rebooted */
> unsigned int proc_inum;
> + long long serial_num;
> };
>
> extern struct pid_namespace init_pid_ns;
> diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h
> index 4836ba3..159ac26 100644
> --- a/include/linux/user_namespace.h
> +++ b/include/linux/user_namespace.h
> @@ -27,6 +27,7 @@ struct user_namespace {
> kuid_t owner;
> kgid_t group;
> unsigned int proc_inum;
> + long long serial_num;
>
> /* Register of per-UID persistent keyrings for this namespace */
> #ifdef CONFIG_PERSISTENT_KEYRINGS
> diff --git a/include/linux/utsname.h b/include/linux/utsname.h
> index 239e277..8490197 100644
> --- a/include/linux/utsname.h
> +++ b/include/linux/utsname.h
> @@ -24,6 +24,7 @@ struct uts_namespace {
> struct new_utsname name;
> struct user_namespace *user_ns;
> unsigned int proc_inum;
> + long long serial_num;
> };
> extern struct uts_namespace init_uts_ns;
>
> diff --git a/include/net/net_namespace.h b/include/net/net_namespace.h
> index 361d260..5238a06 100644
> --- a/include/net/net_namespace.h
> +++ b/include/net/net_namespace.h
> @@ -61,6 +61,7 @@ struct net {
> struct user_namespace *user_ns; /* Owning user namespace */
>
> unsigned int proc_inum;
> + long long serial_num;
>
> struct proc_dir_entry *proc_net;
> struct proc_dir_entry *proc_net_stat;
> diff --git a/init/version.c b/init/version.c
> index 1a4718e..cfdcb85 100644
> --- a/init/version.c
> +++ b/init/version.c
> @@ -36,6 +36,7 @@ struct uts_namespace init_uts_ns = {
> },
> .user_ns = &init_user_ns,
> .proc_inum = PROC_UTS_INIT_INO,
> + .serial_num = NS_UTS_INIT_SN /* ns_serial() */,
> };
> EXPORT_SYMBOL_GPL(init_uts_ns);
>
> diff --git a/ipc/msgutil.c b/ipc/msgutil.c
> index 7e70959..9aa66ae 100644
> --- a/ipc/msgutil.c
> +++ b/ipc/msgutil.c
> @@ -32,6 +32,7 @@ struct ipc_namespace init_ipc_ns = {
> .count = ATOMIC_INIT(1),
> .user_ns = &init_user_ns,
> .proc_inum = PROC_IPC_INIT_INO,
> + .serial_num = NS_IPC_INIT_SN /* ns_serial() */,
> };
>
> atomic_t nr_ipc_ns = ATOMIC_INIT(1);
> diff --git a/ipc/namespace.c b/ipc/namespace.c
> index 59451c1..76dac5c 100644
> --- a/ipc/namespace.c
> +++ b/ipc/namespace.c
> @@ -41,6 +41,8 @@ static struct ipc_namespace *create_ipc_ns(struct user_namespace *user_ns,
> }
> atomic_inc(&nr_ipc_ns);
>
> + ns->serial_num = ns_serial();
> +
> sem_init_ns(ns);
> msg_init_ns(ns);
> shm_init_ns(ns);
> diff --git a/kernel/nsproxy.c b/kernel/nsproxy.c
> index 8e78110..0c2f25e 100644
> --- a/kernel/nsproxy.c
> +++ b/kernel/nsproxy.c
> @@ -41,6 +41,24 @@ struct nsproxy init_nsproxy = {
> #endif
> };
>
> +/**
> + * ns_serial - compute a serial number for the namespace
> + *
> + * Compute a serial number for the namespace to uniquely identify it in
> + * audit records.
> + */
> +long long ns_serial(void)
> +{
> + /* reserved for IPC, UTS, user, PID */
> + static atomic64_t serial = ATOMIC_INIT(NS_DYN_INIT_SN);
> + long long ret;
> +
> + ret = atomic64_add_return(1, &serial);
> + BUG_ON(!ret);
> +
> + return ret;
> +}
> +
> static inline struct nsproxy *create_nsproxy(void)
> {
> struct nsproxy *nsproxy;
> diff --git a/kernel/pid.c b/kernel/pid.c
> index 9b9a266..3bf7127 100644
> --- a/kernel/pid.c
> +++ b/kernel/pid.c
> @@ -80,6 +80,7 @@ struct pid_namespace init_pid_ns = {
> .child_reaper = &init_task,
> .user_ns = &init_user_ns,
> .proc_inum = PROC_PID_INIT_INO,
> + .serial_num = NS_PID_INIT_SN /* ns_serial() */,
> };
> EXPORT_SYMBOL_GPL(init_pid_ns);
>
> diff --git a/kernel/pid_namespace.c b/kernel/pid_namespace.c
> index db95d8e..40a8b36 100644
> --- a/kernel/pid_namespace.c
> +++ b/kernel/pid_namespace.c
> @@ -109,6 +109,8 @@ static struct pid_namespace *create_pid_namespace(struct user_namespace *user_ns
> if (err)
> goto out_free_map;
>
> + ns->serial_num = ns_serial();
> +
> kref_init(&ns->kref);
> ns->level = level;
> ns->parent = get_pid_ns(parent_pid_ns);
> diff --git a/kernel/user.c b/kernel/user.c
> index 4efa393..2f597e0 100644
> --- a/kernel/user.c
> +++ b/kernel/user.c
> @@ -51,6 +51,7 @@ struct user_namespace init_user_ns = {
> .owner = GLOBAL_ROOT_UID,
> .group = GLOBAL_ROOT_GID,
> .proc_inum = PROC_USER_INIT_INO,
> + .serial_num = NS_USER_INIT_SN /* ns_serial() */,
> #ifdef CONFIG_PERSISTENT_KEYRINGS
> .persistent_keyring_register_sem =
> __RWSEM_INITIALIZER(init_user_ns.persistent_keyring_register_sem),
> diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
> index fcc0256..5c5c399 100644
> --- a/kernel/user_namespace.c
> +++ b/kernel/user_namespace.c
> @@ -92,6 +92,8 @@ int create_user_ns(struct cred *new)
> return ret;
> }
>
> + ns->serial_num = ns_serial();
> +
> atomic_set(&ns->count, 1);
> /* Leave the new->user_ns reference with the new user namespace. */
> ns->parent = parent_ns;
> diff --git a/kernel/utsname.c b/kernel/utsname.c
> index fd39312..d0cf7b5 100644
> --- a/kernel/utsname.c
> +++ b/kernel/utsname.c
> @@ -48,6 +48,8 @@ static struct uts_namespace *clone_uts_ns(struct user_namespace *user_ns,
> return ERR_PTR(err);
> }
>
> + ns->serial_num = ns_serial();
> +
> down_read(&uts_sem);
> memcpy(&ns->name, &old_ns->name, sizeof(ns->name));
> ns->user_ns = get_user_ns(user_ns);
> diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c
> index 85b6269..3b5cfdb 100644
> --- a/net/core/net_namespace.c
> +++ b/net/core/net_namespace.c
> @@ -384,7 +384,13 @@ EXPORT_SYMBOL_GPL(get_net_ns_by_pid);
>
> static __net_init int net_ns_net_init(struct net *net)
> {
> - return proc_alloc_inum(&net->proc_inum);
> + int ret;
> +
> + ret = proc_alloc_inum(&net->proc_inum);
> + if (ret)
> + return ret;
> + net->serial_num = ns_serial();
> + return 0;
> }
>
> static __net_exit void net_ns_net_exit(struct net *net)
> --
> 1.7.1
WARNING: multiple messages have this Message-ID (diff)
From: "Serge E. Hallyn" <serge@hallyn.com>
To: Richard Guy Briggs <rgb@redhat.com>
Cc: linux-audit@redhat.com, linux-kernel@vger.kernel.org,
containers@lists.linux-foundation.org, eparis@redhat.com,
sgrubb@redhat.com, aviro@redhat.com, pmoore@redhat.com,
arozansk@redhat.com, ebiederm@xmission.com, serge@hallyn.com
Subject: Re: [PATCH V5 01/13] namespaces: assign each namespace instance a serial number
Date: Mon, 13 Oct 2014 12:30:57 +0200 [thread overview]
Message-ID: <20141013103057.GA24703@mail.hallyn.com> (raw)
In-Reply-To: <8bc6e9595dea17bba389f4d2ce4077c30b3eb137.1412543112.git.rgb@redhat.com>
Quoting Richard Guy Briggs (rgb@redhat.com):
> Generate and assign a serial number per namespace instance since boot.
>
> Use a serial number per namespace (unique across one boot of one kernel)
> instead of the inode number (which is claimed to have had the right to change
> reserved and is not necessarily unique if there is more than one proc fs) to
> uniquely identify it per kernel boot.
>
> Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
> ---
> fs/mount.h | 1 +
> fs/namespace.c | 1 +
> include/linux/ipc_namespace.h | 1 +
> include/linux/nsproxy.h | 10 ++++++++++
> include/linux/pid_namespace.h | 1 +
> include/linux/user_namespace.h | 1 +
> include/linux/utsname.h | 1 +
> include/net/net_namespace.h | 1 +
> init/version.c | 1 +
> ipc/msgutil.c | 1 +
> ipc/namespace.c | 2 ++
> kernel/nsproxy.c | 18 ++++++++++++++++++
> kernel/pid.c | 1 +
> kernel/pid_namespace.c | 2 ++
> kernel/user.c | 1 +
> kernel/user_namespace.c | 2 ++
> kernel/utsname.c | 2 ++
> net/core/net_namespace.c | 8 +++++++-
> 18 files changed, 54 insertions(+), 1 deletions(-)
>
> diff --git a/fs/mount.h b/fs/mount.h
> index d55297f..c076f99 100644
> --- a/fs/mount.h
> +++ b/fs/mount.h
> @@ -5,6 +5,7 @@
> struct mnt_namespace {
> atomic_t count;
> unsigned int proc_inum;
> + long long serial_num;
> struct mount * root;
> struct list_head list;
> struct user_namespace *user_ns;
> diff --git a/fs/namespace.c b/fs/namespace.c
> index 182bc41..9af49ff 100644
> --- a/fs/namespace.c
> +++ b/fs/namespace.c
> @@ -2486,6 +2486,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns)
> kfree(new_ns);
> return ERR_PTR(ret);
> }
> + new_ns->serial_num = ns_serial();
> new_ns->seq = atomic64_add_return(1, &mnt_ns_seq);
> atomic_set(&new_ns->count, 1);
> new_ns->root = NULL;
> diff --git a/include/linux/ipc_namespace.h b/include/linux/ipc_namespace.h
> index 35e7eca..8ccfb2d 100644
> --- a/include/linux/ipc_namespace.h
> +++ b/include/linux/ipc_namespace.h
> @@ -69,6 +69,7 @@ struct ipc_namespace {
> struct user_namespace *user_ns;
>
> unsigned int proc_inum;
> + long long serial_num;
> };
>
> extern struct ipc_namespace init_ipc_ns;
> diff --git a/include/linux/nsproxy.h b/include/linux/nsproxy.h
> index b4ec59d..9d627b5 100644
> --- a/include/linux/nsproxy.h
> +++ b/include/linux/nsproxy.h
> @@ -66,6 +66,16 @@ static inline struct nsproxy *task_nsproxy(struct task_struct *tsk)
> return rcu_dereference(tsk->nsproxy);
> }
>
> +long long ns_serial(void);
> +enum {
> + NS_IPC_INIT_SN = 1,
> + NS_UTS_INIT_SN = 2,
> + NS_USER_INIT_SN = 3,
> + NS_PID_INIT_SN = 4,
> + __NS_MAX_INIT_SN= 5,
> +};
> +#define NS_DYN_INIT_SN (__NS_MAX_INIT_SN - 1)
> +
> int copy_namespaces(unsigned long flags, struct task_struct *tsk);
> void exit_task_namespaces(struct task_struct *tsk);
> void switch_task_namespaces(struct task_struct *tsk, struct nsproxy *new);
> diff --git a/include/linux/pid_namespace.h b/include/linux/pid_namespace.h
> index 7246ef3..4d8023e 100644
> --- a/include/linux/pid_namespace.h
> +++ b/include/linux/pid_namespace.h
> @@ -43,6 +43,7 @@ struct pid_namespace {
> int hide_pid;
> int reboot; /* group exit code if this pidns was rebooted */
> unsigned int proc_inum;
> + long long serial_num;
> };
>
> extern struct pid_namespace init_pid_ns;
> diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h
> index 4836ba3..159ac26 100644
> --- a/include/linux/user_namespace.h
> +++ b/include/linux/user_namespace.h
> @@ -27,6 +27,7 @@ struct user_namespace {
> kuid_t owner;
> kgid_t group;
> unsigned int proc_inum;
> + long long serial_num;
>
> /* Register of per-UID persistent keyrings for this namespace */
> #ifdef CONFIG_PERSISTENT_KEYRINGS
> diff --git a/include/linux/utsname.h b/include/linux/utsname.h
> index 239e277..8490197 100644
> --- a/include/linux/utsname.h
> +++ b/include/linux/utsname.h
> @@ -24,6 +24,7 @@ struct uts_namespace {
> struct new_utsname name;
> struct user_namespace *user_ns;
> unsigned int proc_inum;
> + long long serial_num;
> };
> extern struct uts_namespace init_uts_ns;
>
> diff --git a/include/net/net_namespace.h b/include/net/net_namespace.h
> index 361d260..5238a06 100644
> --- a/include/net/net_namespace.h
> +++ b/include/net/net_namespace.h
> @@ -61,6 +61,7 @@ struct net {
> struct user_namespace *user_ns; /* Owning user namespace */
>
> unsigned int proc_inum;
> + long long serial_num;
>
> struct proc_dir_entry *proc_net;
> struct proc_dir_entry *proc_net_stat;
> diff --git a/init/version.c b/init/version.c
> index 1a4718e..cfdcb85 100644
> --- a/init/version.c
> +++ b/init/version.c
> @@ -36,6 +36,7 @@ struct uts_namespace init_uts_ns = {
> },
> .user_ns = &init_user_ns,
> .proc_inum = PROC_UTS_INIT_INO,
> + .serial_num = NS_UTS_INIT_SN /* ns_serial() */,
> };
> EXPORT_SYMBOL_GPL(init_uts_ns);
>
> diff --git a/ipc/msgutil.c b/ipc/msgutil.c
> index 7e70959..9aa66ae 100644
> --- a/ipc/msgutil.c
> +++ b/ipc/msgutil.c
> @@ -32,6 +32,7 @@ struct ipc_namespace init_ipc_ns = {
> .count = ATOMIC_INIT(1),
> .user_ns = &init_user_ns,
> .proc_inum = PROC_IPC_INIT_INO,
> + .serial_num = NS_IPC_INIT_SN /* ns_serial() */,
> };
>
> atomic_t nr_ipc_ns = ATOMIC_INIT(1);
> diff --git a/ipc/namespace.c b/ipc/namespace.c
> index 59451c1..76dac5c 100644
> --- a/ipc/namespace.c
> +++ b/ipc/namespace.c
> @@ -41,6 +41,8 @@ static struct ipc_namespace *create_ipc_ns(struct user_namespace *user_ns,
> }
> atomic_inc(&nr_ipc_ns);
>
> + ns->serial_num = ns_serial();
> +
> sem_init_ns(ns);
> msg_init_ns(ns);
> shm_init_ns(ns);
> diff --git a/kernel/nsproxy.c b/kernel/nsproxy.c
> index 8e78110..0c2f25e 100644
> --- a/kernel/nsproxy.c
> +++ b/kernel/nsproxy.c
> @@ -41,6 +41,24 @@ struct nsproxy init_nsproxy = {
> #endif
> };
>
> +/**
> + * ns_serial - compute a serial number for the namespace
> + *
> + * Compute a serial number for the namespace to uniquely identify it in
> + * audit records.
> + */
> +long long ns_serial(void)
> +{
> + /* reserved for IPC, UTS, user, PID */
> + static atomic64_t serial = ATOMIC_INIT(NS_DYN_INIT_SN);
> + long long ret;
> +
> + ret = atomic64_add_return(1, &serial);
> + BUG_ON(!ret);
> +
> + return ret;
> +}
> +
> static inline struct nsproxy *create_nsproxy(void)
> {
> struct nsproxy *nsproxy;
> diff --git a/kernel/pid.c b/kernel/pid.c
> index 9b9a266..3bf7127 100644
> --- a/kernel/pid.c
> +++ b/kernel/pid.c
> @@ -80,6 +80,7 @@ struct pid_namespace init_pid_ns = {
> .child_reaper = &init_task,
> .user_ns = &init_user_ns,
> .proc_inum = PROC_PID_INIT_INO,
> + .serial_num = NS_PID_INIT_SN /* ns_serial() */,
> };
> EXPORT_SYMBOL_GPL(init_pid_ns);
>
> diff --git a/kernel/pid_namespace.c b/kernel/pid_namespace.c
> index db95d8e..40a8b36 100644
> --- a/kernel/pid_namespace.c
> +++ b/kernel/pid_namespace.c
> @@ -109,6 +109,8 @@ static struct pid_namespace *create_pid_namespace(struct user_namespace *user_ns
> if (err)
> goto out_free_map;
>
> + ns->serial_num = ns_serial();
> +
> kref_init(&ns->kref);
> ns->level = level;
> ns->parent = get_pid_ns(parent_pid_ns);
> diff --git a/kernel/user.c b/kernel/user.c
> index 4efa393..2f597e0 100644
> --- a/kernel/user.c
> +++ b/kernel/user.c
> @@ -51,6 +51,7 @@ struct user_namespace init_user_ns = {
> .owner = GLOBAL_ROOT_UID,
> .group = GLOBAL_ROOT_GID,
> .proc_inum = PROC_USER_INIT_INO,
> + .serial_num = NS_USER_INIT_SN /* ns_serial() */,
> #ifdef CONFIG_PERSISTENT_KEYRINGS
> .persistent_keyring_register_sem =
> __RWSEM_INITIALIZER(init_user_ns.persistent_keyring_register_sem),
> diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
> index fcc0256..5c5c399 100644
> --- a/kernel/user_namespace.c
> +++ b/kernel/user_namespace.c
> @@ -92,6 +92,8 @@ int create_user_ns(struct cred *new)
> return ret;
> }
>
> + ns->serial_num = ns_serial();
> +
> atomic_set(&ns->count, 1);
> /* Leave the new->user_ns reference with the new user namespace. */
> ns->parent = parent_ns;
> diff --git a/kernel/utsname.c b/kernel/utsname.c
> index fd39312..d0cf7b5 100644
> --- a/kernel/utsname.c
> +++ b/kernel/utsname.c
> @@ -48,6 +48,8 @@ static struct uts_namespace *clone_uts_ns(struct user_namespace *user_ns,
> return ERR_PTR(err);
> }
>
> + ns->serial_num = ns_serial();
> +
> down_read(&uts_sem);
> memcpy(&ns->name, &old_ns->name, sizeof(ns->name));
> ns->user_ns = get_user_ns(user_ns);
> diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c
> index 85b6269..3b5cfdb 100644
> --- a/net/core/net_namespace.c
> +++ b/net/core/net_namespace.c
> @@ -384,7 +384,13 @@ EXPORT_SYMBOL_GPL(get_net_ns_by_pid);
>
> static __net_init int net_ns_net_init(struct net *net)
> {
> - return proc_alloc_inum(&net->proc_inum);
> + int ret;
> +
> + ret = proc_alloc_inum(&net->proc_inum);
> + if (ret)
> + return ret;
> + net->serial_num = ns_serial();
> + return 0;
> }
>
> static __net_exit void net_ns_net_exit(struct net *net)
> --
> 1.7.1
next prev parent reply other threads:[~2014-10-13 10:30 UTC|newest]
Thread overview: 64+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-10-06 5:08 [PATCH V5 00/13] namespaces: log namespaces per task Richard Guy Briggs
2014-10-06 5:08 ` Richard Guy Briggs
2014-10-06 5:08 ` [PATCH V5 05/13] audit: initialize at subsystem time rather than device time Richard Guy Briggs
[not found] ` <7fda57304bb2f74ccb7f610c04df6aa0c04bf4ba.1412543112.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2014-10-13 12:30 ` Serge E. Hallyn
2014-10-13 12:30 ` Serge E. Hallyn
[not found] ` <cover.1412543112.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2014-10-06 5:08 ` [PATCH V5 01/13] namespaces: assign each namespace instance a serial number Richard Guy Briggs
2014-10-06 5:08 ` Richard Guy Briggs
[not found] ` <8bc6e9595dea17bba389f4d2ce4077c30b3eb137.1412543112.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2014-10-06 9:16 ` Chen, Hanxiao
2014-10-06 9:16 ` Chen, Hanxiao
[not found] ` <5871495633F38949900D2BF2DC04883E5DAB74-ZEd+hNNJ6a5ZYpXjqAkB5jz3u5zwRJJDAzI0kPv9QBlmR6Xm/wNWPw@public.gmane.org>
2014-10-06 12:46 ` Richard Guy Briggs
2014-10-06 12:46 ` Richard Guy Briggs
2014-10-13 10:30 ` Serge E. Hallyn [this message]
2014-10-13 10:30 ` Serge E. Hallyn
2014-10-06 5:08 ` [PATCH V5 02/13] namespaces: expose namespace instance serial number in proc_ns_operations Richard Guy Briggs
2014-10-06 5:08 ` Richard Guy Briggs
[not found] ` <ebec33a351a8af7822a24d9bed81178c786a0b1a.1412543112.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2014-10-13 10:32 ` Serge E. Hallyn
2014-10-13 10:32 ` Serge E. Hallyn
2014-10-06 5:08 ` [PATCH V5 03/13] namespaces: expose ns_entries Richard Guy Briggs
2014-10-06 5:08 ` Richard Guy Briggs
[not found] ` <3ff967555ff72bf7efdf665a7209b55e4bd7f027.1412543112.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2014-10-13 10:33 ` Serge E. Hallyn
2014-10-13 10:33 ` Serge E. Hallyn
2014-10-06 5:08 ` [PATCH V5 04/13] audit: log namespace serial numbers Richard Guy Briggs
2014-10-06 5:08 ` Richard Guy Briggs
2014-10-06 5:08 ` [PATCH V5 05/13] audit: initialize at subsystem time rather than device time Richard Guy Briggs
2014-10-06 5:08 ` [PATCH V5 06/13] audit: log creation and deletion of namespace instances Richard Guy Briggs
2014-10-06 5:08 ` Richard Guy Briggs
[not found] ` <55b0228c68d0e74480ce73f88e05d16455c4c843.1412543112.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2014-10-13 12:26 ` Serge E. Hallyn
2014-10-13 12:26 ` Serge E. Hallyn
2014-10-06 5:08 ` [PATCH V5 07/13] audit: dump namespace IDs for pid on receipt of AUDIT_NS_INFO Richard Guy Briggs
2014-10-06 5:08 ` Richard Guy Briggs
[not found] ` <2503a41768e92791f9901e8ee7c132634821a2db.1412543112.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2014-10-13 12:30 ` Serge E. Hallyn
2014-10-13 12:30 ` Serge E. Hallyn
2014-10-06 5:08 ` [PATCH V5 08/13] sched: add a macro to ref all CLONE_NEW* flags Richard Guy Briggs
2014-10-06 5:08 ` Richard Guy Briggs
[not found] ` <958367f30fb7eddaa406487e63ec1889138ef54f.1412543112.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2014-10-06 9:21 ` Chen, Hanxiao
2014-10-06 9:21 ` Chen, Hanxiao
[not found] ` <5871495633F38949900D2BF2DC04883E5DABA4-ZEd+hNNJ6a5ZYpXjqAkB5jz3u5zwRJJDAzI0kPv9QBlmR6Xm/wNWPw@public.gmane.org>
2014-10-06 12:47 ` Richard Guy Briggs
2014-10-06 12:47 ` Richard Guy Briggs
2014-10-13 13:15 ` Serge E. Hallyn
2014-10-13 13:15 ` Serge E. Hallyn
2014-10-06 5:08 ` [PATCH V5 09/13] fork: audit on creation of new namespace(s) Richard Guy Briggs
2014-10-06 5:08 ` [PATCH V5 10/13] audit: log on switching namespace (setns) Richard Guy Briggs
2014-10-06 5:08 ` [PATCH V5 11/13] audit: emit AUDIT_NS_INFO record with AUDIT_VIRT_CONTROL record Richard Guy Briggs
2014-10-06 5:08 ` [PATCH V5 12/13] namespaces: expose ns instance serial numbers in proc Richard Guy Briggs
2014-10-06 5:08 ` [PATCH V5 13/13] Documentation: add a section for /proc/<pid>/ns/ Richard Guy Briggs
2014-10-06 5:08 ` [PATCH V5 09/13] fork: audit on creation of new namespace(s) Richard Guy Briggs
[not found] ` <b9607ab778a84381b4a82cf0110d031f19b17525.1412543112.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2014-10-13 13:14 ` Serge E. Hallyn
2014-10-13 13:14 ` Serge E. Hallyn
2014-10-06 5:08 ` [PATCH V5 10/13] audit: log on switching namespace (setns) Richard Guy Briggs
[not found] ` <5df56a7fa372cf86ca7d5f3807178710097b4c27.1412543112.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2014-10-13 13:22 ` Serge E. Hallyn
2014-10-13 13:22 ` Serge E. Hallyn
2014-10-06 5:08 ` [PATCH V5 11/13] audit: emit AUDIT_NS_INFO record with AUDIT_VIRT_CONTROL record Richard Guy Briggs
[not found] ` <ad90efa917cfa5995421d36c84754f05e1934c53.1412543112.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2014-10-13 13:34 ` Serge E. Hallyn
2014-10-13 13:34 ` Serge E. Hallyn
2014-10-06 5:08 ` [PATCH V5 12/13] namespaces: expose ns instance serial numbers in proc Richard Guy Briggs
[not found] ` <53b81e89f7179ef8569409293f990b3ac7deac61.1412543112.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2014-10-13 13:41 ` Serge E. Hallyn
2014-10-13 13:41 ` Serge E. Hallyn
2014-10-06 5:08 ` [PATCH V5 13/13] Documentation: add a section for /proc/<pid>/ns/ Richard Guy Briggs
[not found] ` <982503bc4e4c24cbdebd111b27191ed5bee75572.1412543112.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2014-10-13 13:46 ` Serge E. Hallyn
2014-10-13 13:46 ` Serge E. Hallyn
[not found] ` <20141013134659.GL24703-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2014-10-14 14:25 ` Richard Guy Briggs
2014-10-14 14:25 ` Richard Guy Briggs
2014-10-14 22:03 ` Serge E. Hallyn
2014-10-14 22:03 ` Serge E. Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20141013103057.GA24703@mail.hallyn.com \
--to=serge-a9i7lubdfnhqt0dzr+alfa@public.gmane.org \
--cc=aviro-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=eparis-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=linux-audit-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=pmoore-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=sgrubb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.