From: ebiederm@xmission.com (Eric W. Biederman)
To: <linux-fsdevel@vger.kernel.org>
Cc: Linux Containers <containers@lists.linux-foundation.org>,
<linux-kernel@vger.kernel.org>, Al Viro <viro@ZenIV.linux.org.uk>
Subject: [PATCH review 0/6] mount namespace container enhancements
Date: Mon, 19 Nov 2012 02:48:40 -0800 [thread overview]
Message-ID: <87k3thc1h3.fsf@xmission.com> (raw)
This patchset adds the ability for the root user in a user namespace to
call choort, to create new mount namespaces, and to manipulate mount
namespaces (mount/umount) that the userns root has created.
Additionally support is added namespace file descriptors and for setns
on the namespace file descriptors.
To keep total chaos from breaking out mount namespace file descriptors
are not allowed to be mounted into a child mount namespace, and shared
subtrees become slave subtrees when creating a new mount namespace in a
different user namespace than it's parent.
This series of changes is available in git from:
git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git mntns-v53
Baring problems I plan to merge these changes through my user namespace
tree for 3.8
Eric W. Biederman (5):
vfs: Allow chroot if you have CAP_SYS_CHROOT in your user namespace
vfs: Add setns support for the mount namespace
vfs: Add a user namespace reference from struct mnt_namespace
vfs: Only support slave subtrees across different user namespaces
vfs: Allow unprivileged manipulation of the mount namespace.
Zhao Hongjiang (1):
userns: fix return value on mntns_install() failure
fs/mount.h | 2 +
fs/namespace.c | 197 +++++++++++++++++++++++++++++++++--------
fs/open.c | 2 +-
fs/pnode.h | 1 +
fs/proc/namespaces.c | 5 +
include/linux/fs.h | 2 +
include/linux/mnt_namespace.h | 3 +-
include/linux/proc_fs.h | 7 ++
kernel/nsproxy.c | 2 +-
9 files changed, 182 insertions(+), 39 deletions(-)
next reply other threads:[~2012-11-19 10:48 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-11-19 10:48 Eric W. Biederman [this message]
2012-11-19 10:50 ` [PATCH review 1/6] vfs: Allow chroot if you have CAP_SYS_CHROOT in your user namespace Eric W. Biederman
2012-11-19 10:50 ` [PATCH review 2/6] vfs: Add setns support for the mount namespace Eric W. Biederman
2012-11-19 10:50 ` [PATCH review 3/6] vfs: Add a user namespace reference from struct mnt_namespace Eric W. Biederman
2012-11-19 10:50 ` [PATCH review 4/6] vfs: Only support slave subtrees across different user namespaces Eric W. Biederman
2012-11-19 10:50 ` [PATCH review 5/6] vfs: Allow unprivileged manipulation of the mount namespace Eric W. Biederman
2012-11-19 10:50 ` [PATCH review 6/6] userns: fix return value on mntns_install() failure Eric W. Biederman
2012-11-20 3:19 ` [PATCH review 0/6] mount namespace container enhancements Gao feng
2012-11-20 4:29 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87k3thc1h3.fsf@xmission.com \
--to=ebiederm@xmission.com \
--cc=containers@lists.linux-foundation.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=viro@ZenIV.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox