From: Christian Brauner <brauner@kernel.org>
To: Jan Kara <jack@suse.cz>
Cc: linux-fsdevel@vger.kernel.org,
"Amir Goldstein" <amir73il@gmail.com>,
"Josef Bacik" <josef@toxicpanda.com>,
"Jeff Layton" <jlayton@kernel.org>, "Mike Yuan" <me@yhndnzj.com>,
"Zbigniew Jędrzejewski-Szmek" <zbyszek@in.waw.pl>,
"Lennart Poettering" <mzxreary@0pointer.de>,
"Daan De Meyer" <daan.j.demeyer@gmail.com>,
"Aleksa Sarai" <cyphar@cyphar.com>,
"Alexander Viro" <viro@zeniv.linux.org.uk>,
"Tejun Heo" <tj@kernel.org>,
"Johannes Weiner" <hannes@cmpxchg.org>,
"Michal Koutný" <mkoutny@suse.com>,
"Jakub Kicinski" <kuba@kernel.org>,
"Anna-Maria Behnsen" <anna-maria@linutronix.de>,
"Frederic Weisbecker" <frederic@kernel.org>,
"Thomas Gleixner" <tglx@linutronix.de>,
cgroups@vger.kernel.org, linux-kernel@vger.kernel.org,
netdev@vger.kernel.org
Subject: Re: [PATCH 2/9] mnt: expose pointer to init_mnt_ns
Date: Fri, 19 Sep 2025 12:05:16 +0200 [thread overview]
Message-ID: <20250919-sense-evaluieren-eade772e2e6c@brauner> (raw)
In-Reply-To: <oqtggwqink4kthsxiv6tv6q6l7tgykosz3tenek2vejqfiuqzl@drczxzwwucfi>
[-- Attachment #1: Type: text/plain, Size: 478 bytes --]
On Wed, Sep 17, 2025 at 06:28:37PM +0200, Jan Kara wrote:
> On Wed 17-09-25 12:28:01, Christian Brauner wrote:
> > There's various scenarios where we need to know whether we are in the
> > initial set of namespaces or not to e.g., shortcut permission checking.
> > All namespaces expose that information. Let's do that too.
> >
> > Signed-off-by: Christian Brauner <brauner@kernel.org>
I've changed this so it behaves exactly like all the other init
namespaces. See appended.
[-- Attachment #2: v2-0001-mnt-expose-pointer-to-init_mnt_ns.patch --]
[-- Type: text/x-diff, Size: 2639 bytes --]
From 1bf2ddb7bdd1f686d4e083380412e826a211c57d Mon Sep 17 00:00:00 2001
From: Christian Brauner <brauner@kernel.org>
Date: Wed, 17 Sep 2025 12:28:01 +0200
Subject: [PATCH v2] mnt: expose pointer to init_mnt_ns
There's various scenarios where we need to know whether we are in the
initial set of namespaces or not to e.g., shortcut permission checking.
All namespaces expose that information. Let's do that too.
Reviewed-by: Jan Kara <jack@suse.cz>
Signed-off-by: Christian Brauner <brauner@kernel.org>
---
fs/namespace.c | 27 ++++++++++++++++-----------
include/linux/mnt_namespace.h | 2 ++
2 files changed, 18 insertions(+), 11 deletions(-)
diff --git a/fs/namespace.c b/fs/namespace.c
index a68998449698..f0bddc9cf2a6 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -6008,27 +6008,32 @@ SYSCALL_DEFINE4(listmount, const struct mnt_id_req __user *, req,
return ret;
}
+struct mnt_namespace init_mnt_ns = {
+ .ns.inum = PROC_MNT_INIT_INO,
+ .ns.ops = &mntns_operations,
+ .user_ns = &init_user_ns,
+ .ns.count = REFCOUNT_INIT(1),
+ .passive = REFCOUNT_INIT(1),
+ .mounts = RB_ROOT,
+ .poll = __WAIT_QUEUE_HEAD_INITIALIZER(init_mnt_ns.poll),
+};
+
static void __init init_mount_tree(void)
{
struct vfsmount *mnt;
struct mount *m;
- struct mnt_namespace *ns;
struct path root;
mnt = vfs_kern_mount(&rootfs_fs_type, 0, "rootfs", NULL);
if (IS_ERR(mnt))
panic("Can't create rootfs");
- ns = alloc_mnt_ns(&init_user_ns, true);
- if (IS_ERR(ns))
- panic("Can't allocate initial namespace");
- ns->ns.inum = PROC_MNT_INIT_INO;
m = real_mount(mnt);
- ns->root = m;
- ns->nr_mounts = 1;
- mnt_add_to_ns(ns, m);
- init_task.nsproxy->mnt_ns = ns;
- get_mnt_ns(ns);
+ init_mnt_ns.root = m;
+ init_mnt_ns.nr_mounts = 1;
+ mnt_add_to_ns(&init_mnt_ns, m);
+ init_task.nsproxy->mnt_ns = &init_mnt_ns;
+ get_mnt_ns(&init_mnt_ns);
root.mnt = mnt;
root.dentry = mnt->mnt_root;
@@ -6036,7 +6041,7 @@ static void __init init_mount_tree(void)
set_fs_pwd(current->fs, &root);
set_fs_root(current->fs, &root);
- ns_tree_add(ns);
+ ns_tree_add(&init_mnt_ns);
}
void __init mnt_init(void)
diff --git a/include/linux/mnt_namespace.h b/include/linux/mnt_namespace.h
index 70b366b64816..6d1c4c218c14 100644
--- a/include/linux/mnt_namespace.h
+++ b/include/linux/mnt_namespace.h
@@ -11,6 +11,8 @@ struct fs_struct;
struct user_namespace;
struct ns_common;
+extern struct mnt_namespace init_mnt_ns;
+
extern struct mnt_namespace *copy_mnt_ns(unsigned long, struct mnt_namespace *,
struct user_namespace *, struct fs_struct *);
extern void put_mnt_ns(struct mnt_namespace *ns);
--
2.47.3
next prev parent reply other threads:[~2025-09-19 10:05 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-17 10:27 [PATCH 0/9] ns: rework common initialization Christian Brauner
2025-09-17 10:28 ` [PATCH 1/9] uts: split namespace into separate header Christian Brauner
2025-09-17 16:28 ` Jan Kara
2025-09-17 10:28 ` [PATCH 2/9] mnt: expose pointer to init_mnt_ns Christian Brauner
2025-09-17 16:28 ` Jan Kara
2025-09-19 10:05 ` Christian Brauner [this message]
2025-09-22 10:19 ` Jan Kara
2025-09-23 10:44 ` Christian Brauner
2025-09-17 10:28 ` [PATCH 3/9] nscommon: move to separate file Christian Brauner
2025-09-17 16:30 ` Jan Kara
2025-09-17 10:28 ` [PATCH 4/9] cgroup: split namespace into separate header Christian Brauner
2025-09-17 16:30 ` Tejun Heo
2025-09-17 16:30 ` Jan Kara
2025-09-17 10:28 ` [PATCH 5/9] nsfs: add inode number for anon namespace Christian Brauner
2025-09-17 16:31 ` Jan Kara
2025-09-17 10:28 ` [PATCH 6/9] mnt: simplify ns_common_init() handling Christian Brauner
2025-09-17 16:45 ` Jan Kara
2025-09-18 8:15 ` Christian Brauner
2025-09-18 9:12 ` Jan Kara
2025-09-17 10:28 ` [PATCH 7/9] net: centralize ns_common initialization Christian Brauner
2025-09-18 9:42 ` Jan Kara
2025-09-19 8:08 ` Christian Brauner
2025-09-22 10:19 ` Jan Kara
2025-09-17 10:28 ` [PATCH 8/9] nscommon: simplify initialization Christian Brauner
2025-09-18 9:45 ` Jan Kara
2025-09-17 10:28 ` [PATCH 9/9] ns: add ns_common_free() Christian Brauner
2025-09-18 9:11 ` Jan Kara
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250919-sense-evaluieren-eade772e2e6c@brauner \
--to=brauner@kernel.org \
--cc=amir73il@gmail.com \
--cc=anna-maria@linutronix.de \
--cc=cgroups@vger.kernel.org \
--cc=cyphar@cyphar.com \
--cc=daan.j.demeyer@gmail.com \
--cc=frederic@kernel.org \
--cc=hannes@cmpxchg.org \
--cc=jack@suse.cz \
--cc=jlayton@kernel.org \
--cc=josef@toxicpanda.com \
--cc=kuba@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=me@yhndnzj.com \
--cc=mkoutny@suse.com \
--cc=mzxreary@0pointer.de \
--cc=netdev@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=tj@kernel.org \
--cc=viro@zeniv.linux.org.uk \
--cc=zbyszek@in.waw.pl \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox