From: Daniel Lezcano <dlezcano@fr.ibm.com>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: netdev@vger.kernel.org, containers@lists.osdl.org,
openib-general@openib.org
Subject: Re: [PATCH RFC 22/31] net: Add network namespace clone support.
Date: Wed, 28 Feb 2007 15:42:08 +0100 [thread overview]
Message-ID: <45E594C0.6090009@fr.ibm.com> (raw)
In-Reply-To: <11697516373288-git-send-email-ebiederm@xmission.com>
Eric W. Biederman wrote:
> From: Eric W. Biederman <ebiederm@xmission.com> - unquoted
>
> This patch allows you to create a new network namespace
> using sys_clone(...).
>
> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
> ---
> include/linux/sched.h | 1 +
> kernel/nsproxy.c | 11 +++++++++++
> net/core/net_namespace.c | 38 ++++++++++++++++++++++++++++++++++++++
> 3 files changed, 50 insertions(+), 0 deletions(-)
>
> diff --git a/include/linux/sched.h b/include/linux/sched.h
> index 4463735..9e0f91a 100644
> --- a/include/linux/sched.h
> +++ b/include/linux/sched.h
> @@ -26,6 +26,7 @@
> #define CLONE_STOPPED 0x02000000 /* Start in stopped state */
> #define CLONE_NEWUTS 0x04000000 /* New utsname group? */
> #define CLONE_NEWIPC 0x08000000 /* New ipcs */
> +#define CLONE_NEWNET 0x20000000 /* New network namespace */
>
> /*
> * Scheduling policies
> diff --git a/kernel/nsproxy.c b/kernel/nsproxy.c
> index 4f3c95a..7861c4c 100644
> --- a/kernel/nsproxy.c
> +++ b/kernel/nsproxy.c
> @@ -20,6 +20,7 @@
> #include <linux/mnt_namespace.h>
> #include <linux/utsname.h>
> #include <linux/pid_namespace.h>
> +#include <net/net_namespace.h>
>
> struct nsproxy init_nsproxy = INIT_NSPROXY(init_nsproxy);
> EXPORT_SYMBOL_GPL(init_nsproxy);
> @@ -70,6 +71,7 @@ struct nsproxy *dup_namespaces(struct nsproxy *orig)
> get_ipc_ns(ns->ipc_ns);
> if (ns->pid_ns)
> get_pid_ns(ns->pid_ns);
> + get_net(ns->net_ns);
> }
>
> return ns;
> @@ -117,10 +119,18 @@ int copy_namespaces(int flags, struct task_struct *tsk)
> if (err)
> goto out_pid;
>
> + err = copy_net(flags, tsk);
> + if (err)
> + goto out_net;
> +
> out:
> put_nsproxy(old_ns);
> return err;
>
> +out_net:
> + if (new_ns->pid_ns)
> + put_pid_ns(new_ns->pid_ns);
> +
> out_pid:
> if (new_ns->ipc_ns)
> put_ipc_ns(new_ns->ipc_ns);
> @@ -146,5 +156,6 @@ void free_nsproxy(struct nsproxy *ns)
> put_ipc_ns(ns->ipc_ns);
> if (ns->pid_ns)
> put_pid_ns(ns->pid_ns);
> + put_net(ns->net_ns);
> kfree(ns);
> }
> diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c
> index 93e3879..cc56105 100644
> --- a/net/core/net_namespace.c
> +++ b/net/core/net_namespace.c
> @@ -175,6 +175,44 @@ out_undo:
> goto out;
> }
>
> +int copy_net(int flags, struct task_struct *tsk)
> +{
> + net_t old_net = tsk->nsproxy->net_ns;
> + net_t new_net;
> + int err;
> +
> + get_net(old_net);
> +
> + if (!(flags & CLONE_NEWNET))
> + return 0;
> +
> + err = -EPERM;
> + if (!capable(CAP_SYS_ADMIN))
> + goto out;
> +
> + err = -ENOMEM;
> + new_net = net_alloc();
> + if (null_net(new_net))
> + goto out;
> +
> + mutex_lock(&net_mutex);
> + err = setup_net(new_net);
> + if (err)
> + goto out_unlock;
>
Should we "net_free" in case of error ?
> +
> + net_lock();
> + net_list_append(new_net);
> + net_unlock();
> +
> + tsk->nsproxy->net_ns = new_net;
> +
> +out_unlock:
> + mutex_unlock(&net_mutex);
> +out:
> + put_net(old_net);
> + return err;
> +}
> +
> void pernet_modcopy(void *pnetdst, const void *src, unsigned long size)
> {
> net_t net;
>
next prev parent reply other threads:[~2007-02-28 14:42 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-01-25 18:55 [RFC PATCH 0/31] An introduction and A path for merging network namespace work Eric W. Biederman
2007-01-25 19:00 ` [PATCH RFC 1/31] net: Add net_namespace_type.h to allow for per network namespace variables Eric W. Biederman
2007-01-25 20:30 ` Stephen Hemminger
2007-01-25 20:53 ` Eric W. Biederman
2007-01-25 19:00 ` [PATCH RFC 2/31] net: Implement a place holder network namespace Eric W. Biederman
2007-01-25 19:29 ` Stephen Hemminger
2007-01-25 20:31 ` Eric W. Biederman
2007-01-25 19:00 ` [PATCH RFC 3/31] net: Add a network namespace parameter to tasks Eric W. Biederman
2007-01-25 19:00 ` [PATCH RFC 4/31] net: Add a network namespace tag to struct net_device Eric W. Biederman
2007-01-25 19:00 ` [PATCH RFC 5/31] net: Add a network namespace parameter to struct sock Eric W. Biederman
2007-01-25 19:00 ` [PATCH RFC 6/31] net: Add a helper to get a reference to the initial network namespace Eric W. Biederman
2007-01-25 19:00 ` [PATCH RFC 7/31] net: Make /proc/net per " Eric W. Biederman
2007-01-25 19:00 ` [PATCH RFC 8/31] net: Make /sys/class/net handle multiple network namespaces Eric W. Biederman
2007-01-25 19:00 ` [PATCH RFC 9/31] net: Implement the per network namespace sysctl infrastructure Eric W. Biederman
2007-01-25 19:00 ` [PATCH RFC 10/31] net: Make socket creation namespace safe Eric W. Biederman
2007-01-25 19:00 ` [PATCH RFC 11/31] net: Initialize the network namespace of network devices Eric W. Biederman
2007-01-25 19:00 ` [PATCH RFC 12/31] net: Make packet reception network namespace safe Eric W. Biederman
2007-01-25 19:00 ` [PATCH RFC 13/31] net: Make device event notification " Eric W. Biederman
2007-01-25 19:00 ` [PATCH RFC 14/31] net: Support multiple network namespaces with netlink Eric W. Biederman
2007-01-25 19:00 ` [PATCH RFC 15/31] net: Make the loopback device per network namespace Eric W. Biederman
2007-01-25 19:00 ` [PATCH RFC 16/31] net: Make the device list and device lookups per namespace Eric W. Biederman
2007-01-25 19:00 ` [PATCH RFC 17/31] net: Factor out __dev_alloc_name from dev_alloc_name Eric W. Biederman
2007-03-05 15:29 ` Benjamin Thery
2007-01-25 19:00 ` [PATCH RFC 18/31] net: Implment network device movement between namespaces Eric W. Biederman
2007-02-28 14:35 ` Daniel Lezcano
2007-02-28 15:12 ` Eric W. Biederman
2007-01-25 19:00 ` [PATCH RFC 19/31] net: sysfs interface support for moving devices between network namespaces Eric W. Biederman
2007-01-25 19:00 ` [PATCH RFC 20/31] net: Implement CONFIG_NET_NS Eric W. Biederman
2007-01-25 19:00 ` [PATCH RFC 21/31] net: Implement the guts of the network namespace infrastructure Eric W. Biederman
2007-01-25 19:00 ` [PATCH RFC 22/31] net: Add network namespace clone support Eric W. Biederman
2007-02-28 14:42 ` Daniel Lezcano [this message]
2007-02-28 15:05 ` Eric W. Biederman
2007-01-25 19:00 ` [PATCH RFC 23/31] net: Modify all rtnetlink methods to only work in the initial namespace Eric W. Biederman
2007-01-25 19:00 ` [PATCH RFC 24/31] net: Make rtnetlink network namespace aware Eric W. Biederman
2007-01-25 19:00 ` [PATCH RFC 25/31] net: Make wireless netlink event generation handle multiple network namespaces Eric W. Biederman
2007-01-25 19:00 ` [PATCH RFC 26/31] net: Make the netlink methods in rtnetlink " Eric W. Biederman
2007-01-25 19:00 ` [PATCH RFC 27/31] net: Make the xfrm sysctls per network namespace Eric W. Biederman
2007-01-25 19:00 ` [PATCH RFC 28/31] net: Make the SOMAXCONN sysctl " Eric W. Biederman
2007-01-25 19:00 ` [PATCH RFC 29/31] net: Make AF_PACKET handle multiple network namespaces Eric W. Biederman
2007-01-25 19:00 ` [PATCH RFC 30/31] net: Make AF_UNIX per network namespace safe Eric W. Biederman
2007-01-25 19:00 ` [PATCH RFC 31/31] net: Add etun driver Eric W. Biederman
2007-01-25 19:47 ` Ben Greear
2007-01-25 20:25 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=45E594C0.6090009@fr.ibm.com \
--to=dlezcano@fr.ibm.com \
--cc=containers@lists.osdl.org \
--cc=ebiederm@xmission.com \
--cc=netdev@vger.kernel.org \
--cc=openib-general@openib.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).