Received: by 2002:a25:23cc:0:0:0:0:0 with SMTP id j195csp756654ybj; Tue, 5 May 2020 07:08:25 -0700 (PDT) X-Google-Smtp-Source: APiQypKCagdoO2ewC9/467CTFZcVLTzGVNlr/wCuy/18uWcBEfsAEJSb4ZlvdWh4GjJhE9U4XW0O X-Received: by 2002:aa7:c34e:: with SMTP id j14mr2762552edr.195.1588687703082; Tue, 05 May 2020 07:08:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1588687703; cv=none; d=google.com; s=arc-20160816; b=AIqJPhp0HlbqMfSPF/Iz037bOB8OOX1Q5CNB694f/meQCew22UFultr1q446zPY+NM wX/+m+Ua+IIL3HuXV2E3TUjD8NzARzJzHwAYstjzU5+K4v5dm/oJwsJvy6eDxoed4zoq R9+E2LO6yIoGK/LiUFul6+nRd3PtcizI5wOw5bRYmJUN79kfWR/YIeWAiuaney4YCtZV glC2RHt4kMkgbkeoNwSCEwYX5i6lRA4RBnpjLV78P2ezwF+PU2VyihD/TZ2VmGZTQfog UbLDmPO1p8he6g6BJ7ivBIbLmdVavcWMhyxzQX5hMJDu4yVjoeWac6iBLovNmcKZd0sP cOuA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=mh6ve+fCb0otWKqY1kVterjWW/JZrwqWi1x0EKggmEg=; b=S9N9Vjt4def40TmQxelpMY5dQ24XWWRMkW+ADwzcvo6cOm3S8oiAN+na4lmJPJZ4r8 hsgOIDnJZoOpMxbnMLWLMT2UhaiE7OrvbShKvAHKFKZmGyH1AQIrhdfEJr86EGd16EsS ZNAonWxlIp9xiusBYyT9fQYIGi+m595L5S38Z8X+9MdURmeJirbfeY7nMTPHw8IA4EYy whcR99rJIdittAatxnfgZHtZmJkhks2QEp6HxF6q2G8S44Zga6zJt3U301C7gHIf2mv0 uscZsHQ3jhj9GTDUzUXzobq+lUU2DgKkUpQNlCTuiibgvPm3GDeaBY2aYCAfxvloNhyG /blg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id r11si1631223edc.575.2020.05.05.07.07.59; Tue, 05 May 2020 07:08:23 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729509AbgEEOEw (ORCPT + 99 others); Tue, 5 May 2020 10:04:52 -0400 Received: from youngberry.canonical.com ([91.189.89.112]:55460 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729040AbgEEOEv (ORCPT ); Tue, 5 May 2020 10:04:51 -0400 Received: from ip5f5af183.dynamic.kabel-deutschland.de ([95.90.241.131] helo=wittgenstein.fritz.box) by youngberry.canonical.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jVyBj-0000y6-Mk; Tue, 05 May 2020 14:04:47 +0000 From: Christian Brauner To: linux-kernel@vger.kernel.org Cc: Alexander Viro , =?UTF-8?q?St=C3=A9phane=20Graber?= , Linux Containers , "Eric W . Biederman" , Serge Hallyn , Jann Horn , Michael Kerrisk , Aleksa Sarai , linux-api@vger.kernel.org, Christian Brauner Subject: [PATCH v4 0/3] nsproxy: attach to multiple namespaces Date: Tue, 5 May 2020 16:04:29 +0200 Message-Id: <20200505140432.181565-1-christian.brauner@ubuntu.com> X-Mailer: git-send-email 2.26.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This is v4. /* v4 */ There are no major changes. There's a fix for the nstype == 0 case Eric spotted when porting setns() to struct nsset in the first patch. I've also added a few lines to the second patch that we want the ability to attach to subsets of namespaces with pidfds. I also mentioned the possible future extension that Eric pointed at which amounts to assuming even more of the callers context. But let's wait for users with that one. /* v3 */ The permission bits have already seen some vetting which has been helpful and allowed us to drop the ns_capable_cred() patch. That's the only major change. All selftests pass. People interested in playing with this can get it from three locations as usual (it's not yet in my for-next): https://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux.git/log/?h=setns_pidfd https://gitlab.com/brauner/linux/-/commits/setns_pidfd https://github.com/brauner/linux/tree/setns_pidfd Thanks! Christian Christian Brauner (3): nsproxy: add struct nsset nsproxy: attach to namespaces via pidfds selftests/pidfd: add pidfd setns tests fs/namespace.c | 15 +- fs/nsfs.c | 5 + include/linux/mnt_namespace.h | 2 + include/linux/nsproxy.h | 24 + include/linux/proc_fs.h | 6 + include/linux/proc_ns.h | 4 +- ipc/namespace.c | 7 +- kernel/cgroup/namespace.c | 5 +- kernel/nsproxy.c | 305 ++++++++++- kernel/pid_namespace.c | 5 +- kernel/time/namespace.c | 5 +- kernel/user_namespace.c | 8 +- kernel/utsname.c | 5 +- net/core/net_namespace.c | 5 +- tools/testing/selftests/pidfd/.gitignore | 1 + tools/testing/selftests/pidfd/Makefile | 3 +- tools/testing/selftests/pidfd/config | 6 + .../selftests/pidfd/pidfd_setns_test.c | 473 ++++++++++++++++++ 18 files changed, 837 insertions(+), 47 deletions(-) create mode 100644 tools/testing/selftests/pidfd/config create mode 100644 tools/testing/selftests/pidfd/pidfd_setns_test.c base-commit: ae83d0b416db002fe95601e7f97f64b59514d936 -- 2.26.2