linux/kernel
Serge E. Hallyn 77ec739d8d user namespace: add unshare
This patch enables the unshare of user namespaces.

It adds a new clone flag CLONE_NEWUSER and implements copy_user_ns() which
resets the current user_struct and adds a new root user (uid == 0)

For now, unsharing the user namespace allows a process to reset its
user_struct accounting and uid 0 in the new user namespace should be contained
using appropriate means, for instance selinux

The plan, when the full support is complete (all uid checks covered), is to
keep the original user's rights in the original namespace, and let a process
become uid 0 in the new namespace, with full capabilities to the new
namespace.

Signed-off-by: Serge E. Hallyn <serue@us.ibm.com>
Signed-off-by: Cedric Le Goater <clg@fr.ibm.com>
Acked-by: Pavel Emelianov <xemul@openvz.org>
Cc: Herbert Poetzl <herbert@13thfloor.at>
Cc: Kirill Korotaev <dev@sw.ru>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Cc: Chris Wright <chrisw@sous-sol.org>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Cc: James Morris <jmorris@namei.org>
Cc: Andrew Morgan <agm@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-07-16 09:05:47 -07:00
..
irq Improve behaviour of spurious IRQ detect 2007-07-16 09:05:46 -07:00
power PM: introduce set_target method in pm_ops 2007-07-01 12:29:44 -07:00
time Remove capability.h from mm.h 2007-07-16 09:05:45 -07:00
.gitignore
acct.c [PATCH] kernel: change uses of f_{dentry, vfsmnt} to use f_path 2006-12-08 08:28:42 -08:00
audit.c Audit: add TTY input auditing 2007-07-16 09:05:47 -07:00
audit.h Audit: add TTY input auditing 2007-07-16 09:05:47 -07:00
auditfilter.c audit: fix oops removing watch if audit disabled 2007-06-24 08:59:12 -07:00
auditsc.c Audit: add TTY input auditing 2007-07-16 09:05:47 -07:00
capability.c [PATCH] pid: replace do/while_each_task_pid with do/while_each_pid_task 2007-02-12 09:48:32 -08:00
compat.c signal/timer/event: timerfd compat code 2007-05-11 08:29:36 -07:00
configs.c use simple_read_from_buffer in kernel/ 2007-05-09 12:30:49 -07:00
cpu.c microcode: use suspend-related CPU hotplug notifications 2007-05-09 12:30:56 -07:00
cpuset.c Reduce cpuset.c write_lock_irq() to read_lock() 2007-07-16 09:05:43 -07:00
delayacct.c sched: update delay-accounting to use CFS's precise stats 2007-07-09 18:52:00 +02:00
die_notifier.c move die notifier handling to common code 2007-05-08 11:15:04 -07:00
dma.c [PATCH] struct seq_operations and struct file_operations constification 2006-12-07 08:39:46 -08:00
exec_domain.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
exit.c Audit: add TTY input auditing 2007-07-16 09:05:47 -07:00
extable.c
fork.c user namespace: add unshare 2007-07-16 09:05:47 -07:00
futex_compat.c Revert "futex_requeue_pi optimization" 2007-06-18 09:48:41 -07:00
futex.c FUTEX: Restore the dropped ERSCH fix 2007-06-24 12:08:53 -07:00
hrtimer.c Add suspend-related notifications for CPU hotplug 2007-05-09 12:30:56 -07:00
itimer.c The scheduled -EINVAL for invalid timevals in setitimer 2007-05-08 11:15:13 -07:00
kallsyms.c fix possible null ptr deref in kallsyms_lookup 2007-05-30 10:51:38 -07:00
Kconfig.hz [PATCH] HZ: 300Hz support 2006-12-07 08:39:36 -08:00
Kconfig.preempt Fix trivial typos in Kconfig* files 2007-05-09 07:12:20 +02:00
kexec.c kdump/kexec: calculate note size at compile time 2007-05-08 11:15:07 -07:00
kfifo.c [PATCH] Numerous fixes to kernel-doc info in source files. 2007-02-11 10:51:32 -08:00
kmod.c wait_for_helper: remove unneeded do_sigaction() 2007-05-09 12:30:53 -07:00
kprobes.c Kprobes: The ON/OFF knob thru debugfs 2007-05-08 11:15:19 -07:00
ksysfs.c remove "struct subsystem" as it is no longer needed 2007-05-02 18:57:59 -07:00
kthread.c mm: fix improper .init-type section references 2007-07-16 09:05:36 -07:00
latency.c [PATCH] severing module.h->sched.h 2006-12-04 02:00:22 -05:00
lockdep_internals.h [PATCH] lockdep: more chains 2006-12-07 08:39:43 -08:00
lockdep_proc.c [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
lockdep.c lockdep: removed unused ip argument in mark_lock & mark_held_locks 2007-05-08 11:15:13 -07:00
Makefile user namespace: add the framework 2007-07-16 09:05:47 -07:00
module.c Make /proc/modules use seq_list_xxx helpers 2007-07-16 09:05:42 -07:00
mutex-debug.c [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
mutex-debug.h [PATCH] lockdep: better lock debugging 2006-07-03 15:27:01 -07:00
mutex.c wrap access to thread_info 2007-05-09 12:30:56 -07:00
mutex.h [PATCH] lockdep: prove mutex locking correctness 2006-07-03 15:27:04 -07:00
nsproxy.c user namespace: add unshare 2007-07-16 09:05:47 -07:00
panic.c [PATCH] Add TAINT_USER and ability to set taint flags from userspace 2007-02-11 10:51:29 -08:00
params.c sysfs: kill unnecessary attribute->owner 2007-07-11 16:09:06 -07:00
pid.c statically initialize struct pid for swapper 2007-05-11 08:29:35 -07:00
posix-cpu-timers.c sched: make posix-cpu-timers use CFS's accounting information 2007-07-09 18:51:58 +02:00
posix-timers.c posix-timers: Prevent softirq starvation by small intervals and SIG_IGN 2007-06-21 15:57:04 -07:00
printk.c add printk.time option, deprecate 'time' 2007-07-16 09:05:45 -07:00
profile.c Detach sched.h from mm.h 2007-05-21 09:18:19 -07:00
ptrace.c Use write_trylock_irqsave in ptrace_attach 2007-07-16 09:05:40 -07:00
rcupdate.c Add suspend-related notifications for CPU hotplug 2007-05-09 12:30:56 -07:00
rcutorture.c rcutorture: Remove redundant assignment to cur_ops in for loop 2007-05-08 11:15:17 -07:00
relay.c relay: fixup kerneldoc comment 2007-07-13 14:14:28 +02:00
resource.c libata/IDE: remove combined mode quirk 2007-04-28 14:15:59 -04:00
rtmutex_common.h Revert "futex_requeue_pi optimization" 2007-06-18 09:48:41 -07:00
rtmutex-debug.c Remove all inclusions of <linux/config.h> 2006-10-04 03:38:54 -04:00
rtmutex-debug.h [PATCH] lockdep: better lock debugging 2006-07-03 15:27:01 -07:00
rtmutex-tester.c [PATCH] Add include/linux/freezer.h and move definitions from sched.h 2006-12-07 08:39:27 -08:00
rtmutex.c Revert "futex_requeue_pi optimization" 2007-06-18 09:48:41 -07:00
rtmutex.h [PATCH] lockdep: better lock debugging 2006-07-03 15:27:01 -07:00
rwsem.c Lockdep treats down_write_trylock like regular down_write 2007-05-08 11:15:09 -07:00
sched_debug.c [PATCH] sched: remove stale version info from kernel/sched_debug.c 2007-07-13 10:10:41 -07:00
sched_fair.c sched: cfs core, kernel/sched_fair.c 2007-07-09 18:51:58 +02:00
sched_idletask.c sched: cfs core, kernel/sched_idletask.c 2007-07-09 18:51:58 +02:00
sched_rt.c sched: cfs core, kernel/sched_rt.c 2007-07-09 18:51:58 +02:00
sched_stats.h sched: update delay-accounting to use CFS's precise stats 2007-07-09 18:52:00 +02:00
sched.c CFS: Fix missing digit off in wmult table 2007-07-13 16:45:43 -07:00
seccomp.c
signal.c vdso: print fatal signals 2007-07-16 09:05:43 -07:00
softirq.c cpu hotplug: fix ksoftirqd termination on cpu hotplug with naughty realtime process 2007-07-16 09:05:41 -07:00
softlockup.c Add suspend-related notifications for CPU hotplug 2007-05-09 12:30:56 -07:00
spinlock.c [PATCH] lockdep: spin_lock_irqsave_nested() 2006-11-25 13:28:34 -08:00
srcu.c [PATCH] SRCU: report out-of-memory errors 2006-10-04 07:55:30 -07:00
stacktrace.c [PATCH] lockdep: stacktrace subsystem, core 2006-07-03 15:27:02 -07:00
stop_machine.c Fix stop_machine_run problem with naughty real time process 2007-07-16 09:05:41 -07:00
sys_ni.c compat signalfd and timerfd are cond syscalls 2007-05-12 10:55:40 -07:00
sys.c user namespace: add the framework 2007-07-16 09:05:47 -07:00
sysctl.c vdso: print fatal signals 2007-07-16 09:05:43 -07:00
taskstats.c taskstats: add context-switch counters 2007-07-16 09:05:46 -07:00
time.c header cleaning: don't include smp_lock.h when not used 2007-05-08 11:15:07 -07:00
timer.c Add a flag to indicate deferrable timers in /proc/timer_stats 2007-07-16 09:05:45 -07:00
tsacct.c [PATCH] time: x86_64: split x86_64/kernel/time.c up 2007-02-16 08:14:00 -08:00
uid16.c header cleaning: don't include smp_lock.h when not used 2007-05-08 11:15:07 -07:00
user_namespace.c user namespace: add unshare 2007-07-16 09:05:47 -07:00
user.c user namespace: add the framework 2007-07-16 09:05:47 -07:00
utsname_sysctl.c remove CONFIG_UTS_NS and CONFIG_IPC_NS 2007-07-16 09:05:47 -07:00
utsname.c Merge sys_clone()/sys_unshare() nsproxy and namespace handling 2007-05-08 11:15:00 -07:00
wait.c Fix occurrences of "the the " 2007-05-09 08:57:56 +02:00
workqueue.c simplify cleanup_workqueue_thread() 2007-05-23 20:14:13 -07:00