Re: [PATCH -mm 1/9] unshare system call: system call handler function

From: JANAK DESAI
Date: Thu Dec 15 2005 - 15:37:47 EST

Next message: Krzysztof Halasa: "Re: agpgart.ko can't be unloaded"
Previous message: Geert Uytterhoeven: "Re: [PATCH 1/19] MUTEX: Introduce simple mutex implementation"
In reply to: Eric W. Biederman: "Re: [PATCH -mm 1/9] unshare system call: system call handlerfunction"
Next in thread: Eric W. Biederman: "Re: [PATCH -mm 1/9] unshare system call: system call handlerfunction"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Eric W. Biederman wrote:

JANAK DESAI <janak@xxxxxxxxxx> writes:

[PATCH -mm 1/9] unshare system call: system call handler function

sys_unshare system call handler function accepts the same flags as
clone system call, checks constraints on each of the flags and invokes
corresponding unshare functions to disassociate respective process
context if it was being shared with another task.

Changes since the first submission of this patch on 12/12/05:
- Moved cleaning up of old shared structures outside of the
block that holds task_lock (12/13/05)

Signed-off-by: Janak Desai <janak@xxxxxxxxxx>

---

fork.c | 232 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 files changed, 232 insertions(+)

diff -Naurp 2.6.15-rc5-mm2/kernel/fork.c 2.6.15-rc5-mm2+patch/kernel/fork.c
--- 2.6.15-rc5-mm2/kernel/fork.c 2005-12-12 03:05:59.000000000 +0000
+++ 2.6.15-rc5-mm2+patch/kernel/fork.c 2005-12-13 18:38:26.000000000 +0000
@@ -1330,3 +1330,235 @@ void __init proc_caches_init(void)
sizeof(struct mm_struct), 0,
SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL, NULL);
}
+
+
+/*
+ * Check constraints on flags passed to the unshare system call and
+ * force unsharing of additional process context as appropriate.
+ */

If it isn't legal how about we deny the unshare call.
Then we can share this code with clone.

Eric

unshare is doing the reverse of what clone does. So if you are unsharing namespace
you want to make sure that you are not sharing fs. That's why the CLONE_FS flag
is forced (meaning you are also going to unshare fs). Since namespace is shared
by default and fs is not, if clone is called with CLONE_NEWNS, the intent is to
create a new namespace, which means you cannot share fs. clone checks to
makes sure that CLONE_NEWNS and CLONE_FS are not specified together, while
unshare will force CLONE_FS if CLONE_NEWNS is spefcified. Basically you
can have a shared namespace and non shared fs, but not the other way around and
since clone and unshare are doing opposite things, sharing code between them that
checks constraints on the flags can get convoluted.

-Janak
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Krzysztof Halasa: "Re: agpgart.ko can't be unloaded"
Previous message: Geert Uytterhoeven: "Re: [PATCH 1/19] MUTEX: Introduce simple mutex implementation"
In reply to: Eric W. Biederman: "Re: [PATCH -mm 1/9] unshare system call: system call handlerfunction"
Next in thread: Eric W. Biederman: "Re: [PATCH -mm 1/9] unshare system call: system call handlerfunction"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]