From patchwork Mon Dec 19 14:38:26 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Michael Kerrisk (man-pages)" <mtk.manpages@gmail.com>
X-Patchwork-Id: 9480347
Return-Path: <linux-fsdevel-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	096A960237 for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Mon, 19 Dec 2016 14:41:13 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id F370028487
	for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Mon, 19 Dec 2016 14:41:12 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id E8277284B6; Mon, 19 Dec 2016 14:41:12 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.3 required=2.0 tests=BAYES_00,
	DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, RCVD_IN_SORBS_SPAM,
	T_DKIM_INVALID autolearn=unavailable version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0171228487
	for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Mon, 19 Dec 2016 14:41:12 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1755899AbcLSOij (ORCPT
	<rfc822;patchwork-linux-fsdevel@patchwork.kernel.org>);
	Mon, 19 Dec 2016 09:38:39 -0500
Received: from mail-wm0-f67.google.com ([74.125.82.67]:34502 "EHLO
	mail-wm0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1755633AbcLSOib (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Mon, 19 Dec 2016 09:38:31 -0500
Received: by mail-wm0-f67.google.com with SMTP id g23so19034054wme.1;
	Mon, 19 Dec 2016 06:38:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=subject:to:references:from:cc:message-id:date:user-agent
	:mime-version:in-reply-to:content-transfer-encoding;
	bh=0J+8/80HJtipCLlyp2zbiBmH96aUXrzzq6WW5LChndU=;
	b=ipyLlbo+e8GY4YhWG1dpYUBNrLaaocO+fcdKxf/+RrmMGxRIDRJh/0RnaeYermUjAy
	udutYJoIcOdKdc7fwcSYhEevKcii2aMn5QNguhdbEWKHcrrshnm1zdX4E4+6QQTusO7u
	hNTrUphSnxS4kh9X7e9pRUXOUwv2F/K13rg6Tesw3NRH3uWd55C+8X8uUOb9vWVTbC9E
	XjzV7ihiTGYcfaoO5G20z3Fi+dSb87rD87nyg+G7DtAjaDzKo7/PKWugjYxR0Zvd5hWH
	asn+YRKTP/QEf8gE/iuRQ2E++sWrmL8LE9c7fxYLCp6pxI5sPqmKtOIbJwiaGSnhAXOx
	6lZQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:subject:to:references:from:cc:message-id:date
	:user-agent:mime-version:in-reply-to:content-transfer-encoding;
	bh=0J+8/80HJtipCLlyp2zbiBmH96aUXrzzq6WW5LChndU=;
	b=CEmHSavIEBSkYhDsbF5c+DQ8SoO+XLPu0s/jPccOiT0h6q8aPaEy/5FJy8PR6jcSKV
	0AinZLHXFN94JvZC3uvLyWZBV6Ty/9Hh9+FCjDobczyy6/az5WfQa4xtV3HF/R4iN3DG
	4AWMKIyR/D6gwAxHEHrAR4mvug3VliauNJIUXsTj16V8gtuSjGnSDug/Nx1l9zoiBwwB
	H5+8SKnjqa9s9h9GPz/bsetXno3oDzmMlwOShocuoreBzGm+7cxtHmwufQNtSB04cpTO
	VHlN53CkA92ZAsAAHsVLbsCxfYhXaTeDMAsob+SVZAafEdj9iHi0NB7izJmNARFNcGPY
	B4OA==
X-Gm-Message-State: 
 AIkVDXK9kpHJWl/FIMr4DeFW2oYhUjsUFCIoMckgtYizzWCEQAO9hvZNQwa4S4zFIdW0NA==
X-Received: by 10.28.132.193 with SMTP id
	g184mr13166617wmd.130.1482158308523;
	Mon, 19 Dec 2016 06:38:28 -0800 (PST)
Received: from [192.168.232.166] (mail.jambit.com. [95.157.63.22])
	by smtp.gmail.com with ESMTPSA id
	wg8sm20924935wjb.42.2016.12.19.06.38.27
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Mon, 19 Dec 2016 06:38:27 -0800 (PST)
Subject: [PATCH 1/2] nsfs: Add an ioctl() to return the namespace type
To: "Eric W. Biederman" <ebiederm@xmission.com>,
	"Serge E. Hallyn" <serge@hallyn.com>
References: <fdce894d-8385-b4b4-da3c-6282a7e4ecba@gmail.com>
From: "Michael Kerrisk (man-pages)" <mtk.manpages@gmail.com>
Cc: mtk.manpages@gmail.com, linux-api@vger.kernel.org,
	linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
	Andrey Vagin <avagin@openvz.org>,
	James Bottomley <James.Bottomley@hansenpartnership.com>,
	"W. Trevor King" <wking@tremily.us>,
	Alexander Viro <viro@zeniv.linux.org.uk>,
	Jonathan Corbet <corbet@lwn.net>
Message-ID: <4a0f873a-acd5-ebac-9770-c10807144400@gmail.com>
Date: Mon, 19 Dec 2016 15:38:26 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
	Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <fdce894d-8385-b4b4-da3c-6282a7e4ecba@gmail.com>
Sender: linux-fsdevel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-fsdevel.vger.kernel.org>
X-Mailing-List: linux-fsdevel@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

Linux 4.9 added two ioctl() operations that can be used to discover:

* the parental relationships for hierarchical namespaces (user and PID)
  [NS_GET_PARENT]
* the user namespaces that owns a specified non-user-namespace
  [NS_GET_USERNS]

For no good reason that I can glean, NS_GET_USERNS was made synonymous
with NS_GET_PARENT for user namespaces. It might have been better if
NS_GET_USERNS had returned an error if the supplied file descriptor
referred to a user namespace, since it suggests that the caller may be
confused. More particularly, if it had generated an error, then I wouldn't
need the new ioctl() operation proposed here. (On the other hand, what
I propose here may be more generally useful.)

I would like to write code that can answer the question: "what
capabilities does process X have in namespace Y"? (where Y is defined
by a file descriptor referring to one of the /proc/PID/ns/xxxx
files). The rules that determine the answer to this question are
described in the capabilities(7) manual page and involve working out
the chain of relationships between the user namespace of process X and
the namespace Y.

Namespace Y might be a user namespace (in which case my code would
just use Y) or a non-user namespace (in which case my code needs to
use NS_GET_USERNS to get the user namespace associated with Y). The
problem is that there is no way to tell the difference by looking at
the file descriptor (and if I try to use NS_GET_USERNS on a Y that is
a user namespace, I get the parent user namespace of Y, which is not
what I want).

This patch therefore adds a new ioctl(), NS_GET_NSTYPE, which, given
a file descriptor that refers to a user namespace, returns the
namespace type (one of the CLONE_NEW* constants).

Signed-off-by: Michael Kerrisk <mtk-manpages@gmail.com>
---
 fs/nsfs.c                 | 2 ++
 include/uapi/linux/nsfs.h | 3 +++
 2 files changed, 5 insertions(+)

diff --git a/fs/nsfs.c b/fs/nsfs.c
index 8c9fb29..5d53476 100644
--- a/fs/nsfs.c
+++ b/fs/nsfs.c
@@ -172,6 +172,8 @@ static long ns_ioctl(struct file *filp, unsigned int ioctl,
 		if (!ns->ops->get_parent)
 			return -EINVAL;
 		return open_related_ns(ns, ns->ops->get_parent);
+	case NS_GET_NSTYPE:
+		return ns->ops->type;
 	default:
 		return -ENOTTY;
 	}
diff --git a/include/uapi/linux/nsfs.h b/include/uapi/linux/nsfs.h
index 3af6172..2b48df1 100644
--- a/include/uapi/linux/nsfs.h
+++ b/include/uapi/linux/nsfs.h
@@ -9,5 +9,8 @@
 #define NS_GET_USERNS	_IO(NSIO, 0x1)
 /* Returns a file descriptor that refers to a parent namespace */
 #define NS_GET_PARENT	_IO(NSIO, 0x2)
+/* Returns the type of namespace (CLONE_NEW* value) referred to by
+   file descriptor */
+#define NS_GET_NSTYPE	_IO(NSIO, 0x3)
 
 #endif /* __LINUX_NSFS_H */