From patchwork Wed Jan 25 01:03:36 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Michael Kerrisk (man-pages)" <mtk.manpages@gmail.com>
X-Patchwork-Id: 9536249
Return-Path: <linux-fsdevel-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	A3E8D601D3 for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Wed, 25 Jan 2017 01:04:19 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 930B926E47
	for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Wed, 25 Jan 2017 01:04:19 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 879E027BA5; Wed, 25 Jan 2017 01:04:19 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.3 required=2.0 tests=BAYES_00,
	DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, RCVD_IN_SORBS_SPAM,
	T_DKIM_INVALID autolearn=unavailable version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3B19C26E47
	for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Wed, 25 Jan 2017 01:04:19 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751134AbdAYBDv (ORCPT
	<rfc822;patchwork-linux-fsdevel@patchwork.kernel.org>);
	Tue, 24 Jan 2017 20:03:51 -0500
Received: from mail-pg0-f66.google.com ([74.125.83.66]:34547 "EHLO
	mail-pg0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751120AbdAYBDt (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Tue, 24 Jan 2017 20:03:49 -0500
Received: by mail-pg0-f66.google.com with SMTP id 3so216628pgj.1;
	Tue, 24 Jan 2017 17:03:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=from:subject:to:references:cc:message-id:date:user-agent
	:mime-version:in-reply-to:content-transfer-encoding;
	bh=FENWX+9kRDiJ2LQOTm8UJ/yCy9E99AXbqPJ+VqhuCMs=;
	b=RlBloShJi9diGnV2jMu9bAJ1H+8PRyehFVc9bAhaQz/jPd2ikx6or3BsksmI9Gl61h
	bVmcZ16SNmAIbj7f3BmRFGO5n++otfb64wfA9zAb2Cm0M5SScu/mUZ7jvPbesx5QPY92
	EAO1FreslDr5UNxKSLtCIuom/GrznKgp0IYSEkao6/dBbIySNGU0dgOw6YU3Y3fdlhYd
	zQYupHXQUoZIDhSErMTlYTgDuqDoGvTKfvfxhOkVdor4gOu+jCqLSXPuNyYZgQnoMRum
	q36myffqAIfGDucSrFBOQpb22wTPUN+oqd34VOblpQwv5wDCZ21kbL0HzZWIT3zzhhYy
	2hMQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:subject:to:references:cc:message-id:date
	:user-agent:mime-version:in-reply-to:content-transfer-encoding;
	bh=FENWX+9kRDiJ2LQOTm8UJ/yCy9E99AXbqPJ+VqhuCMs=;
	b=KEX9SyIJtJ0+5DNSgdEv0avLhjoSwC2el8e3uXs/iD8MEsyTDfPu0jy38Z+wqUec11
	C6rH4lviKvhO9/JamfTjL6sp/jNlUUxKSx/Z+iS23ZsHKy+vt5FVTdpvl+FPhmNirFbR
	tTBfs2zll+C9FppeF6zUbgBnt7DNDtoqRZG1/91FN96pu1UTcXOeuu86oM5/FhQLTmx9
	rZj9lbdK33oVb+QKzbw2i0ca/RCRzb0qdKxXi4DBHOuyH7efsT3bsqSvaMf8I8yuxuJ3
	aUhAvD2HFraXLWJF2cLBZVncJDum0B9D1mUgFLYYKPHxETI937PLZJnLIfieNzb341Sg
	B/Cg==
X-Gm-Message-State: 
 AIkVDXIYYhIftwRo6UTO9e+UfNdQFCoJcGxxBjzSRmylKyp/qk1qfq5pSQXKVxVwCLpbLQ==
X-Received: by 10.99.4.71 with SMTP id 68mr43931024pge.77.1485306223077;
	Tue, 24 Jan 2017 17:03:43 -0800 (PST)
Received: from [192.168.1.10] (168.160.69.111.dynamic.snap.net.nz.
	[111.69.160.168]) by smtp.gmail.com with ESMTPSA id
	o24sm47351225pfj.78.2017.01.24.17.03.38
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Tue, 24 Jan 2017 17:03:42 -0800 (PST)
From: "Michael Kerrisk (man-pages)" <mtk.manpages@gmail.com>
Subject: [PATCH v4 1/2] nsfs: Add an ioctl() to return the namespace type
To: "Eric W. Biederman" <ebiederm@xmission.com>
References: <93e5c7f9-9dc1-6c93-ad20-0ba053d8bfef@gmail.com>
	<2c27a76e-336d-e2ad-4b30-22e29249c2e9@gmail.com>
Cc: mtk.manpages@gmail.com, "Serge E. Hallyn" <serge@hallyn.com>,
	linux-api@vger.kernel.org, linux-kernel@vger.kernel.org,
	linux-fsdevel@vger.kernel.org, Andrey Vagin <avagin@openvz.org>,
	James Bottomley <James.Bottomley@hansenpartnership.com>,
	"W. Trevor King" <wking@tremily.us>,
	Alexander Viro <viro@zeniv.linux.org.uk>
Message-ID: <e1298c39-64f7-bad2-9bbb-a5d667ffe83c@gmail.com>
Date: Wed, 25 Jan 2017 14:03:36 +1300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
	Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <2c27a76e-336d-e2ad-4b30-22e29249c2e9@gmail.com>
Sender: linux-fsdevel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-fsdevel.vger.kernel.org>
X-Mailing-List: linux-fsdevel@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

Linux 4.9 added two ioctl() operations that can be used to discover:

* the parental relationships for hierarchical namespaces (user and PID)
  [NS_GET_PARENT]
* the user namespaces that owns a specified non-user-namespace
  [NS_GET_USERNS]

For no good reason that I can glean, NS_GET_USERNS was made synonymous
with NS_GET_PARENT for user namespaces. It might have been better if
NS_GET_USERNS had returned an error if the supplied file descriptor
referred to a user namespace, since it suggests that the caller may be
confused. More particularly, if it had generated an error, then I wouldn't
need the new ioctl() operation proposed here. (On the other hand, what
I propose here may be more generally useful.)

I would like to write code that discovers namespace relationships for
the purpose of understanding the namespace setup on a running system.
In particular, given a file descriptor (or pathname) for a namespace,
N, I'd like to obtain the corresponding user namespace.  Namespace N
might be a user namespace (in which case my code would just use N) or
a non-user namespace (in which case my code will use NS_GET_USERNS to
get the user namespace associated with N). The problem is that there
is no way to tell the difference by looking at the file descriptor
(and if I try to use NS_GET_USERNS on an N that is a user namespace, I
get the parent user namespace of N, which is not what I want).

This patch therefore adds a new ioctl(), NS_GET_NSTYPE, which, given
a file descriptor that refers to a user namespace, returns the
namespace type (one of the CLONE_NEW* constants).

Signed-off-by: Michael Kerrisk <mtk-manpages@gmail.com>
---
 fs/nsfs.c                 | 2 ++
 include/uapi/linux/nsfs.h | 3 +++
 2 files changed, 5 insertions(+)

diff --git a/fs/nsfs.c b/fs/nsfs.c
index 8c9fb29..5d53476 100644
--- a/fs/nsfs.c
+++ b/fs/nsfs.c
@@ -172,6 +172,8 @@ static long ns_ioctl(struct file *filp, unsigned int ioctl,
 		if (!ns->ops->get_parent)
 			return -EINVAL;
 		return open_related_ns(ns, ns->ops->get_parent);
+	case NS_GET_NSTYPE:
+		return ns->ops->type;
 	default:
 		return -ENOTTY;
 	}
diff --git a/include/uapi/linux/nsfs.h b/include/uapi/linux/nsfs.h
index 3af6172..2b48df1 100644
--- a/include/uapi/linux/nsfs.h
+++ b/include/uapi/linux/nsfs.h
@@ -9,5 +9,8 @@
 #define NS_GET_USERNS	_IO(NSIO, 0x1)
 /* Returns a file descriptor that refers to a parent namespace */
 #define NS_GET_PARENT	_IO(NSIO, 0x2)
+/* Returns the type of namespace (CLONE_NEW* value) referred to by
+   file descriptor */
+#define NS_GET_NSTYPE	_IO(NSIO, 0x3)
 
 #endif /* __LINUX_NSFS_H */