From patchwork Tue Jan 17 01:03:11 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Michael Kerrisk (man-pages)" <mtk.manpages@gmail.com>
X-Patchwork-Id: 9519753
Return-Path: <linux-fsdevel-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	9982260244 for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Tue, 17 Jan 2017 01:03:34 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 83FD1283FD
	for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Tue, 17 Jan 2017 01:03:34 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 78B2928494; Tue, 17 Jan 2017 01:03:34 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.3 required=2.0 tests=BAYES_00,
	DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, RCVD_IN_SORBS_SPAM,
	T_DKIM_INVALID autolearn=unavailable version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 26D74283FD
	for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Tue, 17 Jan 2017 01:03:34 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1750985AbdAQBDV (ORCPT
	<rfc822;patchwork-linux-fsdevel@patchwork.kernel.org>);
	Mon, 16 Jan 2017 20:03:21 -0500
Received: from mail-pf0-f195.google.com ([209.85.192.195]:33476 "EHLO
	mail-pf0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1750964AbdAQBDT (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Mon, 16 Jan 2017 20:03:19 -0500
Received: by mail-pf0-f195.google.com with SMTP id e4so4666029pfg.0;
	Mon, 16 Jan 2017 17:03:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=subject:to:references:cc:from:message-id:date:user-agent
	:mime-version:in-reply-to:content-transfer-encoding;
	bh=FENWX+9kRDiJ2LQOTm8UJ/yCy9E99AXbqPJ+VqhuCMs=;
	b=bhy7+TXGo3tE0e+4lpKhITCfvIu+gn+R0Y7jyj9sbJpd2auyRYEtLEociqq1kekXtC
	LmfRQG5CnUsW3gGUZDeCYNEtoDck1tT71DJxQEzQbm+FKCaP5DpwIInblrwnle076zv2
	uCWC9/GkSFHhQ7VOZuavzus3SqCzeB1mQofgI9+3fIAHpLivVBqf0SI2Q5hqMfeePMli
	IKA612+T7J1yDF7uv7sMHZ/8KQx5IhCiuyAUb4Bb8TzhNjVASYevlx/kx/4r+s3OkAaX
	3UYeL0xXhTWwZr3mIcMJbZiznIKrfm4VaI2r7xK8f7Wb3uF3/AG0/S2hPUo+HiNLt9Vo
	z+KA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:subject:to:references:cc:from:message-id:date
	:user-agent:mime-version:in-reply-to:content-transfer-encoding;
	bh=FENWX+9kRDiJ2LQOTm8UJ/yCy9E99AXbqPJ+VqhuCMs=;
	b=nq9nck1PpJxq25b18cHobLNjNSC3D0FTFWKS3E2M3SSNswKd/dfjdv24uHgyoAxYVE
	Ip5MadfCwZT+7s+wRJL7HRT8TeKoMNHbCdKjRv/yg5HVPghAFvMnBtmj4Xv1k0RCs4xe
	ldVj/IQ8filzypLKiBWWszTBOtIfldEdCejFi1ZTj8sOWvJh3+0avHXwlb3+4Dm8Iywg
	pa7GGJP/dEpgZXj/VwJSqw2w88xYqxT80jLajCz4bJw+ZZinNhwM91KDWU8+gmPClEh4
	urSUwFMfVQBqxBJJq5npJTWsolSY+OV3TCzbo3VyhMiFxFTrIdsaxW4A8P9/GU5Gtb2x
	rsew==
X-Gm-Message-State: 
 AIkVDXIHZl9HKyUOoIUHRoe/dm0jOSYO0hIcbVoxzIZPeFzGRX2asz5h/w8tzzb9MupwPA==
X-Received: by 10.99.133.65 with SMTP id u62mr21391199pgd.70.1484614998909;
	Mon, 16 Jan 2017 17:03:18 -0800 (PST)
Received: from [192.168.1.146]
	(203-96-136-154.dsl-dynamic.connections.net.nz. [203.96.136.154])
	by smtp.gmail.com with ESMTPSA id
	t87sm45613174pfe.59.2017.01.16.17.03.13
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Mon, 16 Jan 2017 17:03:17 -0800 (PST)
Subject: [PATCH v3 1/2] nsfs: Add an ioctl() to return the namespace type
To: "Eric W. Biederman" <ebiederm@xmission.com>
References: <69550fe9-5347-309c-b421-79c16a6300f6@gmail.com>
Cc: mtk.manpages@gmail.com, "Serge E. Hallyn" <serge@hallyn.com>,
	linux-api@vger.kernel.org, linux-kernel@vger.kernel.org,
	linux-fsdevel@vger.kernel.org, Andrey Vagin <avagin@openvz.org>,
	James Bottomley <James.Bottomley@hansenpartnership.com>,
	"W. Trevor King" <wking@tremily.us>,
	Alexander Viro <viro@zeniv.linux.org.uk>
From: "Michael Kerrisk (man-pages)" <mtk.manpages@gmail.com>
Message-ID: <f34820b8-1e52-d051-d839-98b3d0e335eb@gmail.com>
Date: Tue, 17 Jan 2017 14:03:11 +1300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
	Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <69550fe9-5347-309c-b421-79c16a6300f6@gmail.com>
Sender: linux-fsdevel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-fsdevel.vger.kernel.org>
X-Mailing-List: linux-fsdevel@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

Linux 4.9 added two ioctl() operations that can be used to discover:

* the parental relationships for hierarchical namespaces (user and PID)
  [NS_GET_PARENT]
* the user namespaces that owns a specified non-user-namespace
  [NS_GET_USERNS]

For no good reason that I can glean, NS_GET_USERNS was made synonymous
with NS_GET_PARENT for user namespaces. It might have been better if
NS_GET_USERNS had returned an error if the supplied file descriptor
referred to a user namespace, since it suggests that the caller may be
confused. More particularly, if it had generated an error, then I wouldn't
need the new ioctl() operation proposed here. (On the other hand, what
I propose here may be more generally useful.)

I would like to write code that discovers namespace relationships for
the purpose of understanding the namespace setup on a running system.
In particular, given a file descriptor (or pathname) for a namespace,
N, I'd like to obtain the corresponding user namespace.  Namespace N
might be a user namespace (in which case my code would just use N) or
a non-user namespace (in which case my code will use NS_GET_USERNS to
get the user namespace associated with N). The problem is that there
is no way to tell the difference by looking at the file descriptor
(and if I try to use NS_GET_USERNS on an N that is a user namespace, I
get the parent user namespace of N, which is not what I want).

This patch therefore adds a new ioctl(), NS_GET_NSTYPE, which, given
a file descriptor that refers to a user namespace, returns the
namespace type (one of the CLONE_NEW* constants).

Signed-off-by: Michael Kerrisk <mtk-manpages@gmail.com>
---
 fs/nsfs.c                 | 2 ++
 include/uapi/linux/nsfs.h | 3 +++
 2 files changed, 5 insertions(+)

diff --git a/fs/nsfs.c b/fs/nsfs.c
index 8c9fb29..5d53476 100644
--- a/fs/nsfs.c
+++ b/fs/nsfs.c
@@ -172,6 +172,8 @@ static long ns_ioctl(struct file *filp, unsigned int ioctl,
 		if (!ns->ops->get_parent)
 			return -EINVAL;
 		return open_related_ns(ns, ns->ops->get_parent);
+	case NS_GET_NSTYPE:
+		return ns->ops->type;
 	default:
 		return -ENOTTY;
 	}
diff --git a/include/uapi/linux/nsfs.h b/include/uapi/linux/nsfs.h
index 3af6172..2b48df1 100644
--- a/include/uapi/linux/nsfs.h
+++ b/include/uapi/linux/nsfs.h
@@ -9,5 +9,8 @@
 #define NS_GET_USERNS	_IO(NSIO, 0x1)
 /* Returns a file descriptor that refers to a parent namespace */
 #define NS_GET_PARENT	_IO(NSIO, 0x2)
+/* Returns the type of namespace (CLONE_NEW* value) referred to by
+   file descriptor */
+#define NS_GET_NSTYPE	_IO(NSIO, 0x3)
 
 #endif /* __LINUX_NSFS_H */