nsproxy: attach to namespaces via pidfds
For quite a while we have been thinking about using pidfds to attach to namespaces. This patchset has existed for about a year already but we've wanted to wait to see how the general api would be received and adopted. Now that more and more programs in userspace have started using pidfds for process management it's time to send this one out. This patch makes it possible to use pidfds to attach to the namespaces of another process, i.e. they can be passed as the first argument to the setns() syscall. When only a single namespace type is specified the semantics are equivalent to passing an nsfd. That means setns(nsfd, CLONE_NEWNET) equals setns(pidfd, CLONE_NEWNET). However, when a pidfd is passed, multiple namespace flags can be specified in the second setns() argument and setns() will attach the caller to all the specified namespaces all at once or to none of them. Specifying 0 is not valid together with a pidfd. Here are just two obvious examples: setns(pidfd, C...
Showing
- fs/namespace.c 5 additions, 0 deletionsfs/namespace.c
- fs/nsfs.c 5 additions, 0 deletionsfs/nsfs.c
- include/linux/mnt_namespace.h 1 addition, 0 deletionsinclude/linux/mnt_namespace.h
- include/linux/proc_fs.h 2 additions, 0 deletionsinclude/linux/proc_fs.h
- kernel/nsproxy.c 213 additions, 16 deletionskernel/nsproxy.c
Please register or sign in to comment