userns: Implement unshare of the user namespace - Add CLONE_THREAD to the unshare flags if CLONE_NEWUSER is selected As changing user namespaces is only valid if all there is only a single thread. - Restore the code to add CLONE_VM if CLONE_THREAD is selected and the code to addCLONE_SIGHAND if CLONE_VM is selected. Making the constraints in the code clear. Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>

commit: b2e0d98705e60e45bbb3c0032c48824ad7ae0704 [log] [tgz]
author: Eric W. Biederman <ebiederm@xmission.com> Thu Jul 26 05:15:35 2012 -0700
committer: Eric W. Biederman <ebiederm@xmission.com> Tue Nov 20 04:18:14 2012 -0800
tree: e187c82e1c3babd34095f2b946614131719bbb03
parent: cde1975bc242f3e1072bde623ef378e547b73f91 [diff] [blame]
diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h
index 95142ca..17651f0 100644
--- a/include/linux/user_namespace.h
+++ b/include/linux/user_namespace.h

@@ -39,6 +39,7 @@
 }
 
 extern int create_user_ns(struct cred *new);
+extern int unshare_userns(unsigned long unshare_flags, struct cred **new_cred);
 extern void free_user_ns(struct kref *kref);
 
 static inline void put_user_ns(struct user_namespace *ns)
@@ -66,6 +67,14 @@
 	return -EINVAL;
 }
 
+static inline int unshare_userns(unsigned long unshare_flags,
+				 struct cred **new_cred)
+{
+	if (unshare_flags & CLONE_NEWUSER)
+		return -EINVAL;
+	return 0;
+}
+
 static inline void put_user_ns(struct user_namespace *ns)
 {
 }
commit	b2e0d98705e60e45bbb3c0032c48824ad7ae0704	[log] [tgz]
author	Eric W. Biederman <ebiederm@xmission.com>	Thu Jul 26 05:15:35 2012 -0700
committer	Eric W. Biederman <ebiederm@xmission.com>	Tue Nov 20 04:18:14 2012 -0800
tree	e187c82e1c3babd34095f2b946614131719bbb03
parent	cde1975bc242f3e1072bde623ef378e547b73f91 [diff] [blame]