userns: Add per user namespace sysctls. Limit per userns sysctls to only be opened for write by a holder of CAP_SYS_RESOURCE. Add all of the necessary boilerplate for having per user namespace sysctls. Acked-by: Kees Cook <keescook@chromium.org> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>

commit: dbec28460a89aa7c02c3301e9e108d98272549d2 [log] [tgz]
author: Eric W. Biederman <ebiederm@xmission.com> Sat Jul 30 13:58:49 2016 -0500
committer: Eric W. Biederman <ebiederm@xmission.com> Mon Aug 08 13:18:58 2016 -0500
tree: bf4b71c69e072bb6fdbe680674ab84bd79143e45
parent: b032132c3c218f4a09e9499b3674299a752581c6 [diff] [blame]
diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h
index 4e79b3c..e5697ea 100644
--- a/include/linux/user_namespace.h
+++ b/include/linux/user_namespace.h

@@ -40,6 +40,10 @@
 	struct rw_semaphore	persistent_keyring_register_sem;
 #endif
 	struct work_struct	work;
+#ifdef CONFIG_SYSCTL
+	struct ctl_table_set	set;
+	struct ctl_table_header *sysctls;
+#endif
 };
 
 extern struct user_namespace init_user_ns;
commit	dbec28460a89aa7c02c3301e9e108d98272549d2	[log] [tgz]
author	Eric W. Biederman <ebiederm@xmission.com>	Sat Jul 30 13:58:49 2016 -0500
committer	Eric W. Biederman <ebiederm@xmission.com>	Mon Aug 08 13:18:58 2016 -0500
tree	bf4b71c69e072bb6fdbe680674ab84bd79143e45
parent	b032132c3c218f4a09e9499b3674299a752581c6 [diff] [blame]