On Mon, May 04, 2020 at 11:15:54AM -0500, Eric W. Biederman wrote: > Christian Brauner <christian.brauner@xxxxxxxxxx> writes: > > > Add a simple struct nsset. It holds all necessary pieces to switch to a new > > set of namespaces without leaving a task in a half-switched state which we > > will make use of in the next patch. This patch simply switches the existing > > setns logic over without causing a change in setns() behavior. This brings > > setns() closer to how unshare() works(). The prepare_ns() function is > > responsible to prepare all necessary information. This has two reasons. > > First it minimizes dependencies between individual namespaces, i.e. all > > install handler can expect that all fields are properly initialized > > independent in what order they are called in. Second, this makes the code > > easier to maintain and easier to follow if it needs to be changed. > > This is buggy. > > Your code assume that nstype == 0 is invalid. Yep, good catch! That's a bug from rearranging the patches. > > Passing nstype == 0 means don't verify the kind of file descriptor > passed. > > Quite frankly doing nstype & CLONE_XYZ is wrong. It always > needs to be nstype == CLONE_XYZ. I mean, I can do the nstype == CLONE_NEW* in the preparatory patch and then switch to flags & CLONE_NEW* later. Let me fix this right now. Christian
