SO_NSID: bind a socket to a network namespace, given its nsid This allows a process to have individual sockets in different namespaces. Also, calling setsockopt(SO_NSID) on a socket before using it for ioctl() make the ioctl() operations happen in the given namespace. This is very useful to configure or retrieve networking information in a different namespace. SO_NETNS: bind a process to an already existing netns, given its nsid This is an easy way to move a process to a different, already existing, network namespace without creating a new one. --- arch/alpha/include/asm/socket.h | 4 +++ arch/arm/include/asm/socket.h | 4 +++ arch/avr32/include/asm/socket.h | 4 +++ arch/blackfin/include/asm/socket.h | 4 +++ arch/h8300/include/asm/socket.h | 4 +++ arch/ia64/include/asm/socket.h | 4 +++ arch/mips/include/asm/socket.h | 4 +++ arch/parisc/include/asm/socket.h | 4 +++ arch/powerpc/include/asm/socket.h | 4 +++ arch/s390/include/asm/socket.h | 4 +++ arch/sh/include/asm/socket.h | 4 +++ arch/sparc/include/asm/socket.h | 4 +++ arch/x86/include/asm/socket.h | 4 +++ include/asm-cris/socket.h | 4 +++ include/asm-frv/socket.h | 4 +++ include/asm-m32r/socket.h | 4 +++ include/asm-m68k/socket.h | 4 +++ include/asm-mn10300/socket.h | 4 +++ include/asm-xtensa/socket.h | 4 +++ net/core/sock.c | 47 +++++++++++++++++++++++++++++++++++- 20 files changed, 122 insertions(+), 1 deletions(-) diff --git a/arch/alpha/include/asm/socket.h b/arch/alpha/include/asm/socket.h index a1057c2..e9f3f47 100644 --- a/arch/alpha/include/asm/socket.h +++ b/arch/alpha/include/asm/socket.h @@ -62,6 +62,10 @@ #define SO_MARK 36 +/* Namespace management */ +#define SO_NETNS 37 +#define SO_NSID 38 + /* O_NONBLOCK clashes with the bits used for socket types. Therefore we * have to define SOCK_NONBLOCK to a different value here. */ diff --git a/arch/arm/include/asm/socket.h b/arch/arm/include/asm/socket.h index 6817be9..5162369 100644 --- a/arch/arm/include/asm/socket.h +++ b/arch/arm/include/asm/socket.h @@ -54,4 +54,8 @@ #define SO_MARK 36 +/* Namespace management */ +#define SO_NETNS 37 +#define SO_NSID 38 + #endif /* _ASM_SOCKET_H */ diff --git a/arch/avr32/include/asm/socket.h b/arch/avr32/include/asm/socket.h index 35863f2..d500536 100644 --- a/arch/avr32/include/asm/socket.h +++ b/arch/avr32/include/asm/socket.h @@ -54,4 +54,8 @@ #define SO_MARK 36 +/* Namespace management */ +#define SO_NETNS 37 +#define SO_NSID 38 + #endif /* __ASM_AVR32_SOCKET_H */ diff --git a/arch/blackfin/include/asm/socket.h b/arch/blackfin/include/asm/socket.h index 2ca702e..a56fc0f 100644 --- a/arch/blackfin/include/asm/socket.h +++ b/arch/blackfin/include/asm/socket.h @@ -53,4 +53,8 @@ #define SO_MARK 36 +/* Namespace management */ +#define SO_NETNS 37 +#define SO_NSID 38 + #endif /* _ASM_SOCKET_H */ diff --git a/arch/h8300/include/asm/socket.h b/arch/h8300/include/asm/socket.h index da2520d..112c632 100644 --- a/arch/h8300/include/asm/socket.h +++ b/arch/h8300/include/asm/socket.h @@ -54,4 +54,8 @@ #define SO_MARK 36 +/* Namespace management */ +#define SO_NETNS 37 +#define SO_NSID 38 + #endif /* _ASM_SOCKET_H */ diff --git a/arch/ia64/include/asm/socket.h b/arch/ia64/include/asm/socket.h index d5ef0aa..246b075 100644 --- a/arch/ia64/include/asm/socket.h +++ b/arch/ia64/include/asm/socket.h @@ -63,4 +63,8 @@ #define SO_MARK 36 +/* Namespace management */ +#define SO_NETNS 37 +#define SO_NSID 38 + #endif /* _ASM_IA64_SOCKET_H */ diff --git a/arch/mips/include/asm/socket.h b/arch/mips/include/asm/socket.h index facc2d7..d90fadb 100644 --- a/arch/mips/include/asm/socket.h +++ b/arch/mips/include/asm/socket.h @@ -75,6 +75,10 @@ To add: #define SO_REUSEPORT 0x0200 /* Allow local address and port reuse. */ #define SO_MARK 36 +/* Namespace management */ +#define SO_NETNS 37 +#define SO_NSID 38 + #ifdef __KERNEL__ /** sock_type - Socket types diff --git a/arch/parisc/include/asm/socket.h b/arch/parisc/include/asm/socket.h index fba402c..cebbd8b 100644 --- a/arch/parisc/include/asm/socket.h +++ b/arch/parisc/include/asm/socket.h @@ -54,6 +54,10 @@ #define SO_MARK 0x401f +/* Namespace management */ +#define SO_NETNS 0x4020 +#define SO_NSID 0x4021 + /* O_NONBLOCK clashes with the bits used for socket types. Therefore we * have to define SOCK_NONBLOCK to a different value here. */ diff --git a/arch/powerpc/include/asm/socket.h b/arch/powerpc/include/asm/socket.h index f5a4e16..68e9a53 100644 --- a/arch/powerpc/include/asm/socket.h +++ b/arch/powerpc/include/asm/socket.h @@ -61,4 +61,8 @@ #define SO_MARK 36 +/* Namespace management */ +#define SO_NETNS 37 +#define SO_NSID 38 + #endif /* _ASM_POWERPC_SOCKET_H */ diff --git a/arch/s390/include/asm/socket.h b/arch/s390/include/asm/socket.h index c786ab6..48a2e1f 100644 --- a/arch/s390/include/asm/socket.h +++ b/arch/s390/include/asm/socket.h @@ -62,4 +62,8 @@ #define SO_MARK 36 +/* Namespace management */ +#define SO_NETNS 37 +#define SO_NSID 38 + #endif /* _ASM_SOCKET_H */ diff --git a/arch/sh/include/asm/socket.h b/arch/sh/include/asm/socket.h index 6d4bf65..3e1ae9a 100644 --- a/arch/sh/include/asm/socket.h +++ b/arch/sh/include/asm/socket.h @@ -54,4 +54,8 @@ #define SO_MARK 36 +/* Namespace management */ +#define SO_NETNS 37 +#define SO_NSID 38 + #endif /* __ASM_SH_SOCKET_H */ diff --git a/arch/sparc/include/asm/socket.h b/arch/sparc/include/asm/socket.h index bf50d0c..e64381c 100644 --- a/arch/sparc/include/asm/socket.h +++ b/arch/sparc/include/asm/socket.h @@ -50,6 +50,10 @@ #define SO_MARK 0x0022 +/* Namespace management */ +#define SO_NETNS 0x0023 +#define SO_NSID 0x0024 + /* Security levels - as per NRL IPv6 - don't actually do anything */ #define SO_SECURITY_AUTHENTICATION 0x5001 #define SO_SECURITY_ENCRYPTION_TRANSPORT 0x5002 diff --git a/arch/x86/include/asm/socket.h b/arch/x86/include/asm/socket.h index 8ab9cc8..9023180 100644 --- a/arch/x86/include/asm/socket.h +++ b/arch/x86/include/asm/socket.h @@ -54,4 +54,8 @@ #define SO_MARK 36 +/* Namespace management */ +#define SO_NETNS 37 +#define SO_NSID 38 + #endif /* _ASM_X86_SOCKET_H */ diff --git a/include/asm-cris/socket.h b/include/asm-cris/socket.h index 9df0ca8..7550720 100644 --- a/include/asm-cris/socket.h +++ b/include/asm-cris/socket.h @@ -56,6 +56,10 @@ #define SO_MARK 36 +/* Namespace management */ +#define SO_NETNS 37 +#define SO_NSID 38 + #endif /* _ASM_SOCKET_H */ diff --git a/include/asm-frv/socket.h b/include/asm-frv/socket.h index e51ca67..2ea7442 100644 --- a/include/asm-frv/socket.h +++ b/include/asm-frv/socket.h @@ -54,5 +54,9 @@ #define SO_MARK 36 +/* Namespace management */ +#define SO_NETNS 37 +#define SO_NSID 38 + #endif /* _ASM_SOCKET_H */ diff --git a/include/asm-m32r/socket.h b/include/asm-m32r/socket.h index 9a0e200..06de900 100644 --- a/include/asm-m32r/socket.h +++ b/include/asm-m32r/socket.h @@ -54,4 +54,8 @@ #define SO_MARK 36 +/* Namespace management */ +#define SO_NETNS 37 +#define SO_NSID 38 + #endif /* _ASM_M32R_SOCKET_H */ diff --git a/include/asm-m68k/socket.h b/include/asm-m68k/socket.h index dbc64e9..b208e7c 100644 --- a/include/asm-m68k/socket.h +++ b/include/asm-m68k/socket.h @@ -54,4 +54,8 @@ #define SO_MARK 36 +/* Namespace management */ +#define SO_NETNS 37 +#define SO_NSID 38 + #endif /* _ASM_SOCKET_H */ diff --git a/include/asm-mn10300/socket.h b/include/asm-mn10300/socket.h index 80af9c4..6665cb8 100644 --- a/include/asm-mn10300/socket.h +++ b/include/asm-mn10300/socket.h @@ -54,4 +54,8 @@ #define SO_MARK 36 +/* Namespace management */ +#define SO_NETNS 37 +#define SO_NSID 38 + #endif /* _ASM_SOCKET_H */ diff --git a/include/asm-xtensa/socket.h b/include/asm-xtensa/socket.h index 6100682..7882935 100644 --- a/include/asm-xtensa/socket.h +++ b/include/asm-xtensa/socket.h @@ -65,4 +65,8 @@ #define SO_MARK 36 +/* Namespace management */ +#define SO_NETNS 37 +#define SO_NSID 38 + #endif /* _XTENSA_SOCKET_H */ diff --git a/net/core/sock.c b/net/core/sock.c index 5e2a313..b085f67 100644 --- a/net/core/sock.c +++ b/net/core/sock.c @@ -110,6 +110,7 @@ #include <linux/tcp.h> #include <linux/init.h> #include <linux/highmem.h> +#include <linux/nsproxy.h> #include <asm/uaccess.h> #include <asm/system.h> @@ -668,7 +669,51 @@ set_rcvbuf: } break; - /* We implement the SO_SNDLOWAT etc to + case SO_NETNS: + if (!capable(CAP_NET_ADMIN)) { + ret = -EPERM; + } else { + struct nsproxy *new_nsproxy; + struct net *old_net, *new_net; + + ret = -EINVAL; + new_net = get_net_ns_by_id(val); + if (new_net) { + ret = unshare_nsproxy_namespaces(CLONE_NEWNS, + &new_nsproxy, + NULL); + if (ret == 0) { + old_net = new_nsproxy->net_ns; + new_nsproxy->net_ns = new_net; + put_net(old_net); + + switch_task_namespaces(current, + new_nsproxy); + } else + put_net(new_net); + } + } + break; + + case SO_NSID: + if (!capable(CAP_NET_ADMIN)) { + ret = -EPERM; + } else { + struct net *old_net, *new_net; + + ret = -EINVAL; + new_net = get_net_ns_by_id(val); + if (new_net) { + ret = 0; + old_net = sock_net(sk); + sock_net_set(sk, get_net(new_net)); + put_net(old_net); + } + } + break; + + + /* We implement the SO_SNDLOWAT etc to not be settable (1003.1g 5.3) */ default: ret = -ENOPROTOOPT; -- 1.5.4.4 _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers