Quoting Eric W. Biederman (ebiederm@xxxxxxxxxxxx):
> "Serge E. Hallyn" <serge@xxxxxxxxxx> writes:
>
> > Quoting Eric W. Biederman (ebiederm@xxxxxxxxxxxx):
> >> +static bool setup_userns_sysctls(struct user_namespace *ns)
> >> +{
> >> +#ifdef CONFIG_SYSCTL
> >> + struct ctl_table *tbl;
> >> + setup_sysctl_set(&ns->set, &set_root, set_is_seen);
> >> + tbl = kmemdup(userns_table, sizeof(userns_table), GFP_KERNEL);
> >> + if (tbl) {
> >> + ns->sysctls = __register_sysctl_table(&ns->set, "userns", tbl);
> >> + }
> >
> > What happens if tbl is null due to oom? Would it be better to just
> > return false in that case here?
>
> ns->sysctls is initialized to NULL and kfree(NULL) is a noop.
> So I don't see any problems.
>
> I admit it isn't a usual pattern for error handling.
Right I didn't mean that - I meant, is there a way that a namespace
could end up escaping its limits as a result? I think not, since
either it has hierarchical limits which will still be enforced, or
the admin tries to set a new limit and that step will fail visibly,
which suffices.
thanks,
-serge
_______________________________________________
Containers mailing list
Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linuxfoundation.org/mailman/listinfo/containers
