"Serge E. Hallyn" <serge@xxxxxxxxxx> writes:
> Quoting Eric W. Biederman (ebiederm@xxxxxxxxxxxx):
>> "Serge E. Hallyn" <serge@xxxxxxxxxx> writes:
>>
>> > Quoting Eric W. Biederman (ebiederm@xxxxxxxxxxxx):
>> >> +static bool setup_userns_sysctls(struct user_namespace *ns)
>> >> +{
>> >> +#ifdef CONFIG_SYSCTL
>> >> + struct ctl_table *tbl;
>> >> + setup_sysctl_set(&ns->set, &set_root, set_is_seen);
>> >> + tbl = kmemdup(userns_table, sizeof(userns_table), GFP_KERNEL);
>> >> + if (tbl) {
>> >> + ns->sysctls = __register_sysctl_table(&ns->set, "userns", tbl);
>> >> + }
>> >
>> > What happens if tbl is null due to oom? Would it be better to just
>> > return false in that case here?
>>
>> ns->sysctls is initialized to NULL and kfree(NULL) is a noop.
>> So I don't see any problems.
>>
>> I admit it isn't a usual pattern for error handling.
>
> Right I didn't mean that - I meant, is there a way that a namespace
> could end up escaping its limits as a result? I think not, since
> either it has hierarchical limits which will still be enforced, or
> the admin tries to set a new limit and that step will fail visibly,
> which suffices.
And what I meant is that we do actually return false in the case you are
worrying about. And if we return false we don't even create the user
namespace.
Eric
_______________________________________________
Containers mailing list
Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linuxfoundation.org/mailman/listinfo/containers
