On Tue, Aug 30, 2016 at 7:56 PM, Serge E. Hallyn <serge@xxxxxxxxxx> wrote: > On Fri, Aug 26, 2016 at 04:08:08PM -0700, Andrei Vagin wrote: >> +struct ns_common *ns_get_owner(struct ns_common *ns) >> +{ >> + struct user_namespace *my_user_ns = current_user_ns(); >> + struct user_namespace *owner, *p; >> + >> + /* See if the owner is in the current user namespace */ >> + owner = p = ns->ops->get_owner(ns); >> + for (;;) { >> + if (!p) >> + return ERR_PTR(-EPERM); >> + if (p == my_user_ns) >> + break; >> + p = p->parent; >> + } >> + >> + return &get_user_ns(owner)->ns; > > get_user_ns() bumps the owner's refcount. I don't see where > this is being dropped, especially when ns_ioctl() uses it in > the next patch. It is dropped in __ns_get_path if a namespace has a dentry, otherwise it is dropped from nsfs_evict. static void *__ns_get_path(struct path *path, struct ns_common *ns) | return -EPERM; ... ns->ops->put(ns); | got_it: | /* See if the owner is in the current user namespace */ path->mnt = mnt; | owner = p = ns->ops->get_owner(ns); path->dentry = dentry; | for (;;) { return NULL; ... static void nsfs_evict(struct inode *inode) | { | if (!ns_capable(user_ns, CAP_SYS_ADMIN)) struct ns_common *ns = inode->i_private; | return -EPERM; clear_inode(inode); | ns->ops->put(ns); | cred = prepare_creds(); } > _______________________________________________ > Containers mailing list > Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx > https://lists.linuxfoundation.org/mailman/listinfo/containers _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers