On Wed, Aug 31, 2016 at 01:38:35PM -0700, Andrey Vagin wrote:
> On Tue, Aug 30, 2016 at 7:56 PM, Serge E. Hallyn <serge@xxxxxxxxxx> wrote:
> > On Fri, Aug 26, 2016 at 04:08:08PM -0700, Andrei Vagin wrote:
> >> +struct ns_common *ns_get_owner(struct ns_common *ns)
> >> +{
> >> + struct user_namespace *my_user_ns = current_user_ns();
> >> + struct user_namespace *owner, *p;
> >> +
> >> + /* See if the owner is in the current user namespace */
> >> + owner = p = ns->ops->get_owner(ns);
> >> + for (;;) {
> >> + if (!p)
> >> + return ERR_PTR(-EPERM);
> >> + if (p == my_user_ns)
> >> + break;
> >> + p = p->parent;
> >> + }
> >> +
> >> + return &get_user_ns(owner)->ns;
> >
> > get_user_ns() bumps the owner's refcount. I don't see where
> > this is being dropped, especially when ns_ioctl() uses it in
> > the next patch.
>
> It is dropped in __ns_get_path if a namespace has a dentry, otherwise
> it is dropped from nsfs_evict.
>
> static void *__ns_get_path(struct path *path, struct ns_common *ns)
> | return -EPERM;
> ...
> ns->ops->put(ns); |
> got_it:
> | /* See if the owner is in the current user namespace
> */
> path->mnt = mnt;
> | owner = p = ns->ops->get_owner(ns);
> path->dentry = dentry;
> | for (;;) {
> return NULL;
> ...
>
> static void nsfs_evict(struct inode *inode) |
> {
> | if (!ns_capable(user_ns, CAP_SYS_ADMIN))
> struct ns_common *ns = inode->i_private;
> | return -EPERM;
> clear_inode(inode); |
> ns->ops->put(ns);
> | cred = prepare_creds();
> }
Gotcha, thanks.
_______________________________________________
Containers mailing list
Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linuxfoundation.org/mailman/listinfo/containers
