PatchworkOS  19e446b
A non-POSIX operating system.
Loading...
Searching...
No Matches
Data Structures | Macros | Functions
Namespaces
Kernel » Filesystems

Per-process Namespaces. More...

Collaboration diagram for Namespaces:

Detailed Description

Per-process Namespaces.

The per-process namespace system allows each process to have its own view of the filesystem hierarchy, acting as the primary form of security.

Data Structures

struct  mount_stack_t
 Mount stack. More...
 
struct  namespace_t
 Namespace structure. More...
 

Macros

#define NAMESPACE_MAX_TRAVERSE   32
 Maximum number of iterative mount traversals when following mountpoints.
 
#define MOUNT_STACK_MAX_MOUNTS   8
 Maximum number of mounts that can be mounted to a single mountpoint.
 

Functions

namespace_tnamespace_new (namespace_t *parent)
 Create a new namespace.
 
uint64_t namespace_copy (namespace_t *dest, namespace_t *src)
 Copy mounts from one namespace to another.
 
bool namespace_accessible (namespace_t *ns, namespace_t *other)
 Check if mounts in a namespace can be propagated to another namespace.
 
bool namespace_rcu_traverse (namespace_t *ns, mount_t **mount, dentry_t **dentry)
 If the given path is a mountpoint in the namespace, traverse to the mounted filesystem in an RCU read critical section, else no-op.
 
mount_tnamespace_mount (namespace_t *ns, path_t *target, filesystem_t *fs, const char *options, mode_t mode, void *data)
 Mount a filesystem in a namespace.
 
mount_tnamespace_bind (namespace_t *ns, path_t *target, path_t *source, mode_t mode)
 Bind a source path to a target path in a namespace.
 
void namespace_unmount (namespace_t *ns, mount_t *mount, mode_t mode)
 Remove a mount in a namespace.
 
void namespace_get_root (namespace_t *ns, path_t *out)
 Get the root path of a namespace.
 
void namespace_rcu_get_root (namespace_t *ns, mount_t **mount, dentry_t **dentry)
 Get the root mount of a namespace in an RCU read critical section.
 

Macro Definition Documentation

◆ NAMESPACE_MAX_TRAVERSE

#define NAMESPACE_MAX_TRAVERSE   32

Maximum number of iterative mount traversals when following mountpoints.

Definition at line 31 of file namespace.h.

◆ MOUNT_STACK_MAX_MOUNTS

#define MOUNT_STACK_MAX_MOUNTS   8

Maximum number of mounts that can be mounted to a single mountpoint.

Definition at line 36 of file namespace.h.

Function Documentation

◆ namespace_new()

namespace_t * namespace_new ( namespace_t parent)

Create a new namespace.

There is no namespace_free() instead use UNREF().

Parameters
parentThe parent namespace, or NULL to create a root namespace.
Returns
On success, the new namespace. On failure, NULL and errno is set to:
  • ENOMEM: Out of memory.

Definition at line 253 of file namespace.c.

Here is the call graph for this function:
Here is the caller graph for this function:

◆ namespace_copy()

uint64_t namespace_copy ( namespace_t dest,
namespace_t src 
)

Copy mounts from one namespace to another.

Parameters
destThe destination namespace.
srcThe source namespace.
Returns
On success, 0. On failure, ERR and errno

Definition at line 287 of file namespace.c.

Here is the call graph for this function:
Here is the caller graph for this function:

◆ namespace_accessible()

bool namespace_accessible ( namespace_t ns,
namespace_t other 
)

Check if mounts in a namespace can be propagated to another namespace.

This is equivalent to checkin if other is a child of handle and is intended to be used for security checks.

If handle stores the same namespace as other, this will also return true.

Parameters
nsThe source namespace.
otherThe target namespace.
Returns
true if mounts can be propagated, false otherwise.

Definition at line 341 of file namespace.c.

Here is the call graph for this function:
Here is the caller graph for this function:

◆ namespace_rcu_traverse()

bool namespace_rcu_traverse ( namespace_t ns,
mount_t **  mount,
dentry_t **  dentry 
)

If the given path is a mountpoint in the namespace, traverse to the mounted filesystem in an RCU read critical section, else no-op.

Warning
Will not increase the reference count of the returned path's mount and dentry, the caller must ensure that they are not freed while in use.
Parameters
nsThe namespace containing the namespace to traverse.
mountThe output mount after traversal, may be unchanged if not traversed.
dentryThe output dentry after traversal, may be unchanged if not traversed.
Returns
true if the path was modified, false otherwise.

Definition at line 352 of file namespace.c.

Here is the call graph for this function:
Here is the caller graph for this function:

◆ namespace_mount()

mount_t * namespace_mount ( namespace_t ns,
path_t target,
filesystem_t fs,
const char *  options,
mode_t  mode,
void *  data 
)

Mount a filesystem in a namespace.

Parameters
nsThe namespace containing the namespace to mount to.
targetThe target path to mount to, can be NULL to mount to root.
fsThe filesystem to mount.
optionsA string containing filesystem defined key=value pairs, with multiple options separated by commas, or NULL.
flagsMount flags.
modeThe mode specifying permissions and mount behaviour.
privatePrivate data for the filesystem's mount function.
Returns
On success, the new mount. On failure, returns NULL and errno is set to:
  • EINVAL: Invalid parameters.
  • EIO: The filesystem returned a invalid root dentry.
  • EXDEV: The target path is not visible in the namespace.
  • ENODEV: The specified filesystem does not exist.
  • EBUSY: Attempt to mount to already existing root.
  • ENOMEM: Out of memory.
  • ENOENT: The root does not exist or the target is negative.
  • Other errors as returned by the filesystem's mount() operation or mount_new().

Definition at line 387 of file namespace.c.

Here is the call graph for this function:
Here is the caller graph for this function:

◆ namespace_bind()

mount_t * namespace_bind ( namespace_t ns,
path_t target,
path_t source,
mode_t  mode 
)

Bind a source path to a target path in a namespace.

Parameters
nsThe namespace containing the namespace to bind in.
targetThe target path to bind to, can be NULL to bind to root.
sourceThe source path to bind from, could be either a file or directory and from any filesystem.
modeThe mode specifying permissions and mount behaviour.
Returns
On success, the new mount. On failure, returns NULL and errno is set to:
  • EINVAL: Invalid parameters.
  • EACCES: The requested mode exceeds the maximum allowed permissions.
  • ENOMEM: Out of memory.
  • Other errors as returned by mount_new().

Definition at line 427 of file namespace.c.

Here is the call graph for this function:
Here is the caller graph for this function:

◆ namespace_unmount()

void namespace_unmount ( namespace_t ns,
mount_t mount,
mode_t  mode 
)

Remove a mount in a namespace.

Parameters
nsThe namespace containing the namespace to unmount from.
mountThe mount to remove.
modeThe mode specifying unmount behaviour.

Definition at line 459 of file namespace.c.

Here is the call graph for this function:
Here is the caller graph for this function:

◆ namespace_get_root()

void namespace_get_root ( namespace_t ns,
path_t out 
)

Get the root path of a namespace.

Parameters
nsThe namespace containing the namespace to get the root of.
outThe output root path, may be a invalid NULL path if the namespace is empty.

Definition at line 470 of file namespace.c.

Here is the call graph for this function:
Here is the caller graph for this function:

◆ namespace_rcu_get_root()

void namespace_rcu_get_root ( namespace_t ns,
mount_t **  mount,
dentry_t **  dentry 
)

Get the root mount of a namespace in an RCU read critical section.

Warning
Will not increase the reference count of the returned mount, the caller must ensure that the mount is not freed while in use.
Parameters
nsThe namespace containing the namespace to get the root mount of.
mountThe output root mount, may be NULL if the namespace is empty.
dentryThe output root dentry, may be NULL if the namespace is empty.

Definition at line 490 of file namespace.c.

Here is the call graph for this function:
Here is the caller graph for this function: