xref: /linux-6.15/include/linux/user_namespace.h (revision db86da7c) 
1 #ifndef _LINUX_USER_NAMESPACE_H
2 #define _LINUX_USER_NAMESPACE_H
3 
4 #include <linux/kref.h>
5 #include <linux/nsproxy.h>
6 #include <linux/sched.h>
7 #include <linux/err.h>
8 
9 #define UID_GID_MAP_MAX_EXTENTS 5
10 
11 struct uid_gid_map {	/* 64 bytes -- 1 cache line */
12 	u32 nr_extents;
13 	struct uid_gid_extent {
14 		u32 first;
15 		u32 lower_first;
16 		u32 count;
17 	} extent[UID_GID_MAP_MAX_EXTENTS];
18 };
19 
20 #define USERNS_SETGROUPS_ALLOWED 1UL
21 
22 #define USERNS_INIT_FLAGS USERNS_SETGROUPS_ALLOWED
23 
24 struct user_namespace {
25 	struct uid_gid_map	uid_map;
26 	struct uid_gid_map	gid_map;
27 	struct uid_gid_map	projid_map;
28 	atomic_t		count;
29 	struct user_namespace	*parent;
30 	int			level;
31 	kuid_t			owner;
32 	kgid_t			group;
33 	unsigned int		proc_inum;
34 	unsigned long		flags;
35 
36 	/* Register of per-UID persistent keyrings for this namespace */
37 #ifdef CONFIG_PERSISTENT_KEYRINGS
38 	struct key		*persistent_keyring_register;
39 	struct rw_semaphore	persistent_keyring_register_sem;
40 #endif
41 };
42 
43 extern struct user_namespace init_user_ns;
44 
45 #ifdef CONFIG_USER_NS
46 
47 static inline struct user_namespace *get_user_ns(struct user_namespace *ns)
48 {
49 	if (ns)
50 		atomic_inc(&ns->count);
51 	return ns;
52 }
53 
54 extern int create_user_ns(struct cred *new);
55 extern int unshare_userns(unsigned long unshare_flags, struct cred **new_cred);
56 extern void free_user_ns(struct user_namespace *ns);
57 
58 static inline void put_user_ns(struct user_namespace *ns)
59 {
60 	if (ns && atomic_dec_and_test(&ns->count))
61 		free_user_ns(ns);
62 }
63 
64 struct seq_operations;
65 extern const struct seq_operations proc_uid_seq_operations;
66 extern const struct seq_operations proc_gid_seq_operations;
67 extern const struct seq_operations proc_projid_seq_operations;
68 extern ssize_t proc_uid_map_write(struct file *, const char __user *, size_t, loff_t *);
69 extern ssize_t proc_gid_map_write(struct file *, const char __user *, size_t, loff_t *);
70 extern ssize_t proc_projid_map_write(struct file *, const char __user *, size_t, loff_t *);
71 extern ssize_t proc_setgroups_write(struct file *, const char __user *, size_t, loff_t *);
72 extern int proc_setgroups_show(struct seq_file *m, void *v);
73 extern bool userns_may_setgroups(const struct user_namespace *ns);
74 #else
75 
76 static inline struct user_namespace *get_user_ns(struct user_namespace *ns)
77 {
78 	return &init_user_ns;
79 }
80 
81 static inline int create_user_ns(struct cred *new)
82 {
83 	return -EINVAL;
84 }
85 
86 static inline int unshare_userns(unsigned long unshare_flags,
87 				 struct cred **new_cred)
88 {
89 	if (unshare_flags & CLONE_NEWUSER)
90 		return -EINVAL;
91 	return 0;
92 }
93 
94 static inline void put_user_ns(struct user_namespace *ns)
95 {
96 }
97 
98 static inline bool userns_may_setgroups(const struct user_namespace *ns)
99 {
100 	return true;
101 }
102 #endif
103 
104 #endif /* _LINUX_USER_H */
105