linux.git/kernel/nscommon.c, branch v6.18.21 Clone of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git nsfs: tighten permission checks for ns iteration ioctls 2026-03-25T10:10:33+00:00 Christian Brauner brauner@kernel.org 2026-03-17T20:02:24+00:00 2f3dea284c761c890d676f77d5e55c0c496b4ef4 [ Upstream commit e6b899f08066e744f89df16ceb782e06868bd148 ] Even privileged services should not necessarily be able to see other privileged service's namespaces so they can't leak information to each other. Use may_see_all_namespaces() helper that centralizes this policy until the nstree adapts. Link: https://patch.msgid.link/20260226-work-visibility-fixes-v1-1-d2c2853313bd@kernel.org Fixes: a1d220d9dafa ("nsfs: iterate through mount namespaces") Reviewed-by: Jeff Layton <jlayton@kernel.org> Cc: stable@kernel.org # v6.12+ Signed-off-by: Christian Brauner <brauner@kernel.org> [ context ] Signed-off-by: Sasha Levin <sashal@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
[ Upstream commit e6b899f08066e744f89df16ceb782e06868bd148 ]

Even privileged services should not necessarily be able to see other
privileged service's namespaces so they can't leak information to each
other. Use may_see_all_namespaces() helper that centralizes this policy
until the nstree adapts.

Link: https://patch.msgid.link/20260226-work-visibility-fixes-v1-1-d2c2853313bd@kernel.org
Fixes: a1d220d9dafa ("nsfs: iterate through mount namespaces")
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Cc: stable@kernel.org # v6.12+
Signed-off-by: Christian Brauner <brauner@kernel.org>
[ context ]
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
ns: drop assert 2025-09-25T07:23:54+00:00 Christian Brauner brauner@kernel.org 2025-09-24T11:34:00+00:00 af075603f27b0f6e05f1bdf64bad42fa7cfb033b Otherwise we warn when e.g., no namespaces are configured but the initial namespace for is still around. Reviewed-by: Jan Kara <jack@suse.cz> Signed-off-by: Christian Brauner <brauner@kernel.org> 
Otherwise we warn when e.g., no namespaces are configured but the
initial namespace for is still around.

Reviewed-by: Jan Kara <jack@suse.cz>
Signed-off-by: Christian Brauner <brauner@kernel.org>
ns: move ns type into struct ns_common 2025-09-25T07:23:54+00:00 Christian Brauner brauner@kernel.org 2025-09-24T11:33:59+00:00 4055526d35746ce8b04bfa5e14e14f28bb163186 It's misplaced in struct proc_ns_operations and ns->ops might be NULL if the namespace is compiled out but we still want to know the type of the namespace for the initial namespace struct. Reviewed-by: Jan Kara <jack@suse.cz> Signed-off-by: Christian Brauner <brauner@kernel.org> 
It's misplaced in struct proc_ns_operations and ns->ops might be NULL if
the namespace is compiled out but we still want to know the type of the
namespace for the initial namespace struct.

Reviewed-by: Jan Kara <jack@suse.cz>
Signed-off-by: Christian Brauner <brauner@kernel.org>
ns: add ns_debug() 2025-09-22T12:47:10+00:00 Christian Brauner brauner@kernel.org 2025-09-22T12:42:37+00:00 5890f504ef543190beae2a4e244bbfa7c3e0b57c Add ns_debug() that asserts that the correct operations are used for the namespace type. Reviewed-by: Jan Kara <jack@suse.cz> Signed-off-by: Christian Brauner <brauner@kernel.org> 
Add ns_debug() that asserts that the correct operations are used for the
namespace type.

Reviewed-by: Jan Kara <jack@suse.cz>
Signed-off-by: Christian Brauner <brauner@kernel.org>
ns: rename to __ns_ref 2025-09-19T14:22:38+00:00 Christian Brauner brauner@kernel.org 2025-09-18T10:11:59+00:00 024596a4e2802e457a9f92af79f246fa9631f8de Make it easier to grep and rename to ns_count. Reviewed-by: Jan Kara <jack@suse.cz> Signed-off-by: Christian Brauner <brauner@kernel.org> 
Make it easier to grep and rename to ns_count.

Reviewed-by: Jan Kara <jack@suse.cz>
Signed-off-by: Christian Brauner <brauner@kernel.org>
ns: add ns_common_free() 2025-09-19T14:22:36+00:00 Christian Brauner brauner@kernel.org 2025-09-17T10:28:08+00:00 be5f21d3985f00827e09b798f7a07ebd6dd7f54a And drop ns_free_inum(). Anything common that can be wasted centrally should be wasted in the new common helper. Reviewed-by: Jan Kara <jack@suse.cz> Signed-off-by: Christian Brauner <brauner@kernel.org> 
And drop ns_free_inum(). Anything common that can be wasted centrally
should be wasted in the new common helper.

Reviewed-by: Jan Kara <jack@suse.cz>
Signed-off-by: Christian Brauner <brauner@kernel.org>
nscommon: simplify initialization 2025-09-19T12:26:19+00:00 Christian Brauner brauner@kernel.org 2025-09-17T10:28:07+00:00 5612ff3ec588be09f11a9424db6d1186bcdeb3fa There's a lot of information that namespace implementers don't need to know about at all. Encapsulate this all in the initialization helper. Reviewed-by: Jan Kara <jack@suse.cz> Signed-off-by: Christian Brauner <brauner@kernel.org> 
There's a lot of information that namespace implementers don't need to
know about at all. Encapsulate this all in the initialization helper.

Reviewed-by: Jan Kara <jack@suse.cz>
Signed-off-by: Christian Brauner <brauner@kernel.org>
mnt: simplify ns_common_init() handling 2025-09-19T12:26:18+00:00 Christian Brauner brauner@kernel.org 2025-09-17T10:28:05+00:00 86cdbae5c61c6b8c0a2adc78dbbb0314b3254a9c Assign the reserved MNT_NS_ANON_INO sentinel to anonymous mount namespaces and cleanup the initial mount ns allocation. This is just a preparatory patch and the ns->inum check in ns_common_init() will be dropped in the next patch. Reviewed-by: Jan Kara <jack@suse.cz> Signed-off-by: Christian Brauner <brauner@kernel.org> 
Assign the reserved MNT_NS_ANON_INO sentinel to anonymous mount
namespaces and cleanup the initial mount ns allocation. This is just a
preparatory patch and the ns->inum check in ns_common_init() will be
dropped in the next patch.

Reviewed-by: Jan Kara <jack@suse.cz>
Signed-off-by: Christian Brauner <brauner@kernel.org>
nscommon: move to separate file 2025-09-19T12:26:18+00:00 Christian Brauner brauner@kernel.org 2025-09-17T10:28:02+00:00 f74ca6da113d5d4b21c00bb4da3f3c137162b4fe It's really awkward spilling the ns common infrastructure into multiple headers. Move it to a separate file. Reviewed-by: Jan Kara <jack@suse.cz> Signed-off-by: Christian Brauner <brauner@kernel.org> 
It's really awkward spilling the ns common infrastructure into multiple
headers. Move it to a separate file.

Reviewed-by: Jan Kara <jack@suse.cz>
Signed-off-by: Christian Brauner <brauner@kernel.org>