)]}' { "log": [ { "commit": "9984de1a5a8a96275fcab818f7419af5a3c86e71", "tree": "1935d411752707a1621c5caf64f75dfe105beb3a", "parents": [ "7c77509c542927ee2a3c8812fad84957e51bf67d" ], "author": { "name": "Paul Gortmaker", "email": "paul.gortmaker@windriver.com", "time": "Mon May 23 14:51:41 2011 -0400" }, "committer": { "name": "Paul Gortmaker", "email": "paul.gortmaker@windriver.com", "time": "Mon Oct 31 09:20:12 2011 -0400" }, "message": "kernel: Map most files to use export.h instead of module.h\n\nThe changed files were only including linux/module.h for the\nEXPORT_SYMBOL infrastructure, and nothing else. Revector them\nonto the isolated export header for faster compile times.\n\nNothing to see here but a whole lot of instances of:\n\n -#include \u003clinux/module.h\u003e\n +#include \u003clinux/export.h\u003e\n\nThis commit is only changing the kernel dir; next targets\nwill probably be mm, fs, the arch dirs, etc.\n\nSigned-off-by: Paul Gortmaker \u003cpaul.gortmaker@windriver.com\u003e\n" }, { "commit": "6657719390cd05be45f4e3b501d8bb46889c0a19", "tree": "8d2d97f645b05badd134526659f5d9adc7ab9234", "parents": [ "1ba106818615faddb63ba782f85f3498b9eb61c6" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jun 28 15:41:10 2011 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Jul 20 01:44:07 2011 -0400" }, "message": "make sure that nsproxy_cache is initialized early enough\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "a77aea92010acf54ad785047234418d5d68772e2", "tree": "c7cb57b62fd02bee2baceb79251923f7caec6139", "parents": [ "d846687d7f84e45f23ecf3846dbb43312a1206dd" ], "author": { "name": "Daniel Lezcano", "email": "daniel.lezcano@free.fr", "time": "Thu May 26 16:25:23 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu May 26 17:12:34 2011 -0700" }, "message": "cgroup: remove the ns_cgroup\n\nThe ns_cgroup is an annoying cgroup at the namespace / cgroup frontier and\nleads to some problems:\n\n * cgroup creation is out-of-control\n * cgroup name can conflict when pids are looping\n * it is not possible to have a single process handling a lot of\n namespaces without falling in a exponential creation time\n * we may want to create a namespace without creating a cgroup\n\n The ns_cgroup was replaced by a compatibility flag \u0027clone_children\u0027,\n where a newly created cgroup will copy the parent cgroup values.\n The userspace has to manually create a cgroup and add a task to\n the \u0027tasks\u0027 file.\n\nThis patch removes the ns_cgroup as suggested in the following thread:\n\nhttps://lists.linux-foundation.org/pipermail/containers/2009-June/018616.html\n\nThe \u0027cgroup_clone\u0027 function is removed because it is no longer used.\n\nThis is a userspace-visible change. Commit 45531757b45c (\"cgroup: notify\nns_cgroup deprecated\") (merged into 2.6.27) caused the kernel to emit a\nprintk warning users that the feature is planned for removal. Since that\ntime we have heard from XXX users who were affected by this.\n\nSigned-off-by: Daniel Lezcano \u003cdaniel.lezcano@free.fr\u003e\nSigned-off-by: Serge E. Hallyn \u003cserge.hallyn@canonical.com\u003e\nCc: Eric W. Biederman \u003cebiederm@xmission.com\u003e\nCc: Jamal Hadi Salim \u003chadi@cyberus.ca\u003e\nReviewed-by: Li Zefan \u003clizf@cn.fujitsu.com\u003e\nAcked-by: Paul Menage \u003cmenage@google.com\u003e\nAcked-by: Matt Helsley \u003cmatthltc@us.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "0663c6f8fa37d777ede74ff991a0cba3a42fcbd7", "tree": "83275d8fd4e0bcc9cb8fdde5c15bb5e4bead92fd", "parents": [ "6b4e306aa3dc94a0545eb9279475b1ab6209a31f" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Sun Mar 07 17:48:52 2010 -0800" }, "committer": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Tue May 10 14:32:56 2011 -0700" }, "message": "ns: Introduce the setns syscall\n\nWith the networking stack today there is demand to handle\nmultiple network stacks at a time. Not in the context\nof containers but in the context of people doing interesting\nthings with routing.\n\nThere is also demand in the context of containers to have\nan efficient way to execute some code in the container itself.\nIf nothing else it is very useful ad a debugging technique.\n\nBoth problems can be solved by starting some form of login\ndaemon in the namespaces people want access to, or you\ncan play games by ptracing a process and getting the\ntraced process to do things you want it to do. However\nit turns out that a login daemon or a ptrace puppet\ncontroller are more code, they are more prone to\nfailure, and generally they are less efficient than\nsimply changing the namespace of a process to a\nspecified one.\n\nPieces of this puzzle can also be solved by instead of\ncoming up with a general purpose system call coming up\nwith targed system calls perhaps socketat that solve\na subset of the larger problem. Overall that appears\nto be more work for less reward.\n\nint setns(int fd, int nstype);\n\nThe fd argument is a file descriptor referring to a proc\nfile of the namespace you want to switch the process to.\n\nIn the setns system call the nstype is 0 or specifies\nan clone flag of the namespace you intend to change\nto prevent changing a namespace unintentionally.\n\nv2: Most of the architecture support added by Daniel Lezcano \u003cdlezcano@fr.ibm.com\u003e\nv3: ported to v2.6.36-rc4 by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\nv4: Moved wiring up of the system call to another patch\nv5: Cleaned up the system call arguments\n - Changed the order.\n - Modified nstype to take the standard clone flags.\nv6: Added missing error handling as pointed out by Matt Helsley \u003cmatthltc@us.ibm.com\u003e\n\nAcked-by: Daniel Lezcano \u003cdaniel.lezcano@free.fr\u003e\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\n" }, { "commit": "b0e77598f87107001a00b8a4ece9c95e4254ccc4", "tree": "2738276570e4faa7c92a64521c192f04dca93801", "parents": [ "b515498f5bb5f38fc0e390b4ff7d00b6077de127" ], "author": { "name": "Serge E. Hallyn", "email": "serge@hallyn.com", "time": "Wed Mar 23 16:43:24 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 23 19:47:08 2011 -0700" }, "message": "userns: user namespaces: convert several capable() calls\n\nCAP_IPC_OWNER and CAP_IPC_LOCK can be checked against current_user_ns(),\nbecause the resource comes from current\u0027s own ipc namespace.\n\nsetuid/setgid are to uids in own namespace, so again checks can be against\ncurrent_user_ns().\n\nChangelog:\n\tJan 11: Use task_ns_capable() in place of sched_capable().\n\tJan 11: Use nsown_capable() as suggested by Bastian Blank.\n\tJan 11: Clarify (hopefully) some logic in futex and sched.c\n\tFeb 15: use ns_capable for ipc, not nsown_capable\n\tFeb 23: let copy_ipcs handle setting ipc_ns-\u003euser_ns\n\tFeb 23: pass ns down rather than taking it from current\n\n[akpm@linux-foundation.org: coding-style fixes]\nSigned-off-by: Serge E. Hallyn \u003cserge.hallyn@canonical.com\u003e\nAcked-by: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nAcked-by: Daniel Lezcano \u003cdaniel.lezcano@free.fr\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "b515498f5bb5f38fc0e390b4ff7d00b6077de127", "tree": "b76dfc56415adee9aec5d8619124059ed3ab02a5", "parents": [ "fc832ad3645f0507f24d11752544525a50a83c71" ], "author": { "name": "Serge E. Hallyn", "email": "serge@hallyn.com", "time": "Wed Mar 23 16:43:23 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 23 19:47:07 2011 -0700" }, "message": "userns: add a user namespace owner of ipc ns\n\nChangelog:\n\tFeb 15: Don\u0027t set new ipc-\u003euser_ns if we didn\u0027t create a new\n\t\tipc_ns.\n\tFeb 23: Move extern declaration to ipc_namespace.h, and group\n\t\tfwd declarations at top.\n\nSigned-off-by: Serge E. Hallyn \u003cserge.hallyn@canonical.com\u003e\nAcked-by: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nAcked-by: Daniel Lezcano \u003cdaniel.lezcano@free.fr\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "bb96a6f50be27390dc959ff67d9ea0ea0cfbe177", "tree": "478253434235baeb1e4760a25c0a0f01293fbb8a", "parents": [ "3486740a4f32a6a466f5ac931654d154790ba648" ], "author": { "name": "Serge E. Hallyn", "email": "serge@hallyn.com", "time": "Wed Mar 23 16:43:18 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 23 19:47:03 2011 -0700" }, "message": "userns: allow sethostname in a container\n\nChangelog:\n\tFeb 23: let clone_uts_ns() handle setting uts-\u003euser_ns\n\t\tTo do so we need to pass in the task_struct who\u0027ll\n\t\tget the utsname, so we can get its user_ns.\n\tFeb 23: As per Oleg\u0027s coment, just pass in tsk, instead of two\n\t\tof its members.\n\nSigned-off-by: Serge E. Hallyn \u003cserge.hallyn@canonical.com\u003e\nAcked-by: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nAcked-by: Daniel Lezcano \u003cdaniel.lezcano@free.fr\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "59607db367c57f515183cb203642291bb14d9c40", "tree": "9097cfc3a72820c5624de6a24c9fa9cf28b6cb35", "parents": [ "52e9fc76d0d4b1e8adeee736172c6c23180059b2" ], "author": { "name": "Serge E. Hallyn", "email": "serge@hallyn.com", "time": "Wed Mar 23 16:43:16 2011 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Mar 23 19:46:59 2011 -0700" }, "message": "userns: add a user_namespace as creator/owner of uts_namespace\n\nThe expected course of development for user namespaces targeted\ncapabilities is laid out at https://wiki.ubuntu.com/UserNamespace.\n\nGoals:\n\n- Make it safe for an unprivileged user to unshare namespaces. They\n will be privileged with respect to the new namespace, but this should\n only include resources which the unprivileged user already owns.\n\n- Provide separate limits and accounting for userids in different\n namespaces.\n\nStatus:\n\n Currently (as of 2.6.38) you can clone with the CLONE_NEWUSER flag to\n get a new user namespace if you have the CAP_SYS_ADMIN, CAP_SETUID, and\n CAP_SETGID capabilities. What this gets you is a whole new set of\n userids, meaning that user 500 will have a different \u0027struct user\u0027 in\n your namespace than in other namespaces. So any accounting information\n stored in struct user will be unique to your namespace.\n\n However, throughout the kernel there are checks which\n\n - simply check for a capability. Since root in a child namespace\n has all capabilities, this means that a child namespace is not\n constrained.\n\n - simply compare uid1 \u003d\u003d uid2. Since these are the integer uids,\n uid 500 in namespace 1 will be said to be equal to uid 500 in\n namespace 2.\n\n As a result, the lxc implementation at lxc.sf.net does not use user\n namespaces. This is actually helpful because it leaves us free to\n develop user namespaces in such a way that, for some time, user\n namespaces may be unuseful.\n\nBugs aside, this patchset is supposed to not at all affect systems which\nare not actively using user namespaces, and only restrict what tasks in\nchild user namespace can do. They begin to limit privilege to a user\nnamespace, so that root in a container cannot kill or ptrace tasks in the\nparent user namespace, and can only get world access rights to files.\nSince all files currently belong to the initila user namespace, that means\nthat child user namespaces can only get world access rights to *all*\nfiles. While this temporarily makes user namespaces bad for system\ncontainers, it starts to get useful for some sandboxing.\n\nI\u0027ve run the \u0027runltplite.sh\u0027 with and without this patchset and found no\ndifference.\n\nThis patch:\n\ncopy_process() handles CLONE_NEWUSER before the rest of the namespaces.\nSo in the case of clone(CLONE_NEWUSER|CLONE_NEWUTS) the new uts namespace\nwill have the new user namespace as its owner. That is what we want,\nsince we want root in that new userns to be able to have privilege over\nit.\n\nChangelog:\n\tFeb 15: don\u0027t set uts_ns-\u003euser_ns if we didn\u0027t create\n\t\ta new uts_ns.\n\tFeb 23: Move extern init_user_ns declaration from\n\t\tinit/version.c to utsname.h.\n\nSigned-off-by: Serge E. Hallyn \u003cserge.hallyn@canonical.com\u003e\nAcked-by: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nAcked-by: Daniel Lezcano \u003cdaniel.lezcano@free.fr\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "5a0e3ad6af8660be21ca98a971cd00f331318c05", "tree": "5bfb7be11a03176a87296a43ac6647975c00a1d1", "parents": [ "ed391f4ebf8f701d3566423ce8f17e614cde9806" ], "author": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Wed Mar 24 17:04:11 2010 +0900" }, "committer": { "name": "Tejun Heo", "email": "tj@kernel.org", "time": "Tue Mar 30 22:02:32 2010 +0900" }, "message": "include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h\n\npercpu.h is included by sched.h and module.h and thus ends up being\nincluded when building most .c files. percpu.h includes slab.h which\nin turn includes gfp.h making everything defined by the two files\nuniversally available and complicating inclusion dependencies.\n\npercpu.h -\u003e slab.h dependency is about to be removed. Prepare for\nthis change by updating users of gfp and slab facilities include those\nheaders directly instead of assuming availability. As this conversion\nneeds to touch large number of source files, the following script is\nused as the basis of conversion.\n\n http://userweb.kernel.org/~tj/misc/slabh-sweep.py\n\nThe script does the followings.\n\n* Scan files for gfp and slab usages and update includes such that\n only the necessary includes are there. ie. if only gfp is used,\n gfp.h, if slab is used, slab.h.\n\n* When the script inserts a new include, it looks at the include\n blocks and try to put the new include such that its order conforms\n to its surrounding. It\u0027s put in the include block which contains\n core kernel includes, in the same order that the rest are ordered -\n alphabetical, Christmas tree, rev-Xmas-tree or at the end if there\n doesn\u0027t seem to be any matching order.\n\n* If the script can\u0027t find a place to put a new include (mostly\n because the file doesn\u0027t have fitting include block), it prints out\n an error message indicating which .h file needs to be added to the\n file.\n\nThe conversion was done in the following steps.\n\n1. The initial automatic conversion of all .c files updated slightly\n over 4000 files, deleting around 700 includes and adding ~480 gfp.h\n and ~3000 slab.h inclusions. The script emitted errors for ~400\n files.\n\n2. Each error was manually checked. Some didn\u0027t need the inclusion,\n some needed manual addition while adding it to implementation .h or\n embedding .c file was more appropriate for others. This step added\n inclusions to around 150 files.\n\n3. The script was run again and the output was compared to the edits\n from #2 to make sure no file was left behind.\n\n4. Several build tests were done and a couple of problems were fixed.\n e.g. lib/decompress_*.c used malloc/free() wrappers around slab\n APIs requiring slab.h to be added manually.\n\n5. The script was run on all .h files but without automatically\n editing them as sprinkling gfp.h and slab.h inclusions around .h\n files could easily lead to inclusion dependency hell. Most gfp.h\n inclusion directives were ignored as stuff from gfp.h was usually\n wildly available and often used in preprocessor macros. Each\n slab.h inclusion directive was examined and added manually as\n necessary.\n\n6. percpu.h was updated not to include slab.h.\n\n7. Build test were done on the following configurations and failures\n were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my\n distributed build env didn\u0027t work with gcov compiles) and a few\n more options had to be turned off depending on archs to make things\n build (like ipr on powerpc/64 which failed due to missing writeq).\n\n * x86 and x86_64 UP and SMP allmodconfig and a custom test config.\n * powerpc and powerpc64 SMP allmodconfig\n * sparc and sparc64 SMP allmodconfig\n * ia64 SMP allmodconfig\n * s390 SMP allmodconfig\n * alpha SMP allmodconfig\n * um on x86_64 SMP allmodconfig\n\n8. percpu.h modifications were reverted so that it could be applied as\n a separate patch and serve as bisection point.\n\nGiven the fact that I had only a couple of failures from tests on step\n6, I\u0027m fairly confident about the coverage of this conversion patch.\nIf there is a breakage, it\u0027s likely to be something in one of the arch\nheaders which should be easily discoverable easily on most builds of\nthe specific arch.\n\nSigned-off-by: Tejun Heo \u003ctj@kernel.org\u003e\nGuess-its-ok-by: Christoph Lameter \u003ccl@linux-foundation.org\u003e\nCc: Ingo Molnar \u003cmingo@redhat.com\u003e\nCc: Lee Schermerhorn \u003cLee.Schermerhorn@hp.com\u003e\n" }, { "commit": "8467005da3ef6104b89a4cc5e9c9d9445b75565f", "tree": "e21eb9f439a9e17e66d90c691f400db3a5b0c54d", "parents": [ "13aa9a6b0f2371d2ce0de57c2ede62ab7a787157" ], "author": { "name": "Alexey Dobriyan", "email": "adobriyan@gmail.com", "time": "Wed Mar 10 15:23:10 2010 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Mar 12 15:52:40 2010 -0800" }, "message": "nsproxy: remove INIT_NSPROXY()\n\nRemove INIT_NSPROXY(), use C99 initializer.\nRemove INIT_IPC_NS(), INIT_NET_NS() while I\u0027m at it.\n\nNote: headers trim will be done later, now it\u0027s quite pointless because\nresults will be invalidated by merge window.\n\nSigned-off-by: Alexey Dobriyan \u003cadobriyan@gmail.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "90af90d7d3a7411db64860c9d6e5798ff87cad08", "tree": "84f9c68edb231d6b64d2b24add4d7bedcb5a4aa8", "parents": [ "612ce478fac2729ad564ec3f5d3c551674b8e9c2" ], "author": { "name": "Alexey Dobriyan", "email": "adobriyan@gmail.com", "time": "Wed Jun 17 16:27:56 2009 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Jun 18 13:03:56 2009 -0700" }, "message": "nsproxy: extract create_nsproxy()\n\nclone_nsproxy() does useless copying of old nsproxy -- every pointer will\nbe rewritten to new ns or to old ns. Remove copying, rename\nclone_nsproxy(), create_nsproxy() will be used by C/R code to create fresh\nnsproxy on restart.\n\nSigned-off-by: Alexey Dobriyan \u003cadobriyan@gmail.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nCc: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "18b6e0414e42d95183f07d8177e3ff0241abd825", "tree": "91ca2f2d442055e31eb7bb551bf7060f3f4c4cc7", "parents": [ "9789cfe22e5d7bc10cad841a4ea96ecedb34b267" ], "author": { "name": "Serge Hallyn", "email": "serue@us.ibm.com", "time": "Wed Oct 15 16:38:45 2008 -0500" }, "committer": { "name": "Serge E. Hallyn", "email": "serue@us.ibm.com", "time": "Mon Nov 24 18:57:41 2008 -0500" }, "message": "User namespaces: set of cleanups (v2)\n\nThe user_ns is moved from nsproxy to user_struct, so that a struct\ncred by itself is sufficient to determine access (which it otherwise\nwould not be). Corresponding ecryptfs fixes (by David Howells) are\nhere as well.\n\nFix refcounting. The following rules now apply:\n 1. The task pins the user struct.\n 2. The user struct pins its user namespace.\n 3. The user namespace pins the struct user which created it.\n\nUser namespaces are cloned during copy_creds(). Unsharing a new user_ns\nis no longer possible. (We could re-add that, but it\u0027ll cause code\nduplication and doesn\u0027t seem useful if PAM doesn\u0027t need to clone user\nnamespaces).\n\nWhen a user namespace is created, its first user (uid 0) gets empty\nkeyrings and a clean group_info.\n\nThis incorporates a previous patch by David Howells. Here\nis his original patch description:\n\n\u003eI suggest adding the attached incremental patch. It makes the following\n\u003echanges:\n\u003e\n\u003e (1) Provides a current_user_ns() macro to wrap accesses to current\u0027s user\n\u003e namespace.\n\u003e\n\u003e (2) Fixes eCryptFS.\n\u003e\n\u003e (3) Renames create_new_userns() to create_user_ns() to be more consistent\n\u003e with the other associated functions and because the \u0027new\u0027 in the name is\n\u003e superfluous.\n\u003e\n\u003e (4) Moves the argument and permission checks made for CLONE_NEWUSER to the\n\u003e beginning of do_fork() so that they\u0027re done prior to making any attempts\n\u003e at allocation.\n\u003e\n\u003e (5) Calls create_user_ns() after prepare_creds(), and gives it the new creds\n\u003e to fill in rather than have it return the new root user. I don\u0027t imagine\n\u003e the new root user being used for anything other than filling in a cred\n\u003e struct.\n\u003e\n\u003e This also permits me to get rid of a get_uid() and a free_uid(), as the\n\u003e reference the creds were holding on the old user_struct can just be\n\u003e transferred to the new namespace\u0027s creator pointer.\n\u003e\n\u003e (6) Makes create_user_ns() reset the UIDs and GIDs of the creds under\n\u003e preparation rather than doing it in copy_creds().\n\u003e\n\u003eDavid\n\n\u003eSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\n\nChangelog:\n\tOct 20: integrate dhowells comments\n\t\t1. leave thread_keyring alone\n\t\t2. use current_user_ns() in set_user()\n\nSigned-off-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\n" }, { "commit": "7a8fc9b248e77a4eab0613acf30a6811799786b3", "tree": "24b3beb8bc0633db27ffdb791f94dce95d51b1d0", "parents": [ "d3ee1b405872214609868f3cde631ac157026dd0" ], "author": { "name": "Adrian Bunk", "email": "bunk@kernel.org", "time": "Sun Aug 17 17:36:59 2008 +0300" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Aug 23 12:14:12 2008 -0700" }, "message": "removed unused #include \u003clinux/version.h\u003e\u0027s\n\nThis patch lets the files using linux/version.h match the files that\n#include it.\n\nSigned-off-by: Adrian Bunk \u003cbunk@kernel.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "e885dcde75685e09f23cffae1f6d5169c105b8a0", "tree": "711a91e83fad632c194700839d3e47631aee677a", "parents": [ "856c13aa1ff6136c1968414fdea5938ea9d5ebf2" ], "author": { "name": "Serge E. Hallyn", "email": "serue@us.ibm.com", "time": "Fri Jul 25 01:47:06 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Jul 25 10:53:37 2008 -0700" }, "message": "cgroup_clone: use pid of newly created task for new cgroup\n\ncgroup_clone creates a new cgroup with the pid of the task. This works\ncorrectly for unshare, but for clone cgroup_clone is called from\ncopy_namespaces inside copy_process, which happens before the new pid is\ncreated. As a result, the new cgroup was created with current\u0027s pid.\nThis patch:\n\n\t1. Moves the call inside copy_process to after the new pid\n\t is created\n\t2. Passes the struct pid into ns_cgroup_clone (as it is not\n\t yet attached to the task)\n\t3. Passes a name from ns_cgroup_clone() into cgroup_clone()\n\t so as to keep cgroup_clone() itself simpler\n\t4. Uses pid_vnr() to get the process id value, so that the\n\t pid used to name the new cgroup is always the pid as it\n\t would be known to the task which did the cloning or\n\t unsharing. I think that is the most intuitive thing to\n\t do. This way, task t1 does clone(CLONE_NEWPID) to get\n\t t2, which does clone(CLONE_NEWPID) to get t3, then the\n\t cgroup for t3 will be named for the pid by which t2 knows\n\t t3.\n\n(Thanks to Dan Smith for finding the main bug)\n\nChangelog:\n\tJune 11: Incorporate Paul Menage\u0027s feedback: don\u0027t pass\n\t NULL to ns_cgroup_clone from unshare, and reduce\n\t\t patch size by using \u0027nodename\u0027 in cgroup_clone.\n\tJune 10: Original version\n\n[akpm@linux-foundation.org: build fix]\n[akpm@linux-foundation.org: coding-style fixes]\nSigned-off-by: Serge Hallyn \u003cserge@us.ibm.com\u003e\nAcked-by: Paul Menage \u003cmenage@google.com\u003e\nTested-by: Dan Smith \u003cdanms@us.ibm.com\u003e\nCc: Balbir Singh \u003cbalbir@in.ibm.com\u003e\nCc: KAMEZAWA Hiroyuki \u003ckamezawa.hiroyu@jp.fujitsu.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "02fdb36ae7f55db7757b623acd27a62d5000d755", "tree": "9d96036a7ee174a2828fbb7497a9f365f4f148a1", "parents": [ "6013f67fc1a4c7fa5bcab2d39c1eaa3e260c7ac1" ], "author": { "name": "Serge E. Hallyn", "email": "serue@us.ibm.com", "time": "Tue Apr 29 01:01:00 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 29 08:06:14 2008 -0700" }, "message": "ipc: sysvsem: refuse clone(CLONE_SYSVSEM|CLONE_NEWIPC)\n\nCLONE_NEWIPC|CLONE_SYSVSEM interaction isn\u0027t handled properly. This can cause\na kernel memory corruption. CLONE_NEWIPC must detach from the existing undo\nlists.\n\nFix, part 3: refuse clone(CLONE_SYSVSEM|CLONE_NEWIPC).\n\nWith unshare, specifying CLONE_SYSVSEM means unshare the sysvsem. So it seems\nreasonable that CLONE_NEWIPC without CLONE_SYSVSEM would just imply\nCLONE_SYSVSEM.\n\nHowever with clone, specifying CLONE_SYSVSEM means *share* the sysvsem. So\ncalling clone(CLONE_SYSVSEM|CLONE_NEWIPC) is explicitly asking for something\nwe can\u0027t allow. So return -EINVAL in that case.\n\n[akpm@linux-foundation.org: cleanups]\nSigned-off-by: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nCc: Manfred Spraul \u003cmanfred@colorfullife.com\u003e\nAcked-by: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nCc: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nCc: Michael Kerrisk \u003cmtk.manpages@googlemail.com\u003e\nCc: Pierre Peiffer \u003cpeifferp@gmail.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "ae5e1b22f17983da929a0d0178896269e19da186", "tree": "e9937e2060167a430cf90955327d1a5a2e7b2303", "parents": [ "58bfdd6deeec02b73691ea2c951a3c5d743bca63" ], "author": { "name": "Pavel Emelyanov", "email": "xemul@openvz.org", "time": "Fri Feb 08 04:18:22 2008 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Fri Feb 08 09:22:23 2008 -0800" }, "message": "namespaces: move the IPC namespace under IPC_NS option\n\nCurrently the IPC namespace management code is spread over the ipc/*.c files.\nI moved this code into ipc/namespace.c file which is compiled out when needed.\n\nThe linux/ipc_namespace.h file is used to store the prototypes of the\nfunctions in namespace.c and the stubs for NAMESPACES\u003dn case. This is done\nso, because the stub for copy_ipc_namespace requires the knowledge of the\nCLONE_NEWIPC flag, which is in sched.h. But the linux/ipc.h file itself in\nincluded into many many .c files via the sys.h-\u003esem.h sequence so adding the\nsched.h into it will make all these .c depend on sched.h which is not that\ngood. On the other hand the knowledge about the namespaces stuff is required\nin 4 .c files only.\n\nBesides, this patch compiles out some auxiliary functions from ipc/sem.c,\nmsg.c and shm.c files. It turned out that moving these functions into\nnamespaces.c is not that easy because they use many other calls and macros\nfrom the original file. Moving them would make this patch complicated. On\nthe other hand all these functions can be consolidated, so I will send a\nseparate patch doing this a bit later.\n\nSigned-off-by: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Cedric Le Goater \u003cclg@fr.ibm.com\u003e\nCc: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nCc: Herbert Poetzl \u003cherbert@13thfloor.at\u003e\nCc: Kirill Korotaev \u003cdev@sw.ru\u003e\nCc: Sukadev Bhattiprolu \u003csukadev@us.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "30e49c263e36341b60b735cbef5ca37912549264", "tree": "103e74c41db97476ae38cdd4ffc18e4da03f28e8", "parents": [ "b461cc03828c743aed6b3855b9ab0d39a9d54ec5" ], "author": { "name": "Pavel Emelyanov", "email": "xemul@openvz.org", "time": "Thu Oct 18 23:40:10 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Fri Oct 19 11:53:39 2007 -0700" }, "message": "pid namespaces: allow cloning of new namespace\n\nWhen clone() is invoked with CLONE_NEWPID, create a new pid namespace and then\ncreate a new struct pid for the new process. Allocate pid_t\u0027s for the new\nprocess in the new pid namespace and all ancestor pid namespaces. Make the\nnewly cloned process the session and process group leader.\n\nSince the active pid namespace is special and expected to be the first entry\nin pid-\u003eupid_list, preserve the order of pid namespaces.\n\nThe size of \u0027struct pid\u0027 is dependent on the the number of pid namespaces the\nprocess exists in, so we use multiple pid-caches\u0027. Only one pid cache is\ncreated during system startup and this used by processes that exist only in\ninit_pid_ns.\n\nWhen a process clones its pid namespace, we create additional pid caches as\nnecessary and use the pid cache to allocate \u0027struct pids\u0027 for that depth.\n\nNote, that with this patch the newly created namespace won\u0027t work, since the\nrest of the kernel still uses global pids, but this is to be fixed soon. Init\npid namespace still works.\n\n[oleg@tv-sign.ru: merge fix]\nSigned-off-by: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nSigned-off-by: Sukadev Bhattiprolu \u003csukadev@us.ibm.com\u003e\nCc: Paul Menage \u003cmenage@google.com\u003e\nCc: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nCc: Oleg Nesterov \u003coleg@tv-sign.ru\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "cf7b708c8d1d7a27736771bcf4c457b332b0f818", "tree": "10f80257b052313b283f18ddfe35145882e0b47f", "parents": [ "a6f5e06378970a2687332c2d54046245fcff1e7e" ], "author": { "name": "Pavel Emelyanov", "email": "xemul@openvz.org", "time": "Thu Oct 18 23:39:54 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Fri Oct 19 11:53:37 2007 -0700" }, "message": "Make access to task\u0027s nsproxy lighter\n\nWhen someone wants to deal with some other taks\u0027s namespaces it has to lock\nthe task and then to get the desired namespace if the one exists. This is\nslow on read-only paths and may be impossible in some cases.\n\nE.g. Oleg recently noticed a race between unshare() and the (sent for\nreview in cgroups) pid namespaces - when the task notifies the parent it\nhas to know the parent\u0027s namespace, but taking the task_lock() is\nimpossible there - the code is under write locked tasklist lock.\n\nOn the other hand switching the namespace on task (daemonize) and releasing\nthe namespace (after the last task exit) is rather rare operation and we\ncan sacrifice its speed to solve the issues above.\n\nThe access to other task namespaces is proposed to be performed\nlike this:\n\n rcu_read_lock();\n nsproxy \u003d task_nsproxy(tsk);\n if (nsproxy !\u003d NULL) {\n / *\n * work with the namespaces here\n * e.g. get the reference on one of them\n * /\n } / *\n * NULL task_nsproxy() means that this task is\n * almost dead (zombie)\n * /\n rcu_read_unlock();\n\nThis patch has passed the review by Eric and Oleg :) and,\nof course, tested.\n\n[clg@fr.ibm.com: fix unshare()]\n[ebiederm@xmission.com: Update get_net_ns_by_pid]\nSigned-off-by: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\nCc: Oleg Nesterov \u003coleg@tv-sign.ru\u003e\nCc: Paul E. McKenney \u003cpaulmck@linux.vnet.ibm.com\u003e\nCc: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: Cedric Le Goater \u003cclg@fr.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "2894d650cd9715d00ca196c711265819ef6ebd2d", "tree": "dbfe07c3276c2b6aa7d9a4be633da7fa1e12d97b", "parents": [ "baf8f0f82dd79e374bf6fa9e996393df2bae3c21" ], "author": { "name": "Sukadev Bhattiprolu", "email": "sukadev@us.ibm.com", "time": "Thu Oct 18 23:39:49 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Fri Oct 19 11:53:37 2007 -0700" }, "message": "pid namespaces: define and use task_active_pid_ns() wrapper\n\nWith multiple pid namespaces, a process is known by some pid_t in every\nancestor pid namespace. Every time the process forks, the child process also\ngets a pid_t in every ancestor pid namespace.\n\nWhile a process is visible in \u003e\u003d1 pid namespaces, it can see pid_t\u0027s in only\none pid namespace. We call this pid namespace it\u0027s \"active pid namespace\",\nand it is always the youngest pid namespace in which the process is known.\n\nThis patch defines and uses a wrapper to find the active pid namespace of a\nprocess. The implementation of the wrapper will be changed in when support\nfor multiple pid namespaces are added.\n\nChangelog:\n\t2.6.22-rc4-mm2-pidns1:\n\t- [Pavel Emelianov, Alexey Dobriyan] Back out the change to use\n\t task_active_pid_ns() in child_reaper() since task-\u003ensproxy\n\t can be NULL during task exit (so child_reaper() continues to\n\t use init_pid_ns).\n\n\t to implement child_reaper() since init_pid_ns.child_reaper to\n\t implement child_reaper() since tsk-\u003ensproxy can be NULL during exit.\n\n\t2.6.21-rc6-mm1:\n\t- Rename task_pid_ns() to task_active_pid_ns() to reflect that a\n\t process can have multiple pid namespaces.\n\nSigned-off-by: Sukadev Bhattiprolu \u003csukadev@us.ibm.com\u003e\nAcked-by: Pavel Emelianov \u003cxemul@openvz.org\u003e\nCc: Eric W. Biederman \u003cebiederm@xmission.com\u003e\nCc: Cedric Le Goater \u003cclg@fr.ibm.com\u003e\nCc: Dave Hansen \u003chaveblue@us.ibm.com\u003e\nCc: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Herbert Poetzel \u003cherbert@13thfloor.at\u003e\nCc: Kirill Korotaev \u003cdev@sw.ru\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "858d72ead4864da0fb0b89b919524125ce998e27", "tree": "19ea321ca3b505efecb2053a829daf89a6a22529", "parents": [ "846c7bb055747989891f5cd2bb6e8d56243ba1e7" ], "author": { "name": "Serge E. Hallyn", "email": "serue@us.ibm.com", "time": "Thu Oct 18 23:39:45 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Fri Oct 19 11:53:37 2007 -0700" }, "message": "cgroups: implement namespace tracking subsystem\n\nWhen a task enters a new namespace via a clone() or unshare(), a new cgroup\nis created and the task moves into it.\n\nThis version names cgroups which are automatically created using\ncgroup_clone() as \"node_\u003cpid\u003e\" where pid is the pid of the unsharing or\ncloned process. (Thanks Pavel for the idea) This is safe because if the\nprocess unshares again, it will create\n\n\t/cgroups/(...)/node_\u003cpid\u003e/node_\u003cpid\u003e\n\nThe only possibilities (AFAICT) for a -EEXIST on unshare are\n\n\t1. pid wraparound\n\t2. a process fails an unshare, then tries again.\n\nCase 1 is unlikely enough that I ignore it (at least for now). In case 2, the\nnode_\u003cpid\u003e will be empty and can be rmdir\u0027ed to make the subsequent unshare()\nsucceed.\n\nChangelog:\n\tName cloned cgroups as \"node_\u003cpid\u003e\".\n\n[clg@fr.ibm.com: fix order of cgroup subsystems in init/Kconfig]\nSigned-off-by: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nCc: Paul Menage \u003cmenage@google.com\u003e\nSigned-off-by: Cedric Le Goater \u003cclg@fr.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "db8906da596708865a2ead6a8c2af090255ca549", "tree": "f8882fd724c7972b0042b7fc6dcb9831c5cc2e3d", "parents": [ "1efd24fa05976ea20582c18dd4b80d7311b9b94a" ], "author": { "name": "Pavel Emelyanov", "email": "xemul@openvz.org", "time": "Tue Oct 16 23:30:11 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Wed Oct 17 08:42:59 2007 -0700" }, "message": "Use KMEM_CACHE macro to create the nsproxy cache\n\nThe blessed way for standard caches is to use it. Besides, this may give\nthis cache a better alignment.\n\nSigned-off-by: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nAcked-by: Cedric Le Goater \u003cclg@fr.ibm.com\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "9dd776b6d7b0b85966b6ddd03e2b2aae59012ab1", "tree": "ed92aee1f242bb31a0965a4156063eac916ae15e", "parents": [ "8b41d1887db718be9a2cd9e18c58ce25a4c7fd93" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Wed Sep 26 22:04:26 2007 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Wed Oct 10 16:52:46 2007 -0700" }, "message": "[NET]: Add network namespace clone \u0026 unshare support.\n\nThis patch allows you to create a new network namespace\nusing sys_clone, or sys_unshare.\n\nAs the network namespace is still experimental and under development\nclone and unshare support is only made available when CONFIG_NET_NS is\nselected at compile time.\n\nAs this patch introduces network namespace support into code paths\nthat exist when the CONFIG_NET is not selected there are a few\nadditions made to net_namespace.h to allow a few more functions\nto be used when the networking stack is not compiled in.\n\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "20c2df83d25c6a95affe6157a4c9cac4cf5ffaac", "tree": "415c4453d2b17a50abe7a3e515177e1fa337bd67", "parents": [ "64fb98fc40738ae1a98bcea9ca3145b89fb71524" ], "author": { "name": "Paul Mundt", "email": "lethal@linux-sh.org", "time": "Fri Jul 20 10:11:58 2007 +0900" }, "committer": { "name": "Paul Mundt", "email": "lethal@linux-sh.org", "time": "Fri Jul 20 10:11:58 2007 +0900" }, "message": "mm: Remove slab destructors from kmem_cache_create().\n\nSlab destructors were no longer supported after Christoph\u0027s\nc59def9f222d44bb7e2f0a559f2906191a0862d7 change. They\u0027ve been\nBUGs for both slab and slub, and slob never supported them\neither.\n\nThis rips out support for the dtor pointer from kmem_cache_create()\ncompletely and fixes up every single callsite in the kernel (there were\nabout 224, not including the slab allocator definitions themselves,\nor the documentation references).\n\nSigned-off-by: Paul Mundt \u003clethal@linux-sh.org\u003e\n" }, { "commit": "213dd266d48af90c1eec8688c1ff31aa34d21de2", "tree": "2882f6e84d36421ebe2a6360cfe0c773bd9053bd", "parents": [ "e3a68e30d28dbc6981dfc3d6ceddbfa2f885fe4e" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Sun Jul 15 23:41:15 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Mon Jul 16 09:05:48 2007 -0700" }, "message": "namespace: ensure clone_flags are always stored in an unsigned long\n\nWhile working on unshare support for the network namespace I noticed we\nwere putting clone flags in an int. Which is weird because the syscall\nuses unsigned long and we at least need an unsigned to properly hold all of\nthe unshare flags.\n\nSo to make the code consistent, this patch updates the code to use\nunsigned long instead of int for the clone flags in those places\nwhere we get it wrong today.\n\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\nAcked-by: Cedric Le Goater \u003cclg@fr.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "98c0d07cbf2a8582a0341b05ad564247e608f6f9", "tree": "9c72ff1a024f472a9186cbb62f244e1e5829e639", "parents": [ "467e9f4b5086a60a5cb2e032ccaf4a31abadc4c2" ], "author": { "name": "Cedric Le Goater", "email": "clg@fr.ibm.com", "time": "Sun Jul 15 23:41:07 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Mon Jul 16 09:05:47 2007 -0700" }, "message": "add a kmem_cache for nsproxy objects\n\nIt should improve performance in some scenarii where a lot of\nthese nsproxy objects are created by unsharing namespaces. This is\na typical use of virtual servers that are being created or entered.\n\nThis is also a good tool to find leaks and gather statistics on\nnamespace usage.\n\nSigned-off-by: Cedric Le Goater \u003cclg@fr.ibm.com\u003e\nCc: Herbert Poetzl \u003cherbert@13thfloor.at\u003e\nCc: Pavel Emelianov \u003cxemul@openvz.org\u003e\nCc: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "467e9f4b5086a60a5cb2e032ccaf4a31abadc4c2", "tree": "f21b3975db312e4cdee1d9d3622549de2648b7ff", "parents": [ "3e733f071e16bdad13a75eedb102e8941b09927e" ], "author": { "name": "Cedric Le Goater", "email": "clg@fr.ibm.com", "time": "Sun Jul 15 23:41:06 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Mon Jul 16 09:05:47 2007 -0700" }, "message": "fix create_new_namespaces() return value\n\ndup_mnt_ns() and clone_uts_ns() return NULL on failure. This is wrong,\ncreate_new_namespaces() uses ERR_PTR() to catch an error. This means that the\nsubsequent create_new_namespaces() will hit BUG_ON() in copy_mnt_ns() or\ncopy_utsname().\n\nModify create_new_namespaces() to also use the errors returned by the\ncopy_*_ns routines and not to systematically return ENOMEM.\n\n[oleg@tv-sign.ru: better changelog]\nSigned-off-by: Cedric Le Goater \u003cclg@fr.ibm.com\u003e\nCc: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nCc: Badari Pulavarty \u003cpbadari@us.ibm.com\u003e\nCc: Pavel Emelianov \u003cxemul@openvz.org\u003e\nCc: Herbert Poetzl \u003cherbert@13thfloor.at\u003e\nCc: Eric W. Biederman \u003cebiederm@xmission.com\u003e\nCc: Oleg Nesterov \u003coleg@tv-sign.ru\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "77ec739d8d0979477fc91f530403805afa2581a4", "tree": "0cefb80a7ff8d57a8f735954fdeb88e9efbaf05c", "parents": [ "acce292c82d4d82d35553b928df2b0597c3a9c78" ], "author": { "name": "Serge E. Hallyn", "email": "serue@us.ibm.com", "time": "Sun Jul 15 23:41:01 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Mon Jul 16 09:05:47 2007 -0700" }, "message": "user namespace: add unshare\n\nThis patch enables the unshare of user namespaces.\n\nIt adds a new clone flag CLONE_NEWUSER and implements copy_user_ns() which\nresets the current user_struct and adds a new root user (uid \u003d\u003d 0)\n\nFor now, unsharing the user namespace allows a process to reset its\nuser_struct accounting and uid 0 in the new user namespace should be contained\nusing appropriate means, for instance selinux\n\nThe plan, when the full support is complete (all uid checks covered), is to\nkeep the original user\u0027s rights in the original namespace, and let a process\nbecome uid 0 in the new namespace, with full capabilities to the new\nnamespace.\n\nSigned-off-by: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: Cedric Le Goater \u003cclg@fr.ibm.com\u003e\nAcked-by: Pavel Emelianov \u003cxemul@openvz.org\u003e\nCc: Herbert Poetzl \u003cherbert@13thfloor.at\u003e\nCc: Kirill Korotaev \u003cdev@sw.ru\u003e\nCc: Eric W. Biederman \u003cebiederm@xmission.com\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Andrew Morgan \u003cagm@google.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "acce292c82d4d82d35553b928df2b0597c3a9c78", "tree": "464288f40db9c254da214c400d0880ee50dc37f3", "parents": [ "7d69a1f4a72b18876c99c697692b78339d491568" ], "author": { "name": "Cedric Le Goater", "email": "clg@fr.ibm.com", "time": "Sun Jul 15 23:40:59 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Mon Jul 16 09:05:47 2007 -0700" }, "message": "user namespace: add the framework\n\nBasically, it will allow a process to unshare its user_struct table,\nresetting at the same time its own user_struct and all the associated\naccounting.\n\nA new root user (uid \u003d\u003d 0) is added to the user namespace upon creation.\nSuch root users have full privileges and it seems that theses privileges\nshould be controlled through some means (process capabilities ?)\n\nThe unshare is not included in this patch.\n\nChanges since [try #4]:\n\t- Updated get_user_ns and put_user_ns to accept NULL, and\n\t get_user_ns to return the namespace.\n\nChanges since [try #3]:\n\t- moved struct user_namespace to files user_namespace.{c,h}\n\nChanges since [try #2]:\n\t- removed struct user_namespace* argument from find_user()\n\nChanges since [try #1]:\n\t- removed struct user_namespace* argument from find_user()\n\t- added a root_user per user namespace\n\nSigned-off-by: Cedric Le Goater \u003cclg@fr.ibm.com\u003e\nSigned-off-by: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nAcked-by: Pavel Emelianov \u003cxemul@openvz.org\u003e\nCc: Herbert Poetzl \u003cherbert@13thfloor.at\u003e\nCc: Kirill Korotaev \u003cdev@sw.ru\u003e\nCc: Eric W. Biederman \u003cebiederm@xmission.com\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Andrew Morgan \u003cagm@google.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "7d69a1f4a72b18876c99c697692b78339d491568", "tree": "c09faf07f15240592919ec7e3dd722fe4f1dd370", "parents": [ "522ed7767e800cff6c650ec64b0ee0677303119c" ], "author": { "name": "Cedric Le Goater", "email": "clg@fr.ibm.com", "time": "Sun Jul 15 23:40:58 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Mon Jul 16 09:05:47 2007 -0700" }, "message": "remove CONFIG_UTS_NS and CONFIG_IPC_NS\n\nCONFIG_UTS_NS and CONFIG_IPC_NS have very little value as they only\ndeactivate the unshare of the uts and ipc namespaces and do not improve\nperformance.\n\nSigned-off-by: Cedric Le Goater \u003cclg@fr.ibm.com\u003e\nAcked-by: \"Serge E. Hallyn\" \u003cserue@us.ibm.com\u003e\nCc: Eric W. Biederman \u003cebiederm@xmission.com\u003e\nCc: Herbert Poetzl \u003cherbert@13thfloor.at\u003e\nCc: Pavel Emelianov \u003cxemul@openvz.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "4e71e474c784dc274f28ec8bb22a5dbabc6dc7c5", "tree": "2a14a2d1efe99fe2a8e9c01ba851d6c28ddbef23", "parents": [ "6d79af701d334777541136e914a9c0969b2ad307" ], "author": { "name": "Cedric Le Goater", "email": "clg@fr.ibm.com", "time": "Sat Jun 23 17:16:25 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Sun Jun 24 08:59:10 2007 -0700" }, "message": "fix refcounting of nsproxy object when unshared\n\nWhen a namespace is unshared, a refcount on the previous nsproxy is\nabusively taken, leading to a memory leak of nsproxy objects.\n\nSigned-off-by: Cedric Le Goater \u003cclg@fr.ibm.com\u003e\nCc: Badari Pulavarty \u003cpbadari@us.ibm.com\u003e\nCc: Herbert Poetzl \u003cherbert@13thfloor.at\u003e\nCc: Oleg Nesterov \u003coleg@tv-sign.ru\u003e\nCc: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "e3222c4ecc649c4ae568e61dda9349482401b501", "tree": "d96614ef67d947a3dd8ab0929a4755bce9fdbcc1", "parents": [ "4fc75ff4816c3483b4b772b2f6cb3d8fd88ca547" ], "author": { "name": "Badari Pulavarty", "email": "pbadari@us.ibm.com", "time": "Tue May 08 00:25:21 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Tue May 08 11:15:00 2007 -0700" }, "message": "Merge sys_clone()/sys_unshare() nsproxy and namespace handling\n\nsys_clone() and sys_unshare() both makes copies of nsproxy and its associated\nnamespaces. But they have different code paths.\n\nThis patch merges all the nsproxy and its associated namespace copy/clone\nhandling (as much as possible). Posted on container list earlier for\nfeedback.\n\n- Create a new nsproxy and its associated namespaces and pass it back to\n caller to attach it to right process.\n\n- Changed all copy_*_ns() routines to return a new copy of namespace\n instead of attaching it to task-\u003ensproxy.\n\n- Moved the CAP_SYS_ADMIN checks out of copy_*_ns() routines.\n\n- Removed unnessary !ns checks from copy_*_ns() and added BUG_ON()\n just incase.\n\n- Get rid of all individual unshare_*_ns() routines and make use of\n copy_*_ns() instead.\n\n[akpm@osdl.org: cleanups, warning fix]\n[clg@fr.ibm.com: remove dup_namespaces() declaration]\n[serue@us.ibm.com: fix CONFIG_IPC_NS\u003dn, clone(CLONE_NEWIPC) retval]\n[akpm@linux-foundation.org: fix build with CONFIG_SYSVIPC\u003dn]\nSigned-off-by: Badari Pulavarty \u003cpbadari@us.ibm.com\u003e\nSigned-off-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Cedric Le Goater \u003cclg@fr.ibm.com\u003e\nCc: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nCc: \u003ccontainers@lists.osdl.org\u003e\nSigned-off-by: Cedric Le Goater \u003cclg@fr.ibm.com\u003e\nCc: Oleg Nesterov \u003coleg@tv-sign.ru\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "444f378b237a0f728f5c4aba752c08d13c209344", "tree": "248fd00bb2e60cb0890fce38b6a66fed65f977e4", "parents": [ "8c8c4bafc3a20a6fb9078315ff865bc42276f9ba" ], "author": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Tue Jan 30 13:35:18 2007 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Tue Jan 30 13:35:18 2007 -0800" }, "message": "Revert \"[PATCH] namespaces: fix exit race by splitting exit\"\n\nThis reverts commit 7a238fcba0629b6f2edbcd37458bae56fcf36be5 in\npreparation for a better and simpler fix proposed by Eric Biederman\n(and fixed up by Serge Hallyn)\n\nAcked-by: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "7a238fcba0629b6f2edbcd37458bae56fcf36be5", "tree": "ad556f0ec00637df5b4c4a2063c6b3325666d2f1", "parents": [ "c0d4d573feed199b16094c072e7cb07afb01c598" ], "author": { "name": "Serge E. Hallyn", "email": "serue@us.ibm.com", "time": "Mon Jan 29 13:19:40 2007 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Tue Jan 30 08:26:44 2007 -0800" }, "message": "[PATCH] namespaces: fix exit race by splitting exit\n\nFix exit race by splitting the nsproxy putting into two pieces. First\npiece reduces the nsproxy refcount. If we dropped the last reference, then\nit puts the mnt_ns, and returns the nsproxy as a hint to the caller. Else\nit returns NULL. The second piece of exiting task namespaces sets\ntsk-\u003ensproxy to NULL, and drops the references to other namespaces and\nfrees the nsproxy only if an nsproxy was passed in.\n\nA little awkward and should probably be reworked, but hopefully it fixes\nthe NFS oops.\n\nSigned-off-by: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nCc: Herbert Poetzl \u003cherbert@13thfloor.at\u003e\nCc: Oleg Nesterov \u003coleg@tv-sign.ru\u003e\nCc: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nCc: Cedric Le Goater \u003cclg@fr.ibm.com\u003e\nCc: Daniel Hokka Zakrisson \u003cdaniel@hozac.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "5f8442edfb214908e9c6ca1142bf882c9bc364e5", "tree": "32c6e81d78cdedf03a01e418df05ff8a8f76c7bf", "parents": [ "d4c3cca941b64a938eaa9734585a93547c6be323" ], "author": { "name": "Eric W. Biederman", "email": "ebiederm@xmission.com", "time": "Wed Dec 13 00:34:04 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.osdl.org", "time": "Wed Dec 13 09:05:47 2006 -0800" }, "message": "[PATCH] Revert \"[PATCH] identifier to nsproxy\"\n\nThis reverts commit 373beb35cd6b625e0ba4ad98baace12310a26aa8.\n\nNo one is using this identifier yet. The purpose of this identifier is to\nexport nsproxy to user space which is wrong. nsproxy is an internal\nimplementation optimization, which should keep our fork times from getting\nslower as we increase the number of global namespaces you don\u0027t have to\nshare.\n\nAdding a global identifier like this is inappropriate because it makes\nnamespaces inherently non-recursive, greatly limiting what we can do with\nthem in the future.\n\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\nCc: Cedric Le Goater \u003cclg@fr.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "9a575a92db3312a40cdf0b0406d88de88ad9741e", "tree": "0b789528da13cd31f7fb206f184cfa123cc0ba42", "parents": [ "61a58c6c238cc81f7742b8cc84212cc55fb57747" ], "author": { "name": "Cedric Le Goater", "email": "clg@fr.ibm.com", "time": "Fri Dec 08 02:37:59 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.osdl.org", "time": "Fri Dec 08 08:28:52 2006 -0800" }, "message": "[PATCH] to nsproxy\n\nAdd the pid namespace framework to the nsproxy object. The copy of the pid\nnamespace only increases the refcount on the global pid namespace,\ninit_pid_ns, and unshare is not implemented.\n\nThere is no configuration option to activate or deactivate this feature\nbecause this not relevant for the moment.\n\nSigned-off-by: Cedric Le Goater \u003cclg@fr.ibm.com\u003e\nCc: Kirill Korotaev \u003cdev@openvz.org\u003e\nCc: Eric W. Biederman \u003cebiederm@xmission.com\u003e\nCc: Herbert Poetzl \u003cherbert@13thfloor.at\u003e\nCc: Sukadev Bhattiprolu \u003csukadev@us.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "373beb35cd6b625e0ba4ad98baace12310a26aa8", "tree": "0cb0a8601a8141bff0ff63a2a6da982f5d023b61", "parents": [ "6b3286ed1169d74fea401367d6d4d6c6ec758a81" ], "author": { "name": "Cedric Le Goater", "email": "clg@fr.ibm.com", "time": "Fri Dec 08 02:37:57 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.osdl.org", "time": "Fri Dec 08 08:28:52 2006 -0800" }, "message": "[PATCH] identifier to nsproxy\n\nAdd an identifier to nsproxy. The default init_ns_proxy has identifier 0 and\nallocated nsproxies are given -1.\n\nThis identifier will be used by a new syscall sys_bind_ns.\n\nSigned-off-by: Cedric Le Goater \u003cclg@fr.ibm.com\u003e\nCc: Kirill Korotaev \u003cdev@openvz.org\u003e\nCc: Eric W. Biederman \u003cebiederm@xmission.com\u003e\nCc: Herbert Poetzl \u003cherbert@13thfloor.at\u003e\nCc: Sukadev Bhattiprolu \u003csukadev@us.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "6b3286ed1169d74fea401367d6d4d6c6ec758a81", "tree": "faf5beddb797875bb92855f8606735478267959a", "parents": [ "1ec320afdc9552c92191d5f89fcd1ebe588334ca" ], "author": { "name": "Kirill Korotaev", "email": "dev@sw.ru", "time": "Fri Dec 08 02:37:56 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.osdl.org", "time": "Fri Dec 08 08:28:51 2006 -0800" }, "message": "[PATCH] rename struct namespace to struct mnt_namespace\n\nRename \u0027struct namespace\u0027 to \u0027struct mnt_namespace\u0027 to avoid confusion with\nother namespaces being developped for the containers : pid, uts, ipc, etc.\n\u0027namespace\u0027 variables and attributes are also renamed to \u0027mnt_ns\u0027\n\nSigned-off-by: Kirill Korotaev \u003cdev@sw.ru\u003e\nSigned-off-by: Cedric Le Goater \u003cclg@fr.ibm.com\u003e\nCc: Eric W. Biederman \u003cebiederm@xmission.com\u003e\nCc: Herbert Poetzl \u003cherbert@13thfloor.at\u003e\nCc: Sukadev Bhattiprolu \u003csukadev@us.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "e05d722e4555cd54677b4c8431d9e81fd047ef7a", "tree": "d07d2ede9c29f9ef7b06d34dee6729117e0224ec", "parents": [ "3e2a532b26b491706bd8b5c7cfc8d767b43b8f36" ], "author": { "name": "Alexey Dobriyan", "email": "adobriyan@gmail.com", "time": "Thu Oct 19 23:29:12 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Oct 20 10:26:44 2006 -0700" }, "message": "[PATCH] kernel/nsproxy.c: use kmemdup()\n\nSigned-off-by: Alexey Dobriyan \u003cadobriyan@gmail.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "5d124e99c2fee1c8f3020ecb0dff8d5617ee7991", "tree": "63a0226278175a8d30d7ff5803421cafea2b2813", "parents": [ "fcfbd547b1209aae9d880fe5db33464413925cc8" ], "author": { "name": "Pavel", "email": "xemul@openvz.org", "time": "Mon Oct 02 02:18:24 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Mon Oct 02 07:57:22 2006 -0700" }, "message": "[PATCH] nsproxy cloning error path fix\n\nThis patch fixes copy_namespaces()\u0027s error path.\n\nwhen new nsproxy (new_ns) is created pointers to namespaces (ipc, uts) are\ncopied from the old nsproxy. Later in copy_utsname, copy_ipcs, etc.\naccording namespaces are get-ed. On error path needed namespaces are\nput-ed, so there\u0027s no need to put new nsproxy itelf as it woud cause\nputting namespaces for the second time.\n\nFound when incorporating namespaces into OpenVZ kernel.\n\nSigned-off-by: Pavel Emelianov \u003cxemul@openvz.org\u003e\nAcked-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "25b21cb2f6d69b0475b134e0a3e8e269137270fa", "tree": "cd9c3966408c0ca5903249437c35ff35961de544", "parents": [ "c0b2fc316599d6cd875b6b8cafa67f03b9512b4d" ], "author": { "name": "Kirill Korotaev", "email": "dev@openvz.org", "time": "Mon Oct 02 02:18:19 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Mon Oct 02 07:57:22 2006 -0700" }, "message": "[PATCH] IPC namespace core\n\nThis patch set allows to unshare IPCs and have a private set of IPC objects\n(sem, shm, msg) inside namespace. Basically, it is another building block of\ncontainers functionality.\n\nThis patch implements core IPC namespace changes:\n- ipc_namespace structure\n- new config option CONFIG_IPC_NS\n- adds CLONE_NEWIPC flag\n- unshare support\n\n[clg@fr.ibm.com: small fix for unshare of ipc namespace]\n[akpm@osdl.org: build fix]\nSigned-off-by: Pavel Emelianov \u003cxemul@openvz.org\u003e\nSigned-off-by: Kirill Korotaev \u003cdev@openvz.org\u003e\nSigned-off-by: Cedric Le Goater \u003cclg@fr.ibm.com\u003e\nCc: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "071df104f808b8195c40643dcb4d060681742e29", "tree": "e5c3355e526e0182797d59c7e80062fbc2bb7d77", "parents": [ "bf47fdcda65b44dbd674eeedcaa06e0aa28a5a00" ], "author": { "name": "Serge E. Hallyn", "email": "serue@us.ibm.com", "time": "Mon Oct 02 02:18:17 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Mon Oct 02 07:57:22 2006 -0700" }, "message": "[PATCH] namespaces: utsname: implement CLONE_NEWUTS flag\n\nImplement a CLONE_NEWUTS flag, and use it at clone and sys_unshare.\n\n[clg@fr.ibm.com: IPC unshare fix]\n[bunk@stusta.de: cleanup]\nSigned-off-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Kirill Korotaev \u003cdev@openvz.org\u003e\nCc: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nCc: Herbert Poetzl \u003cherbert@13thfloor.at\u003e\nCc: Andrey Savochkin \u003csaw@sw.ru\u003e\nSigned-off-by: Adrian Bunk \u003cbunk@stusta.de\u003e\nSigned-off-by: Cedric Le Goater \u003cclg@fr.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "4865ecf1315b450ab3317a745a6678c04d311e40", "tree": "6cf5d3028f8642eba2a8094eb413db080cc9219c", "parents": [ "96b644bdec977b97a45133e5b4466ba47a7a5e65" ], "author": { "name": "Serge E. Hallyn", "email": "serue@us.ibm.com", "time": "Mon Oct 02 02:18:14 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Mon Oct 02 07:57:21 2006 -0700" }, "message": "[PATCH] namespaces: utsname: implement utsname namespaces\n\nThis patch defines the uts namespace and some manipulators.\nAdds the uts namespace to task_struct, and initializes a\nsystem-wide init namespace.\n\nIt leaves a #define for system_utsname so sysctl will compile.\nThis define will be removed in a separate patch.\n\n[akpm@osdl.org: build fix, cleanup]\nSigned-off-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Kirill Korotaev \u003cdev@openvz.org\u003e\nCc: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nCc: Herbert Poetzl \u003cherbert@13thfloor.at\u003e\nCc: Andrey Savochkin \u003csaw@sw.ru\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "1651e14e28a2d9f446018ef522882e0709a2ce4f", "tree": "401ff78624fdc4b445f3f95174a223acaf6a4ca0", "parents": [ "0437eb594e6e5e699248f865482e61034be846d0" ], "author": { "name": "Serge E. Hallyn", "email": "serue@us.ibm.com", "time": "Mon Oct 02 02:18:08 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Mon Oct 02 07:57:20 2006 -0700" }, "message": "[PATCH] namespaces: incorporate fs namespace into nsproxy\n\nThis moves the mount namespace into the nsproxy. The mount namespace count\nnow refers to the number of nsproxies point to it, rather than the number of\ntasks. As a result, the unshare_namespace() function in kernel/fork.c no\nlonger checks whether it is being shared.\n\nSigned-off-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Kirill Korotaev \u003cdev@openvz.org\u003e\nCc: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nCc: Herbert Poetzl \u003cherbert@13thfloor.at\u003e\nCc: Andrey Savochkin \u003csaw@sw.ru\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "0437eb594e6e5e699248f865482e61034be846d0", "tree": "1cf333f108c6d613f54b2a91fe1ad0f12a04bace", "parents": [ "ab516013ad9ca47f1d3a936fa81303bfbf734d52" ], "author": { "name": "Serge E. Hallyn", "email": "serue@us.ibm.com", "time": "Mon Oct 02 02:18:07 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Mon Oct 02 07:57:20 2006 -0700" }, "message": "[PATCH] nsproxy: move init_nsproxy into kernel/nsproxy.c\n\nMove the init_nsproxy definition out of arch/ into kernel/nsproxy.c. This\navoids all arches having to be updated. Compiles and boots on s390.\n\nSigned-off-by: Serge E. Hallyn \u003cserue@us.ibm.com\u003e\nCc: Kirill Korotaev \u003cdev@openvz.org\u003e\nCc: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nCc: Herbert Poetzl \u003cherbert@13thfloor.at\u003e\nCc: Andrey Savochkin \u003csaw@sw.ru\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "ab516013ad9ca47f1d3a936fa81303bfbf734d52", "tree": "643ea9c4c3d28958cb42dd87b1856f74edd22b11", "parents": [ "b1ba4ddde0cf67991d89f039365eaaeda61aa027" ], "author": { "name": "Serge E. Hallyn", "email": "serue@us.ibm.com", "time": "Mon Oct 02 02:18:06 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Mon Oct 02 07:57:20 2006 -0700" }, "message": "[PATCH] namespaces: add nsproxy\n\nThis patch adds a nsproxy structure to the task struct. Later patches will\nmove the fs namespace pointer into this structure, and introduce a new utsname\nnamespace into the nsproxy.\n\nThe vserver and openvz functionality, then, would be implemented in large part\nby virtualizing/isolating more and more resources into namespaces, each\ncontained in the nsproxy.\n\n[akpm@osdl.org: build fix]\nSigned-off-by: Serge Hallyn \u003cserue@us.ibm.com\u003e\nCc: Kirill Korotaev \u003cdev@openvz.org\u003e\nCc: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nCc: Herbert Poetzl \u003cherbert@13thfloor.at\u003e\nCc: Andrey Savochkin \u003csaw@sw.ru\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" } ] }