Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 25b21cb2 authored by Kirill Korotaev's avatar Kirill Korotaev Committed by Linus Torvalds
Browse files

[PATCH] IPC namespace core 



This patch set allows to unshare IPCs and have a private set of IPC objects
(sem, shm, msg) inside namespace.  Basically, it is another building block of
containers functionality.

This patch implements core IPC namespace changes:
- ipc_namespace structure
- new config option CONFIG_IPC_NS
- adds CLONE_NEWIPC flag
- unshare support

[clg@fr.ibm.com: small fix for unshare of ipc namespace]
[akpm@osdl.org: build fix]
Signed-off-by: default avatarPavel Emelianov <xemul@openvz.org>
Signed-off-by: default avatarKirill Korotaev <dev@openvz.org>
Signed-off-by: default avatarCedric Le Goater <clg@fr.ibm.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
parent c0b2fc31

include/linux/init_task.h

+1 −0
Original line number Diff line number Diff line
@@ -74,6 +74,7 @@ extern struct nsproxy init_nsproxy; 
	.count		= ATOMIC_INIT(1),				\

	.nslock		= SPIN_LOCK_UNLOCKED,				\

	.uts_ns		= &init_uts_ns,					\

	.ipc_ns		= &init_ipc_ns,					\

	.namespace	= NULL,						\

}

include/linux/ipc.h

+36 −0
Original line number Diff line number Diff line
@@ -2,6 +2,7 @@ 
#define _LINUX_IPC_H



#include <linux/types.h>

#include <linux/kref.h>



#define IPC_PRIVATE ((__kernel_key_t) 0)
@@ -68,6 +69,41 @@ struct kern_ipc_perm 
	void		*security;

};



struct ipc_ids;

struct ipc_namespace {

	struct kref	kref;

	struct ipc_ids	*ids[3];



	int		sem_ctls[4];

	int		used_sems;



	int		msg_ctlmax;

	int		msg_ctlmnb;

	int		msg_ctlmni;



	size_t		shm_ctlmax;

	size_t		shm_ctlall;

	int		shm_ctlmni;

	int		shm_tot;

};



extern struct ipc_namespace init_ipc_ns;

extern void free_ipc_ns(struct kref *kref);

extern int copy_ipcs(unsigned long flags, struct task_struct *tsk);

extern int unshare_ipcs(unsigned long flags, struct ipc_namespace **ns);



static inline struct ipc_namespace *get_ipc_ns(struct ipc_namespace *ns)

{

	if (ns)

		kref_get(&ns->kref);

	return ns;

}



static inline void put_ipc_ns(struct ipc_namespace *ns)

{

	kref_put(&ns->kref, free_ipc_ns);

}



#endif /* __KERNEL__ */



#endif /* _LINUX_IPC_H */

include/linux/nsproxy.h

+2 −0
Original line number Diff line number Diff line
@@ -6,6 +6,7 @@ 


struct namespace;

struct uts_namespace;

struct ipc_namespace;



/*

 * A structure to contain pointers to all per-process
@@ -23,6 +24,7 @@ struct nsproxy { 
	atomic_t count;

	spinlock_t nslock;

	struct uts_namespace *uts_ns;

	struct ipc_namespace *ipc_ns;

	struct namespace *namespace;

};

extern struct nsproxy init_nsproxy;

include/linux/sched.h

+1 −0
Original line number Diff line number Diff line
@@ -25,6 +25,7 @@ 
#define CLONE_CHILD_SETTID	0x01000000	/* set the TID in the child */

#define CLONE_STOPPED		0x02000000	/* Start in stopped state */

#define CLONE_NEWUTS		0x04000000	/* New utsname group? */

#define CLONE_NEWIPC		0x08000000	/* New ipcs */



/*

 * Scheduling policies

init/Kconfig

+9 −0
Original line number Diff line number Diff line
@@ -115,6 +115,15 @@ config SYSVIPC 
	  section 6.4 of the Linux Programmer's Guide, available from

	  <http://www.tldp.org/guides.html>.



config IPC_NS

	bool "IPC Namespaces"

	depends on SYSVIPC

	default n

	help

	  Support ipc namespaces.  This allows containers, i.e. virtual

	  environments, to use ipc namespaces to provide different ipc

	  objects for different servers.  If unsure, say N.



config POSIX_MQUEUE

	bool "POSIX Message Queues"

	depends on NET && EXPERIMENTAL