summaryrefslogtreecommitdiffstats
path: root/kernel/ucount.c
Commit message (Collapse)AuthorAgeFilesLines
* mntns: Add a limit on the number of mount namespaces.Eric W. Biederman2016-08-311-0/+1
| | | | | | | | | | v2: Fixed the very obvious lack of setting ucounts on struct mnt_ns reported by Andrei Vagin, and the kbuild test report. Reported-by: Andrei Vagin <avagin@openvz.org> Acked-by: Kees Cook <keescook@chromium.org> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
* netns: Add a limit on the number of net namespacesEric W. Biederman2016-08-081-0/+1
| | | | | Acked-by: Kees Cook <keescook@chromium.org> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
* cgroupns: Add a limit on the number of cgroup namespacesEric W. Biederman2016-08-081-0/+1
| | | | | Acked-by: Kees Cook <keescook@chromium.org> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
* ipcns: Add a limit on the number of ipc namespacesEric W. Biederman2016-08-081-0/+1
| | | | | Acked-by: Kees Cook <keescook@chromium.org> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
* utsns: Add a limit on the number of uts namespacesEric W. Biederman2016-08-081-0/+1
| | | | | Acked-by: Kees Cook <keescook@chromium.org> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
* pidns: Add a limit on the number of pid namespacesEric W. Biederman2016-08-081-0/+1
| | | | | Acked-by: Kees Cook <keescook@chromium.org> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
* userns: Generalize the user namespace count into ucountEric W. Biederman2016-08-081-18/+21
| | | | | | | | | | The same kind of recursive sane default limit and policy countrol that has been implemented for the user namespace is desirable for the other namespaces, so generalize the user namespace refernce count into a ucount. Acked-by: Kees Cook <keescook@chromium.org> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
* userns: Make the count of user namespaces per userEric W. Biederman2016-08-081-21/+95
| | | | | | | | | | | | | Add a structure that is per user and per user ns and use it to hold the count of user namespaces. This makes prevents one user from creating denying service to another user by creating the maximum number of user namespaces. Rename the sysctl export of the maximum count from /proc/sys/userns/max_user_namespaces to /proc/sys/user/max_user_namespaces to reflect that the count is now per user. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
* userns: Add a limit on the number of user namespacesEric W. Biederman2016-08-081-0/+53
| | | | | | | | Export the export the maximum number of user namespaces as /proc/sys/userns/max_user_namespaces. Acked-by: Kees Cook <keescook@chromium.org> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
* userns: Add per user namespace sysctls.Eric W. Biederman2016-08-081-0/+99
Limit per userns sysctls to only be opened for write by a holder of CAP_SYS_RESOURCE. Add all of the necessary boilerplate for having per user namespace sysctls. Acked-by: Kees Cook <keescook@chromium.org> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>