diff options
| author | Christian Brauner <brauner@kernel.org> | 2026-02-27 22:00:19 +0100 |
|---|---|---|
| committer | Christian Brauner <brauner@kernel.org> | 2026-02-27 22:00:19 +0100 |
| commit | 10047142d6ce3b8562546c61f3cf57f852b9b950 (patch) | |
| tree | db9385569d8385875bb47bcbc9164f15e56b4b35 /include | |
| parent | a0b4c7a49137ed21279f354eb59f49ddae8dffc2 (diff) | |
| parent | 4c7b2ec23cc5d880e3ffe35e8c2aad686b67723a (diff) | |
Merge patch series "tighten nstree visibility checks"
Christian Brauner <brauner@kernel.org> says:
Listing various namespaces is currently only scoped on owning namespace.
We can make this more fine-grained so that we scope visibility even
tighter. To make it possible to change behavior restrict visibility for
now. This shouldn't be a big deal as there aren't actual large users out
there and paves the way to make this even cleaner in the future.
* patches from https://patch.msgid.link/20260226-work-visibility-fixes-v1-0-d2c2853313bd@kernel.org:
selftests: fix mntns iteration selftests
nstree: tighten permission checks for listing
nsfs: tighten permission checks for handle opening
nsfs: tighten permission checks for ns iteration ioctls
Link: https://patch.msgid.link/20260226-work-visibility-fixes-v1-0-d2c2853313bd@kernel.org
Signed-off-by: Christian Brauner <brauner@kernel.org>
Diffstat (limited to 'include')
| -rw-r--r-- | include/linux/ns_common.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/include/linux/ns_common.h b/include/linux/ns_common.h index 825f5865bfc5..c8e227a3f9e2 100644 --- a/include/linux/ns_common.h +++ b/include/linux/ns_common.h @@ -55,6 +55,8 @@ static __always_inline bool is_ns_init_id(const struct ns_common *ns) #define ns_common_free(__ns) __ns_common_free(to_ns_common((__ns))) +bool may_see_all_namespaces(void); + static __always_inline __must_check int __ns_ref_active_read(const struct ns_common *ns) { return atomic_read(&ns->__ns_ref_active); |