userns: Add a limit on the number of user namespaces

Export the export the maximum number of user namespaces as /proc/sys/userns/max_user_namespaces. Acked-by: Kees Cook <keescook@chromium.org> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
author: Eric W. Biederman <ebiederm@xmission.com> 2016-08-08 13:41:24 -0500
committer: Eric W. Biederman <ebiederm@xmission.com> 2016-08-08 13:41:24 -0500
commit: b376c3e1b6770ddcb4f0782be16358095fcea0b6 (patch)
tree: 30789f9f1e84abe4d25a52e2fcad209504c181bf /include/linux/user_namespace.h
parent: dbec28460a89aa7c02c3301e9e108d98272549d2 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h
index e5697eaf6bf9..6421cca2daa9 100644
--- a/include/linux/user_namespace.h
+++ b/include/linux/user_namespace.h
@@ -44,9 +44,15 @@ struct user_namespace {
 	struct ctl_table_set	set;
 	struct ctl_table_header *sysctls;
 #endif
+	int max_user_namespaces;
+	atomic_t user_namespaces;
 };
 
 extern struct user_namespace init_user_ns;
+extern bool setup_userns_sysctls(struct user_namespace *ns);
+extern void retire_userns_sysctls(struct user_namespace *ns);
+extern bool inc_user_namespaces(struct user_namespace *ns);
+extern void dec_user_namespaces(struct user_namespace *ns);
 
 #ifdef CONFIG_USER_NS
author	Eric W. Biederman <ebiederm@xmission.com>	2016-08-08 13:41:24 -0500
committer	Eric W. Biederman <ebiederm@xmission.com>	2016-08-08 13:41:24 -0500
commit	b376c3e1b6770ddcb4f0782be16358095fcea0b6 (patch)
tree	30789f9f1e84abe4d25a52e2fcad209504c181bf /include/linux/user_namespace.h
parent	dbec28460a89aa7c02c3301e9e108d98272549d2 (diff)