1 // SPDX-License-Identifier: GPL-2.0 2 #include <linux/mount.h> 3 #include <linux/pseudo_fs.h> 4 #include <linux/file.h> 5 #include <linux/fs.h> 6 #include <linux/proc_fs.h> 7 #include <linux/proc_ns.h> 8 #include <linux/magic.h> 9 #include <linux/ktime.h> 10 #include <linux/seq_file.h> 11 #include <linux/pid_namespace.h> 12 #include <linux/user_namespace.h> 13 #include <linux/nsfs.h> 14 #include <linux/uaccess.h> 15 #include <linux/mnt_namespace.h> 16 #include <linux/ipc_namespace.h> 17 #include <linux/time_namespace.h> 18 #include <linux/utsname.h> 19 #include <linux/exportfs.h> 20 #include <linux/nstree.h> 21 #include <net/net_namespace.h> 22 23 #include "mount.h" 24 #include "internal.h" 25 26 static struct vfsmount *nsfs_mnt; 27 28 static struct path nsfs_root_path = {}; 29 30 void nsfs_get_root(struct path *path) 31 { 32 *path = nsfs_root_path; 33 path_get(path); 34 } 35 36 static long ns_ioctl(struct file *filp, unsigned int ioctl, 37 unsigned long arg); 38 static const struct file_operations ns_file_operations = { 39 .unlocked_ioctl = ns_ioctl, 40 .compat_ioctl = compat_ptr_ioctl, 41 }; 42 43 static char *ns_dname(struct dentry *dentry, char *buffer, int buflen) 44 { 45 struct inode *inode = d_inode(dentry); 46 struct ns_common *ns = inode->i_private; 47 const struct proc_ns_operations *ns_ops = ns->ops; 48 49 return dynamic_dname(buffer, buflen, "%s:[%lu]", 50 ns_ops->name, inode->i_ino); 51 } 52 53 const struct dentry_operations ns_dentry_operations = { 54 .d_dname = ns_dname, 55 .d_prune = stashed_dentry_prune, 56 }; 57 58 static void nsfs_evict(struct inode *inode) 59 { 60 struct ns_common *ns = inode->i_private; 61 62 __ns_ref_active_put(ns); 63 clear_inode(inode); 64 ns->ops->put(ns); 65 } 66 67 int ns_get_path_cb(struct path *path, ns_get_path_helper_t *ns_get_cb, 68 void *private_data) 69 { 70 struct ns_common *ns; 71 72 ns = ns_get_cb(private_data); 73 if (!ns) 74 return -ENOENT; 75 76 return path_from_stashed(&ns->stashed, nsfs_mnt, ns, path); 77 } 78 79 struct ns_get_path_task_args { 80 const struct proc_ns_operations *ns_ops; 81 struct task_struct *task; 82 }; 83 84 static struct ns_common *ns_get_path_task(void *private_data) 85 { 86 struct ns_get_path_task_args *args = private_data; 87 88 return args->ns_ops->get(args->task); 89 } 90 91 int ns_get_path(struct path *path, struct task_struct *task, 92 const struct proc_ns_operations *ns_ops) 93 { 94 struct ns_get_path_task_args args = { 95 .ns_ops = ns_ops, 96 .task = task, 97 }; 98 99 return ns_get_path_cb(path, ns_get_path_task, &args); 100 } 101 102 /** 103 * open_namespace - open a namespace 104 * @ns: the namespace to open 105 * 106 * This will consume a reference to @ns indendent of success or failure. 107 * 108 * Return: A file descriptor on success or a negative error code on failure. 109 */ 110 int open_namespace(struct ns_common *ns) 111 { 112 struct path path __free(path_put) = {}; 113 struct file *f; 114 int err; 115 116 /* call first to consume reference */ 117 err = path_from_stashed(&ns->stashed, nsfs_mnt, ns, &path); 118 if (err < 0) 119 return err; 120 121 CLASS(get_unused_fd, fd)(O_CLOEXEC); 122 if (fd < 0) 123 return fd; 124 125 f = dentry_open(&path, O_RDONLY, current_cred()); 126 if (IS_ERR(f)) 127 return PTR_ERR(f); 128 129 fd_install(fd, f); 130 return take_fd(fd); 131 } 132 133 int open_related_ns(struct ns_common *ns, 134 struct ns_common *(*get_ns)(struct ns_common *ns)) 135 { 136 struct ns_common *relative; 137 138 relative = get_ns(ns); 139 if (IS_ERR(relative)) 140 return PTR_ERR(relative); 141 142 return open_namespace(relative); 143 } 144 EXPORT_SYMBOL_GPL(open_related_ns); 145 146 static int copy_ns_info_to_user(const struct mnt_namespace *mnt_ns, 147 struct mnt_ns_info __user *uinfo, size_t usize, 148 struct mnt_ns_info *kinfo) 149 { 150 /* 151 * If userspace and the kernel have the same struct size it can just 152 * be copied. If userspace provides an older struct, only the bits that 153 * userspace knows about will be copied. If userspace provides a new 154 * struct, only the bits that the kernel knows aobut will be copied and 155 * the size value will be set to the size the kernel knows about. 156 */ 157 kinfo->size = min(usize, sizeof(*kinfo)); 158 kinfo->mnt_ns_id = mnt_ns->ns.ns_id; 159 kinfo->nr_mounts = READ_ONCE(mnt_ns->nr_mounts); 160 /* Subtract the root mount of the mount namespace. */ 161 if (kinfo->nr_mounts) 162 kinfo->nr_mounts--; 163 164 if (copy_to_user(uinfo, kinfo, kinfo->size)) 165 return -EFAULT; 166 167 return 0; 168 } 169 170 static bool nsfs_ioctl_valid(unsigned int cmd) 171 { 172 switch (cmd) { 173 case NS_GET_USERNS: 174 case NS_GET_PARENT: 175 case NS_GET_NSTYPE: 176 case NS_GET_OWNER_UID: 177 case NS_GET_MNTNS_ID: 178 case NS_GET_PID_FROM_PIDNS: 179 case NS_GET_TGID_FROM_PIDNS: 180 case NS_GET_PID_IN_PIDNS: 181 case NS_GET_TGID_IN_PIDNS: 182 case NS_GET_ID: 183 return true; 184 } 185 186 /* Extensible ioctls require some extra handling. */ 187 switch (_IOC_NR(cmd)) { 188 case _IOC_NR(NS_MNT_GET_INFO): 189 return extensible_ioctl_valid(cmd, NS_MNT_GET_INFO, MNT_NS_INFO_SIZE_VER0); 190 case _IOC_NR(NS_MNT_GET_NEXT): 191 return extensible_ioctl_valid(cmd, NS_MNT_GET_NEXT, MNT_NS_INFO_SIZE_VER0); 192 case _IOC_NR(NS_MNT_GET_PREV): 193 return extensible_ioctl_valid(cmd, NS_MNT_GET_PREV, MNT_NS_INFO_SIZE_VER0); 194 } 195 196 return false; 197 } 198 199 static long ns_ioctl(struct file *filp, unsigned int ioctl, 200 unsigned long arg) 201 { 202 struct user_namespace *user_ns; 203 struct pid_namespace *pid_ns; 204 struct task_struct *tsk; 205 struct ns_common *ns; 206 struct mnt_namespace *mnt_ns; 207 bool previous = false; 208 uid_t __user *argp; 209 uid_t uid; 210 int ret; 211 212 if (!nsfs_ioctl_valid(ioctl)) 213 return -ENOIOCTLCMD; 214 215 ns = get_proc_ns(file_inode(filp)); 216 switch (ioctl) { 217 case NS_GET_USERNS: 218 return open_related_ns(ns, ns_get_owner); 219 case NS_GET_PARENT: 220 if (!ns->ops->get_parent) 221 return -EINVAL; 222 return open_related_ns(ns, ns->ops->get_parent); 223 case NS_GET_NSTYPE: 224 return ns->ns_type; 225 case NS_GET_OWNER_UID: 226 if (ns->ns_type != CLONE_NEWUSER) 227 return -EINVAL; 228 user_ns = container_of(ns, struct user_namespace, ns); 229 argp = (uid_t __user *) arg; 230 uid = from_kuid_munged(current_user_ns(), user_ns->owner); 231 return put_user(uid, argp); 232 case NS_GET_PID_FROM_PIDNS: 233 fallthrough; 234 case NS_GET_TGID_FROM_PIDNS: 235 fallthrough; 236 case NS_GET_PID_IN_PIDNS: 237 fallthrough; 238 case NS_GET_TGID_IN_PIDNS: { 239 if (ns->ns_type != CLONE_NEWPID) 240 return -EINVAL; 241 242 ret = -ESRCH; 243 pid_ns = container_of(ns, struct pid_namespace, ns); 244 245 guard(rcu)(); 246 247 if (ioctl == NS_GET_PID_IN_PIDNS || 248 ioctl == NS_GET_TGID_IN_PIDNS) 249 tsk = find_task_by_vpid(arg); 250 else 251 tsk = find_task_by_pid_ns(arg, pid_ns); 252 if (!tsk) 253 break; 254 255 switch (ioctl) { 256 case NS_GET_PID_FROM_PIDNS: 257 ret = task_pid_vnr(tsk); 258 break; 259 case NS_GET_TGID_FROM_PIDNS: 260 ret = task_tgid_vnr(tsk); 261 break; 262 case NS_GET_PID_IN_PIDNS: 263 ret = task_pid_nr_ns(tsk, pid_ns); 264 break; 265 case NS_GET_TGID_IN_PIDNS: 266 ret = task_tgid_nr_ns(tsk, pid_ns); 267 break; 268 default: 269 ret = 0; 270 break; 271 } 272 273 if (!ret) 274 ret = -ESRCH; 275 return ret; 276 } 277 case NS_GET_MNTNS_ID: 278 if (ns->ns_type != CLONE_NEWNS) 279 return -EINVAL; 280 fallthrough; 281 case NS_GET_ID: { 282 __u64 __user *idp; 283 __u64 id; 284 285 idp = (__u64 __user *)arg; 286 id = ns->ns_id; 287 return put_user(id, idp); 288 } 289 } 290 291 /* extensible ioctls */ 292 switch (_IOC_NR(ioctl)) { 293 case _IOC_NR(NS_MNT_GET_INFO): { 294 struct mnt_ns_info kinfo = {}; 295 struct mnt_ns_info __user *uinfo = (struct mnt_ns_info __user *)arg; 296 size_t usize = _IOC_SIZE(ioctl); 297 298 if (ns->ns_type != CLONE_NEWNS) 299 return -EINVAL; 300 301 if (!uinfo) 302 return -EINVAL; 303 304 if (usize < MNT_NS_INFO_SIZE_VER0) 305 return -EINVAL; 306 307 return copy_ns_info_to_user(to_mnt_ns(ns), uinfo, usize, &kinfo); 308 } 309 case _IOC_NR(NS_MNT_GET_PREV): 310 previous = true; 311 fallthrough; 312 case _IOC_NR(NS_MNT_GET_NEXT): { 313 struct mnt_ns_info kinfo = {}; 314 struct mnt_ns_info __user *uinfo = (struct mnt_ns_info __user *)arg; 315 struct path path __free(path_put) = {}; 316 struct file *f __free(fput) = NULL; 317 size_t usize = _IOC_SIZE(ioctl); 318 319 if (ns->ns_type != CLONE_NEWNS) 320 return -EINVAL; 321 322 if (usize < MNT_NS_INFO_SIZE_VER0) 323 return -EINVAL; 324 325 mnt_ns = get_sequential_mnt_ns(to_mnt_ns(ns), previous); 326 if (IS_ERR(mnt_ns)) 327 return PTR_ERR(mnt_ns); 328 329 ns = to_ns_common(mnt_ns); 330 /* Transfer ownership of @mnt_ns reference to @path. */ 331 ret = path_from_stashed(&ns->stashed, nsfs_mnt, ns, &path); 332 if (ret) 333 return ret; 334 335 CLASS(get_unused_fd, fd)(O_CLOEXEC); 336 if (fd < 0) 337 return fd; 338 339 f = dentry_open(&path, O_RDONLY, current_cred()); 340 if (IS_ERR(f)) 341 return PTR_ERR(f); 342 343 if (uinfo) { 344 /* 345 * If @uinfo is passed return all information about the 346 * mount namespace as well. 347 */ 348 ret = copy_ns_info_to_user(to_mnt_ns(ns), uinfo, usize, &kinfo); 349 if (ret) 350 return ret; 351 } 352 353 /* Transfer reference of @f to caller's fdtable. */ 354 fd_install(fd, no_free_ptr(f)); 355 /* File descriptor is live so hand it off to the caller. */ 356 return take_fd(fd); 357 } 358 default: 359 ret = -ENOTTY; 360 } 361 362 return ret; 363 } 364 365 int ns_get_name(char *buf, size_t size, struct task_struct *task, 366 const struct proc_ns_operations *ns_ops) 367 { 368 struct ns_common *ns; 369 int res = -ENOENT; 370 const char *name; 371 ns = ns_ops->get(task); 372 if (ns) { 373 name = ns_ops->real_ns_name ? : ns_ops->name; 374 res = snprintf(buf, size, "%s:[%u]", name, ns->inum); 375 ns_ops->put(ns); 376 } 377 return res; 378 } 379 380 bool proc_ns_file(const struct file *file) 381 { 382 return file->f_op == &ns_file_operations; 383 } 384 385 /** 386 * ns_match() - Returns true if current namespace matches dev/ino provided. 387 * @ns: current namespace 388 * @dev: dev_t from nsfs that will be matched against current nsfs 389 * @ino: ino_t from nsfs that will be matched against current nsfs 390 * 391 * Return: true if dev and ino matches the current nsfs. 392 */ 393 bool ns_match(const struct ns_common *ns, dev_t dev, ino_t ino) 394 { 395 return (ns->inum == ino) && (nsfs_mnt->mnt_sb->s_dev == dev); 396 } 397 398 399 static int nsfs_show_path(struct seq_file *seq, struct dentry *dentry) 400 { 401 struct inode *inode = d_inode(dentry); 402 const struct ns_common *ns = inode->i_private; 403 const struct proc_ns_operations *ns_ops = ns->ops; 404 405 seq_printf(seq, "%s:[%lu]", ns_ops->name, inode->i_ino); 406 return 0; 407 } 408 409 static const struct super_operations nsfs_ops = { 410 .statfs = simple_statfs, 411 .evict_inode = nsfs_evict, 412 .show_path = nsfs_show_path, 413 .drop_inode = inode_just_drop, 414 }; 415 416 static int nsfs_init_inode(struct inode *inode, void *data) 417 { 418 struct ns_common *ns = data; 419 420 inode->i_private = data; 421 inode->i_mode |= S_IRUGO; 422 inode->i_fop = &ns_file_operations; 423 inode->i_ino = ns->inum; 424 425 /* 426 * Bring the namespace subtree back to life if we have to. This 427 * can happen when e.g., all processes using a network namespace 428 * and all namespace files or namespace file bind-mounts have 429 * died but there are still sockets pinning it. The SIOCGSKNS 430 * ioctl on such a socket will resurrect the relevant namespace 431 * subtree. 432 */ 433 __ns_ref_active_get(ns); 434 return 0; 435 } 436 437 static void nsfs_put_data(void *data) 438 { 439 struct ns_common *ns = data; 440 ns->ops->put(ns); 441 } 442 443 static const struct stashed_operations nsfs_stashed_ops = { 444 .init_inode = nsfs_init_inode, 445 .put_data = nsfs_put_data, 446 }; 447 448 #define NSFS_FID_SIZE_U32_VER0 (NSFS_FILE_HANDLE_SIZE_VER0 / sizeof(u32)) 449 #define NSFS_FID_SIZE_U32_LATEST (NSFS_FILE_HANDLE_SIZE_LATEST / sizeof(u32)) 450 451 static int nsfs_encode_fh(struct inode *inode, u32 *fh, int *max_len, 452 struct inode *parent) 453 { 454 struct nsfs_file_handle *fid = (struct nsfs_file_handle *)fh; 455 struct ns_common *ns = inode->i_private; 456 int len = *max_len; 457 458 if (parent) 459 return FILEID_INVALID; 460 461 if (len < NSFS_FID_SIZE_U32_VER0) { 462 *max_len = NSFS_FID_SIZE_U32_LATEST; 463 return FILEID_INVALID; 464 } else if (len > NSFS_FID_SIZE_U32_LATEST) { 465 *max_len = NSFS_FID_SIZE_U32_LATEST; 466 } 467 468 fid->ns_id = ns->ns_id; 469 fid->ns_type = ns->ns_type; 470 fid->ns_inum = inode->i_ino; 471 return FILEID_NSFS; 472 } 473 474 bool is_current_namespace(struct ns_common *ns) 475 { 476 switch (ns->ns_type) { 477 #ifdef CONFIG_CGROUPS 478 case CLONE_NEWCGROUP: 479 return current_in_namespace(to_cg_ns(ns)); 480 #endif 481 #ifdef CONFIG_IPC_NS 482 case CLONE_NEWIPC: 483 return current_in_namespace(to_ipc_ns(ns)); 484 #endif 485 case CLONE_NEWNS: 486 return current_in_namespace(to_mnt_ns(ns)); 487 #ifdef CONFIG_NET_NS 488 case CLONE_NEWNET: 489 return current_in_namespace(to_net_ns(ns)); 490 #endif 491 #ifdef CONFIG_PID_NS 492 case CLONE_NEWPID: 493 return current_in_namespace(to_pid_ns(ns)); 494 #endif 495 #ifdef CONFIG_TIME_NS 496 case CLONE_NEWTIME: 497 return current_in_namespace(to_time_ns(ns)); 498 #endif 499 #ifdef CONFIG_USER_NS 500 case CLONE_NEWUSER: 501 return current_in_namespace(to_user_ns(ns)); 502 #endif 503 #ifdef CONFIG_UTS_NS 504 case CLONE_NEWUTS: 505 return current_in_namespace(to_uts_ns(ns)); 506 #endif 507 default: 508 VFS_WARN_ON_ONCE(true); 509 return false; 510 } 511 } 512 513 static struct dentry *nsfs_fh_to_dentry(struct super_block *sb, struct fid *fh, 514 int fh_len, int fh_type) 515 { 516 struct path path __free(path_put) = {}; 517 struct nsfs_file_handle *fid = (struct nsfs_file_handle *)fh; 518 struct user_namespace *owning_ns = NULL; 519 struct ns_common *ns; 520 int ret; 521 522 if (fh_len < NSFS_FID_SIZE_U32_VER0) 523 return NULL; 524 525 /* Check that any trailing bytes are zero. */ 526 if ((fh_len > NSFS_FID_SIZE_U32_LATEST) && 527 memchr_inv((void *)fid + NSFS_FID_SIZE_U32_LATEST, 0, 528 fh_len - NSFS_FID_SIZE_U32_LATEST)) 529 return NULL; 530 531 switch (fh_type) { 532 case FILEID_NSFS: 533 break; 534 default: 535 return NULL; 536 } 537 538 if (!fid->ns_id) 539 return NULL; 540 /* Either both are set or both are unset. */ 541 if (!fid->ns_inum != !fid->ns_type) 542 return NULL; 543 544 scoped_guard(rcu) { 545 ns = ns_tree_lookup_rcu(fid->ns_id, fid->ns_type); 546 if (!ns) 547 return NULL; 548 549 VFS_WARN_ON_ONCE(ns->ns_id != fid->ns_id); 550 551 if (fid->ns_inum && (fid->ns_inum != ns->inum)) 552 return NULL; 553 if (fid->ns_type && (fid->ns_type != ns->ns_type)) 554 return NULL; 555 556 /* 557 * This is racy because we're not actually taking an 558 * active reference. IOW, it could happen that the 559 * namespace becomes inactive after this check. 560 * We don't care because nsfs_init_inode() will just 561 * resurrect the relevant namespace tree for us. If it 562 * has been active here we just allow it's resurrection. 563 * We could try to take an active reference here and 564 * then drop it again. But really, why bother. 565 */ 566 if (!ns_get_unless_inactive(ns)) 567 return NULL; 568 } 569 570 switch (ns->ns_type) { 571 #ifdef CONFIG_CGROUPS 572 case CLONE_NEWCGROUP: 573 if (!current_in_namespace(to_cg_ns(ns))) 574 owning_ns = to_cg_ns(ns)->user_ns; 575 break; 576 #endif 577 #ifdef CONFIG_IPC_NS 578 case CLONE_NEWIPC: 579 if (!current_in_namespace(to_ipc_ns(ns))) 580 owning_ns = to_ipc_ns(ns)->user_ns; 581 break; 582 #endif 583 case CLONE_NEWNS: 584 if (!current_in_namespace(to_mnt_ns(ns))) 585 owning_ns = to_mnt_ns(ns)->user_ns; 586 break; 587 #ifdef CONFIG_NET_NS 588 case CLONE_NEWNET: 589 if (!current_in_namespace(to_net_ns(ns))) 590 owning_ns = to_net_ns(ns)->user_ns; 591 break; 592 #endif 593 #ifdef CONFIG_PID_NS 594 case CLONE_NEWPID: 595 if (!current_in_namespace(to_pid_ns(ns))) { 596 owning_ns = to_pid_ns(ns)->user_ns; 597 } else if (!READ_ONCE(to_pid_ns(ns)->child_reaper)) { 598 ns->ops->put(ns); 599 return ERR_PTR(-EPERM); 600 } 601 break; 602 #endif 603 #ifdef CONFIG_TIME_NS 604 case CLONE_NEWTIME: 605 if (!current_in_namespace(to_time_ns(ns))) 606 owning_ns = to_time_ns(ns)->user_ns; 607 break; 608 #endif 609 #ifdef CONFIG_USER_NS 610 case CLONE_NEWUSER: 611 if (!current_in_namespace(to_user_ns(ns))) 612 owning_ns = to_user_ns(ns); 613 break; 614 #endif 615 #ifdef CONFIG_UTS_NS 616 case CLONE_NEWUTS: 617 if (!current_in_namespace(to_uts_ns(ns))) 618 owning_ns = to_uts_ns(ns)->user_ns; 619 break; 620 #endif 621 default: 622 return ERR_PTR(-EOPNOTSUPP); 623 } 624 625 if (owning_ns && !ns_capable(owning_ns, CAP_SYS_ADMIN)) { 626 ns->ops->put(ns); 627 return ERR_PTR(-EPERM); 628 } 629 630 /* path_from_stashed() unconditionally consumes the reference. */ 631 ret = path_from_stashed(&ns->stashed, nsfs_mnt, ns, &path); 632 if (ret) 633 return ERR_PTR(ret); 634 635 return no_free_ptr(path.dentry); 636 } 637 638 static int nsfs_export_permission(struct handle_to_path_ctx *ctx, 639 unsigned int oflags) 640 { 641 /* nsfs_fh_to_dentry() performs all permission checks. */ 642 return 0; 643 } 644 645 static struct file *nsfs_export_open(const struct path *path, unsigned int oflags) 646 { 647 return file_open_root(path, "", oflags, 0); 648 } 649 650 static const struct export_operations nsfs_export_operations = { 651 .encode_fh = nsfs_encode_fh, 652 .fh_to_dentry = nsfs_fh_to_dentry, 653 .open = nsfs_export_open, 654 .permission = nsfs_export_permission, 655 }; 656 657 static int nsfs_init_fs_context(struct fs_context *fc) 658 { 659 struct pseudo_fs_context *ctx = init_pseudo(fc, NSFS_MAGIC); 660 if (!ctx) 661 return -ENOMEM; 662 fc->s_iflags |= SB_I_NOEXEC | SB_I_NODEV; 663 ctx->s_d_flags |= DCACHE_DONTCACHE; 664 ctx->ops = &nsfs_ops; 665 ctx->eops = &nsfs_export_operations; 666 ctx->dops = &ns_dentry_operations; 667 fc->s_fs_info = (void *)&nsfs_stashed_ops; 668 return 0; 669 } 670 671 static struct file_system_type nsfs = { 672 .name = "nsfs", 673 .init_fs_context = nsfs_init_fs_context, 674 .kill_sb = kill_anon_super, 675 }; 676 677 void __init nsfs_init(void) 678 { 679 nsfs_mnt = kern_mount(&nsfs); 680 if (IS_ERR(nsfs_mnt)) 681 panic("can't set nsfs up\n"); 682 nsfs_mnt->mnt_sb->s_flags &= ~SB_NOUSER; 683 nsfs_root_path.mnt = nsfs_mnt; 684 nsfs_root_path.dentry = nsfs_mnt->mnt_root; 685 } 686 687 void nsproxy_ns_active_get(struct nsproxy *ns) 688 { 689 ns_ref_active_get(ns->mnt_ns); 690 ns_ref_active_get(ns->uts_ns); 691 ns_ref_active_get(ns->ipc_ns); 692 ns_ref_active_get(ns->pid_ns_for_children); 693 ns_ref_active_get(ns->cgroup_ns); 694 ns_ref_active_get(ns->net_ns); 695 ns_ref_active_get(ns->time_ns); 696 ns_ref_active_get(ns->time_ns_for_children); 697 } 698 699 void nsproxy_ns_active_put(struct nsproxy *ns) 700 { 701 ns_ref_active_put(ns->mnt_ns); 702 ns_ref_active_put(ns->uts_ns); 703 ns_ref_active_put(ns->ipc_ns); 704 ns_ref_active_put(ns->pid_ns_for_children); 705 ns_ref_active_put(ns->cgroup_ns); 706 ns_ref_active_put(ns->net_ns); 707 ns_ref_active_put(ns->time_ns); 708 ns_ref_active_put(ns->time_ns_for_children); 709 } 710