userns: Add per user namespace sysctls.

Limit per userns sysctls to only be opened for write by a holder of CAP_SYS_RESOURCE. Add all of the necessary boilerplate for having per user namespace sysctls. Acked-by: Kees Cook <keescook@chromium.org> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
author: Eric W. Biederman <ebiederm@xmission.com> 2016-07-30 13:58:49 -0500
committer: Eric W. Biederman <ebiederm@xmission.com> 2016-08-08 13:18:58 -0500
commit: dbec28460a89aa7c02c3301e9e108d98272549d2 (patch)
tree: bf4b71c69e072bb6fdbe680674ab84bd79143e45 /include/linux/user_namespace.h
parent: userns: Free user namespaces in process context (diff)
download: wireguard-linux-dbec28460a89aa7c02c3301e9e108d98272549d2.tar.xz
wireguard-linux-dbec28460a89aa7c02c3301e9e108d98272549d2.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h
index 4e79b3c64dee..e5697eaf6bf9 100644
--- a/include/linux/user_namespace.h
+++ b/include/linux/user_namespace.h
@@ -40,6 +40,10 @@ struct user_namespace {
 	struct rw_semaphore	persistent_keyring_register_sem;
 #endif
 	struct work_struct	work;
+#ifdef CONFIG_SYSCTL
+	struct ctl_table_set	set;
+	struct ctl_table_header *sysctls;
+#endif
 };
 
 extern struct user_namespace init_user_ns;
author	Eric W. Biederman <ebiederm@xmission.com>	2016-07-30 13:58:49 -0500
committer	Eric W. Biederman <ebiederm@xmission.com>	2016-08-08 13:18:58 -0500
commit	dbec28460a89aa7c02c3301e9e108d98272549d2 (patch)
tree	bf4b71c69e072bb6fdbe680674ab84bd79143e45 /include/linux/user_namespace.h
parent	userns: Free user namespaces in process context (diff)
download	wireguard-linux-dbec28460a89aa7c02c3301e9e108d98272549d2.tar.xz wireguard-linux-dbec28460a89aa7c02c3301e9e108d98272549d2.zip