30 				struct user_namespace *ns, int cap_setid,
61 	struct user_namespace *ns, *parent_ns = new->user_ns;  in create_user_ns()  local
86 	ns = kmem_cache_zalloc(user_ns_cachep, GFP_KERNEL);  in create_user_ns()
87 	if (!ns)  in create_user_ns()
90 	ret = ns_alloc_inum(&ns->ns);  in create_user_ns()
92 		kmem_cache_free(user_ns_cachep, ns);  in create_user_ns()
95 	ns->ns.ops = &userns_operations;  in create_user_ns()
97 	atomic_set(&ns->count, 1);  in create_user_ns()
99 	ns->parent = parent_ns;  in create_user_ns()
100 	ns->level = parent_ns->level + 1;  in create_user_ns()
101 	ns->owner = owner;  in create_user_ns()
102 	ns->group = group;  in create_user_ns()
106 	ns->flags = parent_ns->flags;  in create_user_ns()
109 	set_cred_user_ns(new, ns);  in create_user_ns()
112 	init_rwsem(&ns->persistent_keyring_register_sem);  in create_user_ns()
137 void free_user_ns(struct user_namespace *ns)  in free_user_ns()  argument
142 		parent = ns->parent;  in free_user_ns()
144 		key_put(ns->persistent_keyring_register);  in free_user_ns()
146 		ns_free_inum(&ns->ns);  in free_user_ns()
147 		kmem_cache_free(user_ns_cachep, ns);  in free_user_ns()
148 		ns = parent;  in free_user_ns()
238 kuid_t make_kuid(struct user_namespace *ns, uid_t uid)  in make_kuid()  argument
241 	return KUIDT_INIT(map_id_down(&ns->uid_map, uid));  in make_kuid()
306 kgid_t make_kgid(struct user_namespace *ns, gid_t gid)  in make_kgid()  argument
309 	return KGIDT_INIT(map_id_down(&ns->gid_map, gid));  in make_kgid()
373 kprojid_t make_kprojid(struct user_namespace *ns, projid_t projid)  in make_kprojid()  argument
376 	return KPROJIDT_INIT(map_id_down(&ns->projid_map, projid));  in make_kprojid()
431 	struct user_namespace *ns = seq->private;  in uid_m_show()  local
437 	if ((lower_ns == ns) && lower_ns->parent)  in uid_m_show()
452 	struct user_namespace *ns = seq->private;  in gid_m_show()  local
458 	if ((lower_ns == ns) && lower_ns->parent)  in gid_m_show()
473 	struct user_namespace *ns = seq->private;  in projid_m_show()  local
479 	if ((lower_ns == ns) && lower_ns->parent)  in projid_m_show()
506 	struct user_namespace *ns = seq->private;  in uid_m_start()  local
508 	return m_start(seq, ppos, &ns->uid_map);  in uid_m_start()
513 	struct user_namespace *ns = seq->private;  in gid_m_start()  local
515 	return m_start(seq, ppos, &ns->gid_map);  in gid_m_start()
520 	struct user_namespace *ns = seq->private;  in projid_m_start()  local
522 	return m_start(seq, ppos, &ns->projid_map);  in projid_m_start()
600 	struct user_namespace *ns = seq->private;  in map_write()  local
637 	if (cap_valid(cap_setid) && !file_ns_capable(file, ns, CAP_SYS_ADMIN))  in map_write()
725 	if (!new_idmap_permitted(file, ns, cap_setid, &new_map))  in map_write()
767 	struct user_namespace *ns = seq->private;  in proc_uid_map_write()  local
770 	if (!ns->parent)  in proc_uid_map_write()
773 	if ((seq_ns != ns) && (seq_ns != ns->parent))  in proc_uid_map_write()
777 			 &ns->uid_map, &ns->parent->uid_map);  in proc_uid_map_write()
784 	struct user_namespace *ns = seq->private;  in proc_gid_map_write()  local
787 	if (!ns->parent)  in proc_gid_map_write()
790 	if ((seq_ns != ns) && (seq_ns != ns->parent))  in proc_gid_map_write()
794 			 &ns->gid_map, &ns->parent->gid_map);  in proc_gid_map_write()
801 	struct user_namespace *ns = seq->private;  in proc_projid_map_write()  local
804 	if (!ns->parent)  in proc_projid_map_write()
807 	if ((seq_ns != ns) && (seq_ns != ns->parent))  in proc_projid_map_write()
812 			 &ns->projid_map, &ns->parent->projid_map);  in proc_projid_map_write()
816 				struct user_namespace *ns, int cap_setid,  in new_idmap_permitted()  argument
824 	    uid_eq(ns->owner, cred->euid)) {  in new_idmap_permitted()
827 			kuid_t uid = make_kuid(ns->parent, id);  in new_idmap_permitted()
831 			kgid_t gid = make_kgid(ns->parent, id);  in new_idmap_permitted()
832 			if (!(ns->flags & USERNS_SETGROUPS_ALLOWED) &&  in new_idmap_permitted()
846 	if (ns_capable(ns->parent, cap_setid) &&  in new_idmap_permitted()
847 	    file_ns_capable(file, ns->parent, cap_setid))  in new_idmap_permitted()
855 	struct user_namespace *ns = seq->private;  in proc_setgroups_show()  local
856 	unsigned long userns_flags = ACCESS_ONCE(ns->flags);  in proc_setgroups_show()
868 	struct user_namespace *ns = seq->private;  in proc_setgroups_write()  local
909 		if (!(ns->flags & USERNS_SETGROUPS_ALLOWED))  in proc_setgroups_write()
915 		if (ns->gid_map.nr_extents != 0)  in proc_setgroups_write()
917 		ns->flags &= ~USERNS_SETGROUPS_ALLOWED;  in proc_setgroups_write()
931 bool userns_may_setgroups(const struct user_namespace *ns)  in userns_may_setgroups()  argument
939 	allowed = ns->gid_map.nr_extents != 0;  in userns_may_setgroups()
941 	allowed = allowed && (ns->flags & USERNS_SETGROUPS_ALLOWED);  in userns_may_setgroups()
947 static inline struct user_namespace *to_user_ns(struct ns_common *ns)  in to_user_ns()  argument
949 	return container_of(ns, struct user_namespace, ns);  in to_user_ns()
960 	return user_ns ? &user_ns->ns : NULL;  in userns_get()
963 static void userns_put(struct ns_common *ns)  in userns_put()  argument
965 	put_user_ns(to_user_ns(ns));  in userns_put()
968 static int userns_install(struct nsproxy *nsproxy, struct ns_common *ns)  in userns_install()  argument
970 	struct user_namespace *user_ns = to_user_ns(ns);  in userns_install()