userns: Generalize the user namespace count into ucount

The same kind of recursive sane default limit and policy countrol that has been implemented for the user namespace is desirable for the other namespaces, so generalize the user namespace refernce count into a ucount. Acked-by: Kees Cook <keescook@chromium.org> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
author: Eric W. Biederman <ebiederm@xmission.com> 2016-08-08 19:41:52 (GMT)
committer: Eric W. Biederman <ebiederm@xmission.com> 2016-08-08 19:41:52 (GMT)
commit: 25f9c0817c535a728c1088542230fa327c577c9e (patch)
tree: 50e60f8d962702d92b94392d536a1c71d77c851c /kernel/fork.c
parent: f6b2db1a3e8d141dd144df58900fb0444d5d7c53 (diff)
download: linux-25f9c0817c535a728c1088542230fa327c577c9e.tar.xz
1 files changed, 4 insertions, 1 deletions
diff --git a/kernel/fork.c b/kernel/fork.c
index d8cde53..3cb4853 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -302,6 +302,7 @@ int arch_task_struct_size __read_mostly;
 
 void __init fork_init(void)
 {
+	int i;
 #ifndef CONFIG_ARCH_TASK_STRUCT_ALLOCATOR
 #ifndef ARCH_MIN_TASKALIGN
 #define ARCH_MIN_TASKALIGN	L1_CACHE_BYTES
@@ -322,7 +323,9 @@ void __init fork_init(void)
 	init_task.signal->rlim[RLIMIT_SIGPENDING] =
 		init_task.signal->rlim[RLIMIT_NPROC];
 
-	init_user_ns.max_user_namespaces = max_threads/2;
+	for (i = 0; i < UCOUNT_COUNTS; i++) {
+		init_user_ns.ucount_max[i] = max_threads/2;
+	}
 }
 
 int __weak arch_dup_task_struct(struct task_struct *dst,
author	Eric W. Biederman <ebiederm@xmission.com>	2016-08-08 19:41:52 (GMT)
committer	Eric W. Biederman <ebiederm@xmission.com>	2016-08-08 19:41:52 (GMT)
commit	25f9c0817c535a728c1088542230fa327c577c9e (patch)
tree	50e60f8d962702d92b94392d536a1c71d77c851c /kernel/fork.c
parent	f6b2db1a3e8d141dd144df58900fb0444d5d7c53 (diff)
download	linux-25f9c0817c535a728c1088542230fa327c577c9e.tar.xz