[PATCH 02/10] userns: Add per user namespace sysctls.
Eric W. Biederman
ebiederm at xmission.com
Thu Jul 21 14:41:12 UTC 2016
"Serge E. Hallyn" <serge at hallyn.com> writes:
> Quoting Eric W. Biederman (ebiederm at xmission.com):
>> "Serge E. Hallyn" <serge at hallyn.com> writes:
>>
>> > Quoting Eric W. Biederman (ebiederm at xmission.com):
>> >> +static bool setup_userns_sysctls(struct user_namespace *ns)
>> >> +{
>> >> +#ifdef CONFIG_SYSCTL
>> >> + struct ctl_table *tbl;
>> >> + setup_sysctl_set(&ns->set, &set_root, set_is_seen);
>> >> + tbl = kmemdup(userns_table, sizeof(userns_table), GFP_KERNEL);
>> >> + if (tbl) {
>> >> + ns->sysctls = __register_sysctl_table(&ns->set, "userns", tbl);
>> >> + }
>> >
>> > What happens if tbl is null due to oom? Would it be better to just
>> > return false in that case here?
>>
>> ns->sysctls is initialized to NULL and kfree(NULL) is a noop.
>> So I don't see any problems.
>>
>> I admit it isn't a usual pattern for error handling.
>
> Right I didn't mean that - I meant, is there a way that a namespace
> could end up escaping its limits as a result? I think not, since
> either it has hierarchical limits which will still be enforced, or
> the admin tries to set a new limit and that step will fail visibly,
> which suffices.
And what I meant is that we do actually return false in the case you are
worrying about. And if we return false we don't even create the user
namespace.
Eric
More information about the Containers
mailing list