include/linux/user_namespace.h
Source file repositories/reference/linux-study-clean/include/linux/user_namespace.h
File Facts
- System
- Linux kernel
- Corpus path
include/linux/user_namespace.h- Extension
.h- Size
- 6803 bytes
- Lines
- 254
- Domain
- Core OS
- Bucket
- Core Kernel Interface
- Inferred role
- Core OS: implementation source
- Status
- source implementation candidate
Why This File Exists
Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Touches user memory; correctness depends on fault-safe copying and privilege boundary handling.
- Uses kernel synchronization; read lock ordering, sleepability, and interrupt context assumptions before translating.
- Defines or uses C structs; map object ownership, embedded links, reference counts, and lock ownership.
Dependency Surface
linux/kref.hlinux/nsproxy.hlinux/ns_common.hlinux/rculist_nulls.hlinux/sched.hlinux/workqueue.hlinux/rcuref.hlinux/rwsem.hlinux/sysctl.hlinux/err.h
Detected Declarations
struct uid_gid_extentstruct uid_gid_mapstruct ucountsstruct binfmt_miscstruct user_namespacestruct ucountsstruct seq_operationsenum ucount_typeenum rlimit_typefunction get_ucountsfunction get_rlimit_valuefunction get_userns_rlimit_maxfunction set_userns_rlimit_maxfunction put_user_nsfunction create_user_nsfunction unshare_usernsfunction put_user_nsfunction in_usernsfunction current_in_userns
Annotated Snippet
struct uid_gid_extent {
u32 first;
u32 lower_first;
u32 count;
};
struct uid_gid_map { /* 64 bytes -- 1 cache line */
union {
struct {
struct uid_gid_extent extent[UID_GID_MAP_MAX_BASE_EXTENTS];
u32 nr_extents;
};
struct {
struct uid_gid_extent *forward;
struct uid_gid_extent *reverse;
};
};
};
#define USERNS_SETGROUPS_ALLOWED 1UL
#define USERNS_INIT_FLAGS USERNS_SETGROUPS_ALLOWED
struct ucounts;
enum ucount_type {
UCOUNT_USER_NAMESPACES,
UCOUNT_PID_NAMESPACES,
UCOUNT_UTS_NAMESPACES,
UCOUNT_IPC_NAMESPACES,
UCOUNT_NET_NAMESPACES,
UCOUNT_MNT_NAMESPACES,
UCOUNT_CGROUP_NAMESPACES,
UCOUNT_TIME_NAMESPACES,
#ifdef CONFIG_INOTIFY_USER
UCOUNT_INOTIFY_INSTANCES,
UCOUNT_INOTIFY_WATCHES,
#endif
#ifdef CONFIG_FANOTIFY
UCOUNT_FANOTIFY_GROUPS,
UCOUNT_FANOTIFY_MARKS,
#endif
UCOUNT_COUNTS,
};
enum rlimit_type {
UCOUNT_RLIMIT_NPROC,
UCOUNT_RLIMIT_MSGQUEUE,
UCOUNT_RLIMIT_SIGPENDING,
UCOUNT_RLIMIT_MEMLOCK,
UCOUNT_RLIMIT_COUNTS,
};
#if IS_ENABLED(CONFIG_BINFMT_MISC)
struct binfmt_misc;
#endif
struct user_namespace {
struct uid_gid_map uid_map;
struct uid_gid_map gid_map;
struct uid_gid_map projid_map;
struct user_namespace *parent;
int level;
kuid_t owner;
kgid_t group;
struct ns_common ns;
unsigned long flags;
/* parent_could_setfcap: true if the creator if this ns had CAP_SETFCAP
* in its effective capability set at the child ns creation time. */
bool parent_could_setfcap;
#ifdef CONFIG_KEYS
/* List of joinable keyrings in this namespace. Modification access of
* these pointers is controlled by keyring_sem. Once
* user_keyring_register is set, it won't be changed, so it can be
* accessed directly with READ_ONCE().
*/
struct list_head keyring_name_list;
struct key *user_keyring_register;
struct rw_semaphore keyring_sem;
#endif
/* Register of per-UID persistent keyrings for this namespace */
#ifdef CONFIG_PERSISTENT_KEYRINGS
struct key *persistent_keyring_register;
#endif
struct work_struct work;
#ifdef CONFIG_SYSCTL
struct ctl_table_set set;
struct ctl_table_header *sysctls;
Annotation
- Immediate include surface: `linux/kref.h`, `linux/nsproxy.h`, `linux/ns_common.h`, `linux/rculist_nulls.h`, `linux/sched.h`, `linux/workqueue.h`, `linux/rcuref.h`, `linux/rwsem.h`.
- Detected declarations: `struct uid_gid_extent`, `struct uid_gid_map`, `struct ucounts`, `struct binfmt_misc`, `struct user_namespace`, `struct ucounts`, `struct seq_operations`, `enum ucount_type`, `enum rlimit_type`, `function get_ucounts`.
- Atlas domain: Core OS / Core Kernel Interface.
- Implementation status: source implementation candidate.
- This snippet crosses the user/kernel memory boundary; validate fault handling and access checks before translating the pattern.
- Synchronization appears in or near this file; preserve lock ordering, sleepability, and interrupt-context constraints.
Implementation Notes
- This generated page is the file-by-file coverage layer; curated subsystem chapters should link here when they synthesize a multi-file control flow.
- Core OS pages should be promoted from atlas-only to deep-reviewed when they explain data structures, invariants, locking, lifecycle, and C implementation snippets.
- Driver-family pages are intentionally pattern-oriented unless they are part of the selected PCIe/NVMe representative device path.