kernel/nsproxy.c
Source file repositories/reference/linux-study-clean/kernel/nsproxy.c
File Facts
- System
- Linux kernel
- Corpus path
kernel/nsproxy.c- Extension
.c- Size
- 13794 bytes
- Lines
- 614
- Domain
- Core OS
- Bucket
- Scheduler, Processes, Timers, Sync, And Syscalls
- Inferred role
- Core OS: syscall or user/kernel boundary
- Status
- core implementation candidate
Why This File Exists
Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Defines or participates in a user/kernel boundary; inspect argument validation, copy_from_user/copy_to_user, credentials, and dispatch target.
- Touches user memory; correctness depends on fault-safe copying and privilege boundary handling.
- Uses kernel synchronization; read lock ordering, sleepability, and interrupt context assumptions before translating.
- Defines or uses C structs; map object ownership, embedded links, reference counts, and lock ownership.
Dependency Surface
linux/slab.hlinux/export.hlinux/nsproxy.hlinux/ns/ns_common_types.hlinux/init_task.hlinux/mnt_namespace.hlinux/utsname.hlinux/pid_namespace.hnet/net_namespace.hlinux/ipc_namespace.hlinux/time_namespace.hlinux/fs_struct.hlinux/proc_fs.hlinux/proc_ns.hlinux/file.hlinux/syscalls.hlinux/cgroup.hlinux/perf_event.hlinux/nstree.h
Detected Declarations
syscall setnsfunction nsproxy_freefunction deactivate_nsproxyfunction copy_namespacesfunction unshare_nsproxy_namespacesfunction switch_task_namespacesfunction exit_nsproxy_namespacesfunction switch_cred_namespacesfunction get_cred_namespacesfunction exit_cred_namespacesfunction exec_task_namespacesfunction check_setns_flagsfunction put_nssetfunction prepare_nssetfunction validate_nsfunction unsharefunction commit_nssetfunction nsproxy_cache_init
Annotated Snippet
SYSCALL_DEFINE2(setns, int, fd, int, flags)
{
CLASS(fd, f)(fd);
struct ns_common *ns = NULL;
struct nsset nsset = {};
int err = 0;
if (fd_empty(f))
return -EBADF;
if (proc_ns_file(fd_file(f))) {
ns = get_proc_ns(file_inode(fd_file(f)));
if (flags && (ns->ns_type != flags))
err = -EINVAL;
flags = ns->ns_type;
} else if (!IS_ERR(pidfd_pid(fd_file(f)))) {
err = check_setns_flags(flags);
} else {
err = -EINVAL;
}
if (err)
goto out;
err = prepare_nsset(flags, &nsset);
if (err)
goto out;
if (proc_ns_file(fd_file(f)))
err = validate_ns(&nsset, ns);
else
err = validate_nsset(&nsset, pidfd_pid(fd_file(f)));
if (!err) {
commit_nsset(&nsset);
perf_event_namespaces(current);
}
put_nsset(&nsset);
out:
return err;
}
int __init nsproxy_cache_init(void)
{
nsproxy_cachep = KMEM_CACHE(nsproxy, SLAB_PANIC|SLAB_ACCOUNT);
return 0;
}
Annotation
- Immediate include surface: `linux/slab.h`, `linux/export.h`, `linux/nsproxy.h`, `linux/ns/ns_common_types.h`, `linux/init_task.h`, `linux/mnt_namespace.h`, `linux/utsname.h`, `linux/pid_namespace.h`.
- Detected declarations: `syscall setns`, `function nsproxy_free`, `function deactivate_nsproxy`, `function copy_namespaces`, `function unshare_nsproxy_namespaces`, `function switch_task_namespaces`, `function exit_nsproxy_namespaces`, `function switch_cred_namespaces`, `function get_cred_namespaces`, `function exit_cred_namespaces`.
- Atlas domain: Core OS / Scheduler, Processes, Timers, Sync, And Syscalls.
- Implementation status: core implementation candidate.
- This snippet crosses the user/kernel memory boundary; validate fault handling and access checks before translating the pattern.
- Synchronization appears in or near this file; preserve lock ordering, sleepability, and interrupt-context constraints.
Implementation Notes
- This generated page is the file-by-file coverage layer; curated subsystem chapters should link here when they synthesize a multi-file control flow.
- Core OS pages should be promoted from atlas-only to deep-reviewed when they explain data structures, invariants, locking, lifecycle, and C implementation snippets.
- Driver-family pages are intentionally pattern-oriented unless they are part of the selected PCIe/NVMe representative device path.