From b376c3e1b6770ddcb4f0782be16358095fcea0b6 Mon Sep 17 00:00:00 2001
From: "Eric W. Biederman" <ebiederm@xmission.com>
Date: Mon, 8 Aug 2016 13:41:24 -0500
Subject: userns: Add a limit on the number of user namespaces

Export the export the maximum number of user namespaces as
/proc/sys/userns/max_user_namespaces.

Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
---
 include/linux/user_namespace.h | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'include/linux/user_namespace.h')

diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h
index e5697eaf6bf9..6421cca2daa9 100644
--- a/include/linux/user_namespace.h
+++ b/include/linux/user_namespace.h
@@ -44,9 +44,15 @@ struct user_namespace {
 	struct ctl_table_set	set;
 	struct ctl_table_header *sysctls;
 #endif
+	int max_user_namespaces;
+	atomic_t user_namespaces;
 };
 
 extern struct user_namespace init_user_ns;
+extern bool setup_userns_sysctls(struct user_namespace *ns);
+extern void retire_userns_sysctls(struct user_namespace *ns);
+extern bool inc_user_namespaces(struct user_namespace *ns);
+extern void dec_user_namespaces(struct user_namespace *ns);
 
 #ifdef CONFIG_USER_NS
 
-- 
cgit v1.2.1