Gentwo Git Trees - linux/.git/commit

author	Christian Brauner <brauner@kernel.org>
	Fri, 12 Sep 2025 11:52:51 +0000 (13:52 +0200)
committer	Christian Brauner <brauner@kernel.org>
	Fri, 19 Sep 2025 12:26:16 +0000 (14:26 +0200)
commit	5222470b2fbb3740f931f189db33dd1367b1ae75
tree	83f9af2256f27debf5a8b5ac18a814b7aa25d2f2	tree \| snapshot
parent	d2afdb73f8ad77b49eca9d110d0c54bf30d1df0f	commit \| diff

nsfs: support file handles

A while ago we added support for file handles to pidfs so pidfds can be
encoded and decoded as file handles. Userspace has adopted this quickly
and it's proven very useful. Implement file handles for namespaces as
well.

A process is not always able to open /proc/self/ns/. That requires
procfs to be mounted and for /proc/self/ or /proc/self/ns/ to not be
overmounted. However, userspace can always derive a namespace fd from
a pidfd. And that always works for a task's own namespace.

There's no need to introduce unnecessary behavioral differences between
/proc/self/ns/ fds, pidfd-derived namespace fds, and file-handle-derived
namespace fds. So namespace file handles are always decodable if the
caller is located in the namespace the file handle refers to.

This also allows a task to e.g., store a set of file handles to its
namespaces in a file on-disk so it can verify when it gets rexeced that
they're still valid and so on. This is akin to the pidfd use-case.

Or just plainly for namespace comparison reasons where a file handle to
the task's own namespace can be easily compared against others.

Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Christian Brauner <brauner@kernel.org>

fs/nsfs.c		diff \| blob \| blame \| history
include/linux/exportfs.h		diff \| blob \| blame \| history
include/uapi/linux/nsfs.h		diff \| blob \| blame \| history