From df75e7748bae1c7098bfa358485389b897f71305 Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Thu, 22 Sep 2016 13:08:36 -0500 Subject: [PATCH] userns: When the per user per user namespace limit is reached return ENOSPC The current error codes returned when a the per user per user namespace limit are hit (EINVAL, EUSERS, and ENFILE) are wrong. I asked for advice on linux-api and it we made clear that those were the wrong error code, but a correct effor code was not suggested. The best general error code I have found for hitting a resource limit is ENOSPC. It is not perfect but as it is unambiguous it will serve until someone comes up with a better error code. Signed-off-by: "Eric W. Biederman" --- fs/namespace.c | 2 +- ipc/namespace.c | 2 +- kernel/cgroup.c | 2 +- kernel/pid_namespace.c | 2 +- kernel/user_namespace.c | 2 +- kernel/utsname.c | 2 +- net/core/net_namespace.c | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/fs/namespace.c b/fs/namespace.c index 491b8f3..cf2cc234 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -2754,7 +2754,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns) ucounts = inc_mnt_namespaces(user_ns); if (!ucounts) - return ERR_PTR(-ENFILE); + return ERR_PTR(-ENOSPC); new_ns = kmalloc(sizeof(struct mnt_namespace), GFP_KERNEL); if (!new_ns) { diff --git a/ipc/namespace.c b/ipc/namespace.c index 7309142..fab727d 100644 --- a/ipc/namespace.c +++ b/ipc/namespace.c @@ -33,7 +33,7 @@ static struct ipc_namespace *create_ipc_ns(struct user_namespace *user_ns, struct ucounts *ucounts; int err; - err = -ENFILE; + err = -ENOSPC; ucounts = inc_ipc_namespaces(user_ns); if (!ucounts) goto fail; diff --git a/kernel/cgroup.c b/kernel/cgroup.c index e9e4427..f1dd4b0 100644 --- a/kernel/cgroup.c +++ b/kernel/cgroup.c @@ -6354,7 +6354,7 @@ struct cgroup_namespace *copy_cgroup_ns(unsigned long flags, ucounts = inc_cgroup_namespaces(user_ns); if (!ucounts) - return ERR_PTR(-ENFILE); + return ERR_PTR(-ENOSPC); /* It is not safe to take cgroup_mutex here */ spin_lock_irq(&css_set_lock); diff --git a/kernel/pid_namespace.c b/kernel/pid_namespace.c index 30a7f33..7542b28 100644 --- a/kernel/pid_namespace.c +++ b/kernel/pid_namespace.c @@ -98,7 +98,7 @@ static struct pid_namespace *create_pid_namespace(struct user_namespace *user_ns int i; int err; - err = -EINVAL; + err = -ENOSPC; if (level > MAX_PID_NS_LEVEL) goto out; ucounts = inc_pid_namespaces(user_ns); diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c index 0edafe3..f2c5ba5 100644 --- a/kernel/user_namespace.c +++ b/kernel/user_namespace.c @@ -76,7 +76,7 @@ int create_user_ns(struct cred *new) struct ucounts *ucounts; int ret, i; - ret = -EUSERS; + ret = -ENOSPC; if (parent_ns->level > 32) goto fail; diff --git a/kernel/utsname.c b/kernel/utsname.c index f3b0bb4..35587b7 100644 --- a/kernel/utsname.c +++ b/kernel/utsname.c @@ -49,7 +49,7 @@ static struct uts_namespace *clone_uts_ns(struct user_namespace *user_ns, struct ucounts *ucounts; int err; - err = -ENFILE; + err = -ENOSPC; ucounts = inc_uts_namespaces(user_ns); if (!ucounts) goto fail; diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c index 3e2812a..06af5d6 100644 --- a/net/core/net_namespace.c +++ b/net/core/net_namespace.c @@ -370,7 +370,7 @@ struct net *copy_net_ns(unsigned long flags, ucounts = inc_net_namespaces(user_ns); if (!ucounts) - return ERR_PTR(-ENFILE); + return ERR_PTR(-ENOSPC); net = net_alloc(); if (!net) { -- 2.7.4