Namespace Source Code Pointers

The chroot system call changes the root of the calling process.

The fs/open.c file provides the definitions for several file related syscalls, including:

• chroot
• truncate (which sets a file to a specified length)
• access (which checks if the calling process can access the specified file)
• chdir (which changes the working directory of the calling process)
• chmod (which sets file permissions)
• chown (which sets file user and group ownership)
• open
• close

Several system calls, including clone, unshare, and setns control the namespaces to which a process belongs.

The kernel/fork.c file defines several syscalls related to forking new processes, including the fork, vfork, and clone syscalls.

Each of these syscalls calls the kernel_clone() function, which is the main fork-routine of the Linux kernel (and is also called when the kernel creates a new kernel thread).

The kernel_clone() function then calls the copy_process() function, which performs the bulk of the work of copying a process.

The kernel/fork.c file also provides the unshare syscall, which itself calls the ksys_unshare() function, which performs the bulk of the work of unsharing namespaces.

The kernel/nsproxy.c file provides the copy_namespaces() function which is called by copy_process() function, as well as the unshare_nsproxy_namespaces() function, which is called by ksys_unshare().

Both of these functions call the create_new_namespaces() function, which is also in the kernel/nsproxy.c file, and runs various functions to create new namespaces, depending on the namespace types specified. Relevant to the namespaces discussed today are:

• cpy_mnt_ns() in the fs/namespace.c file, which copies a mount namespace to a new one.
• copy_utsname() in the kernel/utsname.c file, which copies a UTS namespace to a new one.
• copy_ipcs() in the ipc/namespace.c file, which copies an IPC namespace to a new one.
• copy_pid_ns() in the kernel/pid_namespace.c file, which copies a PID namespace to a new one.

The kernel/nsproxy.c file also provides the setns syscall, which moves the calling process into the specified, already-existing, namespace.

The task_struct structure, defined in include/linux/sched.h, has as an element a pointer to an nsproxy structure, defined in the include/linux/nsproxy.h header. This structure associates the process with each of the namespace types discussed today.

The proc pseudo-filesystem provides detailed information and statistics about each active process, including information about namespace membership.

The include/linux/proc_fs.h header file declares the constants and structures used by the proc filesystem.

The proc_fs_info struct defined in this file contains information about a proc filesystem associated with a PID namespace.

The pid_namespace struct, which is a member of proc_fs_info, is defined in the include/linux/proc_fs.h header file.

The fs/proc directory includes the source code files for its kernel-backed functionality. Of particular interest is the fs/proc/namespaces.c file, which retrieves namespace membership for the /proc/PID/ns directory.