[RFC PATCH v1 03/11] nsproxy: Add FOR_EACH_NS_TYPE() X-macro and CLONE_NS_ALL
Christian Brauner
brauner at kernel.org
Wed Mar 25 12:33:31 UTC 2026
On Thu, Mar 12, 2026 at 11:04:36AM +0100, Mickaël Salaün wrote:
> Introduce the FOR_EACH_NS_TYPE(X) macro as the single source of truth
> for the set of (struct type, CLONE_NEW* flag) pairs that define Linux
> namespace types.
>
> Currently, the list of CLONE_NEW* flags is duplicated inline in
> multiple call sites and would need another copy in each new consumer.
> This makes it easy to miss one when a new namespace type is added.
>
> Derive two things from the X-macro:
>
> - CLONE_NS_ALL: Bitmask of all known CLONE_NEW* flags, usable as a
> validity mask or iteration bound.
>
> - ns_common_type(): Rewritten to use the X-macro via a leading-comma
> _Generic pattern, so the struct-to-flag mapping stays in sync with the
> flag set automatically.
>
> Replace the inline flag enumerations in copy_namespaces(),
> unshare_nsproxy_namespaces(), check_setns_flags(), and
> ksys_unshare() with CLONE_NS_ALL.
>
> When a new namespace type is added, only FOR_EACH_NS_TYPE needs to
> be updated; CLONE_NS_ALL, ns_common_type(), and all the call sites
> pick up the change automatically.
>
> Cc: Christian Brauner <brauner at kernel.org>
> Cc: Günther Noack <gnoack at google.com>
> Signed-off-by: Mickaël Salaün <mic at digikod.net>
> ---
Yeah, I love that. I can take that as a separate patch right now even.
Reviewed-by: Christian Brauner <brauner at kernel.org>
More information about the Linux-security-module-archive
mailing list