[RFC PATCH v1 03/11] nsproxy: Add FOR_EACH_NS_TYPE() X-macro and CLONE_NS_ALL
Mickaël Salaün
mic at digikod.net
Wed Mar 25 15:26:22 UTC 2026
On Wed, Mar 25, 2026 at 01:33:31PM +0100, Christian Brauner wrote:
> On Thu, Mar 12, 2026 at 11:04:36AM +0100, Mickaël Salaün wrote:
> > Introduce the FOR_EACH_NS_TYPE(X) macro as the single source of truth
> > for the set of (struct type, CLONE_NEW* flag) pairs that define Linux
> > namespace types.
> >
> > Currently, the list of CLONE_NEW* flags is duplicated inline in
> > multiple call sites and would need another copy in each new consumer.
> > This makes it easy to miss one when a new namespace type is added.
> >
> > Derive two things from the X-macro:
> >
> > - CLONE_NS_ALL: Bitmask of all known CLONE_NEW* flags, usable as a
> > validity mask or iteration bound.
> >
> > - ns_common_type(): Rewritten to use the X-macro via a leading-comma
> > _Generic pattern, so the struct-to-flag mapping stays in sync with the
> > flag set automatically.
> >
> > Replace the inline flag enumerations in copy_namespaces(),
> > unshare_nsproxy_namespaces(), check_setns_flags(), and
> > ksys_unshare() with CLONE_NS_ALL.
> >
> > When a new namespace type is added, only FOR_EACH_NS_TYPE needs to
> > be updated; CLONE_NS_ALL, ns_common_type(), and all the call sites
> > pick up the change automatically.
> >
> > Cc: Christian Brauner <brauner at kernel.org>
> > Cc: Günther Noack <gnoack at google.com>
> > Signed-off-by: Mickaël Salaün <mic at digikod.net>
> > ---
>
> Yeah, I love that. I can take that as a separate patch right now even.
Yes, please take it.
>
> Reviewed-by: Christian Brauner <brauner at kernel.org>
>
More information about the Linux-security-module-archive
mailing list