userns: When the per user per user namespace limit is reached return ENOSPC

The current error codes returned when a the per user per user namespace limit are hit (EINVAL, EUSERS, and ENFILE) are wrong. I asked for advice on linux-api and it we made clear that those were the wrong error code, but a correct effor code was not suggested. The best general error code I have found for hitting a resource limit is ENOSPC. It is not perfect but as it is unambiguous it will serve until someone comes up with a better error code. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>

userns: When the per user per user namespace limit is reached return ENOSPC
The current error codes returned when a the per user per user namespace limit are hit (EINVAL, EUSERS, and ENFILE) are wrong. I asked for advice on linux-api and it we made clear that those were the wrong error code, but a correct effor code was not suggested. The best general error code I have found for hitting a resource limit is ENOSPC. It is not perfect but as it is unambiguous it will serve until someone comes up with a better error code. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
df75e774 · Eric W. Biederman · 9c722e40 · df75e774 · df75e774 · df75e774
Commit df75e774 authored Sep 22, 2016 by Eric W. Biederman
7 changed files
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -2754,7 +2754,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns)
 	ucounts = inc_mnt_namespaces(user_ns);
 	if (!ucounts)
-		return ERR_PTR(-ENFILE);
+		return ERR_PTR(-ENOSPC);
 	new_ns = kmalloc(sizeof(struct mnt_namespace), GFP_KERNEL);
 	if (!new_ns) {

--- a/ipc/namespace.c
+++ b/ipc/namespace.c
@@ -33,7 +33,7 @@ static struct ipc_namespace *create_ipc_ns(struct user_namespace *user_ns,
 	struct ucounts *ucounts;
 	int err;
-	err = -ENFILE;
+	err = -ENOSPC;
 	ucounts = inc_ipc_namespaces(user_ns);
 	if (!ucounts)
 		goto fail;

--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
@@ -6354,7 +6354,7 @@ struct cgroup_namespace *copy_cgroup_ns(unsigned long flags,
 	ucounts = inc_cgroup_namespaces(user_ns);
 	if (!ucounts)
-		return ERR_PTR(-ENFILE);
+		return ERR_PTR(-ENOSPC);
 	/* It is not safe to take cgroup_mutex here */
 	spin_lock_irq(&css_set_lock);

--- a/kernel/pid_namespace.c
+++ b/kernel/pid_namespace.c
@@ -98,7 +98,7 @@ static struct pid_namespace *create_pid_namespace(struct user_namespace *user_ns
 	int i;
 	int err;
-	err = -EINVAL;
+	err = -ENOSPC;
 	if (level > MAX_PID_NS_LEVEL)
 		goto out;
 	ucounts = inc_pid_namespaces(user_ns);

--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
@@ -76,7 +76,7 @@ int create_user_ns(struct cred *new)
 	struct ucounts *ucounts;
 	int ret, i;
-	ret = -EUSERS;
+	ret = -ENOSPC;
 	if (parent_ns->level > 32)
 		goto fail;

--- a/kernel/utsname.c
+++ b/kernel/utsname.c
@@ -49,7 +49,7 @@ static struct uts_namespace *clone_uts_ns(struct user_namespace *user_ns,
 	struct ucounts *ucounts;
 	int err;
-	err = -ENFILE;
+	err = -ENOSPC;
 	ucounts = inc_uts_namespaces(user_ns);
 	if (!ucounts)
 		goto fail;

--- a/net/core/net_namespace.c
+++ b/net/core/net_namespace.c
@@ -370,7 +370,7 @@ struct net *copy_net_ns(unsigned long flags,
 	ucounts = inc_net_namespaces(user_ns);
 	if (!ucounts)
-		return ERR_PTR(-ENFILE);
+		return ERR_PTR(-ENOSPC);
 	net = net_alloc();
 	if (!net) {