The Linux Kernel Data Structure Journey — “struct nsproxy”
Overall, “struct nsproxy” (Namespace proxy) is a kernel data structure that contains a pointer to all per-process namespaces (https://systemweakness.com/linux-namespaces-part-1-dcee9c40fb68) like: mount (fs), uts, network, sysvipc and more. The PID namespace (https://medium.com/@boutnaru/linux-namespaces-pid-namespace-e7e22f96ac3d) is an exception because the field “pid_ns_for_children” is a pointer for the namespace information that the children will use (https://elixir.bootlin.com/linux/v6.4.10/source/include/linux/nsproxy.h#L16). By the way we can retrieve the PID namespace of a process/task using the function “task_active_pid_ns” (https://elixir.bootlin.com/linux/v6.4.10/source/kernel/pid.c#L507).
Moreover, “struct nsproxy” is defined in “/include/linux/nsproxy.h” (https://elixir.bootlin.com/linux/v6.4.10/source/include/linux/nsproxy.h#L31). The “count” field contains the number of tasks holding a reference. “uts_ns” which holds a pointer to the information regarding the process UTS namespace (https://medium.com/@boutnaru/linux-namespaces-uts-part-2-6073eacc82ae). “ipc_ns” which holds a pointer to the information regarding the process IPC namespace (https://medium.com/@boutnaru/linux-namespaces-ipc-namespace-927f01cbcf3d). “mnt_ns” which holds a pointer to the information regarding the process mount namespace (https://medium.com/@boutnaru/linux-namespaces-mount-namespace-fca1e47d7a88).
Also, “net_ns” which holds a pointer to the information regarding the process mount namespace (https://medium.com/@boutnaru/linux-namespaces-network-namespace-part-3-7f8f8e06fef3). “time_ns” which holds a pointer to the information regarding the process time namespace (https://medium.com/@boutnaru/linux-namespaces-time-namespace-part-3-1314b4c9cd32). “time_ns_for_children” is a pointer for the time namespace information that the children will use. “cgroup_ns” which holds a pointer to the information regarding the process cgroup namespace (https://medium.com/@boutnaru/linux-cgroups-control-groups-part-1-358c636ffde0).
Lastly, “struct nsproxy” is shared by tasks that share all namespaces. When a single namespace is cloned/unshared (like if using the clone/setns()/unshare() syscalls) the data structure is copied (https://elixir.bootlin.com/linux/v6.4.10/source/include/linux/nsproxy.h#L27). We can get to if from “struct task_struct” of the current process — as shown in the diagram below. By the way, the user namespace information is stored in “struct cred” (more information about it in a future writeup).
See you next time ;-) You can also follow me on twitter — @boutnaru (https://twitter.com/boutnaru).
