namespaces: take into account USERNS id

and return an error, if a proccess live in another userns,
because criu doesn't support it.

Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>

include/syscall-types.h

@@ -57,7 +57,11 @@ struct itimerspec;
 #define CLONE_NEWNET	0x40000000
 #endif
 
-#define CLONE_ALLNS	(CLONE_NEWPID | CLONE_NEWNET | CLONE_NEWIPC | CLONE_NEWUTS | CLONE_NEWNS)
+#ifndef CLONE_NEWUSER
+#define CLONE_NEWUSER	0x10000000
+#endif
+
+#define CLONE_ALLNS	(CLONE_NEWPID | CLONE_NEWNET | CLONE_NEWIPC | CLONE_NEWUTS | CLONE_NEWNS | CLONE_NEWUSER)
 
 /* Nested namespaces are supported only for these types */
 #define CLONE_SUBNS	(CLONE_NEWNS)

namespaces.c

@@ -467,9 +467,22 @@ int dump_task_ns_ids(struct pstree_item *item)
 		return -1;
 	}
 
+	ids->has_user_ns_id = true;
+	ids->user_ns_id = get_ns_id(pid, &user_ns_desc);
+	if (!ids->user_ns_id) {
+		pr_err("Can't make userns id\n");
+		return -1;
+	}
+
 	return 0;
 }
 
+static int dump_user_ns(pid_t pid, int ns_id)
+{
+	pr_err("User namesapces are not supported yet\n");
+	return -1;
+}
+
 static int do_dump_namespaces(struct ns_id *ns)
 {
 	int ret;
@@ -494,6 +507,11 @@ static int do_dump_namespaces(struct ns_id *ns)
 				ns->id, ns->pid);
 		ret = dump_net_ns(ns->id);
 		break;
+	case CLONE_NEWUSER:
+		pr_info("Dump USER namespace info %d via %d\n",
+				ns->id, ns->pid);
+		ret = dump_user_ns(ns->pid, ns->id);
+		break;
 	default:
 		pr_err("Unknown namespace flag %x", ns->nd->cflag);
 		break;

protobuf/core.proto

@@ -36,6 +36,7 @@ message task_kobj_ids_entry {
 	optional uint32			ipc_ns_id	= 7;
 	optional uint32			uts_ns_id	= 8;
 	optional uint32			mnt_ns_id	= 9;
+	optional uint32			user_ns_id	= 10;
 }
 
 message thread_sas_entry {

pstree.c

@@ -624,6 +624,8 @@ static unsigned long get_clone_mask(TaskKobjIdsEntry *i,
 		mask |= CLONE_NEWUTS;
 	if (i->mnt_ns_id != p->mnt_ns_id)
 		mask |= CLONE_NEWNS;
+	if (i->user_ns_id != p->user_ns_id)
+		mask |= CLONE_NEWUSER;
 
 	return mask;
 }