namespace-util: modernize fd_is_namespace() and is_our_namespace()

- Make fd_is_namespace() take NamespaceType - Drop support for kernel without NS_GET_NSTYPE (< 4.11) - Port is_our_namespace() to namespace_open_by_type() (preparation for later commits, where the latter would go by pidfd if available, avoiding procfs)
author: Mike Yuan <me@yhndnzj.com> 2024-11-27 16:35:11 +0100
committer: Mike Yuan <me@yhndnzj.com> 2025-01-04 17:07:59 +0100
commit: 07610cafcf60d1dddd8a59d508129fdca91857d7 (patch)
tree: c1572c8371588cc7d38f7b0f3c73425c323d38b6 /README
parent: namespace-util: refuse remote pidref in pidref_namespace_open() (diff)
download: systemd-07610cafcf60d1dddd8a59d508129fdca91857d7.tar.xz
systemd-07610cafcf60d1dddd8a59d508129fdca91857d7.zip
1 files changed, 5 insertions, 3 deletions
diff --git a/README b/README
index 4dabdaee06..7501b6b943 100644
--- a/README
+++ b/README
@@ -35,6 +35,7 @@ REQUIREMENTS:
                      ≥ 4.9 for RENAME_NOREPLACE support in vfat
                      ≥ 4.10 for cgroup-bpf egress and ingress hooks
                      ≥ 4.11 for nsfs
+                     # FIXME: drop compat glue and remove entries above before v258
                      ≥ 4.15 for cgroup-bpf device hook and cpu controller in cgroup v2
                      ≥ 4.17 for cgroup-bpf socket address hooks and /sys/power/resume_offset
                      ≥ 4.20 for PSI (used by systemd-oomd)
@@ -43,16 +44,17 @@ REQUIREMENTS:
                      ≥ 5.4 for pidfd, new mount API, and signed Verity images
                      ≥ 5.6 for getrandom() GRND_INSECURE
                      ≥ 5.7 for CLONE_INTO_CGROUP, BPF links and the BPF LSM hook
-                     ≥ 5.9 for close_range()
                      ≥ 5.8 for LOOP_CONFIGURE and STATX_ATTR_MOUNT_ROOT
+                     ≥ 5.9 for close_range()
                      ≥ 6.3 for MFD_EXEC/MFD_NOEXEC_SEAL and tmpfs noswap option
                      ≥ 6.5 for name_to_handle_at() AT_HANDLE_FID, SO_PEERPIDFD/SO_PASSPIDFD,
                                and MOVE_MOUNT_BENEATH
                      ≥ 6.9 for pidfs
 
-        ⛔ Kernel versions below 4.3 ("minimum baseline") are not supported at
+        ⛔ Kernel versions below 4.11 ("minimum baseline") are not supported at
         all, and are missing required functionality (e.g. CLOCK_BOOTTIME support
-        for timerfd_create(), getrandom(), ambient capabilities, or memfd_create()).
+        for timerfd_create(), getrandom(), ambient capabilities, memfd_create(),
+        or nsfs (NS_GET_NSTYPE)).
 
         ⚠️ Kernel versions below 5.4 ("recommended baseline") have significant
         gaps in functionality and are not recommended for use with this version
author	Mike Yuan <me@yhndnzj.com>	2024-11-27 16:35:11 +0100
committer	Mike Yuan <me@yhndnzj.com>	2025-01-04 17:07:59 +0100
commit	07610cafcf60d1dddd8a59d508129fdca91857d7 (patch)
tree	c1572c8371588cc7d38f7b0f3c73425c323d38b6 /README
parent	namespace-util: refuse remote pidref in pidref_namespace_open() (diff)
download	systemd-07610cafcf60d1dddd8a59d508129fdca91857d7.tar.xz systemd-07610cafcf60d1dddd8a59d508129fdca91857d7.zip