1. static int userns_install(struct nsproxy *nsproxy, struct ns_common *ns)
    2. {
    3.     struct user_namespace *user_ns = to_user_ns(ns);
    4.     struct cred *cred;
    5.     /* Don't allow gaining capabilities by reentering
    6.      * the same user namespace.
    7.      */
    8.     if (user_ns == current_user_ns())
    9.         return -EINVAL;
    11.   /* 判断是否是多线程 */
    12.     /* Tasks that share a thread group must share a user namespace */
    13.     if (!thread_group_empty(current))
    14.         return -EINVAL;
    17.   if (current->fs->users != 1)
    18.         return -EINVAL;
    19.     if (!ns_capable(user_ns, CAP_SYS_ADMIN))
    20.         return -EPERM;
    21.     cred = prepare_creds();
    22.     if (!cred)
    23.         return -ENOMEM;
    24.     put_user_ns(cred->user_ns);
    25.     set_cred_user_ns(cred, get_user_ns(user_ns));
    26.     return commit_creds(cred);
    27. }