From: Scott James Remnant <scott-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org>
To: Matt Helsley <matthltc-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
Cc: Andrew Morton
<akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Sukadev <sukadev-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>,
Containers
<containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org>,
Michael Kerrisk
<mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
linux-man-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: Re: [PATCH] proc connector: add event for process becoming session leader
Date: Fri, 26 Jun 2009 13:38:51 +0100 [thread overview]
Message-ID: <1246019931.10001.7.camel@quest> (raw)
In-Reply-To: <20090623210110.GB7931-52DBMbEzqgQ/wnmkkaCWp/UQ3DHhIser@public.gmane.org>
[-- Attachment #1: Type: text/plain, Size: 1893 bytes --]
On Tue, 2009-06-23 at 14:01 -0700, Matt Helsley wrote:
> On Mon, Jun 22, 2009 at 04:19:09PM -0700, Andrew Morton wrote:
> > > + get_seq(&msg->seq, &ev->cpu);
> > > + ktime_get_ts(&ts); /* get high res monotonic timestamp */
> > > + put_unaligned(timespec_to_ns(&ts), (__u64 *)&ev->timestamp_ns);
> > > + ev->what = PROC_EVENT_SID;
> > > + ev->event_data.sid.process_pid = task->pid;
> >
> > This is a bit of a worry. In a containerised environment, pids are not
> > unique. Now what do we do?
>
> An excellent point. It's broadcast via a netlink multicast address. That
> means we'd have pids and listeners from arbitrary combinations of pid
> namespaces.
>
Yeah, right now that's a general problem with the netlink approach
compared to the signal approach I was using before. Of course, it's
also non-obvious how init in the initial pid namespace should deal with
processes dying in a different pid namespace.
> One obvious but poor solution is to only send the pid of the initial
> pid namespace. Then it's not ambiguous what an event refers to. However
> it also means that the events would only be useful to tasks running
> in the initial pid namespace -- not a good solution given Scott's example
> and our desire to run things like sshd in separate pid namespaces.
>
> Alternatively, we may be able to split up the connector such that the
> listeners only see events from their own pid namespace. I'm not
> sure that netlink and connectors can enable this change though.
>
Or the netlink socket could include both the pid, and a descriptor of
the pid namespace that it is in (isn't it just a pid itself?) That way
listeners could check the namespace is the same before carrying on.
Though that obviously leaks information you may not actually want
leaked?
Scott
--
Scott James Remnant
scott-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 197 bytes --]
WARNING: multiple messages have this Message-ID (diff)
From: Scott James Remnant <scott@ubuntu.com>
To: Matt Helsley <matthltc@us.ibm.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
linux-kernel@vger.kernel.org, Sukadev <sukadev@us.ibm.com>,
Containers <containers@lists.linux-foundation.org>,
Michael Kerrisk <mtk.manpages@gmail.com>,
linux-man@vger.kernel.org
Subject: Re: [PATCH] proc connector: add event for process becoming session leader
Date: Fri, 26 Jun 2009 13:38:51 +0100 [thread overview]
Message-ID: <1246019931.10001.7.camel@quest> (raw)
In-Reply-To: <20090623210110.GB7931@count0.beaverton.ibm.com>
[-- Attachment #1: Type: text/plain, Size: 1864 bytes --]
On Tue, 2009-06-23 at 14:01 -0700, Matt Helsley wrote:
> On Mon, Jun 22, 2009 at 04:19:09PM -0700, Andrew Morton wrote:
> > > + get_seq(&msg->seq, &ev->cpu);
> > > + ktime_get_ts(&ts); /* get high res monotonic timestamp */
> > > + put_unaligned(timespec_to_ns(&ts), (__u64 *)&ev->timestamp_ns);
> > > + ev->what = PROC_EVENT_SID;
> > > + ev->event_data.sid.process_pid = task->pid;
> >
> > This is a bit of a worry. In a containerised environment, pids are not
> > unique. Now what do we do?
>
> An excellent point. It's broadcast via a netlink multicast address. That
> means we'd have pids and listeners from arbitrary combinations of pid
> namespaces.
>
Yeah, right now that's a general problem with the netlink approach
compared to the signal approach I was using before. Of course, it's
also non-obvious how init in the initial pid namespace should deal with
processes dying in a different pid namespace.
> One obvious but poor solution is to only send the pid of the initial
> pid namespace. Then it's not ambiguous what an event refers to. However
> it also means that the events would only be useful to tasks running
> in the initial pid namespace -- not a good solution given Scott's example
> and our desire to run things like sshd in separate pid namespaces.
>
> Alternatively, we may be able to split up the connector such that the
> listeners only see events from their own pid namespace. I'm not
> sure that netlink and connectors can enable this change though.
>
Or the netlink socket could include both the pid, and a descriptor of
the pid namespace that it is in (isn't it just a pid itself?) That way
listeners could check the namespace is the same before carrying on.
Though that obviously leaks information you may not actually want
leaked?
Scott
--
Scott James Remnant
scott@ubuntu.com
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 197 bytes --]
next prev parent reply other threads:[~2009-06-26 12:38 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-06-15 12:03 [PATCH] proc connector: add event for process becoming session leader Scott James Remnant
2009-06-22 23:19 ` Andrew Morton
2009-06-23 8:23 ` Scott James Remnant
[not found] ` <20090622161909.e5706885.akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>
2009-06-23 21:01 ` Matt Helsley
2009-06-23 21:01 ` Matt Helsley
2009-06-23 21:01 ` Matt Helsley
[not found] ` <20090623210110.GB7931-52DBMbEzqgQ/wnmkkaCWp/UQ3DHhIser@public.gmane.org>
2009-06-26 12:38 ` Scott James Remnant [this message]
2009-06-26 12:38 ` Scott James Remnant
2009-06-26 12:38 ` Scott James Remnant
2009-06-25 22:48 ` Matt Helsley
2009-06-25 22:48 ` Matt Helsley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1246019931.10001.7.camel@quest \
--to=scott-gewih/nmzzlqt0dzr+alfa@public.gmane.org \
--cc=akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-man-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=matthltc-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org \
--cc=mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=sukadev-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.