From: Eric Paris <eparis-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
To: Richard Guy Briggs <rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
Cc: containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-audit-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org,
sgrubb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org
Subject: Re: [PATCH V2 1/6] namespaces: assign each namespace instance a serial number
Date: Tue, 13 May 2014 11:30:45 -0400 [thread overview]
Message-ID: <1399995045.5967.3.camel@flatline.rdu.redhat.com> (raw)
In-Reply-To: <20140513151316.GE27560-bcJWsdo4jJjeVoXN4CMphl7TgLCtbB0G@public.gmane.org>
On Tue, 2014-05-13 at 11:13 -0400, Richard Guy Briggs wrote:
> On 14/05/13, Richard Guy Briggs wrote:
> > On 14/05/10, Eric Paris wrote:
> > > On Fri, 2014-05-09 at 20:27 -0400, Richard Guy Briggs wrote:
> > > > Generate and assign a serial number per namespace instance since boot.
> > > >
> > > > Use a serial number per namespace (unique across one boot of one kernel)
> > > > instead of the inode number (which is claimed to have had the right to change
> > > > reserved and is not necessarily unique if there is more than one proc fs) to
> > > > uniquely identify it per kernel boot.
> > > >
> > > > Signed-off-by: Richard Guy Briggs <rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
> > > > ---
> > >
> > > > +/**
> > > > + * ns_serial - compute a serial number for the namespace
> > > > + *
> > > > + * Compute a serial number for the namespace to uniquely identify it in
> > > > + * audit records.
> > > > + */
> > > > +unsigned long long ns_serial(void)
> > > > +{
> > > > + static DEFINE_SPINLOCK(serial_lock);
> > > > + static unsigned long long serial = 4; /* reserved for IPC, UTS, user, PID */
> > > > + unsigned long flags;
> > > > +
> > > > + spin_lock_irqsave(&serial_lock, flags);
> > > > + ++serial;
> > > > + spin_unlock_irqrestore(&serial_lock, flags);
> > > > + BUG_ON(!serial);
> > > > +
> > > > + return serial;
> > > > +}
> > > > +
> > > > static inline struct nsproxy *create_nsproxy(void)
> > > > {
> > > > struct nsproxy *nsproxy;
> > >
> > > atomic64_t instead of doing it yourself?
> >
> > I'm willing to switch to atomic64_*. Thanks for pointing out its
> > existence.
>
> Same would then go for using atomic_t in audit_serial().
Yup, moving to an atomic in audit_serial() looks like a good idea to me.
WARNING: multiple messages have this Message-ID (diff)
From: Eric Paris <eparis@redhat.com>
To: Richard Guy Briggs <rgb@redhat.com>
Cc: linux-audit@redhat.com, linux-kernel@vger.kernel.org,
containers@lists.linux-foundation.org, arozansk@redhat.com,
serge@hallyn.com, ebiederm@xmission.com, sgrubb@redhat.com
Subject: Re: [PATCH V2 1/6] namespaces: assign each namespace instance a serial number
Date: Tue, 13 May 2014 11:30:45 -0400 [thread overview]
Message-ID: <1399995045.5967.3.camel@flatline.rdu.redhat.com> (raw)
In-Reply-To: <20140513151316.GE27560@madcap2.tricolour.ca>
On Tue, 2014-05-13 at 11:13 -0400, Richard Guy Briggs wrote:
> On 14/05/13, Richard Guy Briggs wrote:
> > On 14/05/10, Eric Paris wrote:
> > > On Fri, 2014-05-09 at 20:27 -0400, Richard Guy Briggs wrote:
> > > > Generate and assign a serial number per namespace instance since boot.
> > > >
> > > > Use a serial number per namespace (unique across one boot of one kernel)
> > > > instead of the inode number (which is claimed to have had the right to change
> > > > reserved and is not necessarily unique if there is more than one proc fs) to
> > > > uniquely identify it per kernel boot.
> > > >
> > > > Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
> > > > ---
> > >
> > > > +/**
> > > > + * ns_serial - compute a serial number for the namespace
> > > > + *
> > > > + * Compute a serial number for the namespace to uniquely identify it in
> > > > + * audit records.
> > > > + */
> > > > +unsigned long long ns_serial(void)
> > > > +{
> > > > + static DEFINE_SPINLOCK(serial_lock);
> > > > + static unsigned long long serial = 4; /* reserved for IPC, UTS, user, PID */
> > > > + unsigned long flags;
> > > > +
> > > > + spin_lock_irqsave(&serial_lock, flags);
> > > > + ++serial;
> > > > + spin_unlock_irqrestore(&serial_lock, flags);
> > > > + BUG_ON(!serial);
> > > > +
> > > > + return serial;
> > > > +}
> > > > +
> > > > static inline struct nsproxy *create_nsproxy(void)
> > > > {
> > > > struct nsproxy *nsproxy;
> > >
> > > atomic64_t instead of doing it yourself?
> >
> > I'm willing to switch to atomic64_*. Thanks for pointing out its
> > existence.
>
> Same would then go for using atomic_t in audit_serial().
Yup, moving to an atomic in audit_serial() looks like a good idea to me.
next prev parent reply other threads:[~2014-05-13 15:30 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-05-10 0:27 [PATCH V2 0/6] namespaces: log namespaces per task Richard Guy Briggs
2014-05-10 0:27 ` Richard Guy Briggs
2014-05-10 0:27 ` [PATCH V2 4/6] namespaces: expose ns instance serial numbers in proc Richard Guy Briggs
[not found] ` <cover.1399681022.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2014-05-10 0:27 ` [PATCH V2 1/6] namespaces: assign each namespace instance a serial number Richard Guy Briggs
2014-05-10 0:27 ` Richard Guy Briggs
[not found] ` <f34b584ffed2538176f9a366e25bb98c531fb70f.1399681022.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2014-05-10 15:01 ` Eric Paris
2014-05-10 15:01 ` Eric Paris
2014-05-13 14:39 ` Richard Guy Briggs
2014-05-13 14:39 ` Richard Guy Briggs
[not found] ` <20140513143925.GD27560-bcJWsdo4jJjeVoXN4CMphl7TgLCtbB0G@public.gmane.org>
2014-05-13 15:13 ` Richard Guy Briggs
2014-05-13 15:13 ` Richard Guy Briggs
[not found] ` <20140513151316.GE27560-bcJWsdo4jJjeVoXN4CMphl7TgLCtbB0G@public.gmane.org>
2014-05-13 15:30 ` Eric Paris [this message]
2014-05-13 15:30 ` Eric Paris
[not found] ` <1399995045.5967.3.camel-OjZBOOqb7SR7cYLChsl7DafLeoKvNuZc@public.gmane.org>
2014-05-13 18:44 ` Eric Paris
2014-05-13 18:44 ` Eric Paris
2014-05-10 0:27 ` [PATCH V2 2/6] audit: log namespace serial numbers Richard Guy Briggs
2014-05-10 0:27 ` Richard Guy Briggs
[not found] ` <e1b3ea66770e9e8d067c4fb725a6940c41ccf2f2.1399681022.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2014-05-10 15:07 ` Eric Paris
2014-05-10 15:07 ` Eric Paris
2014-05-13 14:19 ` Richard Guy Briggs
2014-05-13 14:19 ` Richard Guy Briggs
2014-05-10 15:56 ` Eric Paris
2014-05-10 15:56 ` Eric Paris
2014-05-13 14:28 ` Richard Guy Briggs
2014-05-13 14:28 ` Richard Guy Briggs
2014-05-10 0:27 ` [PATCH V2 3/6] namespaces: expose namespace instance serial number in proc_ns_operations Richard Guy Briggs
2014-05-10 0:27 ` Richard Guy Briggs
2014-05-10 0:27 ` [PATCH V2 4/6] namespaces: expose ns instance serial numbers in proc Richard Guy Briggs
2014-05-10 0:27 ` [PATCH V2 5/6] namespaces: expose ns_entries Richard Guy Briggs
2014-05-10 0:27 ` [PATCH V2 6/6] audit: convert namespace serial number logging to use proc ns_entries Richard Guy Briggs
2014-05-10 0:27 ` [PATCH V2 5/6] namespaces: expose ns_entries Richard Guy Briggs
2014-05-10 0:27 ` [PATCH V2 6/6] audit: convert namespace serial number logging to use proc ns_entries Richard Guy Briggs
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1399995045.5967.3.camel@flatline.rdu.redhat.com \
--to=eparis-h+wxahxf7alqt0dzr+alfa@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=linux-audit-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=sgrubb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.