Re: [PATCH 3/5] pid: use namespaced iteration on processes while setting capability

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Serge E. Hallyn" <serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
To: Gowrishankar M
	<gowrishankar.m-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
Cc: Containers
	<containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org>,
	Dave <dave-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>,
	Eric <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>,
	Sukadev
	<sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>,
	Balbir <balbir-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
Subject: Re: [PATCH 3/5] pid: use namespaced iteration on processes while setting capability
Date: Thu, 18 Dec 2008 11:04:34 -0600	[thread overview]
Message-ID: <20081218170434.GA13188@us.ibm.com> (raw)
In-Reply-To: <1229618553-6348-4-git-send-email-gowrishankar.m-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>

Quoting Gowrishankar M (gowrishankar.m-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org):
> From: Gowrishankar M <gomuthuk-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
> 
> In piece of dead code, cap_set_all() propogates through processes outside
> PID namespace, as iteration is always in init PID namespace.
> 
> Below patch adjusts macro controller to use do_each_thread_in_ns() so that
> only processes in current namespace are scanned
> 
> Signed-off-by: Gowrishankar M <gowrishankar.m-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>

Acked-by: Serge Hallyn <serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>

> ---
>  kernel/capability.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/kernel/capability.c b/kernel/capability.c
> index 33e51e7..e3e3765 100644
> --- a/kernel/capability.c
> +++ b/kernel/capability.c
> @@ -201,7 +201,7 @@ static inline int cap_set_all(kernel_cap_t *effective,
>  	spin_lock(&task_capability_lock);
>  	read_lock(&tasklist_lock);
> 
> -	do_each_thread(g, target) {
> +	do_each_thread_in_ns(g, target, current->nsproxy->pid_ns) {
>  		if (target == current
>  		    || is_container_init(target->group_leader))
>  			continue;
> -- 
> 1.5.5.1

next prev parent reply	other threads:[~2008-12-18 17:04 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-12-18 16:42 pid: improved namespaced iteration over processes list (v2) Gowrishankar M
     [not found] ` <1229618553-6348-1-git-send-email-gowrishankar.m-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2008-12-18 16:42   ` [PATCH 1/5] pid: add new iterative macros to list processes in a namespace Gowrishankar M
     [not found]     ` <1229618553-6348-2-git-send-email-gowrishankar.m-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2008-12-18 17:45       ` Eric W. Biederman
2008-12-18 16:42   ` [PATCH 2/5] pid: use namespaced iteration on processes while using sysrq Gowrishankar M
     [not found]     ` <1229618553-6348-3-git-send-email-gowrishankar.m-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2008-12-18 16:58       ` Dave Hansen
2008-12-18 17:12       ` Serge E. Hallyn
2008-12-18 17:31       ` Eric W. Biederman
2008-12-18 16:42   ` [PATCH 3/5] pid: use namespaced iteration on processes while setting capability Gowrishankar M
     [not found]     ` <1229618553-6348-4-git-send-email-gowrishankar.m-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2008-12-18 17:04       ` Serge E. Hallyn [this message]
2008-12-18 17:35       ` Eric W. Biederman
2008-12-18 16:42   ` [PATCH 4/5] pid: use namespaced iteration on processes while sending signal to all Gowrishankar M
     [not found]     ` <1229618553-6348-5-git-send-email-gowrishankar.m-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2008-12-18 17:04       ` Serge E. Hallyn
2008-12-18 17:10       ` Dave Hansen
2008-12-18 17:32         ` Serge E. Hallyn
2008-12-18 16:42   ` [PATCH 5/5] pid: use namespaced iteration on processes while managing priority Gowrishankar M
     [not found]     ` <1229618553-6348-6-git-send-email-gowrishankar.m-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2008-12-18 17:05       ` Serge E. Hallyn
     [not found]         ` <20081218170509.GC13188-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-12-18 17:46           ` Eric W. Biederman
2008-12-18 17:38       ` Eric W. Biederman
     [not found]         ` <m1d4fp8ju3.fsf-B27657KtZYmhTnVgQlOflh2eb7JE58TQ@public.gmane.org>
2008-12-18 18:13           ` Serge E. Hallyn
     [not found]             ` <20081218181317.GA14409-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-12-18 18:54               ` Eric W. Biederman
     [not found]                 ` <m1wsdx71r7.fsf-B27657KtZYmhTnVgQlOflh2eb7JE58TQ@public.gmane.org>
2008-12-18 19:23                   ` Serge E. Hallyn
2008-12-19  4:30                   ` Matt Helsley
2008-12-19  4:37                     ` Matt Helsley

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20081218170434.GA13188@us.ibm.com \
    --to=serue-r/jw6+rmf7hqt0dzr+alfa@public.gmane.org \
    --cc=balbir-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org \
    --cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
    --cc=dave-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org \
    --cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
    --cc=gowrishankar.m-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org \
    --cc=sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.