From: "Serge E. Hallyn" <serue@us.ibm.com>
To: Pavel Machek <pavel@ucw.cz>
Cc: Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>,
linux-kernel@vger.kernel.org, Oren Laadan <orenl@cs.columbia.edu>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Alexey Dobriyan <adobriyan@gmail.com>,
Pavel Emelyanov <xemul@openvz.org>, Andrew Morton <akpm@osdl.org>,
torvalds@linux-foundation.org, mikew@google.com, mingo@elte.hu,
hpa@zytor.com, Containers <containers@lists.linux-foundation.org>,
sukadev@us.ibm.com
Subject: Re: [RFC][v4][PATCH 7/7]: Define clone_with_pids syscall
Date: Mon, 10 Aug 2009 10:07:12 -0500 [thread overview]
Message-ID: <20090810150712.GA20358@us.ibm.com> (raw)
In-Reply-To: <20090810145425.GA1378@ucw.cz>
Quoting Pavel Machek (pavel@ucw.cz):
> > Unlike clone(), clone_with_pids() needs CAP_SYS_ADMIN, at least for now, to
> > prevent unprivileged processes from misusing this interface.
> >
> > Call clone_with_pids as follows:
> >
> > pid_t pids[] = { 0, 77, 99 };
> > struct pid_set pid_set;
> >
> > pid_set.num_pids = sizeof(pids) / sizeof(int);
> > pid_set.pids = &pids;
> >
> > syscall(__NR_clone_with_pids, flags, stack, NULL, NULL, NULL, &pid_set);
> >
> > If a target-pid is 0, the kernel continues to assign a pid for the process in
> > that namespace. In the above example, pids[0] is 0, meaning the kernel will
> > assign next available pid to the process in init_pid_ns. But kernel will assign
> > pid 77 in the child pid namespace 1 and pid 99 in pid namespace 2. If either
> > 77 or 99 are taken, the system call fails with -EBUSY.
> >
> > If 'pid_set.num_pids' exceeds the current nesting level of pid namespaces,
> > the system call fails with -EINVAL.
>
> Does it make sense to set the pid in anything but innermost container?
Yup, we might be restarting an app using a nested pid namespace, in which
case restart would specify pids for 2 (or more) of the innermost containers.
thanks,
-serge
next prev parent reply other threads:[~2009-08-10 15:07 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-08-07 6:11 [RFC][v4][PATCH 0/7] clone_with_pids() system call Sukadev Bhattiprolu
2009-08-07 6:12 ` [RFC][v4][PATCH 1/7]: Factor out code to allocate pidmap page Sukadev Bhattiprolu
2009-08-07 6:12 ` [RFC][v4][PATCH 2/7]: Have alloc_pidmap() return actual error code Sukadev Bhattiprolu
2009-08-07 6:13 ` [RFC][v4][PATCH 3/7]: Add target_pid parameter to alloc_pidmap() Sukadev Bhattiprolu
2009-08-07 6:13 ` [RFC][v4][PATCH 4/7]: Add target_pids parameter to alloc_pid() Sukadev Bhattiprolu
2009-08-07 6:13 ` [RFC][v4][PATCH 5/7]: Add target_pids parameter to copy_process() Sukadev Bhattiprolu
2009-08-07 6:14 ` [RFC][v4][PATCH 6/7]: Define do_fork_with_pids() Sukadev Bhattiprolu
2009-08-07 6:15 ` [RFC][v4][PATCH 7/7]: Define clone_with_pids syscall Sukadev Bhattiprolu
[not found] ` <20090807061517.GG20672-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-08-10 14:54 ` Pavel Machek
2009-08-10 14:54 ` Pavel Machek
2009-08-10 15:07 ` Serge E. Hallyn [this message]
2009-08-10 22:26 ` Sukadev Bhattiprolu
[not found] ` <20090810145425.GA1378-+ZI9xUNit7I@public.gmane.org>
2009-08-10 15:07 ` Serge E. Hallyn
2009-08-10 22:26 ` Sukadev Bhattiprolu
[not found] ` <20090807061103.GA19343-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-08-07 6:12 ` [RFC][v4][PATCH 1/7]: Factor out code to allocate pidmap page Sukadev Bhattiprolu
2009-08-07 6:12 ` [RFC][v4][PATCH 2/7]: Have alloc_pidmap() return actual error code Sukadev Bhattiprolu
2009-08-07 6:13 ` [RFC][v4][PATCH 3/7]: Add target_pid parameter to alloc_pidmap() Sukadev Bhattiprolu
2009-08-07 6:13 ` [RFC][v4][PATCH 4/7]: Add target_pids parameter to alloc_pid() Sukadev Bhattiprolu
2009-08-07 6:13 ` [RFC][v4][PATCH 5/7]: Add target_pids parameter to copy_process() Sukadev Bhattiprolu
2009-08-07 6:14 ` [RFC][v4][PATCH 6/7]: Define do_fork_with_pids() Sukadev Bhattiprolu
2009-08-07 6:15 ` [RFC][v4][PATCH 7/7]: Define clone_with_pids syscall Sukadev Bhattiprolu
2009-08-13 3:45 ` [RFC][v4][PATCH 0/7] clone_with_pids() system call Eric W. Biederman
2009-08-13 3:45 ` Eric W. Biederman
2009-08-13 8:00 ` Sukadev Bhattiprolu
[not found] ` <20090813080049.GA16639-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-08-13 9:05 ` Eric W. Biederman
2009-08-13 9:05 ` Eric W. Biederman
2009-08-13 19:46 ` Serge E. Hallyn
[not found] ` <20090813194616.GA10493-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-08-21 16:11 ` Serge E. Hallyn
2009-08-21 16:11 ` Serge E. Hallyn
[not found] ` <m1vdks2iea.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2009-08-13 19:46 ` Serge E. Hallyn
2009-08-18 3:31 ` Sukadev Bhattiprolu
2009-08-18 3:31 ` Sukadev Bhattiprolu
2009-08-13 13:32 ` Serge E. Hallyn
[not found] ` <m1vdks5qc8.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2009-08-13 8:00 ` Sukadev Bhattiprolu
2009-08-13 13:32 ` Serge E. Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090810150712.GA20358@us.ibm.com \
--to=serue@us.ibm.com \
--cc=adobriyan@gmail.com \
--cc=akpm@osdl.org \
--cc=containers@lists.linux-foundation.org \
--cc=ebiederm@xmission.com \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mikew@google.com \
--cc=mingo@elte.hu \
--cc=orenl@cs.columbia.edu \
--cc=pavel@ucw.cz \
--cc=sukadev@linux.vnet.ibm.com \
--cc=sukadev@us.ibm.com \
--cc=torvalds@linux-foundation.org \
--cc=xemul@openvz.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.