From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Serge E. Hallyn" Subject: Re: [RFC][PATCH 00/10] taskstats: Enhancements for precise accounting Date: Sat, 25 Sep 2010 13:19:28 -0500 Message-ID: <20100925181928.GA19611@hallyn.com> References: <1285249681.1837.28.camel@holzheu-laptop> <20100923131136.356075f4.akpm@linux-foundation.org> <20100923221139.GI23839@count0.beaverton.ibm.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: Content-Disposition: inline In-Reply-To: <20100923221139.GI23839-52DBMbEzqgQ/wnmkkaCWp/UQ3DHhIser@public.gmane.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org Errors-To: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org To: Matt Helsley Cc: Venkatesh Pallipadi , linux-s390-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, Peter Zijlstra , Shailabh Nagar , John stultz , containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org, Heiko Carstens , Oleg Nesterov , linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, Balbir Singh , Thomas Gleixner , Martin Schwidefsky , Andrew Morton , holzheu-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org, Ingo Molnar , Suresh Siddha List-Id: containers.vger.kernel.org Quoting Matt Helsley (matthltc-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org): > I don't think even "root" can see/use pids outside its namespace (without Just to be clear on this, you're right in what you say, but if a task in a child pidns still has access to the /proc mount of the parent pidns, then it can see the pids in there, and get information from them, i.e. /proc/pid/maps. So in that sense, some people could misinterpret "see/use pids" and think you weren't right. -serge From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Date: Sat, 25 Sep 2010 13:19:28 -0500 From: "Serge E. Hallyn" Subject: Re: [RFC][PATCH 00/10] taskstats: Enhancements for precise accounting Message-ID: <20100925181928.GA19611@hallyn.com> References: <1285249681.1837.28.camel@holzheu-laptop> <20100923131136.356075f4.akpm@linux-foundation.org> <20100923221139.GI23839@count0.beaverton.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20100923221139.GI23839@count0.beaverton.ibm.com> Sender: linux-kernel-owner@vger.kernel.org List-Archive: List-Post: To: Matt Helsley Cc: Andrew Morton , Shailabh Nagar , linux-s390@vger.kernel.org, Peter Zijlstra , Venkatesh Pallipadi , John stultz , containers@lists.linux-foundation.org, Heiko Carstens , Oleg Nesterov , linux-kernel@vger.kernel.org, Suresh Siddha , Martin Schwidefsky , Ingo Molnar , holzheu@linux.vnet.ibm.com, Thomas Gleixner , Balbir Singh List-ID: Quoting Matt Helsley (matthltc@us.ibm.com): > I don't think even "root" can see/use pids outside its namespace (without Just to be clear on this, you're right in what you say, but if a task in a child pidns still has access to the /proc mount of the parent pidns, then it can see the pids in there, and get information from them, i.e. /proc/pid/maps. So in that sense, some people could misinterpret "see/use pids" and think you weren't right. -serge