From: Oleg Nesterov <oleg@redhat.com>
To: Neil Horman <nhorman@tuxdriver.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>,
Pavel Emelyanov <xemul@parallels.com>,
Daniel Berrange <berrange@redhat.com>,
Alexander Viro <viro@zeniv.linux.org.uk>,
Serge Hallyn <serge.hallyn@canonical.com>,
Andrew Morton <akpm@linux-foundation.org>,
linux-kernel@vger.kernel.org
Subject: Re: + core_pattern-set-core-helpers-root-and-namespace-to-crashing-process .patch added to -mm tree
Date: Tue, 18 Dec 2012 21:06:04 +0100 [thread overview]
Message-ID: <20121218200604.GA28834@redhat.com> (raw)
In-Reply-To: <20121217183925.GE25322@hmsreliant.think-freely.org>
On 12/17, Neil Horman wrote:
>
> On Mon, Dec 17, 2012 at 05:04:08PM +0100, Oleg Nesterov wrote:
> >
> > > Is there a way to switch all namespaces, except for the pid
> > > namespace?
> >
> > Which exactly namespaces you want to change?
> >
> Ideally, I want the pipe reader process to execute in the same namespaces that
> the crashing process executed in (i.e. the pipe reader should execute as though
> the crashing process forked it).
Yes, and we probably want to change pid_ns as well. But afaics currently
this is not possible, even setns can't do this.
I am starting to think that in this case, perhaps, do_coredump() should
not use call_usermode_helper() at all. Perhaps we can do clone(CLONE_VM) +
commit_creds/restore_root/etc + kernel_execve.
> > To be honest, I do not understand this patch at all. It seems that
> > you need to do something like sys_setns(). But if we do this, then
> > why we can't make core_pattern per-namespace?
> >
> That actually would make sense, although we can't really use setns directly, as
> I don't think we want to open file descriptors to do this manipulation in the
> kernel.
Yes, yes, sure. But this is solveable. We do not really need to open
the files in /proc, we could use proc_ns_operations->install() directly.
Although this is not pretty.
> Perhaps its best just to restrict this patch to adjusting the root fs location
> for the chroot case.
Probably... at least for the start.
BTW. Of course this is subjective, but personally I think that "||"
looks strange. Perhaps it would be better to add something like
--croot argument?
Oleg.
next prev parent reply other threads:[~2012-12-18 20:06 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-12-17 12:34 + core_pattern-set-core-helpers-root-and-namespace-to-crashing-process .patch added to -mm tree Oleg Nesterov
2012-12-17 15:05 ` Neil Horman
2012-12-17 16:04 ` Oleg Nesterov
2012-12-17 18:39 ` Neil Horman
2012-12-18 20:06 ` Oleg Nesterov [this message]
2012-12-18 20:19 ` Neil Horman
2012-12-18 20:45 ` Eric W. Biederman
2012-12-18 21:53 ` Neil Horman
2012-12-19 4:43 ` Eric W. Biederman
2012-12-19 16:34 ` Oleg Nesterov
2012-12-19 16:22 ` Oleg Nesterov
2012-12-19 20:42 ` Neil Horman
2012-12-20 13:02 ` Oleg Nesterov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20121218200604.GA28834@redhat.com \
--to=oleg@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=berrange@redhat.com \
--cc=ebiederm@xmission.com \
--cc=linux-kernel@vger.kernel.org \
--cc=nhorman@tuxdriver.com \
--cc=serge.hallyn@canonical.com \
--cc=viro@zeniv.linux.org.uk \
--cc=xemul@parallels.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.