From: "Serge E. Hallyn" <serge-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org>
To: "Eric W. Biederman" <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
Cc: Aditya Kali <adityakali-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>,
Containers
<containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org>,
Oleg Nesterov <oleg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
Andy Lutomirski <luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org>,
linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: Re: [REVIEW][PATCH 2/3] fork: Allow CLONE_PARENT after setns(CLONE_NEWPID)
Date: Wed, 27 Nov 2013 01:58:48 +0000 [thread overview]
Message-ID: <20131127015848.GE31364@mail.hallyn.com> (raw)
In-Reply-To: <87vbzezojq.fsf_-_-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
Quoting Eric W. Biederman (ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org):
>
> Serge Hallyn <serge.hallyn-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org> writes:
> > Hi Oleg,
> >
> > commit 40a0d32d1eaffe6aac7324ca92604b6b3977eb0e :
> > "fork: unify and tighten up CLONE_NEWUSER/CLONE_NEWPID checks"
> > breaks lxc-attach in 3.12. That code forks a child which does
> > setns() and then does a clone(CLONE_PARENT). That way the
> > grandchild can be in the right namespaces (which the child was
> > not) and be a child of the original task, which is the monitor.
> >
> > lxc-attach in 3.11 was working fine with no side effects that I
> > could see. Is there a real danger in allowing CLONE_PARENT
> > when current->nsproxy->pidns_for_children is not our pidns,
> > or was this done out of an "over-abundance of caution"? Can we
> > safely revert that new extra check?
>
> The two fundamental things I know we can not allow are:
> - A shared signal queue aka CLONE_THREAD. Because we compute the pid
> and uid of the signal when we place it in the queue.
>
> - Changing the pid and by extention pid_namespace of an existing
> process.
>
> >From a parents perspective there is nothing special about the pid
> namespace, to deny CLONE_PARENT, because the parent simply won't know or
> care.
>
> >From the childs perspective all that is special really are shared signal
> queues.
>
> User mode threading with CLONE_PARENT|CLONE_VM|CLONE_SIGHAND and tasks
> in different pid namespaces is almost certainly going to break because
> it is complicated. But shared signal handlers can look at per thread
> information to know which pid namespace a process is in, so I don't know
> of any reason not to support CLONE_PARENT|CLONE_VM|CLONE_SIGHAND threads
> at the kernel level. It would be absolutely stupid to implement but
> that is a different thing.
>
> So hmm.
>
> Because it can do no harm, and because it is a regression let's remove
> the CLONE_PARENT check and send it stable.
> Cc: stable-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
> Acked-by: Oleg Nesterov <oleg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
> Acked-by: Andy Lutomirski <luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org>
> Acked-by: Serge E. Hallyn <serge.hallyn-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org>
Thanks, Eric.
> Signed-off-by: "Eric W. Biederman" <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
> ---
> kernel/fork.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/kernel/fork.c b/kernel/fork.c
> index 728d5be9548c..f82fa2ee7581 100644
> --- a/kernel/fork.c
> +++ b/kernel/fork.c
> @@ -1171,7 +1171,7 @@ static struct task_struct *copy_process(unsigned long clone_flags,
> * do not allow it to share a thread group or signal handlers or
> * parent with the forking task.
> */
> - if (clone_flags & (CLONE_SIGHAND | CLONE_PARENT)) {
> + if (clone_flags & CLONE_SIGHAND) {
> if ((clone_flags & (CLONE_NEWUSER | CLONE_NEWPID)) ||
> (task_active_pid_ns(current) !=
> current->nsproxy->pid_ns_for_children))
> --
> 1.7.5.4
next prev parent reply other threads:[~2013-11-27 1:58 UTC|newest]
Thread overview: 64+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-15 16:41 Regression wrt mounting /proc in user namespace in 3.13 Daniel P. Berrange
[not found] ` <20131115164123.GN28794-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-11-16 16:48 ` Serge E. Hallyn
[not found] ` <20131116164840.GA4441-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2013-11-17 3:06 ` Serge E. Hallyn
[not found] ` <20131117030653.GA7670-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2013-11-18 3:19 ` Serge E. Hallyn
[not found] ` <20131118031932.GA17621-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2013-11-18 4:52 ` Gao feng
[not found] ` <52899D09.5080202-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2013-11-18 14:08 ` Serge E. Hallyn
[not found] ` <20131118140830.GA22075-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2013-11-18 18:01 ` Serge E. Hallyn
[not found] ` <20131118180134.GA24156-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2013-11-19 1:51 ` Eric W. Biederman
[not found] ` <87k3g5gnuv.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2013-11-19 3:47 ` Serge E. Hallyn
2013-11-26 18:10 ` Serge E. Hallyn
[not found] ` <20131126181043.GA25492-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2013-11-27 0:14 ` [REVIEW][PATCH 0/3] userns fixes for v3.13-rc1 Eric W. Biederman
[not found] ` <87siui1z1g.fsf_-_-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2013-11-27 0:16 ` [REVIEW][PATCH 1/3] vfs: In d_path don't call d_dname on a mount point Eric W. Biederman
2013-11-27 1:58 ` Serge E. Hallyn
[not found] ` <8738mi1yya.fsf_-_-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2013-11-27 1:58 ` Serge E. Hallyn
2013-11-30 6:15 ` Al Viro
[not found] ` <20131130061525.GY10323-3bDd1+5oDREiFSDQTTA3OLVCufUGDwFn@public.gmane.org>
2013-11-30 17:02 ` Al Viro
[not found] ` <20131130170226.GZ10323-3bDd1+5oDREiFSDQTTA3OLVCufUGDwFn@public.gmane.org>
2013-11-30 21:51 ` Eric W. Biederman
[not found] ` <87a9glh838.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2013-11-30 22:43 ` Al Viro
[not found] ` <20131130224340.GA10323-3bDd1+5oDREiFSDQTTA3OLVCufUGDwFn@public.gmane.org>
2013-12-02 7:29 ` Al Viro
2014-01-17 3:29 ` Eric W. Biederman
2014-01-17 3:29 ` Eric W. Biederman
[not found] ` <874n53gub7.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2014-01-17 8:39 ` Al Viro
[not found] ` <20140117083901.GA10323-3bDd1+5oDREiFSDQTTA3OLVCufUGDwFn@public.gmane.org>
2014-02-07 2:21 ` [PATCH 0/4] d_dname cleanups Eric W. Biederman
[not found] ` <87iosrhdc0.fsf_-_-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2014-02-07 2:23 ` [PATCH 1/4] perfmon: Use d_alloc_pseudo like all of the d_dname callers Eric W. Biederman
2014-02-07 2:23 ` [PATCH 2/4] vfs: Simply when d_alloc_dname is called Eric W. Biederman
2014-02-07 2:24 ` [PATCH 3/4] vfs: Move the call of d_op->d_dname from d_path to prepend_path Eric W. Biederman
2014-02-07 2:24 ` [PATCH 4/4] vfs: Call d_dname from dentry_path Eric W. Biederman
2013-12-01 5:09 ` [REVIEW][PATCH 1/3] vfs: In d_path don't call d_dname on a mount point Al Viro
[not found] ` <20131201050930.GB10323-3bDd1+5oDREiFSDQTTA3OLVCufUGDwFn@public.gmane.org>
2013-12-01 6:15 ` [REVIEW][PATCH 1/3] vfs: In d_path don't call d_dname on a mountpoint Tetsuo Handa
2013-12-01 6:15 ` Tetsuo Handa
2013-12-02 5:43 ` [REVIEW][PATCH 1/3] vfs: In d_path don't call d_dname on a mount point NeilBrown
2013-12-02 5:43 ` NeilBrown
2013-12-02 16:23 ` J.Bruce Fields
2013-12-02 16:23 ` J.Bruce Fields
[not found] ` <20131202164359.4f4f2c94-wvvUuzkyo1EYVZTmpyfIwg@public.gmane.org>
2013-12-02 16:23 ` J.Bruce Fields
2013-11-27 0:16 ` [REVIEW][PATCH 2/3] fork: Allow CLONE_PARENT after setns(CLONE_NEWPID) Eric W. Biederman
2013-11-27 0:16 ` Eric W. Biederman
[not found] ` <87vbzezojq.fsf_-_-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2013-11-27 1:58 ` Serge E. Hallyn [this message]
2013-11-27 0:17 ` [REVIEW][PATCH 3/3] vfs: Fix a regression in mounting proc Eric W. Biederman
[not found] ` <87pppmzoin.fsf_-_-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2013-11-27 0:21 ` Andy Lutomirski
[not found] ` <CALCETrVp78EfzY3Oa-LV1Hm8A4Y35apehcxrxdyrzvTb5sp=pA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-11-27 0:36 ` Eric W. Biederman
2013-11-27 2:00 ` Serge E. Hallyn
2013-11-27 3:19 ` Gao feng
[not found] ` <529564AA.8050100-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2013-11-27 5:00 ` Eric W. Biederman
2013-11-27 5:00 ` Eric W. Biederman
2013-11-27 16:13 ` Oleg Nesterov
2013-11-27 16:13 ` Oleg Nesterov
[not found] ` <20131127161300.GA24773-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-11-27 16:29 ` Serge E. Hallyn
[not found] ` <20131127162928.GB7358-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2013-11-27 18:09 ` Oleg Nesterov
2013-11-27 16:41 ` Andy Lutomirski
[not found] ` <CALCETrXFnw63=JoEaQxM+Opj+kCXSL=9XppymzGKhLzOnp3WaQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-11-27 18:10 ` Oleg Nesterov
2013-11-27 18:51 ` Eric W. Biederman
2013-11-27 19:47 ` Oleg Nesterov
[not found] ` <20131127194722.GA32673-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-11-27 19:52 ` Eric W. Biederman
2013-11-27 19:52 ` Eric W. Biederman
[not found] ` <87iovdmxl7.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2013-11-27 20:01 ` Oleg Nesterov
2013-11-27 20:07 ` Eric W. Biederman
[not found] ` <87wqjtlic3.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2013-11-27 20:41 ` Andy Lutomirski
2013-11-29 19:53 ` Oleg Nesterov
2013-12-13 22:07 ` Richard Weinberger
[not found] ` <20131129195327.GA12974-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2013-12-13 22:07 ` Richard Weinberger
2013-11-27 20:41 ` Andy Lutomirski
[not found] ` <CALCETrUwjK7iLMMJaCvKUbBwEqV58oXY4dWzTGJohYgg4DwjWQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-11-29 14:56 ` Serge E. Hallyn
[not found] ` <871u21oeyr.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2013-11-27 19:47 ` Oleg Nesterov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131127015848.GE31364@mail.hallyn.com \
--to=serge-a9i7lubdfnhqt0dzr+alfa@public.gmane.org \
--cc=adityakali-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org \
--cc=oleg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.