From: Vasily Kulikov <segoon-cxoSlKxDwOJWk0Htik3J/w@public.gmane.org>
To: Pavel Emelyanov <xemul-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
Cc: Richard Weinberger
<richard.weinberger-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org,
Serge Hallyn
<serge.hallyn-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org>,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Oleg Nesterov <oleg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
David Howells <dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
"Eric W. Biederman"
<ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>,
Andrew Morton
<akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>,
Al Viro <viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org>
Subject: Re: [PATCH v2] /proc/pid/status: show all sets of pid according to ns
Date: Wed, 28 May 2014 22:28:24 +0400 [thread overview]
Message-ID: <20140528182824.GA5057@cachalot> (raw)
In-Reply-To: <5385DA19.2060008-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
On Wed, May 28, 2014 at 16:44 +0400, Pavel Emelyanov wrote:
> On 05/28/2014 02:24 PM, Chen Hanxiao wrote:
> > We need a direct method of getting the pid inside containers.
>
> But there's more generic issue -- some day we'll need to know not only
> PIDs as seen from different namespaces, but also SIDs and PGIDs.
Maybe include all per-ns ID in a separate file? Then the old 'status'
file includes IDs from the current namespace only, the new file (e.g.
'ids' or 'ns_ids') contains only hierarchical IDs which differ from
namespace to namespace for all possible namespaces. It will be simplier
to parse the file -- if 'ns_ids' file contains some ID then this ID for
every ns can be obtained regardless of the specific ID name (SID, PID,
PGID, etc.).
>
> > If some issues occurred inside container guest, host user
> > could not know which process is in trouble just by guest pid:
> > the users of container guest only knew the pid inside containers.
> > This will bring obstacle for trouble shooting.
> >
> > This patch adds two fields:
> >
> > NStgid and NSpid.
> >
> > a) In init_pid_ns, nothing changed;
> >
> > b) In one pidns, will tell the pid inside containers:
> > NStgid: 1628 9 3
> > NSpid: 1628 9 3
> > ** Process id is 1628 in level 0, 9 in level 1, 3 in level 2.
> >
> > c) If pidns is nested, it depends on which pidns are you in.
> > NStgid: 9 3
> > NSpid: 9 3
> > ** Views from level 1
Thanks,
--
Vasily Kulikov
http://www.openwall.com - bringing security into open computing environments
WARNING: multiple messages have this Message-ID (diff)
From: Vasily Kulikov <segoon@openwall.com>
To: Pavel Emelyanov <xemul@parallels.com>
Cc: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>,
Richard Weinberger <richard.weinberger@gmail.com>,
containers@lists.linux-foundation.org,
Serge Hallyn <serge.hallyn@ubuntu.com>,
linux-kernel@vger.kernel.org, Oleg Nesterov <oleg@redhat.com>,
David Howells <dhowells@redhat.com>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Andrew Morton <akpm@linux-foundation.org>,
Al Viro <viro@zeniv.linux.org.uk>
Subject: Re: [PATCH v2] /proc/pid/status: show all sets of pid according to ns
Date: Wed, 28 May 2014 22:28:24 +0400 [thread overview]
Message-ID: <20140528182824.GA5057@cachalot> (raw)
In-Reply-To: <5385DA19.2060008@parallels.com>
On Wed, May 28, 2014 at 16:44 +0400, Pavel Emelyanov wrote:
> On 05/28/2014 02:24 PM, Chen Hanxiao wrote:
> > We need a direct method of getting the pid inside containers.
>
> But there's more generic issue -- some day we'll need to know not only
> PIDs as seen from different namespaces, but also SIDs and PGIDs.
Maybe include all per-ns ID in a separate file? Then the old 'status'
file includes IDs from the current namespace only, the new file (e.g.
'ids' or 'ns_ids') contains only hierarchical IDs which differ from
namespace to namespace for all possible namespaces. It will be simplier
to parse the file -- if 'ns_ids' file contains some ID then this ID for
every ns can be obtained regardless of the specific ID name (SID, PID,
PGID, etc.).
>
> > If some issues occurred inside container guest, host user
> > could not know which process is in trouble just by guest pid:
> > the users of container guest only knew the pid inside containers.
> > This will bring obstacle for trouble shooting.
> >
> > This patch adds two fields:
> >
> > NStgid and NSpid.
> >
> > a) In init_pid_ns, nothing changed;
> >
> > b) In one pidns, will tell the pid inside containers:
> > NStgid: 1628 9 3
> > NSpid: 1628 9 3
> > ** Process id is 1628 in level 0, 9 in level 1, 3 in level 2.
> >
> > c) If pidns is nested, it depends on which pidns are you in.
> > NStgid: 9 3
> > NSpid: 9 3
> > ** Views from level 1
Thanks,
--
Vasily Kulikov
http://www.openwall.com - bringing security into open computing environments
next prev parent reply other threads:[~2014-05-28 18:28 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-05-28 10:24 [PATCH v2] /proc/pid/status: show all sets of pid according to ns Chen Hanxiao
2014-05-28 10:24 ` Chen Hanxiao
[not found] ` <1401272683-1659-1-git-send-email-chenhanxiao-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2014-05-28 12:44 ` Pavel Emelyanov
2014-05-28 12:44 ` Pavel Emelyanov
[not found] ` <5385DA19.2060008-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2014-05-28 18:28 ` Vasily Kulikov [this message]
2014-05-28 18:28 ` Vasily Kulikov
2014-05-28 19:27 ` Pavel Emelyanov
2014-05-28 19:27 ` Pavel Emelyanov
[not found] ` <53863889.9080509-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2014-05-29 5:59 ` Vasily Kulikov
2014-05-29 5:59 ` Vasily Kulikov
2014-05-29 9:07 ` Pavel Emelyanov
2014-05-29 9:07 ` Pavel Emelyanov
2014-05-29 9:21 ` Richard Weinberger
[not found] ` <5386FC0C.9000307-/L3Ra7n9ekc@public.gmane.org>
2014-05-29 9:41 ` Pavel Emelyanov
2014-05-29 9:41 ` Pavel Emelyanov
[not found] ` <538700B5.5070601-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2014-05-29 9:54 ` Richard Weinberger
2014-05-29 9:54 ` Richard Weinberger
[not found] ` <538703D0.7030308-/L3Ra7n9ekc@public.gmane.org>
2014-05-29 10:02 ` Pavel Emelyanov
2014-05-29 10:02 ` Pavel Emelyanov
[not found] ` <5387059E.9010105-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2014-05-29 10:19 ` Richard Weinberger
2014-05-29 10:19 ` Richard Weinberger
[not found] ` <538709A5.60000-/L3Ra7n9ekc@public.gmane.org>
2014-05-29 10:36 ` Pavel Emelyanov
2014-05-29 10:36 ` Pavel Emelyanov
2014-05-29 9:53 ` chenhanxiao
[not found] ` <5871495633F38949900D2BF2DC04883E52A481-ZEd+hNNJ6a5ZYpXjqAkB5jz3u5zwRJJDAzI0kPv9QBlmR6Xm/wNWPw@public.gmane.org>
2014-05-29 10:40 ` Pavel Emelyanov
2014-05-29 10:40 ` Pavel Emelyanov
[not found] ` <5386F8EA.8050501-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2014-05-29 9:21 ` Richard Weinberger
2014-05-29 9:53 ` chenhanxiao-BthXqXjhjHXQFUHtdCDX3A
2014-05-29 11:12 ` Vasily Kulikov
2014-05-29 11:12 ` Vasily Kulikov
2014-05-29 11:31 ` Pavel Emelyanov
2014-05-29 11:31 ` Pavel Emelyanov
[not found] ` <53871A92.9000004-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2014-05-29 11:59 ` Vasily Kulikov
2014-05-29 11:59 ` Vasily Kulikov
2014-05-29 12:53 ` Pavel Emelyanov
2014-05-29 12:53 ` Pavel Emelyanov
[not found] ` <53872DAD.1070502-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
2014-05-31 6:07 ` Vasily Kulikov
2014-05-31 6:07 ` Vasily Kulikov
2014-05-31 20:08 ` Eric W. Biederman
2014-05-31 20:08 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140528182824.GA5057@cachalot \
--to=segoon-cxoslkxdwojwk0htik3j/w@public.gmane.org \
--cc=akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=oleg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=richard.weinberger-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=serge.hallyn-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org \
--cc=viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org \
--cc=xemul-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.