From: "Serge E. Hallyn" <serge-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org>
To: Richard Guy Briggs <rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
Cc: aviro-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
eparis-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
pmoore-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
linux-audit-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
sgrubb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org
Subject: Re: [PATCH V5 13/13] Documentation: add a section for /proc/<pid>/ns/
Date: Mon, 13 Oct 2014 15:46:59 +0200 [thread overview]
Message-ID: <20141013134659.GL24703@mail.hallyn.com> (raw)
In-Reply-To: <982503bc4e4c24cbdebd111b27191ed5bee75572.1412543112.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
Quoting Richard Guy Briggs (rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org):
> ---
Acked-by: Serge Hallyn <serge.hallyn-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org>
(some nitpicking below)
Thanks, Richard. IMO this patchset is great at the moment. Now if I
checkpoint a container, migrate it to another machine, and restart it
there, the serial numbers will no longer match, but as the creations are
all logged, userspace can track the changed snum, so I don't believe
that is a problem. (Pretty sure we've discussed that before, mostly
mentioning it here to think through it myself)
> Documentation/filesystems/proc.txt | 16 ++++++++++++++++
> 1 files changed, 16 insertions(+), 0 deletions(-)
>
> diff --git a/Documentation/filesystems/proc.txt b/Documentation/filesystems/proc.txt
> index ddc531a..c4bfd6f 100644
> --- a/Documentation/filesystems/proc.txt
> +++ b/Documentation/filesystems/proc.txt
> @@ -42,6 +42,7 @@ Table of Contents
> 3.6 /proc/<pid>/comm & /proc/<pid>/task/<tid>/comm
> 3.7 /proc/<pid>/task/<tid>/children - Information about task children
> 3.8 /proc/<pid>/fdinfo/<fd> - Information about opened file
> + 3.9 /proc/<pid>/ns/<ns>{,_snum} - Information about process namespaces
>
> 4 Configuring procfs
> 4.1 Mount options
> @@ -1744,6 +1745,21 @@ pair provide additional information particular to the objects they represent.
> optional and may be omitted if no marks created yet.
>
>
> +3.9 /proc/<pid>/ns/<nstype>{,_snum} - Information about process namespaces
> +--------------------------------------------------------------------------
> +These files provides information about the namespaces within which the process
s/provides/provide/
> +is contained. The files named only with the namespace type <nstype> contain a
> +link that lists the containing namespace' inode number in its proc filesystem.
s/'/'s/
... Maybe add "And which can be used with setns(2)."
> +The files with suffix _snum contain a link that lists the containing
> +namespace' instance serial number, unique per kernel since boot. The
s/'/'s/
> +namespace types are self-describing.
> +
> +The output format of the inode links is:
> + <nstype>:[<inode_number>]
> +The output format of the serial number links is:
> + <nstype>_snum:[<serial_number>]
> +
> +
> ------------------------------------------------------------------------------
> Configuring procfs
> ------------------------------------------------------------------------------
> --
> 1.7.1
WARNING: multiple messages have this Message-ID (diff)
From: "Serge E. Hallyn" <serge@hallyn.com>
To: Richard Guy Briggs <rgb@redhat.com>
Cc: linux-audit@redhat.com, linux-kernel@vger.kernel.org,
containers@lists.linux-foundation.org, eparis@redhat.com,
sgrubb@redhat.com, aviro@redhat.com, pmoore@redhat.com,
arozansk@redhat.com, ebiederm@xmission.com, serge@hallyn.com
Subject: Re: [PATCH V5 13/13] Documentation: add a section for /proc/<pid>/ns/
Date: Mon, 13 Oct 2014 15:46:59 +0200 [thread overview]
Message-ID: <20141013134659.GL24703@mail.hallyn.com> (raw)
In-Reply-To: <982503bc4e4c24cbdebd111b27191ed5bee75572.1412543112.git.rgb@redhat.com>
Quoting Richard Guy Briggs (rgb@redhat.com):
> ---
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
(some nitpicking below)
Thanks, Richard. IMO this patchset is great at the moment. Now if I
checkpoint a container, migrate it to another machine, and restart it
there, the serial numbers will no longer match, but as the creations are
all logged, userspace can track the changed snum, so I don't believe
that is a problem. (Pretty sure we've discussed that before, mostly
mentioning it here to think through it myself)
> Documentation/filesystems/proc.txt | 16 ++++++++++++++++
> 1 files changed, 16 insertions(+), 0 deletions(-)
>
> diff --git a/Documentation/filesystems/proc.txt b/Documentation/filesystems/proc.txt
> index ddc531a..c4bfd6f 100644
> --- a/Documentation/filesystems/proc.txt
> +++ b/Documentation/filesystems/proc.txt
> @@ -42,6 +42,7 @@ Table of Contents
> 3.6 /proc/<pid>/comm & /proc/<pid>/task/<tid>/comm
> 3.7 /proc/<pid>/task/<tid>/children - Information about task children
> 3.8 /proc/<pid>/fdinfo/<fd> - Information about opened file
> + 3.9 /proc/<pid>/ns/<ns>{,_snum} - Information about process namespaces
>
> 4 Configuring procfs
> 4.1 Mount options
> @@ -1744,6 +1745,21 @@ pair provide additional information particular to the objects they represent.
> optional and may be omitted if no marks created yet.
>
>
> +3.9 /proc/<pid>/ns/<nstype>{,_snum} - Information about process namespaces
> +--------------------------------------------------------------------------
> +These files provides information about the namespaces within which the process
s/provides/provide/
> +is contained. The files named only with the namespace type <nstype> contain a
> +link that lists the containing namespace' inode number in its proc filesystem.
s/'/'s/
... Maybe add "And which can be used with setns(2)."
> +The files with suffix _snum contain a link that lists the containing
> +namespace' instance serial number, unique per kernel since boot. The
s/'/'s/
> +namespace types are self-describing.
> +
> +The output format of the inode links is:
> + <nstype>:[<inode_number>]
> +The output format of the serial number links is:
> + <nstype>_snum:[<serial_number>]
> +
> +
> ------------------------------------------------------------------------------
> Configuring procfs
> ------------------------------------------------------------------------------
> --
> 1.7.1
next prev parent reply other threads:[~2014-10-13 13:46 UTC|newest]
Thread overview: 64+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-10-06 5:08 [PATCH V5 00/13] namespaces: log namespaces per task Richard Guy Briggs
2014-10-06 5:08 ` Richard Guy Briggs
[not found] ` <cover.1412543112.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2014-10-06 5:08 ` [PATCH V5 01/13] namespaces: assign each namespace instance a serial number Richard Guy Briggs
2014-10-06 5:08 ` Richard Guy Briggs
[not found] ` <8bc6e9595dea17bba389f4d2ce4077c30b3eb137.1412543112.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2014-10-06 9:16 ` Chen, Hanxiao
2014-10-06 9:16 ` Chen, Hanxiao
[not found] ` <5871495633F38949900D2BF2DC04883E5DAB74-ZEd+hNNJ6a5ZYpXjqAkB5jz3u5zwRJJDAzI0kPv9QBlmR6Xm/wNWPw@public.gmane.org>
2014-10-06 12:46 ` Richard Guy Briggs
2014-10-06 12:46 ` Richard Guy Briggs
2014-10-13 10:30 ` Serge E. Hallyn
2014-10-13 10:30 ` Serge E. Hallyn
2014-10-06 5:08 ` [PATCH V5 02/13] namespaces: expose namespace instance serial number in proc_ns_operations Richard Guy Briggs
2014-10-06 5:08 ` Richard Guy Briggs
[not found] ` <ebec33a351a8af7822a24d9bed81178c786a0b1a.1412543112.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2014-10-13 10:32 ` Serge E. Hallyn
2014-10-13 10:32 ` Serge E. Hallyn
2014-10-06 5:08 ` [PATCH V5 03/13] namespaces: expose ns_entries Richard Guy Briggs
2014-10-06 5:08 ` Richard Guy Briggs
[not found] ` <3ff967555ff72bf7efdf665a7209b55e4bd7f027.1412543112.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2014-10-13 10:33 ` Serge E. Hallyn
2014-10-13 10:33 ` Serge E. Hallyn
2014-10-06 5:08 ` [PATCH V5 04/13] audit: log namespace serial numbers Richard Guy Briggs
2014-10-06 5:08 ` Richard Guy Briggs
2014-10-06 5:08 ` [PATCH V5 05/13] audit: initialize at subsystem time rather than device time Richard Guy Briggs
2014-10-06 5:08 ` [PATCH V5 06/13] audit: log creation and deletion of namespace instances Richard Guy Briggs
2014-10-06 5:08 ` Richard Guy Briggs
[not found] ` <55b0228c68d0e74480ce73f88e05d16455c4c843.1412543112.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2014-10-13 12:26 ` Serge E. Hallyn
2014-10-13 12:26 ` Serge E. Hallyn
2014-10-06 5:08 ` [PATCH V5 07/13] audit: dump namespace IDs for pid on receipt of AUDIT_NS_INFO Richard Guy Briggs
2014-10-06 5:08 ` Richard Guy Briggs
[not found] ` <2503a41768e92791f9901e8ee7c132634821a2db.1412543112.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2014-10-13 12:30 ` Serge E. Hallyn
2014-10-13 12:30 ` Serge E. Hallyn
2014-10-06 5:08 ` [PATCH V5 08/13] sched: add a macro to ref all CLONE_NEW* flags Richard Guy Briggs
2014-10-06 5:08 ` Richard Guy Briggs
[not found] ` <958367f30fb7eddaa406487e63ec1889138ef54f.1412543112.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2014-10-06 9:21 ` Chen, Hanxiao
2014-10-06 9:21 ` Chen, Hanxiao
[not found] ` <5871495633F38949900D2BF2DC04883E5DABA4-ZEd+hNNJ6a5ZYpXjqAkB5jz3u5zwRJJDAzI0kPv9QBlmR6Xm/wNWPw@public.gmane.org>
2014-10-06 12:47 ` Richard Guy Briggs
2014-10-06 12:47 ` Richard Guy Briggs
2014-10-13 13:15 ` Serge E. Hallyn
2014-10-13 13:15 ` Serge E. Hallyn
2014-10-06 5:08 ` [PATCH V5 09/13] fork: audit on creation of new namespace(s) Richard Guy Briggs
2014-10-06 5:08 ` [PATCH V5 10/13] audit: log on switching namespace (setns) Richard Guy Briggs
2014-10-06 5:08 ` [PATCH V5 11/13] audit: emit AUDIT_NS_INFO record with AUDIT_VIRT_CONTROL record Richard Guy Briggs
2014-10-06 5:08 ` [PATCH V5 12/13] namespaces: expose ns instance serial numbers in proc Richard Guy Briggs
2014-10-06 5:08 ` [PATCH V5 13/13] Documentation: add a section for /proc/<pid>/ns/ Richard Guy Briggs
2014-10-06 5:08 ` [PATCH V5 05/13] audit: initialize at subsystem time rather than device time Richard Guy Briggs
[not found] ` <7fda57304bb2f74ccb7f610c04df6aa0c04bf4ba.1412543112.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2014-10-13 12:30 ` Serge E. Hallyn
2014-10-13 12:30 ` Serge E. Hallyn
2014-10-06 5:08 ` [PATCH V5 09/13] fork: audit on creation of new namespace(s) Richard Guy Briggs
[not found] ` <b9607ab778a84381b4a82cf0110d031f19b17525.1412543112.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2014-10-13 13:14 ` Serge E. Hallyn
2014-10-13 13:14 ` Serge E. Hallyn
2014-10-06 5:08 ` [PATCH V5 10/13] audit: log on switching namespace (setns) Richard Guy Briggs
[not found] ` <5df56a7fa372cf86ca7d5f3807178710097b4c27.1412543112.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2014-10-13 13:22 ` Serge E. Hallyn
2014-10-13 13:22 ` Serge E. Hallyn
2014-10-06 5:08 ` [PATCH V5 11/13] audit: emit AUDIT_NS_INFO record with AUDIT_VIRT_CONTROL record Richard Guy Briggs
[not found] ` <ad90efa917cfa5995421d36c84754f05e1934c53.1412543112.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2014-10-13 13:34 ` Serge E. Hallyn
2014-10-13 13:34 ` Serge E. Hallyn
2014-10-06 5:08 ` [PATCH V5 12/13] namespaces: expose ns instance serial numbers in proc Richard Guy Briggs
[not found] ` <53b81e89f7179ef8569409293f990b3ac7deac61.1412543112.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2014-10-13 13:41 ` Serge E. Hallyn
2014-10-13 13:41 ` Serge E. Hallyn
2014-10-06 5:08 ` [PATCH V5 13/13] Documentation: add a section for /proc/<pid>/ns/ Richard Guy Briggs
[not found] ` <982503bc4e4c24cbdebd111b27191ed5bee75572.1412543112.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2014-10-13 13:46 ` Serge E. Hallyn [this message]
2014-10-13 13:46 ` Serge E. Hallyn
[not found] ` <20141013134659.GL24703-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2014-10-14 14:25 ` Richard Guy Briggs
2014-10-14 14:25 ` Richard Guy Briggs
2014-10-14 22:03 ` Serge E. Hallyn
2014-10-14 22:03 ` Serge E. Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20141013134659.GL24703@mail.hallyn.com \
--to=serge-a9i7lubdfnhqt0dzr+alfa@public.gmane.org \
--cc=aviro-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=eparis-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=linux-audit-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=pmoore-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=sgrubb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.