From: Greg KH <gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org>
To: Amir Goldstein <amir-3AfRa/s5aFdBDgjK7y7TUQ@public.gmane.org>
Cc: Michael J Coss
<michael.coss-cfy2TCaE7SFv+uJa97DSA9BPR1lH4CV8@public.gmane.org>,
containers-cunTk1MwBs98uUxBSJOaYoYkZiVZrdSR2LY78lusg7I@public.gmane.org,
Serge Hallyn
<serge.hallyn-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org>,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
"Eric W. Biederman"
<ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>,
davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org
Subject: Re: [PATCH 2/3] lib/kobject_uevent.c: add uevent forwarding function
Date: Wed, 9 Sep 2015 22:58:34 -0700 [thread overview]
Message-ID: <20150910055834.GB31213@kroah.com> (raw)
In-Reply-To: <CAA2m6vcnUz4EeS-FH2P=GjKSquXit=j1NE5Yut8_baLA+TvjJA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
On Thu, Sep 10, 2015 at 08:43:28AM +0300, Amir Goldstein wrote:
> I fully agree with you that running unmodified distro inside a
> container is not a justified
> cause for kernel changes.
Great, end of discussion :)
> However, I would like to highlight the point that udev is not the only
> consumer of uevents, so changing userspace, as you rightfully
> suggested, may not be as simple as you imagine.
But you have control over who consumes uevents, so if you really want to
create such a "only send some uevents to some containers" you can do so
from the "host" container today. Exactly like udev does this today if
you look at how udevd works, udevd uses the kernel as the filter to only
wake up processes that have subscribed to specific events. It's as if
no one actually looks at how this works :(
> For example, in our Android use case, we have no intention of running
> unmodified Android
> inside container and modifying Android's ueventd is not an issue for us.
> Android userspace uses uevents extensively. For example, vold uses uevents to be
> notified of SDCARD insert event and that is just one example.
> We can get around vold and maybe we can get around every other open
> source Android tool
> that make use of uevents, but phone vendors tend to use uevents to communicate
> messages between their drivers and proprietary software and this is
> were we must have
> a way to filter those uevents in the kernel.
If you are going to modify Android, just use udevd and filter things
that way, you can do it today. Or just modify the tools that Android
uses for listening to uevents.
> You argue that "device is never bound to a namespace" (and that it
> never will be) and I don't disagree with that.
Great, end of discussion :)
> However, as Eric said, the "broadcast everything" logic does not make
> much sense.
Only one thing is listening to these events, put your filter there
(again, just like udevd does today...)
> In a way, the broadcast logic is opposite to your suggestion to modify
> userspace.
Nope, see above.
> In almost every existing implementation of containers, only the root namespace
> owns responsibility for booting the machine and configuring devices, so if all
> containers were running modified userspace, there would have been no need to
> broadcast uevents to all namespaces.
Wonderful, as you said you were going to modify the container
applications, this isn't an issue :)
> At the very least, you should be able to consent with the idea of
> having the broadcast policy decided by userspace.
But it already is, userspace can decide what it wants to do with every
event today. Again, to sound like a broken record, just like udevd
does.
greg k-h
WARNING: multiple messages have this Message-ID (diff)
From: Greg KH <gregkh@linuxfoundation.org>
To: Amir Goldstein <amir@cellrox.com>
Cc: Michael J Coss <michael.coss@alcatel-lucent.com>,
Serge Hallyn <serge.hallyn@ubuntu.com>,
containers@lists.linuxfoundation.org, davem@davemloft.net,
linux-kernel@vger.kernel.org, Oren Laadan <orenl@cellrox.com>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Stephane Graber <stgraber@ubuntu.com>
Subject: Re: [PATCH 2/3] lib/kobject_uevent.c: add uevent forwarding function
Date: Wed, 9 Sep 2015 22:58:34 -0700 [thread overview]
Message-ID: <20150910055834.GB31213@kroah.com> (raw)
In-Reply-To: <CAA2m6vcnUz4EeS-FH2P=GjKSquXit=j1NE5Yut8_baLA+TvjJA@mail.gmail.com>
On Thu, Sep 10, 2015 at 08:43:28AM +0300, Amir Goldstein wrote:
> I fully agree with you that running unmodified distro inside a
> container is not a justified
> cause for kernel changes.
Great, end of discussion :)
> However, I would like to highlight the point that udev is not the only
> consumer of uevents, so changing userspace, as you rightfully
> suggested, may not be as simple as you imagine.
But you have control over who consumes uevents, so if you really want to
create such a "only send some uevents to some containers" you can do so
from the "host" container today. Exactly like udev does this today if
you look at how udevd works, udevd uses the kernel as the filter to only
wake up processes that have subscribed to specific events. It's as if
no one actually looks at how this works :(
> For example, in our Android use case, we have no intention of running
> unmodified Android
> inside container and modifying Android's ueventd is not an issue for us.
> Android userspace uses uevents extensively. For example, vold uses uevents to be
> notified of SDCARD insert event and that is just one example.
> We can get around vold and maybe we can get around every other open
> source Android tool
> that make use of uevents, but phone vendors tend to use uevents to communicate
> messages between their drivers and proprietary software and this is
> were we must have
> a way to filter those uevents in the kernel.
If you are going to modify Android, just use udevd and filter things
that way, you can do it today. Or just modify the tools that Android
uses for listening to uevents.
> You argue that "device is never bound to a namespace" (and that it
> never will be) and I don't disagree with that.
Great, end of discussion :)
> However, as Eric said, the "broadcast everything" logic does not make
> much sense.
Only one thing is listening to these events, put your filter there
(again, just like udevd does today...)
> In a way, the broadcast logic is opposite to your suggestion to modify
> userspace.
Nope, see above.
> In almost every existing implementation of containers, only the root namespace
> owns responsibility for booting the machine and configuring devices, so if all
> containers were running modified userspace, there would have been no need to
> broadcast uevents to all namespaces.
Wonderful, as you said you were going to modify the container
applications, this isn't an issue :)
> At the very least, you should be able to consent with the idea of
> having the broadcast policy decided by userspace.
But it already is, userspace can decide what it wants to do with every
event today. Again, to sound like a broken record, just like udevd
does.
greg k-h
next prev parent reply other threads:[~2015-09-10 5:58 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-09-09 2:10 [PATCH 0/3] kobject: support namespace aware udev Michael J. Coss
2015-09-09 2:10 ` [PATCH 1/3] lib/kobject_uevent.c: disable broadcast of uevents to other namespaces Michael J. Coss
2015-09-11 0:36 ` Eric W. Biederman
2015-09-11 18:21 ` Michael J Coss
[not found] ` <51c185b6fa89f0b8e9e7dcaffb3c21c975c84302.1441762578.git.michael.coss-cfy2TCaE7SFv+uJa97DSA9BPR1lH4CV8@public.gmane.org>
2015-10-02 17:40 ` Oren Laadan
2015-09-09 2:10 ` [PATCH 2/3] lib/kobject_uevent.c: add uevent forwarding function Michael J. Coss
2015-09-09 3:55 ` Greg KH
[not found] ` <20150909035527.GB5153-U8xfFu+wG4EAvxtiuMwx3w@public.gmane.org>
2015-09-09 19:24 ` Michael J Coss
2015-09-09 19:24 ` Michael J Coss
[not found] ` <55F0875C.6060108-cfy2TCaE7SFv+uJa97DSA9BPR1lH4CV8@public.gmane.org>
2015-09-09 20:11 ` Greg KH
2015-09-09 20:11 ` Greg KH
[not found] ` <20150909201123.GC9328-U8xfFu+wG4EAvxtiuMwx3w@public.gmane.org>
2015-09-10 5:43 ` Amir Goldstein
2015-09-10 5:43 ` Amir Goldstein
[not found] ` <CAA2m6vcnUz4EeS-FH2P=GjKSquXit=j1NE5Yut8_baLA+TvjJA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-09-10 5:58 ` Greg KH [this message]
2015-09-10 5:58 ` Greg KH
2015-09-11 0:54 ` Eric W. Biederman
2015-09-11 18:43 ` [COMMERCIAL] " Michael J Coss
[not found] ` <3456750fe7a5a5eb709e315618facf5704cc1885.1441762578.git.michael.coss-cfy2TCaE7SFv+uJa97DSA9BPR1lH4CV8@public.gmane.org>
2015-10-02 18:00 ` Oren Laadan
[not found] ` <CAA4jN2br76atf9UuOhJVcoQPZ6GMN91Mk1GsoXcVFC-eFvFafA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-10-14 3:40 ` Oren Laadan
2015-09-09 2:10 ` [PATCH 3/3] net/udevns: Netlink module to forward uevent to containers Michael J. Coss
2015-09-11 1:05 ` Eric W. Biederman
2015-09-11 19:01 ` Michael J Coss
2015-09-09 3:54 ` [PATCH 0/3] kobject: support namespace aware udev Greg KH
2015-09-09 19:05 ` Michael J Coss
2015-09-09 20:09 ` Greg KH
2015-09-09 20:16 ` Michael J Coss
2015-09-09 20:28 ` Greg KH
2015-09-09 20:55 ` [COMMERCIAL] " Michael J Coss
2015-09-10 5:21 ` Greg KH
[not found] ` <cover.1441762578.git.michael.coss-cfy2TCaE7SFv+uJa97DSA9BPR1lH4CV8@public.gmane.org>
2015-09-09 18:53 ` [PATCH 1/3] lib/kobject_uevent.c: disable broadcast of uevents to other namespaces Michael J. Coss
2015-09-09 18:53 ` [PATCH 2/3] lib/kobject_uevent.c: add uevent forwarding function Michael J. Coss
2015-09-09 18:53 ` [PATCH 3/3] net/udevns: Netlink module to forward uevent to containers Michael J. Coss
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150910055834.GB31213@kroah.com \
--to=gregkh-hqyy1w1ycw8ekmwlsbkhg0b+6bgklq7r@public.gmane.org \
--cc=amir-3AfRa/s5aFdBDgjK7y7TUQ@public.gmane.org \
--cc=containers-cunTk1MwBs98uUxBSJOaYoYkZiVZrdSR2LY78lusg7I@public.gmane.org \
--cc=davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=michael.coss-cfy2TCaE7SFv+uJa97DSA9BPR1lH4CV8@public.gmane.org \
--cc=serge.hallyn-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.