From: Hubertus Franke <frankeh@watson.ibm.com>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: linux-kernel@vger.kernel.org, vserver@list.linux-vserver.org,
Herbert Poetzl <herbert@13thfloor.at>,
"Serge E. Hallyn" <serue@us.ibm.com>,
Alan Cox <alan@lxorguk.ukuu.org.uk>,
Dave Hansen <haveblue@us.ibm.com>,
Arjan van de Ven <arjan@infradead.org>,
Suleiman Souhlal <ssouhlal@FreeBSD.org>,
Cedric Le Goater <clg@fr.ibm.com>,
Kyle Moffett <mrmacman_g4@mac.com>, Kirill Korotaev <dev@sw.ru>,
Greg <gkurz@fr.ibm.com>, Linus Torvalds <torvalds@osdl.org>,
Andrew Morton <akpm@osdl.org>, Greg KH <greg@kroah.com>,
Rik van Riel <riel@redhat.com>,
Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>,
Andrey Savochkin <saw@sawoct.com>,
Kirill Korotaev <dev@openvz.org>, Andi Kleen <ak@suse.de>,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Jeff Garzik <jgarzik@pobox.com>,
Trond Myklebust <trond.myklebust@fys.uio.no>,
Jes Sorensen <jes@sgi.com>
Subject: Re: [RFC][PATCH 0/20] Multiple instances of the process id namespace
Date: Mon, 06 Feb 2006 15:40:50 -0500 [thread overview]
Message-ID: <43E7B452.2080706@watson.ibm.com> (raw)
In-Reply-To: <m11wygnvlp.fsf@ebiederm.dsl.xmission.com>
Eric W. Biederman wrote:
> There have been several discussions in the past month about how
> to do a good job of implementing a subset of user space that
> looks like it has the system to itself. Essentially making
> chroot everything it could be. This is my take on what
> the implementation of a pid namespace should look like.
>
Eric, this looks very good. The pspace internal implementation
is very similar to what I was working on objectifying the pidmap
etc. I was pursuing the same route in using find_pid()
functions as the means to distinguish pspaces rather then
actually virtualizing them.
But this code already goes so much further in many many aspects.
Kudos to you.
I am still going through some of the details, but this is an
excellent starting position.
>
> What follows is a real patch set that is sufficiently complete
> to be used and useful in it's own right. There are a few areas
> of the kernel where the patchset does not reach, mostly these
> cause the compile to fail. In addition a good thorough review
> still needs to be done. This patchset does paint a picture
> of how I think things should look.
>
> From the kernel community at large I am asking:
> Does the code look generally sane?
Yes, but I have one question for you...
Large parts of the patch are adding the pspace argument
to find_task_by_pid() and in many cases that argument is
current->pspace.
It might bring down the size of the patch if you
have
find_task_by_pid( pid ) { return find_task_pidspace_by_pid ( current->pspace, pid ); }
and then only deal with the exceptional cases using find_task_pidspace_by_pid
when the pidspace is different..
>
> Does the use of clone to create a new namespace instance look
> like the sane approach?
>
At he surface it looks OK .. how does this work in a multi-threaded
process which does cloen ( CLONE_NPSPACE ) ?
We discussed at some point that exec is the right place to do it,
but what I get is that because this is the container_init task
we are OK !
A bit clarification would help here ...
> Hopefully this code is sufficiently comprehensible to allow a good
> discussion to come out of this.
>
Yes
> Thanks for your time,
>
> Eric
-- Hubertus
next prev parent reply other threads:[~2006-02-06 20:41 UTC|newest]
Thread overview: 78+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-02-06 19:19 [RFC][PATCH 0/20] Multiple instances of the process id namespace Eric W. Biederman
2006-02-06 19:22 ` [RFC][PATCH 01/20] pid: Intoduce the concept of a wid (wait id) Eric W. Biederman
2006-02-06 19:27 ` [RFC][PATCH 02/20] pspace: The parent process id of pid 1 is always 0 Eric W. Biederman
2006-02-06 19:29 ` [RFC][PATCH 03/20] pid: Introduce a generic helper to test for init Eric W. Biederman
2006-02-06 19:34 ` [RFC][PATCH 04/20] pspace: Allow multiple instaces of the process id namespace Eric W. Biederman
2006-02-06 19:36 ` [RFC][PATCH 05/20] sched: Fixup the scheduler syscalls to deal with pspaces Eric W. Biederman
2006-02-06 19:39 ` [RFC][PATCH 06/20] cad_pid: Fixup the cad_pid users to assume it is in the initial process id namespace Eric W. Biederman
2006-02-06 19:41 ` [RFC][PATCH 07/20] tty: Update the tty layer to work with pspaces Eric W. Biederman
2006-02-06 19:44 ` [RFC][PATCH 08/20] vt: Update the virtual console to handle pspaces Eric W. Biederman
2006-02-06 19:46 ` [RFC][PATCH 09/20] ptrace: Update ptrace " Eric W. Biederman
2006-02-06 19:49 ` [RFC][PATCH 10/20] capabilities: Update the capabilities code to " Eric W. Biederman
2006-02-06 19:51 ` [RFC][PATCH 11/20] ioprio: Update ioprio " Eric W. Biederman
2006-02-06 19:54 ` [RFC][PATCH 12/20] fcntl: Update fcntl to work with pspaces Eric W. Biederman
2006-02-06 19:57 ` [RFC][PATCH 13/20] kthread: Update kthread " Eric W. Biederman
2006-02-06 19:59 ` [RFC][PATCH 14/20] mm: Update vmscan " Eric W. Biederman
2006-02-06 20:00 ` [RFC][PATCH 15/20] posix-timers: Update posix timers " Eric W. Biederman
2006-02-06 20:02 ` [PATCH 16/20] nfs: Don't use pids to track the lockd server process Eric W. Biederman
2006-02-06 20:03 ` [RFC][PATCH 17/20] usb: Fixup usb so it works with pspaces Eric W. Biederman
2006-02-06 20:05 ` [RFC][PATCH 18/20] posix-mqueue: Make mqueues work with pspspaces Eric W. Biederman
2006-02-06 20:07 ` [RFC][PATCH 19/20] pspace: Upcate the pid_max sysctl to work in a per pspace fashion Eric W. Biederman
2006-02-06 20:12 ` [RFC][PATCH 20/20] proc: Update /proc to support multiple pid spaces Eric W. Biederman
2006-02-10 20:40 ` Kirill Korotaev
2006-02-11 10:10 ` Eric W. Biederman
2006-02-06 20:41 ` [RFC][PATCH 17/20] usb: Fixup usb so it works with pspaces Serge E. Hallyn
2006-02-06 20:53 ` Eric W. Biederman
2006-02-07 16:41 ` [RFC][PATCH 04/20] pspace: Allow multiple instaces of the process id namespace William Lee Irwin III
2006-02-07 17:05 ` Eric W. Biederman
2006-02-10 20:30 ` Kirill Korotaev
2006-02-11 9:42 ` Eric W. Biederman
2006-02-11 10:11 ` Eric W. Biederman
2006-02-11 10:43 ` Eric W. Biederman
2006-02-13 8:53 ` Kirill Korotaev
2006-02-13 16:40 ` Dave Hansen
2006-02-11 11:03 ` Eric W. Biederman
2006-02-13 9:02 ` Kirill Korotaev
2006-02-13 21:31 ` Serge E. Hallyn
2006-02-13 23:41 ` Eric W. Biederman
2006-02-11 11:57 ` Eric W. Biederman
2006-02-13 9:22 ` Kirill Korotaev
2006-02-13 17:02 ` Serge E. Hallyn
2006-02-14 5:59 ` Eric W. Biederman
2006-02-14 5:54 ` Eric W. Biederman
2006-02-14 18:45 ` Dave Hansen
2006-02-15 12:07 ` Kirill Korotaev
2006-02-15 13:31 ` Herbert Poetzl
2006-02-16 13:44 ` Serge E. Hallyn
2006-02-20 9:27 ` Kirill Korotaev
2006-02-20 17:04 ` Herbert Poetzl
2006-02-21 16:29 ` Kirill Korotaev
2006-02-21 23:23 ` Herbert Poetzl
2006-02-20 11:29 ` Kirill Korotaev
2006-02-20 12:34 ` Herbert Poetzl
2006-02-20 14:11 ` Kirill Korotaev
2006-02-20 15:08 ` Herbert Poetzl
2006-03-01 22:06 ` Cedric Le Goater
2006-02-15 18:40 ` Eric W. Biederman
2006-02-06 19:56 ` [RFC][PATCH 03/20] pid: Introduce a generic helper to test for init Dave Hansen
2006-02-06 20:22 ` Eric W. Biederman
2006-02-07 15:08 ` Geert Uytterhoeven
2006-02-07 15:17 ` Eric W. Biederman
2006-02-06 19:54 ` [RFC][PATCH 01/20] pid: Intoduce the concept of a wid (wait id) Serge E. Hallyn
2006-02-06 20:23 ` Eric W. Biederman
2006-02-07 17:39 ` Jeff Dike
2006-02-07 18:32 ` Eric W. Biederman
2006-02-10 18:51 ` Kirill Korotaev
2006-02-11 9:25 ` Eric W. Biederman
2006-02-13 8:43 ` Kirill Korotaev
2006-02-14 0:04 ` Eric W. Biederman
2006-02-06 20:40 ` Hubertus Franke [this message]
2006-02-06 20:51 ` [RFC][PATCH 0/20] Multiple instances of the process id namespace Eric W. Biederman
2006-02-06 21:07 ` Hubertus Franke
2006-02-06 21:56 ` Eric W. Biederman
2006-02-07 0:48 ` Dave Hansen
2006-02-07 5:14 ` Eric W. Biederman
2006-02-07 9:33 ` Andi Kleen
2006-02-08 4:19 ` Randy.Dunlap
2006-02-08 4:28 ` Eric W. Biederman
2006-02-08 4:51 ` Randy.Dunlap
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=43E7B452.2080706@watson.ibm.com \
--to=frankeh@watson.ibm.com \
--cc=ak@suse.de \
--cc=akpm@osdl.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=arjan@infradead.org \
--cc=benh@kernel.crashing.org \
--cc=clg@fr.ibm.com \
--cc=dev@openvz.org \
--cc=dev@sw.ru \
--cc=ebiederm@xmission.com \
--cc=gkurz@fr.ibm.com \
--cc=greg@kroah.com \
--cc=haveblue@us.ibm.com \
--cc=herbert@13thfloor.at \
--cc=jes@sgi.com \
--cc=jgarzik@pobox.com \
--cc=kuznet@ms2.inr.ac.ru \
--cc=linux-kernel@vger.kernel.org \
--cc=mrmacman_g4@mac.com \
--cc=riel@redhat.com \
--cc=saw@sawoct.com \
--cc=serue@us.ibm.com \
--cc=ssouhlal@FreeBSD.org \
--cc=torvalds@osdl.org \
--cc=trond.myklebust@fys.uio.no \
--cc=vserver@list.linux-vserver.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.