From: Kirill Korotaev <dev-3ImXcnM4P+0@public.gmane.org>
To: "Serge E. Hallyn" <serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
Cc: Linux Containers
<containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org>,
Oleg Nesterov <oleg-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>,
Pavel Emelyanov <xemul-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
Subject: Re: [PATCH 11/15] Signal semantics
Date: Thu, 02 Aug 2007 12:35:32 +0400 [thread overview]
Message-ID: <46B19754.4050908@sw.ru> (raw)
In-Reply-To: <20070801161335.GA10747-6s5zFf/epYLPQpwDFJZrxKsjOiXwFzmk@public.gmane.org>
Serge E. Hallyn wrote:
> Quoting Pavel Emelyanov (xemul-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org):
>
>>[snip]
>>
>>
>>>>| Maybe it's worth disabling cross-namespaces ptracing...
>>>>
>>>>I think so too. Its probably not a serious limitation ?
>>>
>>>Several people think we will implement 'namespace entering' through a
>>>ptrace hack, where maybe the admin ptraces the init in a child pidns,
>>
>>Why not implement namespace entering w/o any hacks? :)
>
>
> I did, as a patch on top of the nsproxy container subsystem. The
> response was that that is a hack, and ptrace is cleaner :)
>
> So the current options for namespace entering would be:
>
> * using Cedric's bind_ns() functionality, which assigns an
> integer global id to a namespace, and allows a process to
> enter a namespace by that global id
looks more or less good and what OVZ actually does.
So I would prefer this one.
> * using my nsproxy container subsystem patch, which lets
> a process enter another namespace using
> echo pid > /container/some/cont/directory/tasks
> and eventually might allow construction of custom
> namespaces, i.e.
> mkdir /container/c1/c2
> ln -s /container/c1/c1/network /container/c1/c2/network
> echo $$ > /container/c1/c2/tasks
Sound ok and logical as well.
> * using ptrace to coerce a process in the target namespace
> into forking and executing the desired program.
you'll need to change ptrace interface in this case imho...
doesn't sound ok at all... at least for me. So I agree with Pavel.
>>>makes it fork, and makes the child execute what it wants (i.e. ps -ef).
>>>
>>>You're talking about killing that functionality?
>>
>>No. We're talking about disabling the things that are not supposed
>>to work at all.
>
>
> Uh, well in the abstract that sounds like a sound policy...
Pavel simply meant that no one plans to disable functionality in question.
Thanks,
Kirill
next prev parent reply other threads:[~2007-08-02 8:35 UTC|newest]
Thread overview: 104+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-07-26 14:45 [RFC][PATCH 0/15] Pid namespaces Pavel Emelyanov
[not found] ` <46A8B37B.6050108-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2007-07-26 14:46 ` [PATCH 1/15] Move exit_task_namespaces() Pavel Emelyanov
[not found] ` <46A8B3C4.5080601-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2007-07-26 16:10 ` Dave Hansen
2007-07-27 6:38 ` Pavel Emelyanov
2007-07-26 16:47 ` Oleg Nesterov
[not found] ` <20070726164724.GA81-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-07-26 16:59 ` Kirill Korotaev
2007-07-27 8:07 ` Oleg Nesterov
[not found] ` <20070727080758.GA509-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-07-27 8:24 ` Pavel Emelyanov
[not found] ` <46A9ABC1.1000800-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2007-07-27 8:35 ` Oleg Nesterov
[not found] ` <20070727083541.GA528-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-07-27 8:37 ` Pavel Emelyanov
2007-08-02 16:20 ` Oleg Nesterov
[not found] ` <20070802162023.GB137-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-08-06 8:00 ` Pavel Emelyanov
[not found] ` <46B6D52C.3010405-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2007-08-06 9:54 ` Oleg Nesterov
[not found] ` <20070806095421.GA85-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-08-06 9:58 ` Pavel Emelyanov
[not found] ` <46B6F0DA.4080904-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2007-08-06 10:38 ` Oleg Nesterov
[not found] ` <20070806103838.GA129-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-08-06 11:21 ` Pavel Emelyanov
[not found] ` <46B7044A.4030508-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2007-08-06 12:54 ` Oleg Nesterov
[not found] ` <20070806125419.GB91-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-08-06 13:38 ` Pavel Emelyanov
2007-08-06 11:29 ` Pavel Emelyanov
[not found] ` <46B7060E.3020609-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2007-08-06 12:50 ` Oleg Nesterov
[not found] ` <20070806125032.GA91-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-08-06 13:36 ` Pavel Emelyanov
[not found] ` <46B723F3.8020905-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2007-08-06 13:57 ` Oleg Nesterov
2007-07-26 14:47 ` [PATCH 2/15] Introduce MS_KERNMOUNT flag Pavel Emelyanov
2007-07-26 14:48 ` [PATCH 3/15] kern_siginfo helper Pavel Emelyanov
[not found] ` <46A8B42F.5070605-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2007-07-29 11:41 ` Oleg Nesterov
[not found] ` <20070729114154.GE120-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-07-30 6:07 ` Pavel Emelyanov
[not found] ` <46AD8032.90005-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2007-07-31 0:21 ` sukadev-r/Jw6+rmf7HQT0dZR+AlfA
2007-07-26 14:48 ` [PATCH 4/15] Make proc_flust_task() flush entries from multiple proc trees Pavel Emelyanov
2007-07-26 14:49 ` [PATCH 5/15] Introduce struct upid Pavel Emelyanov
[not found] ` <46A8B486.3030006-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2007-07-29 9:52 ` Oleg Nesterov
[not found] ` <20070729095210.GA120-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-07-30 5:58 ` Pavel Emelyanov
2007-07-26 14:50 ` [PATCH 6/15] Make alloc_pid(), free_pid() and put_pid() work with " Pavel Emelyanov
[not found] ` <46A8B4AE.6040903-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2007-07-29 10:16 ` Oleg Nesterov
[not found] ` <20070729101651.GB120-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-07-30 6:03 ` Pavel Emelyanov
2007-07-26 14:51 ` [PATCH 7/15] Helpers to obtain pid numbers Pavel Emelyanov
[not found] ` <46A8B4D6.1080301-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2007-07-26 19:03 ` Dave Hansen
2007-07-27 6:40 ` Pavel Emelyanov
2007-07-29 12:10 ` Oleg Nesterov
[not found] ` <20070729121051.GF120-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-07-30 6:11 ` Pavel Emelyanov
2007-07-26 14:51 ` [PATCH 8/15] Helpers to find the task by its numerical ids Pavel Emelyanov
[not found] ` <46A8B502.8070606-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2007-07-26 19:05 ` Dave Hansen
2007-07-27 6:43 ` Pavel Emelyanov
2007-07-29 12:40 ` Oleg Nesterov
[not found] ` <20070729124045.GG120-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-07-30 6:15 ` Pavel Emelyanov
2007-07-26 14:52 ` [PATCH 9/15] Move alloc_pid() after the namespace is cloned Pavel Emelyanov
[not found] ` <46A8B531.3050602-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2007-07-27 15:12 ` Oleg Nesterov
[not found] ` <20070727151238.GA336-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-07-30 6:17 ` Pavel Emelyanov
[not found] ` <46AD8266.8050802-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2007-07-30 23:43 ` sukadev-r/Jw6+rmf7HQT0dZR+AlfA
2007-07-31 5:49 ` sukadev-r/Jw6+rmf7HQT0dZR+AlfA
2007-07-26 14:54 ` [PATCH 10/15] Make each namespace has its own proc tree Pavel Emelyanov
[not found] ` <46A8B59E.7050009-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2007-07-26 17:38 ` Dave Hansen
2007-07-29 15:58 ` Oleg Nesterov
[not found] ` <20070729155841.GI120-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-07-29 17:04 ` Oleg Nesterov
[not found] ` <20070729170436.GA941-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-07-30 6:45 ` Pavel Emelyanov
2007-07-30 6:43 ` Pavel Emelyanov
2007-07-26 14:55 ` [PATCH 11/15] Signal semantics Pavel Emelyanov
[not found] ` <46A8B5C7.9040407-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2007-07-27 12:31 ` Oleg Nesterov
[not found] ` <20070727123153.GA92-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-07-27 13:38 ` Pavel Emelyanov
[not found] ` <46A9F54B.5050000-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2007-07-27 18:46 ` sukadev-r/Jw6+rmf7HQT0dZR+AlfA
[not found] ` <20070727184604.GB1072-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2007-07-27 19:59 ` Serge E. Hallyn
[not found] ` <20070727195943.GA25878-6s5zFf/epYLPQpwDFJZrxKsjOiXwFzmk@public.gmane.org>
2007-07-27 20:23 ` sukadev-r/Jw6+rmf7HQT0dZR+AlfA
[not found] ` <20070727202337.GC1072-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2007-07-30 9:34 ` Pavel Emelyanov
2007-07-30 9:31 ` Pavel Emelyanov
[not found] ` <46ADB000.1000705-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2007-08-01 16:13 ` Serge E. Hallyn
[not found] ` <20070801161335.GA10747-6s5zFf/epYLPQpwDFJZrxKsjOiXwFzmk@public.gmane.org>
2007-08-02 8:35 ` Kirill Korotaev [this message]
[not found] ` <46B19754.4050908-3ImXcnM4P+0@public.gmane.org>
2007-08-02 20:09 ` Serge E. Hallyn
2007-07-29 11:25 ` Oleg Nesterov
2007-07-26 14:56 ` [PATCH 12/15] Miscelaneous stuff for pid namespaces Pavel Emelyanov
[not found] ` <46A8B601.4020108-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2007-07-27 6:22 ` sukadev-r/Jw6+rmf7HQT0dZR+AlfA
[not found] ` <20070727062213.GE23584-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2007-07-27 6:53 ` Pavel Emelyanov
2007-07-26 14:56 ` [PATCH 13/15] Clone the pid namespace Pavel Emelyanov
2007-07-26 14:57 ` [PATCH 14/15] Destroy pid namespace on init's death Pavel Emelyanov
[not found] ` <46A8B663.9040206-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2007-07-29 10:41 ` Oleg Nesterov
[not found] ` <20070729104145.GC120-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-07-30 11:56 ` Pavel Emelyanov
[not found] ` <46ADD202.9030502-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2007-07-30 15:46 ` Oleg Nesterov
[not found] ` <20070730154639.GA127-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-07-31 6:19 ` sukadev-r/Jw6+rmf7HQT0dZR+AlfA
[not found] ` <20070731061917.GB17013-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2007-07-31 9:07 ` Oleg Nesterov
[not found] ` <20070731090721.GA110-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-08-01 6:16 ` sukadev-r/Jw6+rmf7HQT0dZR+AlfA
[not found] ` <20070801061616.GA5405-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2007-08-01 16:00 ` Dave Hansen
2007-08-01 19:51 ` Oleg Nesterov
[not found] ` <20070801195123.GB196-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-08-02 8:37 ` Kirill Korotaev
[not found] ` <46B197E3.3040309-3ImXcnM4P+0@public.gmane.org>
2007-08-02 16:08 ` Oleg Nesterov
[not found] ` <20070802160851.GA137-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-08-02 17:08 ` Oleg Nesterov
[not found] ` <20070802170820.GA2566-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-08-03 6:22 ` sukadev-r/Jw6+rmf7HQT0dZR+AlfA
[not found] ` <20070803062227.GA16833-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2007-08-03 10:55 ` Oleg Nesterov
[not found] ` <20070803105557.GA91-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-08-03 21:36 ` sukadev-r/Jw6+rmf7HQT0dZR+AlfA
2007-08-02 7:37 ` sukadev-r/Jw6+rmf7HQT0dZR+AlfA
2007-08-01 19:48 ` Oleg Nesterov
[not found] ` <20070801194811.GA196-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-08-02 7:29 ` sukadev-r/Jw6+rmf7HQT0dZR+AlfA
[not found] ` <20070802072958.GA729-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2007-08-02 15:40 ` Oleg Nesterov
[not found] ` <20070802154018.GA93-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-08-02 17:20 ` sukadev-r/Jw6+rmf7HQT0dZR+AlfA
[not found] ` <20070802172033.GA8011-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2007-08-02 17:31 ` Oleg Nesterov
[not found] ` <20070802173128.GA2616-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-08-02 18:36 ` sukadev-r/Jw6+rmf7HQT0dZR+AlfA
[not found] ` <20070802183608.GB15332-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2007-08-02 18:49 ` Oleg Nesterov
[not found] ` <20070802184953.GA316-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-08-02 19:13 ` Serge E. Hallyn
2007-07-26 14:58 ` [PATCH 15/15] Hooks over the code to show correct values to user Pavel Emelyanov
[not found] ` <46A8B6AD.4000307-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2007-07-27 5:57 ` sukadev-r/Jw6+rmf7HQT0dZR+AlfA
[not found] ` <20070727055736.GC23584-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2007-07-27 6:44 ` Pavel Emelyanov
2007-07-29 14:31 ` Oleg Nesterov
[not found] ` <20070729143136.GH120-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-07-30 6:49 ` Pavel Emelyanov
[not found] ` <46AD89E6.1030607-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2007-07-31 10:04 ` Oleg Nesterov
2007-07-27 4:22 ` [RFC][PATCH 0/15] Pid namespaces sukadev-r/Jw6+rmf7HQT0dZR+AlfA
[not found] ` <20070727042213.GB23584-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2007-07-27 6:08 ` sukadev-r/Jw6+rmf7HQT0dZR+AlfA
[not found] ` <20070727060856.GD23584-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2007-07-27 6:47 ` Pavel Emelyanov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=46B19754.4050908@sw.ru \
--to=dev-3imxcnm4p+0@public.gmane.org \
--cc=containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org \
--cc=oleg-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org \
--cc=serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org \
--cc=xemul-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.