From mboxrd@z Thu Jan 1 00:00:00 1970 From: Cedric Le Goater Subject: Re: [patch -mm 1/5] mqueue namespace : add struct mq_namespace Date: Tue, 02 Oct 2007 12:13:16 +0200 Message-ID: <470219BC.3050702@fr.ibm.com> References: <20071002084608.149781400@fr.ibm.com>> <20071002084906.477406083@fr.ibm.com>> <47020A29.9060403@sw.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <47020A29.9060403-3ImXcnM4P+0@public.gmane.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org Errors-To: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org To: Kirill Korotaev Cc: "Denis V. Lunev" , containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org, "Eric W. Biederman" List-Id: containers.vger.kernel.org Hello Kirill, Kirill Korotaev wrote: > Cedric, > > how safe does it intersect with netlinks from network namespace? > I see mqueues can send netlink messages, have you checked how safe it is? a ref is taken on the 'struct sock' in the mq_notify() syscall and the skbuff which will be send to notify the user is also allocated in the mq_notify() syscall. So we should be in the same net namespace when we register the notification and when we notify. I hope the net guys can confirm or we will easily check in the next -lxc patchset which will merge this patchset with netns. however, we have an issue with the signal notification in __do_notify() we could kill a process in a different pid namespace. C.