From: Oren Laadan <orenl-eQaUEPhvms7ENvBUuze7eA@public.gmane.org>
To: "Eric W. Biederman" <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
Cc: containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org,
Pavel Emelyanov <xemul-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
Subject: Re: [RFC][PATCH 4/4] PID: use the target ID specified in procfs
Date: Thu, 13 Mar 2008 19:24:10 -0400 [thread overview]
Message-ID: <47D9B79A.80201@cs.columbia.edu> (raw)
In-Reply-To: <m163vqw74n.fsf-T1Yj925okcoyDheHMi7gv2pdwda3JcWeAL8bYrjMMd8@public.gmane.org>
Eric W. Biederman wrote:
> Oren Laadan <orenl-eQaUEPhvms7ENvBUuze7eA@public.gmane.org> writes:
>
>>>> I'm sorry but I'm pretty new in this domain, so I don't see what are the
>>>> namespaces where setting (or pre-setting) the id would be a problem?
>>> pids to some extent as people use them in all kinds of files. Being
>>> able to force the pid of another process could make a hard to trigger
>>> security hole with file permissions absolutely trivial to hit.
>> Since the intent of this mechanism is to allow ckpt/restart, it makes
>> sense to only allow this operation during restart. For example, in zap,
>> containers have a state, e.g. running, stopped, ckpt, restart, and this
>> is only possible in restart state; Furthermore, a container can only be
>> put in restart state at creation time, and only by root. Of course, you
>> should only trust that as much as you trust the root :O
>
> Yes and thanks.
>
> The notion of the state of a container makes a lot of sense (even if
> we never implement explicit state bits).
I found it extremely helpful in managing containers (pods) in zap. There
are three more states, actually: stopping, reviving and dead. It is like
extending the notion of process state into their collective representation
which is the container. In fact, restricting certain operations to specific
states was instrumental in eliminating a myriad of potential races in the
implementation.
I believe this belongs to the ever-pending ckpt/restart discussion :)
Oren.
>
> Eric
next prev parent reply other threads:[~2008-03-13 23:24 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-03-10 13:50 [RFC][PATCH 0/4] Object creation with a specified id Nadia.Derbey-6ktuUTfB/bM
2008-03-10 13:50 ` [RFC][PATCH 1/4] Provide a new procfs interface to set next ipc id Nadia.Derbey-6ktuUTfB/bM
2008-03-10 13:50 ` [RFC][PATCH 2/4] Provide a new procfs interface to set next upid nr(s) Nadia.Derbey-6ktuUTfB/bM
2008-03-10 13:50 ` [RFC][PATCH 3/4] IPC: use the target ID specified in procfs Nadia.Derbey-6ktuUTfB/bM
2008-03-10 13:50 ` [RFC][PATCH 4/4] PID: " Nadia.Derbey-6ktuUTfB/bM
[not found] ` <20080310135209.769712000-6ktuUTfB/bM@public.gmane.org>
2008-03-11 12:04 ` Pavel Emelyanov
[not found] ` <47D67557.7080506-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2008-03-11 15:28 ` Nadia Derbey
[not found] ` <47D6A52D.6030701-6ktuUTfB/bM@public.gmane.org>
2008-03-11 15:37 ` Pavel Emelyanov
[not found] ` <47D6A741.9080708-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2008-03-11 15:55 ` Nadia Derbey
2008-03-11 16:47 ` Serge E. Hallyn
[not found] ` <20080311164725.GA12918-6s5zFf/epYLPQpwDFJZrxKsjOiXwFzmk@public.gmane.org>
2008-03-11 16:55 ` Pavel Emelyanov
[not found] ` <47D6B990.4080400-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2008-03-11 17:53 ` Serge E. Hallyn
[not found] ` <20080311175328.GA14171-6s5zFf/epYLPQpwDFJZrxKsjOiXwFzmk@public.gmane.org>
2008-03-12 19:58 ` Eric W. Biederman
[not found] ` <m1zlt3yarj.fsf-T1Yj925okcoyDheHMi7gv2pdwda3JcWeAL8bYrjMMd8@public.gmane.org>
2008-03-13 10:41 ` Nadia Derbey
[not found] ` <47D904E4.4000208-6ktuUTfB/bM@public.gmane.org>
2008-03-13 17:40 ` Eric W. Biederman
[not found] ` <m1r6eewmj2.fsf-T1Yj925okcoyDheHMi7gv2pdwda3JcWeAL8bYrjMMd8@public.gmane.org>
2008-03-13 19:06 ` Serge E. Hallyn
2008-03-13 20:01 ` Oren Laadan
[not found] ` <47D987FE.9040909-eQaUEPhvms7ENvBUuze7eA@public.gmane.org>
2008-03-13 23:12 ` Eric W. Biederman
[not found] ` <m163vqw74n.fsf-T1Yj925okcoyDheHMi7gv2pdwda3JcWeAL8bYrjMMd8@public.gmane.org>
2008-03-13 23:24 ` Oren Laadan [this message]
[not found] ` <20080310135054.312992000-6ktuUTfB/bM@public.gmane.org>
2008-03-13 23:16 ` [RFC][PATCH 0/4] Object creation with a specified id Oren Laadan
[not found] ` <47D9B5B7.6060803-eQaUEPhvms7ENvBUuze7eA@public.gmane.org>
2008-03-14 6:21 ` Nadia Derbey
[not found] ` <47DA195B.8070704-6ktuUTfB/bM@public.gmane.org>
2008-03-14 15:50 ` Oren Laadan
[not found] ` <47DA9EB5.8040704-eQaUEPhvms7ENvBUuze7eA@public.gmane.org>
2008-03-14 15:56 ` Pavel Emelyanov
[not found] ` <47DAA041.9090009-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2008-03-14 16:02 ` Oren Laadan
[not found] ` <47DAA1A6.6010509-eQaUEPhvms7ENvBUuze7eA@public.gmane.org>
2008-03-14 16:08 ` Pavel Emelyanov
2008-03-14 16:11 ` Nadia Derbey
2008-03-14 16:11 ` Nadia Derbey
[not found] ` <47DAA3AA.4050906-6ktuUTfB/bM@public.gmane.org>
2008-03-14 16:45 ` Oren Laadan
[not found] ` <47DAABAB.7000706-eQaUEPhvms7ENvBUuze7eA@public.gmane.org>
2008-03-16 3:43 ` Serge E. Hallyn
[not found] ` <20080316034320.GA19793-6s5zFf/epYLPQpwDFJZrxFMas7LaWZ9n@public.gmane.org>
2008-03-16 19:08 ` Oren Laadan
[not found] ` <47DD703C.4030809-eQaUEPhvms7ENvBUuze7eA@public.gmane.org>
2008-03-17 14:44 ` Serge E. Hallyn
-- strict thread matches above, loose matches on Subject: below --
2008-03-28 9:53 [RFC][PATCH 0/4] Object creation with a pre-defined id (v2) Nadia.Derbey-6ktuUTfB/bM
2008-03-28 9:53 ` [RFC][PATCH 4/4] PID: use the target ID specified in procfs Nadia.Derbey-6ktuUTfB/bM
2008-04-04 14:51 [RFC][PATCH 0/4] Object creation with a specified id Nadia.Derbey
2008-04-04 14:51 ` [RFC][PATCH 4/4] PID: use the target ID specified in procfs Nadia.Derbey
2008-04-04 14:51 ` Nadia.Derbey-6ktuUTfB/bM
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47D9B79A.80201@cs.columbia.edu \
--to=orenl-eqauephvms7envbuuze7ea@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=xemul-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.