From: Daniel Lezcano <daniel.lezcano-GANU6spQydw@public.gmane.org>
To: "H. Peter Anvin" <hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>
Cc: kyle-hoO6YkzgTuCM0SS3m2neIg@public.gmane.org,
"David C. Hansen"
<haveblue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>,
bastian-yyjItF7Rl6lg9hUCZPvPmw@public.gmane.org,
ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org,
containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org,
sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org,
alan-qBU/x9rampVanCEyBjwyrvXRex20P6io@public.gmane.org,
xemul-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org
Subject: Re: [PATCH 0/9] Multiple devpts instances
Date: Thu, 19 Feb 2009 23:42:54 +0100 [thread overview]
Message-ID: <499DE06E.4030108@free.fr> (raw)
In-Reply-To: <499DB9DA.2070301-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>
H. Peter Anvin wrote:
> Daniel Lezcano wrote:
>>>
>>> Resource limit partitioning is a much bigger and orthogonal problem.
>>>
>> In this case we don't have the pty allocated independently, no ?
>> I mean one container can allocate 4095 pty, making a pty starvation
>> for others containers. Or imagine I am a vilain and I want to mess
>> the other containers, I can do echo 0 > /proc/sys/kernel/pty/max.
>> AFAIR, we said people making isolation of a resource is in charge (if
>> it is relevant), to take into account the /proc/sys part.
>>
>> For example, making the network per namespace all the network
>> configuration variable located in /proc/sys/net are per namespace
>> too. When it is irrelevant the file is read-only or just not displayed.
>>
>> IMHO, pty/max and pty/nr is part of the "multiple devpts instances"
>> feature.
>>
>
> Naming and resource partitioning are two orthogonal issues, regardless
> of what's IYHO.
>
> Really. You have the same classes of issues with ANY allocatable
> resource in the system. Period. Furthermore, there are quite a few
> applications which want one and not the other. Trying to entangle
> them is broken.
Mmh, perhaps there is a misunderstanding here.
The devpts new instance has been principally implemented for the
container isolation. The container chroots to a private rootfs, does a
new instance of devpts, mount it to /dev/pts and should remount /proc too.
The first implementation of the devpts was a namespace approach but
finally it looks like it was not necessary to use a new clone flag
because the mount namespace with the ability to do multiple instances of
devpts was enough.
Each time we implemented a new namespace, we tried to take into account
the /proc/sys part.
For example, you can modify /proc/sys/kernel/msgmax without impacting
the other namespaces, you can modify /proc/sys/net/unix/max_dgram_qlen
without having this configuration being propagated to other namespaces.
One other good example is the /proc/sys/net/ipv4/route/flush where the
routes are flushed only for the current namespace. Why we did this ?
because someone in another container can flush the routes of the other
containers.
I agree we can found thousand of example of different resources which
are not partitioned and if you refer to multiple instances of devpts in
the same context, it is probably pointless to take into account the sysctl.
But if I am able to create a new instance of devpts for a container and
modify the configuration of another devpts from this container, is it
acceptable ? Can we convince people to use the containers for security
and have anybody able to make a pty starvation from one container to
another ?
If it is too much complicated to handle one value per new devpts
instance, IMHO /proc/sys/kernel/pty/max should be, at least, read-only
for the new instance, no ?
Thanks
-- Daniel
next prev parent reply other threads:[~2009-02-19 22:42 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-10-15 5:30 [PATCH 0/9] Multiple devpts instances sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8
[not found] ` <20081015053000.GA2039-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-10-15 5:33 ` [PATCH 1/9] Remove devpts_root global sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8
2008-10-15 5:33 ` [PATCH 2/9] Per-mount allocated_ptys sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8
2008-10-15 5:34 ` [PATCH 3/9] Per-mount 'config' object sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8
2008-10-15 5:35 ` [PATCH 4/9] Extract option parsing to new function sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8
2008-10-15 5:35 ` [PATCH 5/9] Add DEVPTS_MULTIPLE_INSTANCES config token sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8
2008-10-15 5:36 ` [PATCH 6/9] Define mknod_ptmx() sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8
2008-10-15 5:37 ` [PATCH 7/9] Define get_init_pts_sb() sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8
2008-10-15 5:37 ` [PATCH 8/9] Enable multiple instances of devpts sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8
2008-10-15 5:38 ` [PATCH 9/9] Document usage of multiple-instances " sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8
[not found] ` <20081015053800.GI2215-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-10-15 18:57 ` Serge E. Hallyn
[not found] ` <20081015185722.GA30005-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-10-15 19:03 ` H. Peter Anvin
[not found] ` <48F63E76.3030907-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>
2008-10-15 19:48 ` Serge E. Hallyn
2008-10-16 15:19 ` [PATCH 0/9] Multiple devpts instances Serge E. Hallyn
2009-02-19 15:43 ` Daniel Lezcano
[not found] ` <499D7E13.10601-GANU6spQydw@public.gmane.org>
2009-02-19 17:32 ` H. Peter Anvin
[not found] ` <499D97B1.1090902-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>
2009-02-19 18:09 ` Daniel Lezcano
[not found] ` <499DA069.3040603-GANU6spQydw@public.gmane.org>
2009-02-19 19:58 ` H. Peter Anvin
[not found] ` <499DB9DA.2070301-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>
2009-02-19 22:28 ` Eric W. Biederman
[not found] ` <m1vdr6xdqv.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2009-02-20 4:22 ` H. Peter Anvin
2009-02-19 22:42 ` Daniel Lezcano [this message]
[not found] ` <499DE06E.4030108-GANU6spQydw@public.gmane.org>
2009-02-19 22:46 ` H. Peter Anvin
2009-02-19 23:59 ` Eric W. Biederman
[not found] ` <m1eixuvv00.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2009-02-23 20:56 ` Serge E. Hallyn
[not found] ` <20090223205609.GA32351-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-02-23 21:18 ` H. Peter Anvin
[not found] ` <49A31299.8040501-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>
2009-02-23 22:27 ` Serge E. Hallyn
2009-02-24 4:09 ` Eric W. Biederman
2009-02-23 21:19 ` Daniel Lezcano
[not found] ` <49A312E6.9090900-GANU6spQydw@public.gmane.org>
2009-02-23 21:23 ` H. Peter Anvin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=499DE06E.4030108@free.fr \
--to=daniel.lezcano-ganu6spqydw@public.gmane.org \
--cc=alan-qBU/x9rampVanCEyBjwyrvXRex20P6io@public.gmane.org \
--cc=bastian-yyjItF7Rl6lg9hUCZPvPmw@public.gmane.org \
--cc=containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=haveblue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org \
--cc=hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org \
--cc=kyle-hoO6YkzgTuCM0SS3m2neIg@public.gmane.org \
--cc=sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org \
--cc=xemul-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.