From: Pavel Emelyanov <xemul@parallels.com>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Daniel Lezcano <dlezcano@fr.ibm.com>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
Andrew Morton <akpm@linux-foundation.org>
Subject: Re: [PATCH 2/2] ns: Add proc_ns_operations for mount namespaces
Date: Sat, 12 May 2012 15:42:42 +0400 [thread overview]
Message-ID: <4FAE4CB2.6010105@parallels.com> (raw)
In-Reply-To: <87d36a7imr.fsf@xmission.com>
On 05/11/2012 09:05 PM, Eric W. Biederman wrote:
> Pavel Emelyanov <xemul@parallels.com> writes:
>
>> Currently LXC by default creates a container in a new mount
>> namespace. Thus in order to explore it we have to
>>
>> a) find out, that a new mount namespace is in use
>> b) enter this other namespace
>>
>> This patch solves both -- allows us to distinguish one mount
>> namespace from another by comparing its inode numbers and lets
>> us enter a mount namespace with the setns system call.
>
> There are two significant bugs with your patch.
>
> You do not set fs->root or fs->pwd to values in the new mount namespace,
> I don't believe there is anywhere else in the vfs where this is possible
> except possible fchdir.
>
> It is easily possible to create a reference counting cycle by bind
> mounting the current mount namespace into itself.
>
> Not that I am opposed to the concept I have just been dusting my patch
> for this same functionality off.
Oh, that's just perfect. Let's move your one then. Hopefully it won't
get covered with dust again.
> Eric
next prev parent reply other threads:[~2012-05-12 11:42 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-05-11 12:25 [PATCH 1/2] proc: Show ns-based inode numbers for /proc/pid/ns/* files Pavel Emelyanov
2012-05-11 12:25 ` [PATCH 2/2] ns: Add proc_ns_operations for mount namespaces Pavel Emelyanov
2012-05-11 17:05 ` Eric W. Biederman
2012-05-12 11:42 ` Pavel Emelyanov [this message]
[not found] ` <87mx5e5tho.fsf_-_@xmission.com>
2012-05-12 11:41 ` [PATCH] vfs: Add setns support for the mount namespace Pavel Emelyanov
2012-05-18 19:44 ` Serge E. Hallyn
2012-05-18 22:47 ` Eric W. Biederman
2012-05-11 17:07 ` [PATCH 1/2] proc: Show ns-based inode numbers for /proc/pid/ns/* files Eric W. Biederman
2012-05-12 11:40 ` Pavel Emelyanov
2012-05-26 15:14 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4FAE4CB2.6010105@parallels.com \
--to=xemul@parallels.com \
--cc=akpm@linux-foundation.org \
--cc=dlezcano@fr.ibm.com \
--cc=ebiederm@xmission.com \
--cc=linux-kernel@vger.kernel.org \
--cc=serge@hallyn.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.