From: Gao feng <gaofeng-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
To: "Eric W. Biederman" <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
Cc: Linux Containers
<containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org>,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Andrew Morton
<akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>,
Oleg Nesterov <oleg-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
Subject: Re: [PATCH 11/11] pidns: Support unsharing the pid namespace.
Date: Wed, 21 Nov 2012 10:55:13 +0800 [thread overview]
Message-ID: <50AC4291.7010108@cn.fujitsu.com> (raw)
In-Reply-To: <1353083750-3621-11-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
on 2012/11/17 00:35, Eric W. Biederman wrote:
> From: "Eric W. Biederman" <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
>
> Unsharing of the pid namespace unlike unsharing of other namespaces
> does not take affect immediately. Instead it affects the children
> created with fork and clone. The first of these children becomes the init
> process of the new pid namespace, the rest become oddball children
> of pid 0. From the point of view of the new pid namespace the process
> that created it is pid 0, as it's pid does not map.
>
> A couple of different semantics were considered but this one was
> settled on because it is easy to implement and it is usable from
> pam modules. The core reasons for the existence of unshare.
>
> I took a survey of the callers of pam modules and the following
> appears to be a representative sample of their logic.
> {
> setup stuff include pam
> child = fork();
> if (!child) {
> setuid()
> exec /bin/bash
> }
> waitpid(child);
>
> pam and other cleanup
> }
>
> As you can see there is a fork to create the unprivileged user
> space process. Which means that the unprivileged user space
> process will appear as pid 1 in the new pid namespace. Further
> most login processes do not cope with extraneous children which
> means shifting the duty of reaping extraneous child process to
> the creator of those extraneous children makes the system more
> comprehensible.
>
> The practical reason for this set of pid namespace semantics is
> that it is simple to implement and verify they work correctly.
> Whereas an implementation that requres changing the struct
> pid on a process comes with a lot more races and pain. Not
> the least of which is that glibc caches getpid().
>
> These semantics are implemented by having two notions
> of the pid namespace of a proces. There is task_active_pid_ns
> which is the pid namspace the process was created with
> and the pid namespace that all pids are presented to
> that process in. The task_active_pid_ns is stored
> in the struct pid of the task.
>
> Then there is the pid namespace that will be used for children
> that pid namespace is stored in task->nsproxy->pid_ns.
>
> Signed-off-by: Eric W. Biederman <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
> ---
Acked-by: Gao feng <gaofeng-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
WARNING: multiple messages have this Message-ID (diff)
From: Gao feng <gaofeng@cn.fujitsu.com>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Linux Containers <containers@lists.linux-foundation.org>,
linux-kernel@vger.kernel.org, Oleg Nesterov <oleg@tv-sign.ru>,
Serge Hallyn <serge@hallyn.com>,
Andrew Morton <akpm@linux-foundation.org>
Subject: Re: [PATCH 11/11] pidns: Support unsharing the pid namespace.
Date: Wed, 21 Nov 2012 10:55:13 +0800 [thread overview]
Message-ID: <50AC4291.7010108@cn.fujitsu.com> (raw)
In-Reply-To: <1353083750-3621-11-git-send-email-ebiederm@xmission.com>
on 2012/11/17 00:35, Eric W. Biederman wrote:
> From: "Eric W. Biederman" <ebiederm@xmission.com>
>
> Unsharing of the pid namespace unlike unsharing of other namespaces
> does not take affect immediately. Instead it affects the children
> created with fork and clone. The first of these children becomes the init
> process of the new pid namespace, the rest become oddball children
> of pid 0. From the point of view of the new pid namespace the process
> that created it is pid 0, as it's pid does not map.
>
> A couple of different semantics were considered but this one was
> settled on because it is easy to implement and it is usable from
> pam modules. The core reasons for the existence of unshare.
>
> I took a survey of the callers of pam modules and the following
> appears to be a representative sample of their logic.
> {
> setup stuff include pam
> child = fork();
> if (!child) {
> setuid()
> exec /bin/bash
> }
> waitpid(child);
>
> pam and other cleanup
> }
>
> As you can see there is a fork to create the unprivileged user
> space process. Which means that the unprivileged user space
> process will appear as pid 1 in the new pid namespace. Further
> most login processes do not cope with extraneous children which
> means shifting the duty of reaping extraneous child process to
> the creator of those extraneous children makes the system more
> comprehensible.
>
> The practical reason for this set of pid namespace semantics is
> that it is simple to implement and verify they work correctly.
> Whereas an implementation that requres changing the struct
> pid on a process comes with a lot more races and pain. Not
> the least of which is that glibc caches getpid().
>
> These semantics are implemented by having two notions
> of the pid namespace of a proces. There is task_active_pid_ns
> which is the pid namspace the process was created with
> and the pid namespace that all pids are presented to
> that process in. The task_active_pid_ns is stored
> in the struct pid of the task.
>
> Then there is the pid namespace that will be used for children
> that pid namespace is stored in task->nsproxy->pid_ns.
>
> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
> ---
Acked-by: Gao feng <gaofeng@cn.fujitsu.com>
next prev parent reply other threads:[~2012-11-21 2:55 UTC|newest]
Thread overview: 74+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-11-16 16:32 [REVIEW][PATCH 0/11] pid namespace cleanups and enhancements Eric W. Biederman
2012-11-16 16:32 ` Eric W. Biederman
[not found] ` <8739097bkk.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-11-16 16:35 ` [PATCH 01/11] procfs: Use the proc generic infrastructure for proc/self Eric W. Biederman
2012-11-16 16:35 ` Eric W. Biederman
2012-11-16 16:35 ` [PATCH 07/11] pidns: Wait in zap_pid_ns_processes until pid_ns->nr_hashed == 1 Eric W. Biederman
[not found] ` <1353083750-3621-7-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-11-21 2:24 ` Gao feng
2012-11-21 2:24 ` Gao feng
2012-12-19 18:47 ` Oleg Nesterov
2012-12-19 18:47 ` Oleg Nesterov
[not found] ` <20121219184757.GB22991-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2012-12-21 1:19 ` Eric W. Biederman
2012-12-21 1:19 ` Eric W. Biederman
[not found] ` <87bodourqt.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-12-21 14:11 ` Oleg Nesterov
2012-12-21 14:11 ` Oleg Nesterov
[not found] ` <20121221141133.GA13805-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2012-12-21 15:02 ` Oleg Nesterov
2012-12-21 15:02 ` Oleg Nesterov
[not found] ` <20121221150238.GA16003-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2012-12-21 15:31 ` Oleg Nesterov
2012-12-21 15:31 ` Oleg Nesterov
[not found] ` <20121221153152.GA17250-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2012-12-21 18:42 ` Eric W. Biederman
2012-12-21 18:42 ` Eric W. Biederman
2012-12-21 18:33 ` Eric W. Biederman
2012-12-21 18:33 ` Eric W. Biederman
[not found] ` <1353083750-3621-1-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-11-16 16:35 ` [PATCH 02/11] procfs: Don't cache a pid in the root inode Eric W. Biederman
2012-11-16 16:35 ` Eric W. Biederman
[not found] ` <1353083750-3621-2-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-11-21 1:07 ` Gao feng
2012-11-21 1:07 ` Gao feng
2012-11-16 16:35 ` [PATCH 03/11] pidns: Capture the user namespace and filter ns_last_pid Eric W. Biederman
2012-11-16 16:35 ` Eric W. Biederman
[not found] ` <1353083750-3621-3-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-11-21 1:26 ` Gao feng
2012-11-21 1:26 ` Gao feng
2012-11-16 16:35 ` [PATCH 04/11] pidns: Use task_active_pid_ns where appropriate Eric W. Biederman
2012-11-16 16:35 ` Eric W. Biederman
[not found] ` <1353083750-3621-4-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-11-21 2:02 ` Gao feng
2012-11-21 2:02 ` Gao feng
2012-11-16 16:35 ` [PATCH 05/11] pidns: Make the pidns proc mount/umount logic obvious Eric W. Biederman
2012-11-16 16:35 ` Eric W. Biederman
[not found] ` <1353083750-3621-5-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-11-19 11:02 ` Gao feng
2012-11-19 11:02 ` Gao feng
2012-11-16 16:35 ` [PATCH 06/11] pidns: Don't allow new processes in a dead pid namespace Eric W. Biederman
2012-11-16 16:35 ` Eric W. Biederman
[not found] ` <1353083750-3621-6-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-11-21 2:17 ` Gao feng
2012-11-21 2:17 ` Gao feng
2012-11-16 16:35 ` [PATCH 07/11] pidns: Wait in zap_pid_ns_processes until pid_ns->nr_hashed == 1 Eric W. Biederman
2012-11-16 16:35 ` [PATCH 08/11] pidns: Deny strange cases when creating pid namespaces Eric W. Biederman
2012-11-16 16:35 ` Eric W. Biederman
[not found] ` <1353083750-3621-8-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-11-21 2:25 ` Gao feng
2012-11-21 2:25 ` Gao feng
2012-11-16 16:35 ` [PATCH 09/11] pidns: Add setns support Eric W. Biederman
2012-11-16 16:35 ` Eric W. Biederman
[not found] ` <1353083750-3621-9-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-11-19 9:11 ` Gao feng
2012-11-19 9:11 ` Gao feng
[not found] ` <50A9F7DE.60807-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2012-11-19 9:27 ` Eric W. Biederman
2012-11-19 9:27 ` Eric W. Biederman
2012-11-21 2:36 ` Gao feng
2012-11-21 2:36 ` Gao feng
2012-11-16 16:35 ` [PATCH 10/11] pidns: Consolidate initialzation of special init task state Eric W. Biederman
2012-11-16 16:35 ` Eric W. Biederman
[not found] ` <1353083750-3621-10-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-11-21 2:56 ` Gao feng
2012-11-21 2:56 ` Gao feng
2012-11-16 16:35 ` [PATCH 11/11] pidns: Support unsharing the pid namespace Eric W. Biederman
2012-11-16 16:35 ` Eric W. Biederman
[not found] ` <1353083750-3621-11-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-11-21 2:55 ` Gao feng [this message]
2012-11-21 2:55 ` Gao feng
2012-12-19 18:14 ` Oleg Nesterov
2012-12-19 18:14 ` Oleg Nesterov
[not found] ` <20121219181400.GA22991-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2012-12-21 1:43 ` Eric W. Biederman
2012-12-21 1:43 ` Eric W. Biederman
[not found] ` <871uektc2f.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-12-21 15:49 ` Oleg Nesterov
2012-12-21 15:49 ` Oleg Nesterov
[not found] ` <20121221154931.GA18730-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2012-12-21 17:51 ` Eric W. Biederman
2012-12-21 17:51 ` Eric W. Biederman
[not found] ` <87fw2zmgzc.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-12-21 19:24 ` Rob Landley
2012-12-21 19:24 ` Rob Landley
2012-12-21 22:58 ` namespace documentation Eric W. Biederman
2012-12-21 22:58 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=50AC4291.7010108@cn.fujitsu.com \
--to=gaofeng-bthxqxjhjhxqfuhtdcdx3a@public.gmane.org \
--cc=akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=oleg-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.