From: Gao feng <gaofeng-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
To: Gu Zheng <guz.fnst-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
Cc: containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org,
serge.hallyn-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
libo.chen-hv44wF8Li93QT0dZR+AlfA@public.gmane.org,
ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org,
akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org
Subject: Re: [PATCH 2/9] syslog_ns: add syslog_ns into user_namespace
Date: Mon, 29 Jul 2013 17:54:26 +0800 [thread overview]
Message-ID: <51F63BD2.6090902@cn.fujitsu.com> (raw)
In-Reply-To: <51F639FB.304-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
On 07/29/2013 05:46 PM, Gu Zheng wrote:
> Hi Rui,
>
> On 07/29/2013 10:31 AM, Rui Xiang wrote:
>
>> Add a syslog_ns pointer to user_namespace, and make
>> syslog_ns per user_namespace, not global.
>>
>> Since syslog_ns is assigned to user_ns, we can have
>> full capabilities in new user_ns to create a new syslog_ns.
>>
>> Signed-off-by: Rui Xiang <rui.xiang-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
>> ---
>> include/linux/syslog.h | 5 +++++
>> include/linux/user_namespace.h | 1 +
>> 2 files changed, 6 insertions(+)
>>
>> diff --git a/include/linux/syslog.h b/include/linux/syslog.h
>> index 425fafe..62ce47f 100644
>> --- a/include/linux/syslog.h
>> +++ b/include/linux/syslog.h
>> @@ -90,6 +90,11 @@ struct syslog_namespace {
>> size_t syslog_partial;
>>
>> int dmesg_restrict;
>> +
>> + /*
>> + * user namespace which owns this syslog ns.
>> + */
>> + struct user_namespace *owner;
>> };
>>
>> static inline struct syslog_namespace *get_syslog_ns(
>> diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h
>> index b6b215f..ce2de5b 100644
>> --- a/include/linux/user_namespace.h
>> +++ b/include/linux/user_namespace.h
>> @@ -28,6 +28,7 @@ struct user_namespace {
>> unsigned int proc_inum;
>> bool may_mount_sysfs;
>> bool may_mount_proc;
>> + struct syslog_namespace *syslog_ns;
>
> As we add a syslog_ns pointer to user_namespace to make
> syslog_ns per user_namespace and the caps check.
> But why also add a point to syslog_namespace in
> user_namespace? Am I missing something?:)
>
yep,with this we can make sure all the other types of namespace such as mount, net, pid
can access syslog_ns through user namespace.
WARNING: multiple messages have this Message-ID (diff)
From: Gao feng <gaofeng@cn.fujitsu.com>
To: Gu Zheng <guz.fnst@cn.fujitsu.com>
Cc: Rui Xiang <rui.xiang@huawei.com>,
containers@lists.linux-foundation.org,
linux-kernel@vger.kernel.org, serge.hallyn@ubuntu.com,
ebiederm@xmission.com, akpm@linux-foundation.org,
libo.chen@huawei.com
Subject: Re: [PATCH 2/9] syslog_ns: add syslog_ns into user_namespace
Date: Mon, 29 Jul 2013 17:54:26 +0800 [thread overview]
Message-ID: <51F63BD2.6090902@cn.fujitsu.com> (raw)
In-Reply-To: <51F639FB.304@cn.fujitsu.com>
On 07/29/2013 05:46 PM, Gu Zheng wrote:
> Hi Rui,
>
> On 07/29/2013 10:31 AM, Rui Xiang wrote:
>
>> Add a syslog_ns pointer to user_namespace, and make
>> syslog_ns per user_namespace, not global.
>>
>> Since syslog_ns is assigned to user_ns, we can have
>> full capabilities in new user_ns to create a new syslog_ns.
>>
>> Signed-off-by: Rui Xiang <rui.xiang@huawei.com>
>> ---
>> include/linux/syslog.h | 5 +++++
>> include/linux/user_namespace.h | 1 +
>> 2 files changed, 6 insertions(+)
>>
>> diff --git a/include/linux/syslog.h b/include/linux/syslog.h
>> index 425fafe..62ce47f 100644
>> --- a/include/linux/syslog.h
>> +++ b/include/linux/syslog.h
>> @@ -90,6 +90,11 @@ struct syslog_namespace {
>> size_t syslog_partial;
>>
>> int dmesg_restrict;
>> +
>> + /*
>> + * user namespace which owns this syslog ns.
>> + */
>> + struct user_namespace *owner;
>> };
>>
>> static inline struct syslog_namespace *get_syslog_ns(
>> diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h
>> index b6b215f..ce2de5b 100644
>> --- a/include/linux/user_namespace.h
>> +++ b/include/linux/user_namespace.h
>> @@ -28,6 +28,7 @@ struct user_namespace {
>> unsigned int proc_inum;
>> bool may_mount_sysfs;
>> bool may_mount_proc;
>> + struct syslog_namespace *syslog_ns;
>
> As we add a syslog_ns pointer to user_namespace to make
> syslog_ns per user_namespace and the caps check.
> But why also add a point to syslog_namespace in
> user_namespace? Am I missing something?:)
>
yep,with this we can make sure all the other types of namespace such as mount, net, pid
can access syslog_ns through user namespace.
next prev parent reply other threads:[~2013-07-29 9:54 UTC|newest]
Thread overview: 65+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-07-29 2:31 [PATCH 0/9] Add namespace support for syslog v2 Rui Xiang
2013-07-29 2:31 ` [PATCH 1/9] syslog_ns: add syslog_namespace and put/get_syslog_ns Rui Xiang
[not found] ` <1375065080-26740-2-git-send-email-rui.xiang-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2013-07-29 9:40 ` Gu Zheng
2013-07-29 9:40 ` Gu Zheng
[not found] ` <51F6388B.8000308-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2013-07-29 11:47 ` Rui Xiang
2013-07-29 11:47 ` Rui Xiang
[not found] ` <51F65636.6080505-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2013-07-30 0:46 ` Gu Zheng
2013-07-30 0:46 ` Gu Zheng
2013-07-29 2:31 ` [PATCH 3/9] syslog_ns: add init syslog_ns for global syslog Rui Xiang
2013-07-29 2:31 ` [PATCH 4/9] syslog_ns: make syslog handling per namespace Rui Xiang
[not found] ` <1375065080-26740-5-git-send-email-rui.xiang-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2013-07-29 9:50 ` Gu Zheng
2013-07-29 9:50 ` Gu Zheng
2013-08-01 1:36 ` Gao feng
2013-08-01 1:36 ` Gao feng
[not found] ` <51F9BBAB.1080306-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2013-08-01 3:10 ` Rui Xiang
2013-08-01 3:10 ` Rui Xiang
[not found] ` <51F9D1A2.406-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2013-08-01 5:38 ` Gao feng
2013-08-01 5:38 ` Gao feng
[not found] ` <51F9F452.9060308-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2013-08-01 6:29 ` Rui Xiang
2013-08-01 6:29 ` Rui Xiang
2013-07-29 2:31 ` [PATCH 5/9] syslog_ns: make permisiion check per user namespace Rui Xiang
2013-07-29 2:31 ` [PATCH 6/9] syslog_ns: use init syslog_ns for console action Rui Xiang
2013-07-29 2:31 ` [PATCH 8/9] syslog_ns: implement ns_printk for specific syslog_ns Rui Xiang
[not found] ` <1375065080-26740-9-git-send-email-rui.xiang-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2013-07-29 10:37 ` Gu Zheng
2013-07-29 10:37 ` Gu Zheng
[not found] ` <51F645E4.9070507-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2013-07-29 12:17 ` Rui Xiang
2013-07-29 12:17 ` Rui Xiang
2013-07-29 2:31 ` [PATCH 9/9] netfilter: use ns_printk in iptable context Rui Xiang
[not found] ` <1375065080-26740-10-git-send-email-rui.xiang-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2013-07-29 9:48 ` Gao feng
2013-07-29 9:48 ` Gao feng
[not found] ` <51F63A88.4090405-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2013-07-29 12:37 ` Rui Xiang
2013-07-29 12:37 ` Rui Xiang
[not found] ` <1375065080-26740-1-git-send-email-rui.xiang-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2013-07-29 2:31 ` [PATCH 1/9] syslog_ns: add syslog_namespace and put/get_syslog_ns Rui Xiang
2013-07-29 2:31 ` [PATCH 2/9] syslog_ns: add syslog_ns into user_namespace Rui Xiang
2013-07-29 2:31 ` Rui Xiang
[not found] ` <1375065080-26740-3-git-send-email-rui.xiang-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2013-07-29 9:46 ` Gu Zheng
2013-07-29 9:46 ` Gu Zheng
[not found] ` <51F639FB.304-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2013-07-29 9:54 ` Gao feng [this message]
2013-07-29 9:54 ` Gao feng
[not found] ` <51F63BD2.6090902-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2013-07-29 9:56 ` Gu Zheng
2013-07-29 9:56 ` Gu Zheng
2013-07-29 2:31 ` [PATCH 3/9] syslog_ns: add init syslog_ns for global syslog Rui Xiang
2013-07-29 2:31 ` [PATCH 4/9] syslog_ns: make syslog handling per namespace Rui Xiang
2013-07-29 2:31 ` [PATCH 5/9] syslog_ns: make permisiion check per user namespace Rui Xiang
2013-07-29 2:31 ` [PATCH 6/9] syslog_ns: use init syslog_ns for console action Rui Xiang
2013-07-29 2:31 ` [PATCH 7/9] syslog_ns: implement function for creating syslog ns Rui Xiang
2013-07-29 2:31 ` Rui Xiang
[not found] ` <1375065080-26740-8-git-send-email-rui.xiang-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2013-07-29 10:25 ` Gu Zheng
2013-07-29 10:25 ` Gu Zheng
[not found] ` <51F64313.4010700-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2013-07-30 3:39 ` Rui Xiang
2013-07-30 3:39 ` Rui Xiang
[not found] ` <51F73555.1020204-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2013-07-30 3:42 ` Gu Zheng
2013-07-30 3:42 ` Gu Zheng
2013-07-29 10:39 ` Gao feng
2013-07-29 10:39 ` Gao feng
2013-07-29 2:31 ` [PATCH 8/9] syslog_ns: implement ns_printk for specific syslog_ns Rui Xiang
2013-07-29 2:31 ` [PATCH 9/9] netfilter: use ns_printk in iptable context Rui Xiang
2013-07-29 9:33 ` [PATCH 0/9] Add namespace support for syslog v2 Gu Zheng
2013-07-29 9:33 ` Gu Zheng
2013-07-29 18:58 ` Eric W. Biederman
2013-07-29 18:58 ` Eric W. Biederman
[not found] ` <87wqo9urao.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2013-07-30 2:11 ` Rui Xiang
2013-07-30 2:11 ` Rui Xiang
2013-07-30 6:05 ` Bruno Prémont
2013-07-30 6:05 ` Bruno Prémont
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=51F63BD2.6090902@cn.fujitsu.com \
--to=gaofeng-bthxqxjhjhxqfuhtdcdx3a@public.gmane.org \
--cc=akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=guz.fnst-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org \
--cc=libo.chen-hv44wF8Li93QT0dZR+AlfA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=serge.hallyn-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.