From: Nicolas Dichtel <nicolas.dichtel-pdR9zngts4EAvxtiuMwx3w@public.gmane.org>
To: Richard Guy Briggs <rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
"Eric W. Biederman"
<ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
Cc: linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-audit-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
netdev <netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>
Subject: Re: [PATCH V3 0/6] namespaces: log namespaces per task
Date: Wed, 20 Aug 2014 19:43:30 +0200 [thread overview]
Message-ID: <53F4DE42.40308@6wind.com> (raw)
In-Reply-To: <20140820162511.GS4462-bcJWsdo4jJjeVoXN4CMphl7TgLCtbB0G@public.gmane.org>
Le 20/08/2014 18:25, Richard Guy Briggs a écrit :
> On 14/08/19, Eric W. Biederman wrote:
>> Richard Guy Briggs <rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> writes:
>>
>>> On 14/05/20, Richard Guy Briggs wrote:
>>>> On 14/05/20, Eric Paris wrote:
>>>>> On Tue, 2014-05-20 at 09:12 -0400, Richard Guy Briggs wrote:
>>>>>> The purpose is to track namespaces in use by logged processes from the
>>>>>> perspective of init_*_ns.
>>>
>>> (Including the Linux API list due to the additions to /proc/<pid>/ns/.
>>> Please see http://www.kernelhub.org/?p=2&msg=477668 and in particular
>>> http://www.kernelhub.org/?msg=477678&p=2 )
>>
>> Sigh if you have to use something like this use the proc inode
>> number. It is the same thing.
>>
>> I hate to claim it is unique absent of the proc superblock but it is and
>> will be for the forseable future.
>>
>> It would be better to include the block device number that appears in
>> proc of 3h of the primary mount of to qualify the number. But it is not
>> particularly important. Coming up with an additional unique number that
>> needs to be maintained seems stronlgy silly.
>
> I am reading a contradiction here:
> https://www.redhat.com/archives/linux-audit/2013-March/msg00032.html
>
> and this posting went completely ignored:
> https://www.redhat.com/archives/linux-audit/2014-January/msg00180.html
>
> And then there was this patchset and thread where there was some good
> discussion to clarify the use case:
> https://lkml.org/lkml/2014/4/22/662
>
> Then V2:
> https://lkml.org/lkml/2014/5/9/637
>
> Then V3 3 months ago:
> https://www.redhat.com/archives/linux-audit/2014-May/msg00071.html
>
> I'm about to post another version of the patchset addressing Eric Paris'
> concerns about record types, field naming...
I also try to find a solution to identify netns in userland to solve
some network problems (see
http://thread.gmane.org/gmane.linux.network/315933/focus=321753).
This serial number solution may be reused for this.
We really need to find a way to solve this.
Regards,
Nicolas
WARNING: multiple messages have this Message-ID (diff)
From: Nicolas Dichtel <nicolas.dichtel@6wind.com>
To: Richard Guy Briggs <rgb@redhat.com>,
"Eric W. Biederman" <ebiederm@xmission.com>
Cc: linux-api@vger.kernel.org, containers@lists.linux-foundation.org,
linux-kernel@vger.kernel.org, linux-audit@redhat.com,
serge@hallyn.com, netdev <netdev@vger.kernel.org>
Subject: Re: [PATCH V3 0/6] namespaces: log namespaces per task
Date: Wed, 20 Aug 2014 19:43:30 +0200 [thread overview]
Message-ID: <53F4DE42.40308@6wind.com> (raw)
In-Reply-To: <20140820162511.GS4462@madcap2.tricolour.ca>
Le 20/08/2014 18:25, Richard Guy Briggs a écrit :
> On 14/08/19, Eric W. Biederman wrote:
>> Richard Guy Briggs <rgb@redhat.com> writes:
>>
>>> On 14/05/20, Richard Guy Briggs wrote:
>>>> On 14/05/20, Eric Paris wrote:
>>>>> On Tue, 2014-05-20 at 09:12 -0400, Richard Guy Briggs wrote:
>>>>>> The purpose is to track namespaces in use by logged processes from the
>>>>>> perspective of init_*_ns.
>>>
>>> (Including the Linux API list due to the additions to /proc/<pid>/ns/.
>>> Please see http://www.kernelhub.org/?p=2&msg=477668 and in particular
>>> http://www.kernelhub.org/?msg=477678&p=2 )
>>
>> Sigh if you have to use something like this use the proc inode
>> number. It is the same thing.
>>
>> I hate to claim it is unique absent of the proc superblock but it is and
>> will be for the forseable future.
>>
>> It would be better to include the block device number that appears in
>> proc of 3h of the primary mount of to qualify the number. But it is not
>> particularly important. Coming up with an additional unique number that
>> needs to be maintained seems stronlgy silly.
>
> I am reading a contradiction here:
> https://www.redhat.com/archives/linux-audit/2013-March/msg00032.html
>
> and this posting went completely ignored:
> https://www.redhat.com/archives/linux-audit/2014-January/msg00180.html
>
> And then there was this patchset and thread where there was some good
> discussion to clarify the use case:
> https://lkml.org/lkml/2014/4/22/662
>
> Then V2:
> https://lkml.org/lkml/2014/5/9/637
>
> Then V3 3 months ago:
> https://www.redhat.com/archives/linux-audit/2014-May/msg00071.html
>
> I'm about to post another version of the patchset addressing Eric Paris'
> concerns about record types, field naming...
I also try to find a solution to identify netns in userland to solve
some network problems (see
http://thread.gmane.org/gmane.linux.network/315933/focus=321753).
This serial number solution may be reused for this.
We really need to find a way to solve this.
Regards,
Nicolas
next prev parent reply other threads:[~2014-08-20 17:43 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-05-20 13:12 [PATCH V3 0/6] namespaces: log namespaces per task Richard Guy Briggs
2014-05-20 13:12 ` Richard Guy Briggs
[not found] ` <cover.1400271129.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2014-05-20 13:12 ` [PATCH V3 1/6] namespaces: assign each namespace instance a serial number Richard Guy Briggs
2014-05-20 13:12 ` Richard Guy Briggs
2014-05-20 13:12 ` [PATCH V3 2/6] namespaces: expose namespace instance serial number in proc_ns_operations Richard Guy Briggs
2014-05-20 13:12 ` Richard Guy Briggs
2014-05-20 13:12 ` [PATCH V3 3/6] namespaces: expose ns instance serial numbers in proc Richard Guy Briggs
2014-05-20 13:12 ` [PATCH V3 4/6] namespaces: expose ns_entries Richard Guy Briggs
2014-05-20 13:12 ` [PATCH V3 5/6] audit: log namespace serial numbers Richard Guy Briggs
2014-05-20 13:12 ` [PATCH V3 6/6] audit: log creation and deletion of namespace instances Richard Guy Briggs
2014-05-20 13:12 ` Richard Guy Briggs
2014-05-20 13:49 ` [PATCH V3 0/6] namespaces: log namespaces per task Eric Paris
2014-05-20 13:49 ` Eric Paris
[not found] ` <1400593754.15733.4.camel-OjZBOOqb7SR7cYLChsl7DafLeoKvNuZc@public.gmane.org>
2014-05-20 14:01 ` Richard Guy Briggs
2014-05-20 14:01 ` Richard Guy Briggs
[not found] ` <20140520140146.GA8079-bcJWsdo4jJjeVoXN4CMphl7TgLCtbB0G@public.gmane.org>
2014-08-19 16:46 ` Richard Guy Briggs
2014-08-19 16:46 ` Richard Guy Briggs
[not found] ` <20140819164617.GE9003-bcJWsdo4jJjeVoXN4CMphl7TgLCtbB0G@public.gmane.org>
2014-08-20 4:04 ` Eric W. Biederman
2014-08-20 4:04 ` Eric W. Biederman
2014-08-20 4:04 ` Eric W. Biederman
[not found] ` <8738crst5i.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2014-08-20 16:25 ` Richard Guy Briggs
2014-08-20 16:25 ` Richard Guy Briggs
[not found] ` <20140820162511.GS4462-bcJWsdo4jJjeVoXN4CMphl7TgLCtbB0G@public.gmane.org>
2014-08-20 17:43 ` Nicolas Dichtel [this message]
2014-08-20 17:43 ` Nicolas Dichtel
2014-05-22 10:20 ` Michael Kerrisk
2014-05-22 10:20 ` Michael Kerrisk
[not found] ` <CAHO5Pa0EdUsV9jJuLbkmbvFyopecQiUDZd0UasAJ5kMhtsVxjQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-05-26 16:58 ` Richard Guy Briggs
2014-05-26 16:58 ` Richard Guy Briggs
[not found] ` <20140526165858.GC8079-bcJWsdo4jJjeVoXN4CMphl7TgLCtbB0G@public.gmane.org>
2014-05-26 19:12 ` Michael Kerrisk (man-pages)
2014-05-26 19:12 ` Michael Kerrisk (man-pages)
[not found] ` <CAKgNAkgfV5K6BWjibCVwzJE3GYfmAHNzk+aU05M0xEdrfZmzPg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-05-26 20:17 ` Richard Guy Briggs
2014-05-26 20:17 ` Richard Guy Briggs
2014-05-26 20:17 ` Richard Guy Briggs
2014-05-26 19:12 ` Michael Kerrisk (man-pages)
2014-05-20 13:12 ` [PATCH V3 3/6] namespaces: expose ns instance serial numbers in proc Richard Guy Briggs
2014-05-20 13:12 ` Richard Guy Briggs
2014-05-20 13:12 ` [PATCH V3 4/6] namespaces: expose ns_entries Richard Guy Briggs
2014-05-20 13:12 ` Richard Guy Briggs
2014-05-20 13:12 ` [PATCH V3 5/6] audit: log namespace serial numbers Richard Guy Briggs
2014-05-20 13:12 ` Richard Guy Briggs
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53F4DE42.40308@6wind.com \
--to=nicolas.dichtel-pdr9zngts4eavxtiumwx3w@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-audit-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.