From mboxrd@z Thu Jan 1 00:00:00 1970 From: =?UTF-8?B?5pu55qCR54O9?= Subject: Re: [PATCH 0/3] Make core_pattern support namespace Date: Thu, 2 Nov 2017 13:41:52 +0800 Message-ID: <59FAB020.1040404@cn.fujitsu.com> References: <1501655849-9149-1-git-send-email-caosf.fnst@cn.fujitsu.com> Mime-Version: 1.0 Content-Type: text/plain; charset="gbk"; Format="flowed" Content-Transfer-Encoding: base64 Return-path: In-Reply-To: <1501655849-9149-1-git-send-email-caosf.fnst-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org Errors-To: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org To: linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org Cc: containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org, mashimiao.fnst-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org, ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org List-Id: containers.vger.kernel.org cGluZwoK1NogMjAxN8TqMDjUwjAyyNUgMTQ6MzcsIENhbyBTaHVmZW5nINC0tcA6Cj4gVGhpcyBw YXRjaHNldCBpbmNsdWRlcyBmb2xsb3dpbmcgZnVuY3Rpb24gcG9pbnRzOgo+IDE6IExldCB1c2Vy bW9kZWhlbHBlciBmdW5jdGlvbiBwb3NzaWJsZSB0byBzZXQgcGlkIG5hbWVzcGFjZQo+ICAgICBk b25lIGJ5OiBbUEFUQ0hfdjQuMV8xLzNdIE1ha2UgY2FsbF91c2VybW9kZWhlbHBlcl9leGVjIHBv c3NpYmxlCj4gICAgIHRvIHNldCBuYW1lc3BhY2VzCj4gMjogTGV0IHBpcGVfdHlwZSBjb3JlX3Bh dHRlcm4gd3JpdGUgZHVtcCBpbnRvIGNvbnRhaW5lcidzIHJvb3Rmcwo+ICAgICBkb25lIGJ5OiBb UEFUQ0hfdjQuMV8yLzNdIExpbWl0IGR1bXBfcGlwZSBwcm9ncmFtJ3MgcGVybWlzc2lvbiB0bwo+ ICAgICBpbml0IGZvciBjb250YWluZXIKPiAzOiBNYWtlIHNlcGFyYXRlIGNvcmVfcGF0dGVybiBz ZXR0aW5nIGZvciBlYWNoIGNvbnRhaW5lcgo+ICAgICBkb25lIGJ5OiBbUEFUQ0hfdjQuMV8zLzNd IE1ha2UgY29yZV9wYXR0ZXJuIHN1cHBvcnQgbmFtZXNwYWNlCj4gNDogQ29tcGF0aWJpbGl0eSB3 aXRoIGN1cnJlbnQgc3lzdGVtCj4gICAgIGFsc28gaW5jbHVkZWQgaW46IFtQQVRDSF92NC4xXzMv M10gTWFrZSBjb3JlX3BhdHRlcm4gc3VwcG9ydCBuYW1lc3BhY2UKPiAgICAgSWYgY29udGFpbmVy IGhhZG4ndCBjaGFuZ2UgY29yZV9wYXR0ZXJuIHNldHRpbmcsIGl0IHdpbGwga2VlcAo+ICAgICBz YW1lIHNldHRpbmcgd2l0aCBob3N0Lgo+Cj4gVGVzdDoKPiAxOiBQYXNzIGEgdGVzdCBzY3JpcHQg Zm9yIGVhY2ggZnVuY3Rpb24gb2YgdGhpcyBwYXRjaHNldAo+ICAgICAjIyBURVNUIElOIEhPU1Qg IyMKPiAgICAgW3Jvb3RAa2VybmVsZGV2IGR1bXB0ZXN0XSMgLi90ZXN0X2hvc3QKPiAgICAgU2V0 IGZpbGUgY29yZV9wYXR0ZXJuOiBPSwo+ICAgICAuL3Rlc3RfaG9zdDogbGluZSA0MTogIDIzNjYg U2VnbWVudGF0aW9uIGZhdWx0ICAgICAgKGNvcmUgZHVtcGVkKSAiJFNDUkk9Cj4gUFRfQkFTRV9E SVIiL21ha2VfZHVtcAo+ICAgICBDaGVja2luZyBkdW1wZmlsZTogT0sKPiAgICAgU2V0IGZpbGUg Y29yZV9wYXR0ZXJuOiBPSwo+ICAgICAuL3Rlc3RfaG9zdDogbGluZSA0MTogIDIzNjkgU2VnbWVu dGF0aW9uIGZhdWx0ICAgICAgKGNvcmUgZHVtcGVkKSAiJFNDUkk9Cj4gUFRfQkFTRV9ESVIiL21h a2VfZHVtcAo+ICAgICBDaGVja2luZyBkdW1wX3BpcGUgdHJpZ2dlcmVkOiBPSwo+ICAgICBDaGVj a2luZyByb290ZnM6IE9LCj4gICAgIENoZWNraW5nIGR1bXBmaWxlOiBPSwo+ICAgICBDaGVja2lu ZyBuYW1lc3BhY2U6IE9LCj4gICAgIENoZWNraW5nIHByb2Nlc3MgbGlzdDogT0sKPiAgICAgQ2hl Y2tpbmcgY2FwYWJpbGl0aWVzOiBPSwo+Cj4gICAgICMjIFRFU1QgSU4gR1VFU1QgIyMKPiAgICAg IyAuL3Rlc3QKPiAgICAgU2VnbWVudGF0aW9uIGZhdWx0IChjb3JlIGR1bXBlZCkKPiAgICAgQ2hl Y2tpbmcgZHVtcF9waXBlIHRyaWdnZXJlZDogT0sKPiAgICAgQ2hlY2tpbmcgcm9vdGZzOiBPSwo+ ICAgICBDaGVja2luZyBkdW1wZmlsZTogT0sKPiAgICAgQ2hlY2tpbmcgbmFtZXNwYWNlOiBPSwo+ ICAgICBDaGVja2luZyBwcm9jZXNzIGxpc3Q6IE9LCj4gICAgIENoZWNraW5nIGNnIHBpZHM6IE9L Cj4gICAgIENoZWNraW5nIGNhcGFiaWxpdGllczogT0sKPiAgICAgWyAgIDY0Ljk0MDczNF0gbWFr ZV9kdW1wWzI0MzJdOiBzZWdmYXVsdCBhdCAwIGlwIDAwMDAwMDAwMDA0MDA0OWQgc3AgMDAwPQo+ IDA3ZmZjNGFmMDI1ZjAgZXJyb3IgNiBpbiBtYWtlX2R1bXBbNDAwMDAwK2E2MDAwXQo+ICAgICAj Cj4gMjogUGFzcyBvdGhlciB0ZXN0KHdoaWNoIGlzIG5vdCBlYXN5IHRvIGRvIGluIHNjcmlwdCkg YnkgaGFuZC4KPgo+IENoYW5nZWxvZyB2My4xLXY0Ogo+IDEuIHJlbW92ZSBleHRyYSBmb3JrIHBv aW50ZWQgb3V0IGJ5Ogo+ICAgICBBbmRyZWkgVmFnaW4gPGF2YWdpbkBnbWFpbC5jb20+Cj4gMjog UmViYXNlIG9uIHRvcCBvZiB2NC45LXJjOC4KPiAzOiBSZWJhc2Ugb24gdG9wIG9mIHY0LjEyLgo+ Cj4gQ2hhbmdlbG9nIHYzLXYzLjE6Cj4gMS4gU3dpdGNoICJwd2QiIG9mIHBpcGUgcHJvZ3JhbSB0 byBjb250YWluZXIncyByb290IGZzLgo+IDIuIFJlYmFzZSBvbiB0b3Agb2YgdjQuOS1yYzEuCj4K PiBDaGFuZ2Vsb2cgdjItPnYzOgo+IDE6IEZpeCBwcm9ibGVtIG9mIHNldHRpbmcgcGlkIG5hbWVz cGFjZSwgcG9pbnRlZCBvdXQgYnk6Cj4gICAgIEFuZHJlaSBWYWdpbiA8YXZhZ2luQGdtYWlsLmNv bT4KPgo+IENoYW5nZWxvZyB2MShSRkMpLT52MjoKPiAxOiBBZGQgW1BBVENIIDIvMl0gd2hpY2gg d2FzIHRvZG8gaW4gW1JGQyB2MV0uCj4gMjogUGFzcyBhIHRlc3Qgc2NyaXB0IGZvciBlYWNoIGZ1 bmN0aW9uLgo+IDM6IFJlYmFzZSBvbiB0b3Agb2YgdjQuNy4KPgo+IFN1Z2dlc3RlZC1ieTogRXJp YyBXLiBCaWVkZXJtYW4gPGViaWVkZXJtQHhtaXNzaW9uLmNvbT4KPiBTdWdnZXN0ZWQtYnk6IEtP U0FLSSBNb3RvaGlybyA8a29zYWtpLm1vdG9oaXJvQGpwLmZ1aml0c3UuY29tPgo+IFNpZ25lZC1v ZmYtYnk6IENhbyBTaHVmZW5nIDxjYW9zZi5mbnN0QGNuLmZ1aml0c3UuY29tPgo+Cj4gQ2FvIFNo dWZlbmcgKDMpOgo+ICAgIE1ha2UgY2FsbF91c2VybW9kZWhlbHBlcl9leGVjIHBvc3NpYmxlIHRv IHNldCBuYW1lc3BhY2VzCj4gICAgTGltaXQgZHVtcF9waXBlIHByb2dyYW0ncyBwZXJtaXNzaW9u IHRvIGluaXQgZm9yIGNvbnRhaW5lcgo+ICAgIE1ha2UgY29yZV9wYXR0ZXJuIHN1cHBvcnQgbmFt ZXNwYWNlCj4KPiAgIGZzL2NvcmVkdW1wLmMgICAgICAgICAgICAgICAgIHwgMTUwICsrKysrKysr KysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKy0tLQo+ICAgaW5jbHVkZS9saW51eC9iaW5m bXRzLmggICAgICAgfCAgIDIgKwo+ICAgaW5jbHVkZS9saW51eC9rbW9kLmggICAgICAgICAgfCAg IDUgKysKPiAgIGluY2x1ZGUvbGludXgvcGlkX25hbWVzcGFjZS5oIHwgICAzICsKPiAgIGluaXQv ZG9fbW91bnRzX2luaXRyZC5jICAgICAgIHwgICAzICstCj4gICBrZXJuZWwva21vZC5jICAgICAg ICAgICAgICAgICB8ICA1NiArKysrKysrKysrKysrLS0tCj4gICBrZXJuZWwvcGlkLmMgICAgICAg ICAgICAgICAgICB8ICAgMiArCj4gICBrZXJuZWwvcGlkX25hbWVzcGFjZS5jICAgICAgICB8ICAg MiArCj4gICBrZXJuZWwvc3lzY3RsLmMgICAgICAgICAgICAgICB8ICA1MCArKysrKysrKysrKyst LQo+ICAgbGliL2tvYmplY3RfdWV2ZW50LmMgICAgICAgICAgfCAgIDMgKy0KPiAgIHNlY3VyaXR5 L2tleXMvcmVxdWVzdF9rZXkuYyAgIHwgICA0ICstCj4gICAxMSBmaWxlcyBjaGFuZ2VkLCAyNTMg aW5zZXJ0aW9ucygrKSwgMjcgZGVsZXRpb25zKC0pCj4KCgoKX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX18KQ29udGFpbmVycyBtYWlsaW5nIGxpc3QKQ29udGFp bmVyc0BsaXN0cy5saW51eC1mb3VuZGF0aW9uLm9yZwpodHRwczovL2xpc3RzLmxpbnV4Zm91bmRh dGlvbi5vcmcvbWFpbG1hbi9saXN0aW5mby9jb250YWluZXJz From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751628AbdKBFkv (ORCPT ); Thu, 2 Nov 2017 01:40:51 -0400 Received: from mail.cn.fujitsu.com ([183.91.158.132]:11918 "EHLO heian.cn.fujitsu.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1750786AbdKBFkt (ORCPT ); Thu, 2 Nov 2017 01:40:49 -0400 X-IronPort-AV: E=Sophos;i="5.43,368,1503331200"; d="scan'208";a="29835160" Subject: Re: [PATCH 0/3] Make core_pattern support namespace To: References: <1501655849-9149-1-git-send-email-caosf.fnst@cn.fujitsu.com> CC: , , , , , , From: =?UTF-8?B?5pu55qCR54O9?= Message-ID: <59FAB020.1040404@cn.fujitsu.com> Date: Thu, 2 Nov 2017 13:41:52 +0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.1.0 MIME-Version: 1.0 In-Reply-To: <1501655849-9149-1-git-send-email-caosf.fnst@cn.fujitsu.com> Content-Type: text/plain; charset="gbk"; format=flowed Content-Transfer-Encoding: 8bit X-yoursite-MailScanner-ID: 277A4482D017.A5CB2 X-yoursite-MailScanner: Found to be clean X-yoursite-MailScanner-From: caosf.fnst@cn.fujitsu.com Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org ping 在 2017年08月02日 14:37, Cao Shufeng 写道: > This patchset includes following function points: > 1: Let usermodehelper function possible to set pid namespace > done by: [PATCH_v4.1_1/3] Make call_usermodehelper_exec possible > to set namespaces > 2: Let pipe_type core_pattern write dump into container's rootfs > done by: [PATCH_v4.1_2/3] Limit dump_pipe program's permission to > init for container > 3: Make separate core_pattern setting for each container > done by: [PATCH_v4.1_3/3] Make core_pattern support namespace > 4: Compatibility with current system > also included in: [PATCH_v4.1_3/3] Make core_pattern support namespace > If container hadn't change core_pattern setting, it will keep > same setting with host. > > Test: > 1: Pass a test script for each function of this patchset > ## TEST IN HOST ## > [root@kerneldev dumptest]# ./test_host > Set file core_pattern: OK > ./test_host: line 41: 2366 Segmentation fault (core dumped) "$SCRI= > PT_BASE_DIR"/make_dump > Checking dumpfile: OK > Set file core_pattern: OK > ./test_host: line 41: 2369 Segmentation fault (core dumped) "$SCRI= > PT_BASE_DIR"/make_dump > Checking dump_pipe triggered: OK > Checking rootfs: OK > Checking dumpfile: OK > Checking namespace: OK > Checking process list: OK > Checking capabilities: OK > > ## TEST IN GUEST ## > # ./test > Segmentation fault (core dumped) > Checking dump_pipe triggered: OK > Checking rootfs: OK > Checking dumpfile: OK > Checking namespace: OK > Checking process list: OK > Checking cg pids: OK > Checking capabilities: OK > [ 64.940734] make_dump[2432]: segfault at 0 ip 000000000040049d sp 000= > 07ffc4af025f0 error 6 in make_dump[400000+a6000] > # > 2: Pass other test(which is not easy to do in script) by hand. > > Changelog v3.1-v4: > 1. remove extra fork pointed out by: > Andrei Vagin > 2: Rebase on top of v4.9-rc8. > 3: Rebase on top of v4.12. > > Changelog v3-v3.1: > 1. Switch "pwd" of pipe program to container's root fs. > 2. Rebase on top of v4.9-rc1. > > Changelog v2->v3: > 1: Fix problem of setting pid namespace, pointed out by: > Andrei Vagin > > Changelog v1(RFC)->v2: > 1: Add [PATCH 2/2] which was todo in [RFC v1]. > 2: Pass a test script for each function. > 3: Rebase on top of v4.7. > > Suggested-by: Eric W. Biederman > Suggested-by: KOSAKI Motohiro > Signed-off-by: Cao Shufeng > > Cao Shufeng (3): > Make call_usermodehelper_exec possible to set namespaces > Limit dump_pipe program's permission to init for container > Make core_pattern support namespace > > fs/coredump.c | 150 +++++++++++++++++++++++++++++++++++++++--- > include/linux/binfmts.h | 2 + > include/linux/kmod.h | 5 ++ > include/linux/pid_namespace.h | 3 + > init/do_mounts_initrd.c | 3 +- > kernel/kmod.c | 56 +++++++++++++--- > kernel/pid.c | 2 + > kernel/pid_namespace.c | 2 + > kernel/sysctl.c | 50 ++++++++++++-- > lib/kobject_uevent.c | 3 +- > security/keys/request_key.c | 4 +- > 11 files changed, 253 insertions(+), 27 deletions(-) >