From: ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org (Eric W. Biederman)
To: Linux Containers
<containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org>
Cc: Andrew Morton
<akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Oleg Nesterov <oleg-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
Subject: [REVIEW][PATCH 0/11] pid namespace cleanups and enhancements
Date: Fri, 16 Nov 2012 08:32:43 -0800 [thread overview]
Message-ID: <8739097bkk.fsf@xmission.com> (raw)
This patchset is my pile of pid namespace patches that I have been
sitting on for entirely too long. I have been running and testing these
changes for a while but if anyone sees any problems please let me know.
Feature wise this patchset adds unshare and setns support for the pid
namespace.
Cleanup wise this patchset adds an explicit count of how many pids are
hashed in a pid namespace and uses that count to trigger the unmounting
of the internal kernel mount of proc. The current scheme is buggy and
entirely too clever to continue living.
Some proc bits that were added to support the pid namespace initially
are removed, as they are no no longer necessary.
These patches are also available at:
git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git pidns-v73
Since some of this work is closely allied with the user namespace bits I
have pending I intend to merge these changes through my user namespace
tree.
Eric W. Biederman (11):
procfs: Use the proc generic infrastructure for proc/self.
procfs: Don't cache a pid in the root inode.
pidns: Capture the user namespace and filter ns_last_pid
pidns: Use task_active_pid_ns where appropriate
pidns: Make the pidns proc mount/umount logic obvious.
pidns: Don't allow new processes in a dead pid namespace.
pidns: Wait in zap_pid_ns_processes until pid_ns->nr_hashed == 1
pidns: Deny strange cases when creating pid namespaces.
pidns: Add setns support
pidns: Consolidate initialzation of special init task state
pidns: Support unsharing the pid namespace.
arch/powerpc/platforms/cell/spufs/sched.c | 2 +-
arch/um/drivers/mconsole_kern.c | 2 +-
drivers/staging/android/binder.c | 3 +-
fs/hppfs/hppfs.c | 2 +-
fs/proc/Makefile | 1 +
fs/proc/base.c | 169 +----------------------------
fs/proc/internal.h | 1 +
fs/proc/namespaces.c | 3 +
fs/proc/root.c | 16 +---
fs/proc/self.c | 59 ++++++++++
include/linux/pid_namespace.h | 10 ++-
include/linux/proc_fs.h | 1 +
init/main.c | 1 -
kernel/cgroup.c | 2 +-
kernel/events/core.c | 2 +-
kernel/exit.c | 12 --
kernel/fork.c | 42 +++++---
kernel/nsproxy.c | 4 +-
kernel/pid.c | 46 +++++++--
kernel/pid_namespace.c | 99 +++++++++++++----
kernel/signal.c | 2 +-
kernel/sysctl_binary.c | 2 +-
22 files changed, 231 insertions(+), 250 deletions(-)
WARNING: multiple messages have this Message-ID (diff)
From: ebiederm@xmission.com (Eric W. Biederman)
To: Linux Containers <containers@lists.linux-foundation.org>
Cc: <linux-kernel@vger.kernel.org>, Oleg Nesterov <oleg@tv-sign.ru>,
"Serge E. Hallyn" <serge@hallyn.com>,
Gao feng <gaofeng@cn.fujitsu.com>,
Andrew Morton <akpm@linux-foundation.org>
Subject: [REVIEW][PATCH 0/11] pid namespace cleanups and enhancements
Date: Fri, 16 Nov 2012 08:32:43 -0800 [thread overview]
Message-ID: <8739097bkk.fsf@xmission.com> (raw)
This patchset is my pile of pid namespace patches that I have been
sitting on for entirely too long. I have been running and testing these
changes for a while but if anyone sees any problems please let me know.
Feature wise this patchset adds unshare and setns support for the pid
namespace.
Cleanup wise this patchset adds an explicit count of how many pids are
hashed in a pid namespace and uses that count to trigger the unmounting
of the internal kernel mount of proc. The current scheme is buggy and
entirely too clever to continue living.
Some proc bits that were added to support the pid namespace initially
are removed, as they are no no longer necessary.
These patches are also available at:
git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git pidns-v73
Since some of this work is closely allied with the user namespace bits I
have pending I intend to merge these changes through my user namespace
tree.
Eric W. Biederman (11):
procfs: Use the proc generic infrastructure for proc/self.
procfs: Don't cache a pid in the root inode.
pidns: Capture the user namespace and filter ns_last_pid
pidns: Use task_active_pid_ns where appropriate
pidns: Make the pidns proc mount/umount logic obvious.
pidns: Don't allow new processes in a dead pid namespace.
pidns: Wait in zap_pid_ns_processes until pid_ns->nr_hashed == 1
pidns: Deny strange cases when creating pid namespaces.
pidns: Add setns support
pidns: Consolidate initialzation of special init task state
pidns: Support unsharing the pid namespace.
arch/powerpc/platforms/cell/spufs/sched.c | 2 +-
arch/um/drivers/mconsole_kern.c | 2 +-
drivers/staging/android/binder.c | 3 +-
fs/hppfs/hppfs.c | 2 +-
fs/proc/Makefile | 1 +
fs/proc/base.c | 169 +----------------------------
fs/proc/internal.h | 1 +
fs/proc/namespaces.c | 3 +
fs/proc/root.c | 16 +---
fs/proc/self.c | 59 ++++++++++
include/linux/pid_namespace.h | 10 ++-
include/linux/proc_fs.h | 1 +
init/main.c | 1 -
kernel/cgroup.c | 2 +-
kernel/events/core.c | 2 +-
kernel/exit.c | 12 --
kernel/fork.c | 42 +++++---
kernel/nsproxy.c | 4 +-
kernel/pid.c | 46 +++++++--
kernel/pid_namespace.c | 99 +++++++++++++----
kernel/signal.c | 2 +-
kernel/sysctl_binary.c | 2 +-
22 files changed, 231 insertions(+), 250 deletions(-)
next reply other threads:[~2012-11-16 16:32 UTC|newest]
Thread overview: 74+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-11-16 16:32 Eric W. Biederman [this message]
2012-11-16 16:32 ` [REVIEW][PATCH 0/11] pid namespace cleanups and enhancements Eric W. Biederman
[not found] ` <8739097bkk.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-11-16 16:35 ` [PATCH 01/11] procfs: Use the proc generic infrastructure for proc/self Eric W. Biederman
2012-11-16 16:35 ` Eric W. Biederman
[not found] ` <1353083750-3621-1-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-11-16 16:35 ` [PATCH 02/11] procfs: Don't cache a pid in the root inode Eric W. Biederman
2012-11-16 16:35 ` Eric W. Biederman
[not found] ` <1353083750-3621-2-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-11-21 1:07 ` Gao feng
2012-11-21 1:07 ` Gao feng
2012-11-16 16:35 ` [PATCH 03/11] pidns: Capture the user namespace and filter ns_last_pid Eric W. Biederman
2012-11-16 16:35 ` Eric W. Biederman
[not found] ` <1353083750-3621-3-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-11-21 1:26 ` Gao feng
2012-11-21 1:26 ` Gao feng
2012-11-16 16:35 ` [PATCH 04/11] pidns: Use task_active_pid_ns where appropriate Eric W. Biederman
2012-11-16 16:35 ` Eric W. Biederman
[not found] ` <1353083750-3621-4-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-11-21 2:02 ` Gao feng
2012-11-21 2:02 ` Gao feng
2012-11-16 16:35 ` [PATCH 05/11] pidns: Make the pidns proc mount/umount logic obvious Eric W. Biederman
2012-11-16 16:35 ` Eric W. Biederman
[not found] ` <1353083750-3621-5-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-11-19 11:02 ` Gao feng
2012-11-19 11:02 ` Gao feng
2012-11-16 16:35 ` [PATCH 06/11] pidns: Don't allow new processes in a dead pid namespace Eric W. Biederman
2012-11-16 16:35 ` Eric W. Biederman
[not found] ` <1353083750-3621-6-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-11-21 2:17 ` Gao feng
2012-11-21 2:17 ` Gao feng
2012-11-16 16:35 ` [PATCH 07/11] pidns: Wait in zap_pid_ns_processes until pid_ns->nr_hashed == 1 Eric W. Biederman
2012-11-16 16:35 ` [PATCH 08/11] pidns: Deny strange cases when creating pid namespaces Eric W. Biederman
2012-11-16 16:35 ` Eric W. Biederman
[not found] ` <1353083750-3621-8-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-11-21 2:25 ` Gao feng
2012-11-21 2:25 ` Gao feng
2012-11-16 16:35 ` [PATCH 09/11] pidns: Add setns support Eric W. Biederman
2012-11-16 16:35 ` Eric W. Biederman
[not found] ` <1353083750-3621-9-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-11-19 9:11 ` Gao feng
2012-11-19 9:11 ` Gao feng
[not found] ` <50A9F7DE.60807-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2012-11-19 9:27 ` Eric W. Biederman
2012-11-19 9:27 ` Eric W. Biederman
2012-11-21 2:36 ` Gao feng
2012-11-21 2:36 ` Gao feng
2012-11-16 16:35 ` [PATCH 10/11] pidns: Consolidate initialzation of special init task state Eric W. Biederman
2012-11-16 16:35 ` Eric W. Biederman
[not found] ` <1353083750-3621-10-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-11-21 2:56 ` Gao feng
2012-11-21 2:56 ` Gao feng
2012-11-16 16:35 ` [PATCH 11/11] pidns: Support unsharing the pid namespace Eric W. Biederman
2012-11-16 16:35 ` Eric W. Biederman
[not found] ` <1353083750-3621-11-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-11-21 2:55 ` Gao feng
2012-11-21 2:55 ` Gao feng
2012-12-19 18:14 ` Oleg Nesterov
2012-12-19 18:14 ` Oleg Nesterov
[not found] ` <20121219181400.GA22991-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2012-12-21 1:43 ` Eric W. Biederman
2012-12-21 1:43 ` Eric W. Biederman
[not found] ` <871uektc2f.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-12-21 15:49 ` Oleg Nesterov
2012-12-21 15:49 ` Oleg Nesterov
[not found] ` <20121221154931.GA18730-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2012-12-21 17:51 ` Eric W. Biederman
2012-12-21 17:51 ` Eric W. Biederman
[not found] ` <87fw2zmgzc.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-12-21 19:24 ` Rob Landley
2012-12-21 19:24 ` Rob Landley
2012-12-21 22:58 ` namespace documentation Eric W. Biederman
2012-12-21 22:58 ` Eric W. Biederman
2012-11-16 16:35 ` [PATCH 07/11] pidns: Wait in zap_pid_ns_processes until pid_ns->nr_hashed == 1 Eric W. Biederman
[not found] ` <1353083750-3621-7-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-11-21 2:24 ` Gao feng
2012-11-21 2:24 ` Gao feng
2012-12-19 18:47 ` Oleg Nesterov
2012-12-19 18:47 ` Oleg Nesterov
[not found] ` <20121219184757.GB22991-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2012-12-21 1:19 ` Eric W. Biederman
2012-12-21 1:19 ` Eric W. Biederman
[not found] ` <87bodourqt.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-12-21 14:11 ` Oleg Nesterov
2012-12-21 14:11 ` Oleg Nesterov
[not found] ` <20121221141133.GA13805-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2012-12-21 15:02 ` Oleg Nesterov
2012-12-21 15:02 ` Oleg Nesterov
[not found] ` <20121221150238.GA16003-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2012-12-21 15:31 ` Oleg Nesterov
2012-12-21 15:31 ` Oleg Nesterov
[not found] ` <20121221153152.GA17250-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2012-12-21 18:42 ` Eric W. Biederman
2012-12-21 18:42 ` Eric W. Biederman
2012-12-21 18:33 ` Eric W. Biederman
2012-12-21 18:33 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8739097bkk.fsf@xmission.com \
--to=ebiederm-as9lmozglivwk0htik3j/w@public.gmane.org \
--cc=akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=oleg-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.