From: Florian Weimer <fweimer@redhat.com>
To: Kees Cook <keescook@chromium.org>
Cc: Andrei Vagin <avagin@gmail.com>,
linux-kernel@vger.kernel.org,
Dmitry Safonov <0x7f454c46@gmail.com>,
Christian Brauner <brauner@kernel.org>,
linux-mm@kvack.org, Eric Biederman <ebiederm@xmission.com>
Subject: Re: [PATCH 1/2] fs/exec: allow to unshare a time namespace on vfork+exec
Date: Wed, 15 Jun 2022 09:53:29 +0200 [thread overview]
Message-ID: <874k0mqs5i.fsf@oldenburg.str.redhat.com> (raw)
In-Reply-To: <202206141412.2B0732FF6C@keescook> (Kees Cook's message of "Tue, 14 Jun 2022 14:14:35 -0700")
* Kees Cook:
> On Sun, Jun 12, 2022 at 11:07:22PM -0700, Andrei Vagin wrote:
>> Right now, a new process can't be forked in another time namespace
>> if it shares mm with its parent. It is prohibited, because each time
>> namespace has its own vvar page that is mapped into a process address
>> space.
>>
>> When a process calls exec, it gets a new mm and so it could be "legal"
>> to switch time namespace in that case. This was not implemented and
>> now if we want to do this, we need to add another clone flag to not
>> break backward compatibility.
>>
>> We don't have any user requests to switch times on exec except the
>> vfork+exec combination, so there is no reason to add a new clone flag.
>> As for vfork+exec, this should be safe to allow switching timens with
>> the current clone flag. Right now, vfork (CLONE_VFORK | CLONE_VM) fails
>> if a child is forked into another time namespace. With this change,
>> vfork creates a new process in parent's timens, and the following exec
>> does the actual switch to the target time namespace.
>
> This seems like a very special case. None of the other namespaces do
> this, do they?
I think this started with CLONE_NEWPID, which had a similar delayed
effect with unshare: it happens only after fork, not for the current
process image. I think it's just a limitation of the unshare interface.
Some of the effects simply have to be delayed due to their nature.
Thanks,
Florian
next prev parent reply other threads:[~2022-06-15 7:53 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-13 6:07 [PATCH 1/2] fs/exec: allow to unshare a time namespace on vfork+exec Andrei Vagin
2022-06-13 6:07 ` [PATCH 2/2] testing/timens: add a test for vfork+exit Andrei Vagin
2022-06-14 21:14 ` [PATCH 1/2] fs/exec: allow to unshare a time namespace on vfork+exec Kees Cook
2022-06-15 7:52 ` Christian Brauner
2022-06-15 7:53 ` Florian Weimer [this message]
2022-06-15 8:00 ` Christian Brauner
2022-06-15 8:14 ` Florian Weimer
2022-06-15 8:53 ` Christian Brauner
2022-06-15 7:37 ` Christian Brauner
2022-06-15 15:01 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=874k0mqs5i.fsf@oldenburg.str.redhat.com \
--to=fweimer@redhat.com \
--cc=0x7f454c46@gmail.com \
--cc=avagin@gmail.com \
--cc=brauner@kernel.org \
--cc=ebiederm@xmission.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.