From: ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org (Eric W. Biederman)
To: Ian Kent <raven-PKsaG3nR2I+sTnJN9+BGXg@public.gmane.org>
Cc: linux-nfs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Stanislav Kinsbursky
<skinsbursky-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>,
Jeff Layton <jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
Greg KH
<gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org>,
Linux Containers
<containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org>,
skinsbursky-5HdwGun5lf+gSpxsJD1C4w@public.gmane.org,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
oleg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
bfields-uC3wQj2KruNg9hUCZPvPmw@public.gmane.org,
bharrosh-C4P08NqkoRlBDgjK7y7TUQ@public.gmane.org,
linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
devel-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org
Subject: Re: call_usermodehelper in containers
Date: Wed, 17 Feb 2016 21:17:21 -0600 [thread overview]
Message-ID: <874md63dxa.fsf@x220.int.ebiederm.org> (raw)
In-Reply-To: <1455495082.2941.32.camel-PKsaG3nR2I+sTnJN9+BGXg@public.gmane.org> (Ian Kent's message of "Mon, 15 Feb 2016 08:11:22 +0800")
Ian Kent <raven-PKsaG3nR2I+sTnJN9+BGXg@public.gmane.org> writes:
> AFAICS kernel/kmod.c used to use create_singlethread_workqueue() and
> queue_work() to perform umh calls, now it uses only queue_work() and
> the system_unbound_wq workqueue.
>
> Looking at the workqueue sub system there doesn't appear to be a way to
> create a workqueue with a thread runner thread, created within the
> process context at the time of workqueue creation, that then waits to
> run work. So there's no way to create a workqueue to run umh calls
> within a specific process context, such as that of a container, by using
> the workqueue subsystem as it is now.
>
> The problem being that the process context of the caller requesting umh
> isn't necessarily (and shouldn't be used because it could allow the
> caller to hijack the environment) the process context that needs to be
> used for the request.
>
> It looks like the reply to this thread from Oleg that demonstrates using
> child_reaper for the run context could be used though. Capturing the
> struct pid of child_reaper and then using that to locate the appropriate
> task context later (if it still exists) at request time could be used.
>
> That doesn't take care of working out when this should be captured or
> where to put it so it can be obtained at request time (which seems
> difficult in itself).
It would be really really nice if the user namespace could be used
for the where do we look at case. As every other namespace already
has a pointer to the user namespace, and fundamentally the user
namespace is the permission boundary (from a namespace perspective).
So for the equivalent of kthreadd in a user namespace we need a thread
that has a full set of namespaces owned by the user namespaces.
On one side this is very easy to obtain if we look at the process that
sets core_pattern or mounts one of the nfs filesystems (such as the
filesystem that when mounted starts nfsd), and just fork a kernel thread
from it.
On another side perhaps what we want is a syscall call it start_umhd
that says repurpose the caller of this thread to handle future user mode
helper calls. That we could tie to a user namespace quite easily.
This definitely does not play particularly nice with queue work and
friends, but that is just infrastructure and we can update user mode
helper to use something else reasonable as long as we have a solid
design.
Perhaps there is a combination of the two ideas that could work.
Instead of a syscall use the invocation of a service that needs a user
mode helper as a trigger to create such a launcher thread.
Eric
WARNING: multiple messages have this Message-ID (diff)
From: ebiederm@xmission.com (Eric W. Biederman)
To: Ian Kent <raven@themaw.net>
Cc: skinsbursky@virtuozzo.com,
Stanislav Kinsbursky <skinsbursky@parallels.com>,
Jeff Layton <jlayton@redhat.com>,
Greg KH <gregkh@linuxfoundation.org>,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-nfs@vger.kernel.org, devel@openvz.org, oleg@redhat.com,
bfields@fieldses.org, bharrosh@panasas.com,
Linux Containers <containers@lists.linux-foundation.org>
Subject: Re: call_usermodehelper in containers
Date: Wed, 17 Feb 2016 21:17:21 -0600 [thread overview]
Message-ID: <874md63dxa.fsf@x220.int.ebiederm.org> (raw)
In-Reply-To: <1455495082.2941.32.camel@themaw.net> (Ian Kent's message of "Mon, 15 Feb 2016 08:11:22 +0800")
Ian Kent <raven@themaw.net> writes:
> AFAICS kernel/kmod.c used to use create_singlethread_workqueue() and
> queue_work() to perform umh calls, now it uses only queue_work() and
> the system_unbound_wq workqueue.
>
> Looking at the workqueue sub system there doesn't appear to be a way to
> create a workqueue with a thread runner thread, created within the
> process context at the time of workqueue creation, that then waits to
> run work. So there's no way to create a workqueue to run umh calls
> within a specific process context, such as that of a container, by using
> the workqueue subsystem as it is now.
>
> The problem being that the process context of the caller requesting umh
> isn't necessarily (and shouldn't be used because it could allow the
> caller to hijack the environment) the process context that needs to be
> used for the request.
>
> It looks like the reply to this thread from Oleg that demonstrates using
> child_reaper for the run context could be used though. Capturing the
> struct pid of child_reaper and then using that to locate the appropriate
> task context later (if it still exists) at request time could be used.
>
> That doesn't take care of working out when this should be captured or
> where to put it so it can be obtained at request time (which seems
> difficult in itself).
It would be really really nice if the user namespace could be used
for the where do we look at case. As every other namespace already
has a pointer to the user namespace, and fundamentally the user
namespace is the permission boundary (from a namespace perspective).
So for the equivalent of kthreadd in a user namespace we need a thread
that has a full set of namespaces owned by the user namespaces.
On one side this is very easy to obtain if we look at the process that
sets core_pattern or mounts one of the nfs filesystems (such as the
filesystem that when mounted starts nfsd), and just fork a kernel thread
from it.
On another side perhaps what we want is a syscall call it start_umhd
that says repurpose the caller of this thread to handle future user mode
helper calls. That we could tie to a user namespace quite easily.
This definitely does not play particularly nice with queue work and
friends, but that is just infrastructure and we can update user mode
helper to use something else reasonable as long as we have a solid
design.
Perhaps there is a combination of the two ideas that could work.
Instead of a syscall use the invocation of a service that needs a user
mode helper as a trigger to create such a launcher thread.
Eric
next prev parent reply other threads:[~2016-02-18 3:17 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-11 12:18 call_usermodehelper in containers Jeff Layton
2013-11-11 12:43 ` [Devel] " Vasily Kulikov
2013-11-11 13:26 ` Jeff Layton
2013-11-12 0:47 ` Greg KH
2013-11-12 11:12 ` Jeff Layton
2013-11-12 13:02 ` Stanislav Kinsbursky
2013-11-12 13:30 ` Jeff Layton
2013-11-15 5:05 ` Eric W. Biederman
2013-11-15 10:40 ` Stanislav Kinsbursky
2013-11-15 11:03 ` Eric W. Biederman
2013-11-15 11:54 ` Stanislav Kinsbursky
2016-02-12 23:39 ` Ian Kent
2016-02-13 16:08 ` Stanislav Kinsburskiy
2016-02-15 0:11 ` Ian Kent
[not found] ` <1455495082.2941.32.camel-PKsaG3nR2I+sTnJN9+BGXg@public.gmane.org>
2016-02-18 3:17 ` Eric W. Biederman [this message]
2016-02-18 3:17 ` Eric W. Biederman
2013-11-18 17:28 ` Oleg Nesterov
2013-11-18 18:02 ` Oleg Nesterov
2013-11-19 14:51 ` Jeff Layton
2016-02-11 0:17 ` Ian Kent
[not found] ` <1455149857.2903.9.camel-PKsaG3nR2I+sTnJN9+BGXg@public.gmane.org>
2016-02-18 2:57 ` Eric W. Biederman
2016-02-18 2:57 ` Eric W. Biederman
[not found] ` <8737sq4teb.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2016-02-18 3:43 ` Kamezawa Hiroyuki
2016-02-18 3:43 ` Kamezawa Hiroyuki
2016-02-18 6:36 ` Ian Kent
[not found] ` <1455777387.3188.24.camel-PKsaG3nR2I+sTnJN9+BGXg@public.gmane.org>
2016-02-18 7:37 ` Ian Kent
2016-02-18 7:37 ` Ian Kent
[not found] ` <1455781033.2908.5.camel-PKsaG3nR2I+sTnJN9+BGXg@public.gmane.org>
2016-02-18 20:45 ` Eric W. Biederman
2016-02-18 20:45 ` Eric W. Biederman
[not found] ` <87r3g9ychc.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2016-02-19 3:08 ` Kamezawa Hiroyuki
2016-02-19 3:08 ` Kamezawa Hiroyuki
2016-02-19 5:37 ` Ian Kent
[not found] ` <1455860260.3356.31.camel-PKsaG3nR2I+sTnJN9+BGXg@public.gmane.org>
2016-02-19 9:30 ` Kamezawa Hiroyuki
2016-02-19 9:30 ` Kamezawa Hiroyuki
[not found] ` <56C6E0A8.3010806-+CUm20s59erQFUHtdCDX3A@public.gmane.org>
2016-02-20 3:28 ` Ian Kent
2016-02-20 3:28 ` Ian Kent
[not found] ` <56C68714.2000900-+CUm20s59erQFUHtdCDX3A@public.gmane.org>
2016-02-19 5:37 ` Ian Kent
2016-02-19 5:14 ` Ian Kent
2016-02-19 5:14 ` Ian Kent
2016-02-23 2:55 ` Ian Kent
[not found] ` <1456196130.2911.10.camel-PKsaG3nR2I+sTnJN9+BGXg@public.gmane.org>
2016-02-23 14:36 ` J. Bruce Fields
2016-02-23 14:36 ` J. Bruce Fields
[not found] ` <20160223143627.GB31951-uC3wQj2KruNg9hUCZPvPmw@public.gmane.org>
2016-02-24 0:55 ` Ian Kent
2016-02-24 0:55 ` Ian Kent
[not found] ` <1455858850.3356.19.camel-PKsaG3nR2I+sTnJN9+BGXg@public.gmane.org>
2016-02-23 2:55 ` Ian Kent
[not found] ` <56C53DE3.1070108-+CUm20s59erQFUHtdCDX3A@public.gmane.org>
2016-02-18 6:36 ` Ian Kent
2016-03-24 7:45 ` Ian Kent
2016-03-25 1:28 ` Oleg Nesterov
2016-03-25 7:25 ` Ian Kent
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=874md63dxa.fsf@x220.int.ebiederm.org \
--to=ebiederm-as9lmozglivwk0htik3j/w@public.gmane.org \
--cc=bfields-uC3wQj2KruNg9hUCZPvPmw@public.gmane.org \
--cc=bharrosh-C4P08NqkoRlBDgjK7y7TUQ@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=devel-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org \
--cc=gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org \
--cc=jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-nfs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=oleg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=raven-PKsaG3nR2I+sTnJN9+BGXg@public.gmane.org \
--cc=skinsbursky-5HdwGun5lf+gSpxsJD1C4w@public.gmane.org \
--cc=skinsbursky-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.