From: ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org (Eric W. Biederman)
To: mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org
Cc: Linux API <linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
"Serge E. Hallyn" <serge-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org>,
Linux Containers
<containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org>
Subject: Re: [PATCH 2/4] clone.2: Describe the user namespace
Date: Mon, 07 Jan 2013 00:59:20 -0800 [thread overview]
Message-ID: <877gnp8j2v.fsf@xmission.com> (raw)
In-Reply-To: <CAKgNAkggMKib5v4ND9UR1jH=CrK-viM5hhfmc0Rw=mP5GbenSg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org> (Michael Kerrisk's message of "Mon, 7 Jan 2013 09:33:54 +0100")
"Michael Kerrisk (man-pages)" <mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> writes:
> Hi Eric,
>
> On Tue, Jan 1, 2013 at 10:39 AM, Eric W. Biederman
> <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org> wrote:
>> "Michael Kerrisk (man-pages)" <mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> writes:
>>
>>> Hi Eric,
>>>
>>> On Thu, Dec 27, 2012 at 6:47 PM, Eric W. Biederman
>>> <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org> wrote:
>>>>
>>>> There is one other bit that needs to be documented in clone, although
>>>> I am not certain where/how.
>>>>
>>>> The sequences:
>>>>
>>>> unshare(CLONE_NEWPID).
>>>> clone(CLONE_VM)
>>>>
>>>> setns(fd, CLONE_NEWPID).
>>>> clone(CLONE_VM).
>>>>
>>>> Now fail.
>>>
>>> Can you define "now" please. Which kernel version?
>>
>> 3.8
>>
>> The sequence was impossible in 3.7.
>>
>> I think that change that made that impossible happened in the 3.8-rc1 to
^^^^^^^^^ illegal 3.8-rc1 made the sequence possible.
>> 3.8-rc2 window.
>
> Adding something along these lines to the man page would be fine, but
> we need some text to explain *why* these sequences fail. Could you
> send me a sentence or two about that?
The basic principle is every thread in a process must be in the same pid
namespace. As unshare(CLONE_NEWPID) and setns(fd, CLONE_NEWPID) only
change the pid namespace for created children creating a child process
that is a thread would put that thread in a different pid namespace.
Creating a multithreaded application and then setns(fd, CLONE_NEWPID or
clone(CLONE_NEWPID) was outlawed because it was two bizarre and no one
cared. Oleg noticed you could create the threads afterwards and get
into a bizarre state that no one wanted to support.
Eric
next prev parent reply other threads:[~2013-01-07 8:59 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-11-26 22:57 [PATCH 0/4] namespace man page updates for 3.8 Eric W. Biederman
[not found] ` <87a9u4rmz0.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-11-27 0:46 ` [PATCH 1/4] proc.5: Document /proc/[pid]/uid_map and /proc/[pid]/gid_map Eric W. Biederman
[not found] ` <874nkbrhyv.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-12-27 9:03 ` Michael Kerrisk (man-pages)
[not found] ` <CAKgNAkixXmtvQUbwyv=a8mU=gdf-x+w-ou_4N=cNaau+hVoy4Q-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2012-12-27 16:58 ` Eric W. Biederman
2012-12-27 16:58 ` Eric W. Biederman
[not found] ` <87obhfxwhb.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-12-28 19:20 ` Michael Kerrisk (man-pages)
[not found] ` <CAKgNAkjs9T-s8SG-EgTT0O-Uj8S98Q_zfnMqnZ1ROrcYqh7Z5w-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2012-12-28 21:20 ` Eric W. Biederman
[not found] ` <87vcbldgbj.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2013-01-01 9:37 ` Michael Kerrisk (man-pages)
[not found] ` <CAKgNAkjf=KS5FnP0L-TPTCjQuTDAMs-N4cadAP89L4Mb3KubzQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-01-01 10:12 ` Eric W. Biederman
[not found] ` <87r4m51abp.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2013-01-14 8:59 ` Michael Kerrisk (man-pages)
2012-12-27 17:23 ` Eric W. Biederman
2012-12-27 17:23 ` Eric W. Biederman
[not found] ` <87licjv276.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-12-27 18:39 ` Michael Kerrisk (man-pages)
2012-12-27 18:39 ` Michael Kerrisk (man-pages)
2012-12-27 9:03 ` Michael Kerrisk (man-pages)
2012-11-27 0:46 ` [PATCH 2/4] clone.2: Describe the user namespace Eric W. Biederman
2012-11-27 0:46 ` Eric W. Biederman
[not found] ` <87y5hnq3d5.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-12-27 10:16 ` Michael Kerrisk (man-pages)
[not found] ` <CAKgNAkgXWp49wXKom9hMm9fajKVOAwOmFzPdKWBesbBhfZEssA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2012-12-27 17:20 ` Eric W. Biederman
[not found] ` <87r4mbv2c9.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2013-01-01 9:30 ` Michael Kerrisk (man-pages)
[not found] ` <CAKgNAkgPET9jex1DO=1Z3HRQqO_WVD8qmG-UaH1DQB6wDGqO5A-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-01-01 9:45 ` Eric W. Biederman
2013-01-01 9:30 ` Michael Kerrisk (man-pages)
2012-12-27 17:47 ` Eric W. Biederman
[not found] ` <87sj6rs7zc.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2013-01-01 9:29 ` Michael Kerrisk (man-pages)
[not found] ` <CAKgNAkgRQXn0-x6CXxvW94eeG19dOAOEx78iNC0+w08uX+Sg1w-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-01-01 9:39 ` Eric W. Biederman
2013-01-01 9:39 ` Eric W. Biederman
[not found] ` <87a9st5jj4.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2013-01-07 8:33 ` Michael Kerrisk (man-pages)
2013-01-07 8:33 ` Michael Kerrisk (man-pages)
[not found] ` <CAKgNAkggMKib5v4ND9UR1jH=CrK-viM5hhfmc0Rw=mP5GbenSg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-01-07 8:59 ` Eric W. Biederman
2013-01-07 8:59 ` Eric W. Biederman [this message]
2012-11-27 0:47 ` [PATCH 3/4] proc.5: Document the proc files for the user, mount, and pid namespaces Eric W. Biederman
[not found] ` <87pq2zq3b6.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-12-27 10:28 ` Michael Kerrisk (man-pages)
2012-11-27 0:48 ` [PATCH 4/4] setns.2: Document the pid, user, and mount namespace support Eric W. Biederman
[not found] ` <87k3t7q39u.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-12-27 11:08 ` Michael Kerrisk (man-pages)
2012-12-27 11:08 ` Michael Kerrisk (man-pages)
[not found] ` <CAKgNAkiaw5L_oNE8NENjmoBS8Hq_uj+iaEdhyXc1+hje4HdnNQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2012-12-27 17:40 ` Eric W. Biederman
[not found] ` <87bodftmv0.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2013-01-01 9:30 ` Michael Kerrisk (man-pages)
[not found] ` <CAKgNAkjJR02rKOBh98n7HJwXqAwywHY=Ef35t9tW7wOuyo86NQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-01-01 9:58 ` Eric W. Biederman
[not found] ` <87mwwt2pj8.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2013-01-07 9:51 ` Michael Kerrisk (man-pages)
[not found] ` <CAKgNAkggEOV0dXVzr4Zf3n_-it5SXfvjJ1ooYxiVNWaYzQgRLg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-01-07 23:58 ` Eric W. Biederman
2013-01-07 23:58 ` Eric W. Biederman
2012-11-27 0:48 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=877gnp8j2v.fsf@xmission.com \
--to=ebiederm-as9lmozglivwk0htik3j/w@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=serge-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.