From mboxrd@z Thu Jan 1 00:00:00 1970 From: ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org (Eric W. Biederman) Subject: Re: Introspecting userns relationships to other namespaces? Date: Fri, 08 Jul 2016 22:13:08 -0500 Message-ID: <87ziprmrln.fsf@x220.int.ebiederm.org> References: <87r3b7pxja.fsf@x220.int.ebiederm.org> <20160706141348.GB20728@mail.hallyn.com> <20160707133631.GA2994@mail.hallyn.com> <1467903712.2347.16.camel@HansenPartnership.com> <20160709031528.GA25507@odin.tremily.us> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <20160709031528.GA25507-q4NCUed9G3sTnwFZoN752g@public.gmane.org> (W. Trevor King's message of "Fri, 8 Jul 2016 20:15:28 -0700") List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org Errors-To: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org To: "W. Trevor King" Cc: criu-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org, Linux API , Containers , lkml , Andy Lutomirski , James Bottomley , "Michael Kerrisk (man-pages)" List-Id: containers.vger.kernel.org "W. Trevor King" writes: > On Thu, Jul 07, 2016 at 08:01:52AM -0700, James Bottomley wrote: >> In theory, we could get nsfs to show this information as an option >> (just add a show_options entry to the superblock ops), but the >> problem is that although each namespace has a parent user_ns, >> there's no way to get it without digging in the namespace specific >> structure. Probably we should restructure to move it into >> ns_common, then we could display it (and enforce all namespaces >> having owning user_ns) but it would be a reasonably large (but >> mechanical) change. > > It sounds like everyone is either positive or or neutral on this > groundwork, even if we haven't decided if/how to expose the > information to userspace. I'm happy to work up a patch while the rest > of the discussion continues. I'm also happy to let someone else work > up the patch, if anyone else is chomping at the bit ;). I am dubious on moving all of the user namespace members into ns_common. I would happy to be proved wrong but I suspect in the cases where we actually use that user namespace the code will become uglier. Making the ordinary uses uglier to make a rare corner case nicer is the wrong trade off. But feel free to try it is certainly worth doing if it doesn't make the code that uses the user namespaces uglier. Eric From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933062AbcGIDZs (ORCPT ); Fri, 8 Jul 2016 23:25:48 -0400 Received: from out02.mta.xmission.com ([166.70.13.232]:38590 "EHLO out02.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933007AbcGIDZi (ORCPT ); Fri, 8 Jul 2016 23:25:38 -0400 From: ebiederm@xmission.com (Eric W. Biederman) To: "W. Trevor King" Cc: James Bottomley , "Serge E. Hallyn" , "Michael Kerrisk \(man-pages\)" , Linux API , Containers , lkml , Andy Lutomirski , criu@openvz.org References: <87r3b7pxja.fsf@x220.int.ebiederm.org> <20160706141348.GB20728@mail.hallyn.com> <20160707133631.GA2994@mail.hallyn.com> <1467903712.2347.16.camel@HansenPartnership.com> <20160709031528.GA25507@odin.tremily.us> Date: Fri, 08 Jul 2016 22:13:08 -0500 In-Reply-To: <20160709031528.GA25507@odin.tremily.us> (W. Trevor King's message of "Fri, 8 Jul 2016 20:15:28 -0700") Message-ID: <87ziprmrln.fsf@x220.int.ebiederm.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-XM-SPF: eid=1bLitY-0004q1-DB;;;mid=<87ziprmrln.fsf@x220.int.ebiederm.org>;;;hst=in02.mta.xmission.com;;;ip=67.3.204.119;;;frm=ebiederm@xmission.com;;;spf=neutral X-XM-AID: U2FsdGVkX19d5muoGir1Nq1bL9sNXDcPBeWaXqGm/8I= X-SA-Exim-Connect-IP: 67.3.204.119 X-SA-Exim-Mail-From: ebiederm@xmission.com X-Spam-Report: * -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP * 0.0 TVD_RCVD_IP Message was received from an IP address * 0.0 T_TM2_M_HEADER_IN_MSG BODY: No description available. * 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% * [score: 0.5000] * -0.0 DCC_CHECK_NEGATIVE Not listed in DCC * [sa06 1397; Body=1 Fuz1=1 Fuz2=1] X-Spam-DCC: XMission; sa06 1397; Body=1 Fuz1=1 Fuz2=1 X-Spam-Combo: ;"W. Trevor King" X-Spam-Relay-Country: X-Spam-Timing: total 1050 ms - load_scoreonly_sql: 0.04 (0.0%), signal_user_changed: 3.5 (0.3%), b_tie_ro: 2.5 (0.2%), parse: 0.68 (0.1%), extract_message_metadata: 14 (1.3%), get_uri_detail_list: 1.30 (0.1%), tests_pri_-1000: 6 (0.5%), tests_pri_-950: 1.32 (0.1%), tests_pri_-900: 1.06 (0.1%), tests_pri_-400: 22 (2.1%), check_bayes: 21 (2.0%), b_tokenize: 6 (0.6%), b_tok_get_all: 6 (0.6%), b_comp_prob: 2.4 (0.2%), b_tok_touch_all: 2.5 (0.2%), b_finish: 0.88 (0.1%), tests_pri_0: 218 (20.8%), check_dkim_signature: 0.83 (0.1%), check_dkim_adsp: 3.8 (0.4%), tests_pri_500: 779 (74.1%), poll_dns_idle: 767 (73.0%), rewrite_mail: 0.00 (0.0%) Subject: Re: Introspecting userns relationships to other namespaces? X-Spam-Flag: No X-SA-Exim-Version: 4.2.1 (built Thu, 05 May 2016 13:38:54 -0600) X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org "W. Trevor King" writes: > On Thu, Jul 07, 2016 at 08:01:52AM -0700, James Bottomley wrote: >> In theory, we could get nsfs to show this information as an option >> (just add a show_options entry to the superblock ops), but the >> problem is that although each namespace has a parent user_ns, >> there's no way to get it without digging in the namespace specific >> structure. Probably we should restructure to move it into >> ns_common, then we could display it (and enforce all namespaces >> having owning user_ns) but it would be a reasonably large (but >> mechanical) change. > > It sounds like everyone is either positive or or neutral on this > groundwork, even if we haven't decided if/how to expose the > information to userspace. I'm happy to work up a patch while the rest > of the discussion continues. I'm also happy to let someone else work > up the patch, if anyone else is chomping at the bit ;). I am dubious on moving all of the user namespace members into ns_common. I would happy to be proved wrong but I suspect in the cases where we actually use that user namespace the code will become uglier. Making the ordinary uses uglier to make a rare corner case nicer is the wrong trade off. But feel free to try it is certainly worth doing if it doesn't make the code that uses the user namespaces uglier. Eric