From: Greg Kroah-Hartman <gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org>
To: "Eric W. Biederman" <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
Cc: Linux Containers
<containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org>,
Kay Sievers <kay.sievers-tD+1rO4QERM@public.gmane.org>,
Andy Lutomirski <luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org>,
devel <devel-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>,
lxc-devel
<lxc-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org>,
mhw <mhw-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>,
Stephane Graber
<stgraber-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org>
Subject: Re: Device Namespaces
Date: Tue, 1 Oct 2013 13:57:18 -0700 [thread overview]
Message-ID: <20131001205718.GA17036@kroah.com> (raw)
In-Reply-To: <87had0wz07.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
On Tue, Oct 01, 2013 at 12:51:36PM -0700, Eric W. Biederman wrote:
> "Serge E. Hallyn" <serge-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org> writes:
>
> > Quoting Andy Lutomirski (luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org):
> >> On Tue, Oct 1, 2013 at 7:19 AM, Janne Karhunen <janne.karhunen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> >> > On Thu, Sep 26, 2013 at 8:33 AM, Greg Kroah-Hartman
> >> > <gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org> wrote:
> >> >
> >> >>> - We can relay a call of /sbin/hotplug from outside of a container
> >> >>> to inside of a container based on policy.
> >> >>> (But no one uses /sbin/hotplug anymore).
> >> >>
> >> >> That's right, they should be listening to libudev events, so why can't
> >> >> your daemon shuffle them off to the proper container, all in userspace?
> >> >
> >> > Which reminds me, one potential reason being..
> >> > http://lists.linuxfoundation.org/pipermail/containers/2013-May/032591.html
> >> >
> >>
> >> Can't the daemon live outside the container and shuffle stuff in?
> >
> > That's exactly what Michael Warfield is suggesting, fwiw.
>
> Michael Warfields example of dynamically assigning serial ports to
> containers is a pretty good test case. Serial ports are extremely well
> known kernel objects who evolution effectively stopped long ago. When
> we need it we have ptys to virtual serial ports when we need it, but in
> general unprivileged users are safe to directly use a serial port
> device.
>
> Glossing over the details. The general problem is some policy exists
> outside of the container that deciedes if an when a container gets a
> serial port and stuffs it in.
>
> The expectation is that system containers will then run the udev
> rules and send the libuevent event.
>
> To make that all work without kernel modifications requires placing
> a faux-udev in the container, that listens for a device assignment from
> outside the container and then does exactly what udev would have done.
>
> The problems with this that I see are:
>
> - udev is a moving target making it hard to build a faux-udev that will
> work everywhere.
How is udev a moving target? Use libudev and all should be fine, that's
an ABI you can rely on, right?
Or, if you don't like/want udev, use mdev in your container. Or
something else, what does this have to do with the kernel?
> - On distro's running systemd and udev integration is sufficiently tight
> that I am not certain a faux-udev is possible or will continue to be
> possible.
That's not a kernel issue, that's a "ouch, this is hard, let's give up"
issue.
Or perhaps it is a "maybe I shouldn't even be trying to do this" type
issue... :)
> - There are two other widely deployed solutions for managing hotplug
> devices besides udev.
I know of mdev, what's the other one? The hacked-up shell script that
Android uses? Or something else?
> So given these difficulties I do not believe that the evolution of linux
> device management is done, and that patches to udev, the kernel or both
> will be needed. While it would be good for testing and understanding
> the problem I don't think a faux-udev will be a long term maintainable
> solution.
You are saying that for some reason you feel helpless with the way
userspace is going, so we have to change the kernel. That's horrible,
and is not going to be a reason I accept to change the kernel, sorry.
> I also understand the point that we aren't talking patches yet and just
> discussing ideas. Right now it is my hope that if we talk this out we
> can figure out a general direction that has a hope of working.
>
> From where I am standing faking uevents instead of replacing
> udev/mdev/whatever looks simpler and more maintainable.
Have you really looked into this? Numerous people, who understand this
code path and userspace issues, have said it is not a good idea at all.
But hey, what do I know...
I still have yet to see a reason why you can't use libudev today for
something like this.
Anyway, I'm done discussing this as it's pointless this early, I'm going
to refrain for any more pithy comments until someone posts some code, as
this is just wasting people's time at the moment.
greg k-h
next prev parent reply other threads:[~2013-10-01 20:57 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-08-22 17:43 RFC: Device Namespaces Oren Laadan
[not found] ` <CAA4jN2aw4zEW=UfKCyqaOvXnbiRb_J9srfCn4OXTFzc6vWBM4A-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-08-22 18:21 ` Serge Hallyn
2013-08-26 10:11 ` Oren Laadan
[not found] ` <CAA4jN2YL7Lfu2+DW-i+MovFxWEhJfT4aBBKREU_vy7JX9TKGHA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-09-06 17:50 ` Eric W. Biederman
[not found] ` <8761udlu0d.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2013-09-08 12:28 ` Amir Goldstein
[not found] ` <CAA2m6vexArJ+6jFbK80Amstk=LK30=XDNHdBHSswP=LgpSP-6A-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-09-09 0:51 ` Eric W. Biederman
[not found] ` <871u4yddg4.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2013-09-10 7:09 ` Amir Goldstein
[not found] ` <CAA2m6vc_kWWGDWcdjk26N3YvTqZySLFxPQRjOD9_ypBOka2+GQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-09-25 11:05 ` Janne Karhunen
[not found] ` <CAE=NcrbyFFoMn2nfBA_=ZtwD=eGLvqK=L-U9MuGrtJFLZfZppw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-09-25 20:23 ` Eric W. Biederman
[not found] ` <87ioxo4pm5.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2013-09-25 21:17 ` [lxc-devel] " Jeremy Andrus
[not found] ` <AD5F7BD2-0166-46BD-AB14-463C0E88BC92-eQaUEPhvms7ENvBUuze7eA@public.gmane.org>
2013-09-25 21:47 ` Eric W. Biederman
[not found] ` <8738osr2ue.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2013-09-29 17:56 ` Amir Goldstein
2013-09-25 21:34 ` Eric W. Biederman
[not found] ` <87bo3gshz5.fsf_-_-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2013-09-26 5:33 ` Greg Kroah-Hartman
[not found] ` <20130926053320.GB3725-U8xfFu+wG4EAvxtiuMwx3w@public.gmane.org>
2013-09-26 8:25 ` Janne Karhunen
[not found] ` <CAE=NcrbPXGWU8FUgwchXyL5HjXf+4AKbgUWGe1ZO=Xcq=iV-Lg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-09-26 13:56 ` Greg Kroah-Hartman
[not found] ` <20130926135604.GA16624-U8xfFu+wG4EAvxtiuMwx3w@public.gmane.org>
2013-09-26 17:01 ` Janne Karhunen
[not found] ` <CAE=NcrY3xC1AF_GV2b1KsF7AwYZTuGBuKLS5yBUWoWcmKU4YBg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-09-26 17:07 ` Greg Kroah-Hartman
[not found] ` <20130926170757.GA9345-U8xfFu+wG4EAvxtiuMwx3w@public.gmane.org>
2013-09-26 17:56 ` Janne Karhunen
2013-09-30 15:37 ` James Bottomley
[not found] ` <1380555439.2161.5.camel-sFMDBYUN5F8GjUHQrlYNx2Wm91YjaHnnhRte9Li2A+AAvxtiuMwx3w@public.gmane.org>
2013-09-30 16:11 ` Greg Kroah-Hartman
[not found] ` <20130930161117.GA26459-U8xfFu+wG4EAvxtiuMwx3w@public.gmane.org>
2013-09-30 16:33 ` James Bottomley
2013-10-01 6:19 ` Janne Karhunen
[not found] ` <CAE=NcrYV2RiMV7PcwEjFGFRBrz9XdZGs86Wau2a+6xpYN2aEHA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-10-01 17:27 ` Andy Lutomirski
[not found] ` <CALCETrWWoHzuJcnfEUY+cFpOgT5gnG8U1cVbCW0_8V7Z_v6DJw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-10-01 17:53 ` Serge E. Hallyn
[not found] ` <20131001175345.GA4145-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2013-10-01 19:51 ` Eric W. Biederman
[not found] ` <87had0wz07.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2013-10-01 20:46 ` Serge Hallyn
2013-10-01 22:59 ` [lxc-devel] " Michael H. Warfield
2013-10-02 22:55 ` Eric W. Biederman
2013-10-01 20:57 ` Greg Kroah-Hartman [this message]
[not found] ` <20131001205718.GA17036-U8xfFu+wG4EAvxtiuMwx3w@public.gmane.org>
2013-10-02 22:45 ` Eric W. Biederman
2013-10-01 22:19 ` Michael H. Warfield
2013-10-01 18:36 ` Janne Karhunen
2013-10-01 17:33 ` Greg Kroah-Hartman
[not found] ` <20131001173342.GA19267-U8xfFu+wG4EAvxtiuMwx3w@public.gmane.org>
2013-10-01 18:23 ` Janne Karhunen
2013-10-28 23:31 ` Andrey Wagin
2013-08-29 19:06 ` RFC: " Andy Lutomirski
[not found] ` <521F9BBE.2070505-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org>
2013-09-03 19:35 ` [lxc-devel] " Stéphane Graber
-- strict thread matches above, loose matches on Subject: below --
2013-09-29 19:28 Amir Goldstein
[not found] ` <CAA2m6veny-7_ONMA973Wu36U4kz4gAuw0dpodkb8+GZDv6VNBQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-09-29 20:06 ` Greg Kroah-Hartman
[not found] ` <20130929200620.GA31304-U8xfFu+wG4EAvxtiuMwx3w@public.gmane.org>
2013-09-30 15:36 ` Michael H. Warfield
2013-10-03 0:44 ` Eric W. Biederman
[not found] ` <87a9iri3ot.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2013-10-03 0:59 ` Eric W. Biederman
2013-10-03 8:58 ` Amir Goldstein
[not found] ` <CAA2m6vc3OFmS9VwiTavRzPqhn+qoe6vDCO2sitXpEQ8a1JVyfg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-10-03 9:17 ` Eric W. Biederman
2021-06-08 9:38 device namespaces Enrico Weigelt, metux IT consult
2021-06-08 12:30 ` Christian Brauner
2021-06-08 12:41 ` Greg Kroah-Hartman
2021-06-08 14:10 ` Hannes Reinecke
2021-06-08 14:29 ` Christian Brauner
2021-06-08 15:54 ` Hannes Reinecke
2021-06-08 17:16 ` Eric W. Biederman
2021-06-09 6:38 ` Christian Brauner
2021-06-09 7:02 ` Hannes Reinecke
2021-06-09 7:21 ` Christian Brauner
2021-06-09 7:54 ` Hannes Reinecke
2021-06-09 8:09 ` Christian Brauner
2021-06-11 18:14 ` Eric W. Biederman
2021-06-14 7:49 ` Enrico Weigelt, metux IT consult
2021-06-14 8:22 ` Greg KH
2021-06-14 17:36 ` Eric W. Biederman
2021-06-15 11:24 ` Enrico Weigelt, metux IT consult
2021-06-15 11:33 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131001205718.GA17036@kroah.com \
--to=gregkh-hqyy1w1ycw8ekmwlsbkhg0b+6bgklq7r@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=devel-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=kay.sievers-tD+1rO4QERM@public.gmane.org \
--cc=luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org \
--cc=lxc-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org \
--cc=mhw-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org \
--cc=stgraber-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox