* [PATCH 3/3] ipc namespace: copy settings from parent namespace [not found] ` <1407828557-31995-3-git-send-email-manfred-nhLOkwUX5cPe2c5cEj3t2g@public.gmane.org> @ 2014-08-12 7:29 ` Manfred Spraul [not found] ` <1407828557-31995-4-git-send-email-manfred-nhLOkwUX5cPe2c5cEj3t2g@public.gmane.org> 0 siblings, 1 reply; 6+ messages in thread From: Manfred Spraul @ 2014-08-12 7:29 UTC (permalink / raw) To: Andrew Morton Cc: Rik van Riel, ebiederm-aS9lmoZGLiVWk0Htik3J/w, Manfred Spraul, Rafael Aquini, Davidlohr Bueso, LKML, Michael Kerrisk, 1vier1-S0/GAf8tV78, containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA Right now, each new IPC namespace starts with the kernel default values. This means that changes that were made to the limits get overwritten. With this patch, a new namespace inherits the settings from the parent namespace, which is less surprising. The patch updates - SysV msg - SysV sem - SysV shm - POSIX mqueues Cc: serge-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org Cc: ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org Cc: containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org Cc: mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org Signed-off-by: Manfred Spraul <manfred-nhLOkwUX5cPe2c5cEj3t2g@public.gmane.org> --- include/linux/ipc_namespace.h | 6 ++++-- ipc/mqueue.c | 23 ++++++++++++++++------- ipc/msg.c | 16 +++++++++++----- ipc/namespace.c | 8 ++++---- ipc/sem.c | 19 +++++++++++++------ ipc/shm.c | 19 +++++++++++++------ ipc/util.h | 20 ++++++++++++++------ 7 files changed, 75 insertions(+), 36 deletions(-) diff --git a/include/linux/ipc_namespace.h b/include/linux/ipc_namespace.h index e365d5e..1cc36a0 100644 --- a/include/linux/ipc_namespace.h +++ b/include/linux/ipc_namespace.h @@ -73,7 +73,7 @@ static inline void shm_destroy_orphaned(struct ipc_namespace *ns) {} #endif /* CONFIG_SYSVIPC */ #ifdef CONFIG_POSIX_MQUEUE -extern int mq_init_ns(struct ipc_namespace *ns); +extern int mq_init_ns(struct ipc_namespace *ns, struct ipc_namespace *old_ns); /* * POSIX Message Queue default values: * @@ -108,7 +108,9 @@ extern int mq_init_ns(struct ipc_namespace *ns); #define DFLT_MSGSIZEMAX 8192 #define HARD_MSGSIZEMAX (16*1024*1024) #else -static inline int mq_init_ns(struct ipc_namespace *ns) { return 0; } +static inline int mq_init_ns(struct ipc_namespace *ns, + struct ipc_namespace *old_ns) +{ return 0; } #endif #if defined(CONFIG_IPC_NS) diff --git a/ipc/mqueue.c b/ipc/mqueue.c index 4fcf39a..3473072d 100644 --- a/ipc/mqueue.c +++ b/ipc/mqueue.c @@ -1397,14 +1397,23 @@ static struct file_system_type mqueue_fs_type = { .fs_flags = FS_USERNS_MOUNT, }; -int mq_init_ns(struct ipc_namespace *ns) +int mq_init_ns(struct ipc_namespace *ns, struct ipc_namespace *old_ns) { + if (old_ns != NULL) { + ns->mq_queues_max = old_ns->mq_queues_max; + ns->mq_msg_max = old_ns->mq_msg_max; + ns->mq_msgsize_max = old_ns->mq_msgsize_max; + ns->mq_msg_default = old_ns->mq_msg_default; + ns->mq_msgsize_default = old_ns->mq_msgsize_default; + } else { + ns->mq_queues_max = DFLT_QUEUESMAX; + ns->mq_msg_max = DFLT_MSGMAX; + ns->mq_msgsize_max = DFLT_MSGSIZEMAX; + ns->mq_msg_default = DFLT_MSG; + ns->mq_msgsize_default = DFLT_MSGSIZE; + } + ns->mq_queues_count = 0; - ns->mq_queues_max = DFLT_QUEUESMAX; - ns->mq_msg_max = DFLT_MSGMAX; - ns->mq_msgsize_max = DFLT_MSGSIZEMAX; - ns->mq_msg_default = DFLT_MSG; - ns->mq_msgsize_default = DFLT_MSGSIZE; ns->mq_mnt = kern_mount_data(&mqueue_fs_type, ns); if (IS_ERR(ns->mq_mnt)) { @@ -1444,7 +1453,7 @@ static int __init init_mqueue_fs(void) spin_lock_init(&mq_lock); - error = mq_init_ns(&init_ipc_ns); + error = mq_init_ns(&init_ipc_ns, NULL); if (error) goto out_filesystem; diff --git a/ipc/msg.c b/ipc/msg.c index a7261d5..3cbd2ad 100644 --- a/ipc/msg.c +++ b/ipc/msg.c @@ -990,11 +990,17 @@ SYSCALL_DEFINE5(msgrcv, int, msqid, struct msgbuf __user *, msgp, size_t, msgsz, } -void msg_init_ns(struct ipc_namespace *ns) +void msg_init_ns(struct ipc_namespace *ns, struct ipc_namespace *old_ns) { - ns->msg_ctlmax = MSGMAX; - ns->msg_ctlmnb = MSGMNB; - ns->msg_ctlmni = MSGMNI; + if (old_ns != NULL) { + ns->msg_ctlmax = old_ns->msg_ctlmax; + ns->msg_ctlmnb = old_ns->msg_ctlmnb; + ns->msg_ctlmni = old_ns->msg_ctlmni; + } else { + ns->msg_ctlmax = MSGMAX; + ns->msg_ctlmnb = MSGMNB; + ns->msg_ctlmni = MSGMNI; + } atomic_set(&ns->msg_bytes, 0); atomic_set(&ns->msg_hdrs, 0); @@ -1036,7 +1042,7 @@ static int sysvipc_msg_proc_show(struct seq_file *s, void *it) void __init msg_init(void) { - msg_init_ns(&init_ipc_ns); + msg_init_ns(&init_ipc_ns, NULL); ipc_init_proc_interface("sysvipc/msg", " key msqid perms cbytes qnum lspid lrpid uid gid cuid cgid stime rtime ctime\n", diff --git a/ipc/namespace.c b/ipc/namespace.c index 1a3ffd4..97e3332 100644 --- a/ipc/namespace.c +++ b/ipc/namespace.c @@ -33,7 +33,7 @@ static struct ipc_namespace *create_ipc_ns(struct user_namespace *user_ns, } atomic_set(&ns->count, 1); - err = mq_init_ns(ns); + err = mq_init_ns(ns, old_ns); if (err) { proc_free_inum(ns->proc_inum); kfree(ns); @@ -41,9 +41,9 @@ static struct ipc_namespace *create_ipc_ns(struct user_namespace *user_ns, } atomic_inc(&nr_ipc_ns); - sem_init_ns(ns); - msg_init_ns(ns); - shm_init_ns(ns); + sem_init_ns(ns, old_ns); + msg_init_ns(ns, old_ns); + shm_init_ns(ns, old_ns); ns->user_ns = get_user_ns(user_ns); diff --git a/ipc/sem.c b/ipc/sem.c index 454f6c6..f1ded77 100644 --- a/ipc/sem.c +++ b/ipc/sem.c @@ -170,12 +170,19 @@ static int sysvipc_sem_proc_show(struct seq_file *s, void *it); #define sc_semopm sem_ctls[2] #define sc_semmni sem_ctls[3] -void sem_init_ns(struct ipc_namespace *ns) +void sem_init_ns(struct ipc_namespace *ns, struct ipc_namespace *old_ns) { - ns->sc_semmsl = SEMMSL; - ns->sc_semmns = SEMMNS; - ns->sc_semopm = SEMOPM; - ns->sc_semmni = SEMMNI; + if (old_ns != NULL) { + ns->sc_semmsl = old_ns->sc_semmsl; + ns->sc_semmns = old_ns->sc_semmns; + ns->sc_semopm = old_ns->sc_semopm; + ns->sc_semmni = old_ns->sc_semmni; + } else { + ns->sc_semmsl = SEMMSL; + ns->sc_semmns = SEMMNS; + ns->sc_semopm = SEMOPM; + ns->sc_semmni = SEMMNI; + } ns->used_sems = 0; ipc_init_ids(&ns->ids[IPC_SEM_IDS]); } @@ -190,7 +197,7 @@ void sem_exit_ns(struct ipc_namespace *ns) void __init sem_init(void) { - sem_init_ns(&init_ipc_ns); + sem_init_ns(&init_ipc_ns, NULL); ipc_init_proc_interface("sysvipc/sem", " key semid perms nsems uid gid cuid cgid otime ctime\n", IPC_SEM_IDS, sysvipc_sem_proc_show); diff --git a/ipc/shm.c b/ipc/shm.c index 7fc9f9f..7856952 100644 --- a/ipc/shm.c +++ b/ipc/shm.c @@ -72,12 +72,19 @@ static void shm_destroy(struct ipc_namespace *ns, struct shmid_kernel *shp); static int sysvipc_shm_proc_show(struct seq_file *s, void *it); #endif -void shm_init_ns(struct ipc_namespace *ns) +void shm_init_ns(struct ipc_namespace *ns, struct ipc_namespace *old_ns) { - ns->shm_ctlmax = SHMMAX; - ns->shm_ctlall = SHMALL; - ns->shm_ctlmni = SHMMNI; - ns->shm_rmid_forced = 0; + if (old_ns != NULL) { + ns->shm_ctlmax = old_ns->shm_ctlmax; + ns->shm_ctlall = old_ns->shm_ctlall; + ns->shm_ctlmni = old_ns->shm_ctlmni; + ns->shm_rmid_forced = old_ns->shm_rmid_forced; + } else { + ns->shm_ctlmax = SHMMAX; + ns->shm_ctlall = SHMALL; + ns->shm_ctlmni = SHMMNI; + ns->shm_rmid_forced = 0; + } ns->shm_tot = 0; ipc_init_ids(&shm_ids(ns)); } @@ -110,7 +117,7 @@ void shm_exit_ns(struct ipc_namespace *ns) static int __init ipc_ns_init(void) { - shm_init_ns(&init_ipc_ns); + shm_init_ns(&init_ipc_ns, NULL); return 0; } diff --git a/ipc/util.h b/ipc/util.h index 1a5a0fc..1be9830 100644 --- a/ipc/util.h +++ b/ipc/util.h @@ -30,17 +30,25 @@ static inline void mq_put_mnt(struct ipc_namespace *ns) { } #endif #ifdef CONFIG_SYSVIPC -void sem_init_ns(struct ipc_namespace *ns); -void msg_init_ns(struct ipc_namespace *ns); -void shm_init_ns(struct ipc_namespace *ns); +void sem_init_ns(struct ipc_namespace *ns, struct ipc_namespace *old_ns); +void msg_init_ns(struct ipc_namespace *ns, struct ipc_namespace *old_ns); +void shm_init_ns(struct ipc_namespace *ns, struct ipc_namespace *old_ns); void sem_exit_ns(struct ipc_namespace *ns); void msg_exit_ns(struct ipc_namespace *ns); void shm_exit_ns(struct ipc_namespace *ns); #else -static inline void sem_init_ns(struct ipc_namespace *ns) { } -static inline void msg_init_ns(struct ipc_namespace *ns) { } -static inline void shm_init_ns(struct ipc_namespace *ns) { } +static inline void sem_init_ns(struct ipc_namespace *ns, + struct ipc_namespace *old_ns) +{ } + +static inline void msg_init_ns(struct ipc_namespace *ns, + struct ipc_namespace *old_ns) +{ } + +static inline void shm_init_ns(struct ipc_namespace *ns, + struct ipc_namespace *old_ns) +{ } static inline void sem_exit_ns(struct ipc_namespace *ns) { } static inline void msg_exit_ns(struct ipc_namespace *ns) { } -- 1.9.3 ^ permalink raw reply related [flat|nested] 6+ messages in thread
[parent not found: <1407828557-31995-4-git-send-email-manfred-nhLOkwUX5cPe2c5cEj3t2g@public.gmane.org>]
* Re: [PATCH 3/3] ipc namespace: copy settings from parent namespace [not found] ` <1407828557-31995-4-git-send-email-manfred-nhLOkwUX5cPe2c5cEj3t2g@public.gmane.org> @ 2014-08-12 10:37 ` Eric W. Biederman [not found] ` <877g2ec7tg.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org> 2014-08-15 13:42 ` Rafael Aquini 1 sibling, 1 reply; 6+ messages in thread From: Eric W. Biederman @ 2014-08-12 10:37 UTC (permalink / raw) To: Manfred Spraul Cc: Rik van Riel, Rafael Aquini, Davidlohr Bueso, LKML, Michael Kerrisk, 1vier1-S0/GAf8tV78, Andrew Morton, containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA Manfred Spraul <manfred-nhLOkwUX5cPe2c5cEj3t2g@public.gmane.org> writes: Sigh. Patches for new code during the merge window. It is a really rotten time to look at new things. > Right now, each new IPC namespace starts with the kernel default values. > This means that changes that were made to the limits get overwritten. > > With this patch, a new namespace inherits the settings from the parent > namespace, which is less surprising. In principle I agree. In practice I have to ask what have you done to survey applications that use the ipc namespace to see if they will break with this change in semantics. Eric > The patch updates > - SysV msg > - SysV sem > - SysV shm > - POSIX mqueues > > Cc: serge-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org > Cc: ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org > Cc: containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org > Cc: mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org > > Signed-off-by: Manfred Spraul <manfred-nhLOkwUX5cPe2c5cEj3t2g@public.gmane.org> > --- > include/linux/ipc_namespace.h | 6 ++++-- > ipc/mqueue.c | 23 ++++++++++++++++------- > ipc/msg.c | 16 +++++++++++----- > ipc/namespace.c | 8 ++++---- > ipc/sem.c | 19 +++++++++++++------ > ipc/shm.c | 19 +++++++++++++------ > ipc/util.h | 20 ++++++++++++++------ > 7 files changed, 75 insertions(+), 36 deletions(-) > > diff --git a/include/linux/ipc_namespace.h b/include/linux/ipc_namespace.h > index e365d5e..1cc36a0 100644 > --- a/include/linux/ipc_namespace.h > +++ b/include/linux/ipc_namespace.h > @@ -73,7 +73,7 @@ static inline void shm_destroy_orphaned(struct ipc_namespace *ns) {} > #endif /* CONFIG_SYSVIPC */ > > #ifdef CONFIG_POSIX_MQUEUE > -extern int mq_init_ns(struct ipc_namespace *ns); > +extern int mq_init_ns(struct ipc_namespace *ns, struct ipc_namespace *old_ns); > /* > * POSIX Message Queue default values: > * > @@ -108,7 +108,9 @@ extern int mq_init_ns(struct ipc_namespace *ns); > #define DFLT_MSGSIZEMAX 8192 > #define HARD_MSGSIZEMAX (16*1024*1024) > #else > -static inline int mq_init_ns(struct ipc_namespace *ns) { return 0; } > +static inline int mq_init_ns(struct ipc_namespace *ns, > + struct ipc_namespace *old_ns) > +{ return 0; } > #endif > > #if defined(CONFIG_IPC_NS) > diff --git a/ipc/mqueue.c b/ipc/mqueue.c > index 4fcf39a..3473072d 100644 > --- a/ipc/mqueue.c > +++ b/ipc/mqueue.c > @@ -1397,14 +1397,23 @@ static struct file_system_type mqueue_fs_type = { > .fs_flags = FS_USERNS_MOUNT, > }; > > -int mq_init_ns(struct ipc_namespace *ns) > +int mq_init_ns(struct ipc_namespace *ns, struct ipc_namespace *old_ns) > { > + if (old_ns != NULL) { > + ns->mq_queues_max = old_ns->mq_queues_max; > + ns->mq_msg_max = old_ns->mq_msg_max; > + ns->mq_msgsize_max = old_ns->mq_msgsize_max; > + ns->mq_msg_default = old_ns->mq_msg_default; > + ns->mq_msgsize_default = old_ns->mq_msgsize_default; > + } else { > + ns->mq_queues_max = DFLT_QUEUESMAX; > + ns->mq_msg_max = DFLT_MSGMAX; > + ns->mq_msgsize_max = DFLT_MSGSIZEMAX; > + ns->mq_msg_default = DFLT_MSG; > + ns->mq_msgsize_default = DFLT_MSGSIZE; > + } > + > ns->mq_queues_count = 0; > - ns->mq_queues_max = DFLT_QUEUESMAX; > - ns->mq_msg_max = DFLT_MSGMAX; > - ns->mq_msgsize_max = DFLT_MSGSIZEMAX; > - ns->mq_msg_default = DFLT_MSG; > - ns->mq_msgsize_default = DFLT_MSGSIZE; > > ns->mq_mnt = kern_mount_data(&mqueue_fs_type, ns); > if (IS_ERR(ns->mq_mnt)) { > @@ -1444,7 +1453,7 @@ static int __init init_mqueue_fs(void) > > spin_lock_init(&mq_lock); > > - error = mq_init_ns(&init_ipc_ns); > + error = mq_init_ns(&init_ipc_ns, NULL); > if (error) > goto out_filesystem; > > diff --git a/ipc/msg.c b/ipc/msg.c > index a7261d5..3cbd2ad 100644 > --- a/ipc/msg.c > +++ b/ipc/msg.c > @@ -990,11 +990,17 @@ SYSCALL_DEFINE5(msgrcv, int, msqid, struct msgbuf __user *, msgp, size_t, msgsz, > } > > > -void msg_init_ns(struct ipc_namespace *ns) > +void msg_init_ns(struct ipc_namespace *ns, struct ipc_namespace *old_ns) > { > - ns->msg_ctlmax = MSGMAX; > - ns->msg_ctlmnb = MSGMNB; > - ns->msg_ctlmni = MSGMNI; > + if (old_ns != NULL) { > + ns->msg_ctlmax = old_ns->msg_ctlmax; > + ns->msg_ctlmnb = old_ns->msg_ctlmnb; > + ns->msg_ctlmni = old_ns->msg_ctlmni; > + } else { > + ns->msg_ctlmax = MSGMAX; > + ns->msg_ctlmnb = MSGMNB; > + ns->msg_ctlmni = MSGMNI; > + } > > atomic_set(&ns->msg_bytes, 0); > atomic_set(&ns->msg_hdrs, 0); > @@ -1036,7 +1042,7 @@ static int sysvipc_msg_proc_show(struct seq_file *s, void *it) > > void __init msg_init(void) > { > - msg_init_ns(&init_ipc_ns); > + msg_init_ns(&init_ipc_ns, NULL); > > ipc_init_proc_interface("sysvipc/msg", > " key msqid perms cbytes qnum lspid lrpid uid gid cuid cgid stime rtime ctime\n", > diff --git a/ipc/namespace.c b/ipc/namespace.c > index 1a3ffd4..97e3332 100644 > --- a/ipc/namespace.c > +++ b/ipc/namespace.c > @@ -33,7 +33,7 @@ static struct ipc_namespace *create_ipc_ns(struct user_namespace *user_ns, > } > > atomic_set(&ns->count, 1); > - err = mq_init_ns(ns); > + err = mq_init_ns(ns, old_ns); > if (err) { > proc_free_inum(ns->proc_inum); > kfree(ns); > @@ -41,9 +41,9 @@ static struct ipc_namespace *create_ipc_ns(struct user_namespace *user_ns, > } > atomic_inc(&nr_ipc_ns); > > - sem_init_ns(ns); > - msg_init_ns(ns); > - shm_init_ns(ns); > + sem_init_ns(ns, old_ns); > + msg_init_ns(ns, old_ns); > + shm_init_ns(ns, old_ns); > > ns->user_ns = get_user_ns(user_ns); > > diff --git a/ipc/sem.c b/ipc/sem.c > index 454f6c6..f1ded77 100644 > --- a/ipc/sem.c > +++ b/ipc/sem.c > @@ -170,12 +170,19 @@ static int sysvipc_sem_proc_show(struct seq_file *s, void *it); > #define sc_semopm sem_ctls[2] > #define sc_semmni sem_ctls[3] > > -void sem_init_ns(struct ipc_namespace *ns) > +void sem_init_ns(struct ipc_namespace *ns, struct ipc_namespace *old_ns) > { > - ns->sc_semmsl = SEMMSL; > - ns->sc_semmns = SEMMNS; > - ns->sc_semopm = SEMOPM; > - ns->sc_semmni = SEMMNI; > + if (old_ns != NULL) { > + ns->sc_semmsl = old_ns->sc_semmsl; > + ns->sc_semmns = old_ns->sc_semmns; > + ns->sc_semopm = old_ns->sc_semopm; > + ns->sc_semmni = old_ns->sc_semmni; > + } else { > + ns->sc_semmsl = SEMMSL; > + ns->sc_semmns = SEMMNS; > + ns->sc_semopm = SEMOPM; > + ns->sc_semmni = SEMMNI; > + } > ns->used_sems = 0; > ipc_init_ids(&ns->ids[IPC_SEM_IDS]); > } > @@ -190,7 +197,7 @@ void sem_exit_ns(struct ipc_namespace *ns) > > void __init sem_init(void) > { > - sem_init_ns(&init_ipc_ns); > + sem_init_ns(&init_ipc_ns, NULL); > ipc_init_proc_interface("sysvipc/sem", > " key semid perms nsems uid gid cuid cgid otime ctime\n", > IPC_SEM_IDS, sysvipc_sem_proc_show); > diff --git a/ipc/shm.c b/ipc/shm.c > index 7fc9f9f..7856952 100644 > --- a/ipc/shm.c > +++ b/ipc/shm.c > @@ -72,12 +72,19 @@ static void shm_destroy(struct ipc_namespace *ns, struct shmid_kernel *shp); > static int sysvipc_shm_proc_show(struct seq_file *s, void *it); > #endif > > -void shm_init_ns(struct ipc_namespace *ns) > +void shm_init_ns(struct ipc_namespace *ns, struct ipc_namespace *old_ns) > { > - ns->shm_ctlmax = SHMMAX; > - ns->shm_ctlall = SHMALL; > - ns->shm_ctlmni = SHMMNI; > - ns->shm_rmid_forced = 0; > + if (old_ns != NULL) { > + ns->shm_ctlmax = old_ns->shm_ctlmax; > + ns->shm_ctlall = old_ns->shm_ctlall; > + ns->shm_ctlmni = old_ns->shm_ctlmni; > + ns->shm_rmid_forced = old_ns->shm_rmid_forced; > + } else { > + ns->shm_ctlmax = SHMMAX; > + ns->shm_ctlall = SHMALL; > + ns->shm_ctlmni = SHMMNI; > + ns->shm_rmid_forced = 0; > + } > ns->shm_tot = 0; > ipc_init_ids(&shm_ids(ns)); > } > @@ -110,7 +117,7 @@ void shm_exit_ns(struct ipc_namespace *ns) > > static int __init ipc_ns_init(void) > { > - shm_init_ns(&init_ipc_ns); > + shm_init_ns(&init_ipc_ns, NULL); > return 0; > } > > diff --git a/ipc/util.h b/ipc/util.h > index 1a5a0fc..1be9830 100644 > --- a/ipc/util.h > +++ b/ipc/util.h > @@ -30,17 +30,25 @@ static inline void mq_put_mnt(struct ipc_namespace *ns) { } > #endif > > #ifdef CONFIG_SYSVIPC > -void sem_init_ns(struct ipc_namespace *ns); > -void msg_init_ns(struct ipc_namespace *ns); > -void shm_init_ns(struct ipc_namespace *ns); > +void sem_init_ns(struct ipc_namespace *ns, struct ipc_namespace *old_ns); > +void msg_init_ns(struct ipc_namespace *ns, struct ipc_namespace *old_ns); > +void shm_init_ns(struct ipc_namespace *ns, struct ipc_namespace *old_ns); > > void sem_exit_ns(struct ipc_namespace *ns); > void msg_exit_ns(struct ipc_namespace *ns); > void shm_exit_ns(struct ipc_namespace *ns); > #else > -static inline void sem_init_ns(struct ipc_namespace *ns) { } > -static inline void msg_init_ns(struct ipc_namespace *ns) { } > -static inline void shm_init_ns(struct ipc_namespace *ns) { } > +static inline void sem_init_ns(struct ipc_namespace *ns, > + struct ipc_namespace *old_ns) > +{ } > + > +static inline void msg_init_ns(struct ipc_namespace *ns, > + struct ipc_namespace *old_ns) > +{ } > + > +static inline void shm_init_ns(struct ipc_namespace *ns, > + struct ipc_namespace *old_ns) > +{ } > > static inline void sem_exit_ns(struct ipc_namespace *ns) { } > static inline void msg_exit_ns(struct ipc_namespace *ns) { } ^ permalink raw reply [flat|nested] 6+ messages in thread
[parent not found: <877g2ec7tg.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>]
* Re: [PATCH 3/3] ipc namespace: copy settings from parent namespace [not found] ` <877g2ec7tg.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org> @ 2014-08-12 20:39 ` Manfred Spraul 0 siblings, 0 replies; 6+ messages in thread From: Manfred Spraul @ 2014-08-12 20:39 UTC (permalink / raw) To: Eric W. Biederman Cc: Rik van Riel, Rafael Aquini, Davidlohr Bueso, LKML, Michael Kerrisk, 1vier1-S0/GAf8tV78, Andrew Morton, containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA Hi Eric, On 08/12/2014 12:37 PM, Eric W. Biederman wrote: > Manfred Spraul <manfred-nhLOkwUX5cPe2c5cEj3t2g@public.gmane.org> writes: > > Sigh. Patches for new code during the merge window. It is a really > rotten time to look at new things. > >> Right now, each new IPC namespace starts with the kernel default values. >> This means that changes that were made to the limits get overwritten. >> >> With this patch, a new namespace inherits the settings from the parent >> namespace, which is less surprising. > In principle I agree. > > In practice I have to ask what have you done to survey applications > that use the ipc namespace to see if they will break with this change in > semantics. I know this is the wrong answer, but: What I find are problems caused by the current behavior. See e.g.: https://bugzilla.redhat.com/show_bug.cgi?id=1004724 Some background: The e.g. sysvshm limits were not updated for many years and many applications only ran properly if sysvshm limits are increased. (now the defaults are large, but only since ~3.15) Increasing is simple: sysctl kernel.shmmax=<>, but somehow this must happen inside the container. Right now, the most common approach seems to be the solution from the bugzilla above: Just marc /proc as read-write and do it manually. With the patch, the kernel would propagate the value from parent to child. -- Manfred ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 3/3] ipc namespace: copy settings from parent namespace [not found] ` <1407828557-31995-4-git-send-email-manfred-nhLOkwUX5cPe2c5cEj3t2g@public.gmane.org> 2014-08-12 10:37 ` Eric W. Biederman @ 2014-08-15 13:42 ` Rafael Aquini 1 sibling, 0 replies; 6+ messages in thread From: Rafael Aquini @ 2014-08-15 13:42 UTC (permalink / raw) To: Manfred Spraul Cc: Rik van Riel, ebiederm-aS9lmoZGLiVWk0Htik3J/w, Davidlohr Bueso, LKML, Michael Kerrisk, 1vier1-S0/GAf8tV78, Andrew Morton, containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA On Tue, Aug 12, 2014 at 09:29:17AM +0200, Manfred Spraul wrote: > Right now, each new IPC namespace starts with the kernel default values. > This means that changes that were made to the limits get overwritten. > > With this patch, a new namespace inherits the settings from the parent > namespace, which is less surprising. > > The patch updates > - SysV msg > - SysV sem > - SysV shm > - POSIX mqueues > > Cc: serge-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org > Cc: ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org > Cc: containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org > Cc: mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org > > Signed-off-by: Manfred Spraul <manfred-nhLOkwUX5cPe2c5cEj3t2g@public.gmane.org> > --- Acked-by: Rafael Aquini <aquini-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> > include/linux/ipc_namespace.h | 6 ++++-- > ipc/mqueue.c | 23 ++++++++++++++++------- > ipc/msg.c | 16 +++++++++++----- > ipc/namespace.c | 8 ++++---- > ipc/sem.c | 19 +++++++++++++------ > ipc/shm.c | 19 +++++++++++++------ > ipc/util.h | 20 ++++++++++++++------ > 7 files changed, 75 insertions(+), 36 deletions(-) > > diff --git a/include/linux/ipc_namespace.h b/include/linux/ipc_namespace.h > index e365d5e..1cc36a0 100644 > --- a/include/linux/ipc_namespace.h > +++ b/include/linux/ipc_namespace.h > @@ -73,7 +73,7 @@ static inline void shm_destroy_orphaned(struct ipc_namespace *ns) {} > #endif /* CONFIG_SYSVIPC */ > > #ifdef CONFIG_POSIX_MQUEUE > -extern int mq_init_ns(struct ipc_namespace *ns); > +extern int mq_init_ns(struct ipc_namespace *ns, struct ipc_namespace *old_ns); > /* > * POSIX Message Queue default values: > * > @@ -108,7 +108,9 @@ extern int mq_init_ns(struct ipc_namespace *ns); > #define DFLT_MSGSIZEMAX 8192 > #define HARD_MSGSIZEMAX (16*1024*1024) > #else > -static inline int mq_init_ns(struct ipc_namespace *ns) { return 0; } > +static inline int mq_init_ns(struct ipc_namespace *ns, > + struct ipc_namespace *old_ns) > +{ return 0; } > #endif > > #if defined(CONFIG_IPC_NS) > diff --git a/ipc/mqueue.c b/ipc/mqueue.c > index 4fcf39a..3473072d 100644 > --- a/ipc/mqueue.c > +++ b/ipc/mqueue.c > @@ -1397,14 +1397,23 @@ static struct file_system_type mqueue_fs_type = { > .fs_flags = FS_USERNS_MOUNT, > }; > > -int mq_init_ns(struct ipc_namespace *ns) > +int mq_init_ns(struct ipc_namespace *ns, struct ipc_namespace *old_ns) > { > + if (old_ns != NULL) { > + ns->mq_queues_max = old_ns->mq_queues_max; > + ns->mq_msg_max = old_ns->mq_msg_max; > + ns->mq_msgsize_max = old_ns->mq_msgsize_max; > + ns->mq_msg_default = old_ns->mq_msg_default; > + ns->mq_msgsize_default = old_ns->mq_msgsize_default; > + } else { > + ns->mq_queues_max = DFLT_QUEUESMAX; > + ns->mq_msg_max = DFLT_MSGMAX; > + ns->mq_msgsize_max = DFLT_MSGSIZEMAX; > + ns->mq_msg_default = DFLT_MSG; > + ns->mq_msgsize_default = DFLT_MSGSIZE; > + } > + > ns->mq_queues_count = 0; > - ns->mq_queues_max = DFLT_QUEUESMAX; > - ns->mq_msg_max = DFLT_MSGMAX; > - ns->mq_msgsize_max = DFLT_MSGSIZEMAX; > - ns->mq_msg_default = DFLT_MSG; > - ns->mq_msgsize_default = DFLT_MSGSIZE; > > ns->mq_mnt = kern_mount_data(&mqueue_fs_type, ns); > if (IS_ERR(ns->mq_mnt)) { > @@ -1444,7 +1453,7 @@ static int __init init_mqueue_fs(void) > > spin_lock_init(&mq_lock); > > - error = mq_init_ns(&init_ipc_ns); > + error = mq_init_ns(&init_ipc_ns, NULL); > if (error) > goto out_filesystem; > > diff --git a/ipc/msg.c b/ipc/msg.c > index a7261d5..3cbd2ad 100644 > --- a/ipc/msg.c > +++ b/ipc/msg.c > @@ -990,11 +990,17 @@ SYSCALL_DEFINE5(msgrcv, int, msqid, struct msgbuf __user *, msgp, size_t, msgsz, > } > > > -void msg_init_ns(struct ipc_namespace *ns) > +void msg_init_ns(struct ipc_namespace *ns, struct ipc_namespace *old_ns) > { > - ns->msg_ctlmax = MSGMAX; > - ns->msg_ctlmnb = MSGMNB; > - ns->msg_ctlmni = MSGMNI; > + if (old_ns != NULL) { > + ns->msg_ctlmax = old_ns->msg_ctlmax; > + ns->msg_ctlmnb = old_ns->msg_ctlmnb; > + ns->msg_ctlmni = old_ns->msg_ctlmni; > + } else { > + ns->msg_ctlmax = MSGMAX; > + ns->msg_ctlmnb = MSGMNB; > + ns->msg_ctlmni = MSGMNI; > + } > > atomic_set(&ns->msg_bytes, 0); > atomic_set(&ns->msg_hdrs, 0); > @@ -1036,7 +1042,7 @@ static int sysvipc_msg_proc_show(struct seq_file *s, void *it) > > void __init msg_init(void) > { > - msg_init_ns(&init_ipc_ns); > + msg_init_ns(&init_ipc_ns, NULL); > > ipc_init_proc_interface("sysvipc/msg", > " key msqid perms cbytes qnum lspid lrpid uid gid cuid cgid stime rtime ctime\n", > diff --git a/ipc/namespace.c b/ipc/namespace.c > index 1a3ffd4..97e3332 100644 > --- a/ipc/namespace.c > +++ b/ipc/namespace.c > @@ -33,7 +33,7 @@ static struct ipc_namespace *create_ipc_ns(struct user_namespace *user_ns, > } > > atomic_set(&ns->count, 1); > - err = mq_init_ns(ns); > + err = mq_init_ns(ns, old_ns); > if (err) { > proc_free_inum(ns->proc_inum); > kfree(ns); > @@ -41,9 +41,9 @@ static struct ipc_namespace *create_ipc_ns(struct user_namespace *user_ns, > } > atomic_inc(&nr_ipc_ns); > > - sem_init_ns(ns); > - msg_init_ns(ns); > - shm_init_ns(ns); > + sem_init_ns(ns, old_ns); > + msg_init_ns(ns, old_ns); > + shm_init_ns(ns, old_ns); > > ns->user_ns = get_user_ns(user_ns); > > diff --git a/ipc/sem.c b/ipc/sem.c > index 454f6c6..f1ded77 100644 > --- a/ipc/sem.c > +++ b/ipc/sem.c > @@ -170,12 +170,19 @@ static int sysvipc_sem_proc_show(struct seq_file *s, void *it); > #define sc_semopm sem_ctls[2] > #define sc_semmni sem_ctls[3] > > -void sem_init_ns(struct ipc_namespace *ns) > +void sem_init_ns(struct ipc_namespace *ns, struct ipc_namespace *old_ns) > { > - ns->sc_semmsl = SEMMSL; > - ns->sc_semmns = SEMMNS; > - ns->sc_semopm = SEMOPM; > - ns->sc_semmni = SEMMNI; > + if (old_ns != NULL) { > + ns->sc_semmsl = old_ns->sc_semmsl; > + ns->sc_semmns = old_ns->sc_semmns; > + ns->sc_semopm = old_ns->sc_semopm; > + ns->sc_semmni = old_ns->sc_semmni; > + } else { > + ns->sc_semmsl = SEMMSL; > + ns->sc_semmns = SEMMNS; > + ns->sc_semopm = SEMOPM; > + ns->sc_semmni = SEMMNI; > + } > ns->used_sems = 0; > ipc_init_ids(&ns->ids[IPC_SEM_IDS]); > } > @@ -190,7 +197,7 @@ void sem_exit_ns(struct ipc_namespace *ns) > > void __init sem_init(void) > { > - sem_init_ns(&init_ipc_ns); > + sem_init_ns(&init_ipc_ns, NULL); > ipc_init_proc_interface("sysvipc/sem", > " key semid perms nsems uid gid cuid cgid otime ctime\n", > IPC_SEM_IDS, sysvipc_sem_proc_show); > diff --git a/ipc/shm.c b/ipc/shm.c > index 7fc9f9f..7856952 100644 > --- a/ipc/shm.c > +++ b/ipc/shm.c > @@ -72,12 +72,19 @@ static void shm_destroy(struct ipc_namespace *ns, struct shmid_kernel *shp); > static int sysvipc_shm_proc_show(struct seq_file *s, void *it); > #endif > > -void shm_init_ns(struct ipc_namespace *ns) > +void shm_init_ns(struct ipc_namespace *ns, struct ipc_namespace *old_ns) > { > - ns->shm_ctlmax = SHMMAX; > - ns->shm_ctlall = SHMALL; > - ns->shm_ctlmni = SHMMNI; > - ns->shm_rmid_forced = 0; > + if (old_ns != NULL) { > + ns->shm_ctlmax = old_ns->shm_ctlmax; > + ns->shm_ctlall = old_ns->shm_ctlall; > + ns->shm_ctlmni = old_ns->shm_ctlmni; > + ns->shm_rmid_forced = old_ns->shm_rmid_forced; > + } else { > + ns->shm_ctlmax = SHMMAX; > + ns->shm_ctlall = SHMALL; > + ns->shm_ctlmni = SHMMNI; > + ns->shm_rmid_forced = 0; > + } > ns->shm_tot = 0; > ipc_init_ids(&shm_ids(ns)); > } > @@ -110,7 +117,7 @@ void shm_exit_ns(struct ipc_namespace *ns) > > static int __init ipc_ns_init(void) > { > - shm_init_ns(&init_ipc_ns); > + shm_init_ns(&init_ipc_ns, NULL); > return 0; > } > > diff --git a/ipc/util.h b/ipc/util.h > index 1a5a0fc..1be9830 100644 > --- a/ipc/util.h > +++ b/ipc/util.h > @@ -30,17 +30,25 @@ static inline void mq_put_mnt(struct ipc_namespace *ns) { } > #endif > > #ifdef CONFIG_SYSVIPC > -void sem_init_ns(struct ipc_namespace *ns); > -void msg_init_ns(struct ipc_namespace *ns); > -void shm_init_ns(struct ipc_namespace *ns); > +void sem_init_ns(struct ipc_namespace *ns, struct ipc_namespace *old_ns); > +void msg_init_ns(struct ipc_namespace *ns, struct ipc_namespace *old_ns); > +void shm_init_ns(struct ipc_namespace *ns, struct ipc_namespace *old_ns); > > void sem_exit_ns(struct ipc_namespace *ns); > void msg_exit_ns(struct ipc_namespace *ns); > void shm_exit_ns(struct ipc_namespace *ns); > #else > -static inline void sem_init_ns(struct ipc_namespace *ns) { } > -static inline void msg_init_ns(struct ipc_namespace *ns) { } > -static inline void shm_init_ns(struct ipc_namespace *ns) { } > +static inline void sem_init_ns(struct ipc_namespace *ns, > + struct ipc_namespace *old_ns) > +{ } > + > +static inline void msg_init_ns(struct ipc_namespace *ns, > + struct ipc_namespace *old_ns) > +{ } > + > +static inline void shm_init_ns(struct ipc_namespace *ns, > + struct ipc_namespace *old_ns) > +{ } > > static inline void sem_exit_ns(struct ipc_namespace *ns) { } > static inline void msg_exit_ns(struct ipc_namespace *ns) { } > -- > 1.9.3 > ^ permalink raw reply [flat|nested] 6+ messages in thread
[parent not found: <1401389200-6758-1-git-send-email-manfred@colorfullife.com>]
[parent not found: <1401389200-6758-2-git-send-email-manfred@colorfullife.com>]
[parent not found: <1401389200-6758-3-git-send-email-manfred@colorfullife.com>]
[parent not found: <1401389200-6758-4-git-send-email-manfred@colorfullife.com>]
[parent not found: <1401389200-6758-4-git-send-email-manfred-nhLOkwUX5cPe2c5cEj3t2g@public.gmane.org>]
* Re: [PATCH 3/3] ipc namespace: copy settings from parent namespace [not found] ` <1401389200-6758-4-git-send-email-manfred-nhLOkwUX5cPe2c5cEj3t2g@public.gmane.org> @ 2014-06-05 12:54 ` Michael Kerrisk (man-pages) [not found] ` <CAKgNAkj+7foMQkZixytZSb9sJrBB6yoCb1Sik7ODBqoGiNx0Gg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org> 0 siblings, 1 reply; 6+ messages in thread From: Michael Kerrisk (man-pages) @ 2014-06-05 12:54 UTC (permalink / raw) To: Manfred Spraul Cc: Rik van Riel, Rafael Aquini, Davidlohr Bueso, LKML, Eric W. Biederman, 1vier1-S0/GAf8tV78, Containers [CC += Eric and containers@] Hi Manfred, On Thu, May 29, 2014 at 8:46 PM, Manfred Spraul <manfred-nhLOkwUX5cPe2c5cEj3t2g@public.gmane.org> wrote: > Right now, each IPC namespace starts with the kernel boot standard > settings. > This patch changes that: > Now each new namespace starts with the settings from the parent > namespace. > > The patch updates > - SysV msg > - SysV sem > - SysV shm > - POSIX mqueues > > It's just a proposal - only partially tested This seems like a sane idea, but maybe the containers folk and Eric have some comments. Cheers, Michael > -- > Manfred > --- > include/linux/ipc_namespace.h | 6 ++++-- > ipc/mqueue.c | 23 ++++++++++++++++------- > ipc/msg.c | 16 +++++++++++----- > ipc/namespace.c | 6 +++--- > ipc/sem.c | 19 +++++++++++++------ > ipc/shm.c | 19 +++++++++++++------ > ipc/util.h | 20 ++++++++++++++------ > 7 files changed, 74 insertions(+), 35 deletions(-) > > diff --git a/include/linux/ipc_namespace.h b/include/linux/ipc_namespace.h > index e365d5e..1cc36a0 100644 > --- a/include/linux/ipc_namespace.h > +++ b/include/linux/ipc_namespace.h > @@ -73,7 +73,7 @@ static inline void shm_destroy_orphaned(struct ipc_namespace *ns) {} > #endif /* CONFIG_SYSVIPC */ > > #ifdef CONFIG_POSIX_MQUEUE > -extern int mq_init_ns(struct ipc_namespace *ns); > +extern int mq_init_ns(struct ipc_namespace *ns, struct ipc_namespace *old_ns); > /* > * POSIX Message Queue default values: > * > @@ -108,7 +108,9 @@ extern int mq_init_ns(struct ipc_namespace *ns); > #define DFLT_MSGSIZEMAX 8192 > #define HARD_MSGSIZEMAX (16*1024*1024) > #else > -static inline int mq_init_ns(struct ipc_namespace *ns) { return 0; } > +static inline int mq_init_ns(struct ipc_namespace *ns, > + struct ipc_namespace *old_ns) > +{ return 0; } > #endif > > #if defined(CONFIG_IPC_NS) > diff --git a/ipc/mqueue.c b/ipc/mqueue.c > index 4fcf39a..3473072d 100644 > --- a/ipc/mqueue.c > +++ b/ipc/mqueue.c > @@ -1397,14 +1397,23 @@ static struct file_system_type mqueue_fs_type = { > .fs_flags = FS_USERNS_MOUNT, > }; > > -int mq_init_ns(struct ipc_namespace *ns) > +int mq_init_ns(struct ipc_namespace *ns, struct ipc_namespace *old_ns) > { > + if (old_ns != NULL) { > + ns->mq_queues_max = old_ns->mq_queues_max; > + ns->mq_msg_max = old_ns->mq_msg_max; > + ns->mq_msgsize_max = old_ns->mq_msgsize_max; > + ns->mq_msg_default = old_ns->mq_msg_default; > + ns->mq_msgsize_default = old_ns->mq_msgsize_default; > + } else { > + ns->mq_queues_max = DFLT_QUEUESMAX; > + ns->mq_msg_max = DFLT_MSGMAX; > + ns->mq_msgsize_max = DFLT_MSGSIZEMAX; > + ns->mq_msg_default = DFLT_MSG; > + ns->mq_msgsize_default = DFLT_MSGSIZE; > + } > + > ns->mq_queues_count = 0; > - ns->mq_queues_max = DFLT_QUEUESMAX; > - ns->mq_msg_max = DFLT_MSGMAX; > - ns->mq_msgsize_max = DFLT_MSGSIZEMAX; > - ns->mq_msg_default = DFLT_MSG; > - ns->mq_msgsize_default = DFLT_MSGSIZE; > > ns->mq_mnt = kern_mount_data(&mqueue_fs_type, ns); > if (IS_ERR(ns->mq_mnt)) { > @@ -1444,7 +1453,7 @@ static int __init init_mqueue_fs(void) > > spin_lock_init(&mq_lock); > > - error = mq_init_ns(&init_ipc_ns); > + error = mq_init_ns(&init_ipc_ns, NULL); > if (error) > goto out_filesystem; > > diff --git a/ipc/msg.c b/ipc/msg.c > index ea7e0d1..d457052 100644 > --- a/ipc/msg.c > +++ b/ipc/msg.c > @@ -77,11 +77,17 @@ static int sysvipc_msg_proc_show(struct seq_file *s, void *it); > #endif > > > -void msg_init_ns(struct ipc_namespace *ns) > +void msg_init_ns(struct ipc_namespace *ns, struct ipc_namespace *old_ns) > { > - ns->msg_ctlmax = MSGMAX; > - ns->msg_ctlmnb = MSGMNB; > - ns->msg_ctlmni = MSGMNI; > + if (old_ns != NULL) { > + ns->msg_ctlmax = old_ns->msg_ctlmax; > + ns->msg_ctlmnb = old_ns->msg_ctlmnb; > + ns->msg_ctlmni = old_ns->msg_ctlmni; > + } else { > + ns->msg_ctlmax = MSGMAX; > + ns->msg_ctlmnb = MSGMNB; > + ns->msg_ctlmni = MSGMNI; > + } > > atomic_set(&ns->msg_bytes, 0); > atomic_set(&ns->msg_hdrs, 0); > @@ -98,7 +104,7 @@ void msg_exit_ns(struct ipc_namespace *ns) > > void __init msg_init(void) > { > - msg_init_ns(&init_ipc_ns); > + msg_init_ns(&init_ipc_ns, NULL); > > ipc_init_proc_interface("sysvipc/msg", > " key msqid perms cbytes qnum lspid lrpid uid gid cuid cgid stime rtime ctime\n", > diff --git a/ipc/namespace.c b/ipc/namespace.c > index 6c01c2a..33ee4be 100644 > --- a/ipc/namespace.c > +++ b/ipc/namespace.c > @@ -41,9 +41,9 @@ static struct ipc_namespace *create_ipc_ns(struct user_namespace *user_ns, > } > atomic_inc(&nr_ipc_ns); > > - sem_init_ns(ns); > - msg_init_ns(ns); > - shm_init_ns(ns); > + sem_init_ns(ns, old_ns); > + msg_init_ns(ns, old_ns); > + shm_init_ns(ns, old_ns); > > ns->user_ns = get_user_ns(user_ns); > > diff --git a/ipc/sem.c b/ipc/sem.c > index bee5554..0e232e6 100644 > --- a/ipc/sem.c > +++ b/ipc/sem.c > @@ -170,12 +170,19 @@ static int sysvipc_sem_proc_show(struct seq_file *s, void *it); > #define sc_semopm sem_ctls[2] > #define sc_semmni sem_ctls[3] > > -void sem_init_ns(struct ipc_namespace *ns) > +void sem_init_ns(struct ipc_namespace *ns, struct ipc_namespace *old_ns) > { > - ns->sc_semmsl = SEMMSL; > - ns->sc_semmns = SEMMNS; > - ns->sc_semopm = SEMOPM; > - ns->sc_semmni = SEMMNI; > + if (old_ns != NULL) { > + ns->sc_semmsl = old_ns->sc_semmsl; > + ns->sc_semmns = old_ns->sc_semmns; > + ns->sc_semopm = old_ns->sc_semopm; > + ns->sc_semmni = old_ns->sc_semmni; > + } else { > + ns->sc_semmsl = SEMMSL; > + ns->sc_semmns = SEMMNS; > + ns->sc_semopm = SEMOPM; > + ns->sc_semmni = SEMMNI; > + } > ns->used_sems = 0; > ipc_init_ids(&ns->ids[IPC_SEM_IDS]); > } > @@ -190,7 +197,7 @@ void sem_exit_ns(struct ipc_namespace *ns) > > void __init sem_init(void) > { > - sem_init_ns(&init_ipc_ns); > + sem_init_ns(&init_ipc_ns, NULL); > ipc_init_proc_interface("sysvipc/sem", > " key semid perms nsems uid gid cuid cgid otime ctime\n", > IPC_SEM_IDS, sysvipc_sem_proc_show); > diff --git a/ipc/shm.c b/ipc/shm.c > index 7645961..5c54b25 100644 > --- a/ipc/shm.c > +++ b/ipc/shm.c > @@ -72,12 +72,19 @@ static void shm_destroy(struct ipc_namespace *ns, struct shmid_kernel *shp); > static int sysvipc_shm_proc_show(struct seq_file *s, void *it); > #endif > > -void shm_init_ns(struct ipc_namespace *ns) > +void shm_init_ns(struct ipc_namespace *ns, struct ipc_namespace *old_ns) > { > - ns->shm_ctlmax = SHMMAX; > - ns->shm_ctlall = SHMALL; > - ns->shm_ctlmni = SHMMNI; > - ns->shm_rmid_forced = 0; > + if (old_ns != NULL) { > + ns->shm_ctlmax = old_ns->shm_ctlmax; > + ns->shm_ctlall = old_ns->shm_ctlall; > + ns->shm_ctlmni = old_ns->shm_ctlmni; > + ns->shm_rmid_forced = old_ns->shm_rmid_forced; > + } else { > + ns->shm_ctlmax = SHMMAX; > + ns->shm_ctlall = SHMALL; > + ns->shm_ctlmni = SHMMNI; > + ns->shm_rmid_forced = 0; > + } > ns->shm_tot = 0; > ipc_init_ids(&shm_ids(ns)); > } > @@ -110,7 +117,7 @@ void shm_exit_ns(struct ipc_namespace *ns) > > static int __init ipc_ns_init(void) > { > - shm_init_ns(&init_ipc_ns); > + shm_init_ns(&init_ipc_ns, NULL); > return 0; > } > > diff --git a/ipc/util.h b/ipc/util.h > index 9c47d6f..a66d8f2 100644 > --- a/ipc/util.h > +++ b/ipc/util.h > @@ -30,17 +30,25 @@ static inline void mq_put_mnt(struct ipc_namespace *ns) { } > #endif > > #ifdef CONFIG_SYSVIPC > -void sem_init_ns(struct ipc_namespace *ns); > -void msg_init_ns(struct ipc_namespace *ns); > -void shm_init_ns(struct ipc_namespace *ns); > +void sem_init_ns(struct ipc_namespace *ns, struct ipc_namespace *old_ns); > +void msg_init_ns(struct ipc_namespace *ns, struct ipc_namespace *old_ns); > +void shm_init_ns(struct ipc_namespace *ns, struct ipc_namespace *old_ns); > > void sem_exit_ns(struct ipc_namespace *ns); > void msg_exit_ns(struct ipc_namespace *ns); > void shm_exit_ns(struct ipc_namespace *ns); > #else > -static inline void sem_init_ns(struct ipc_namespace *ns) { } > -static inline void msg_init_ns(struct ipc_namespace *ns) { } > -static inline void shm_init_ns(struct ipc_namespace *ns) { } > +static inline void sem_init_ns(struct ipc_namespace *ns, > + struct ipc_namespace *old_ns) > +{ } > + > +static inline void msg_init_ns(struct ipc_namespace *ns, > + struct ipc_namespace *old_ns) > +{ } > + > +static inline void shm_init_ns(struct ipc_namespace *ns, > + struct ipc_namespace *old_ns) > +{ } > > static inline void sem_exit_ns(struct ipc_namespace *ns) { } > static inline void msg_exit_ns(struct ipc_namespace *ns) { } > -- > 1.9.3 > -- Michael Kerrisk Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/ Linux/UNIX System Programming Training: http://man7.org/training/ ^ permalink raw reply [flat|nested] 6+ messages in thread
[parent not found: <CAKgNAkj+7foMQkZixytZSb9sJrBB6yoCb1Sik7ODBqoGiNx0Gg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>]
* Re: [PATCH 3/3] ipc namespace: copy settings from parent namespace [not found] ` <CAKgNAkj+7foMQkZixytZSb9sJrBB6yoCb1Sik7ODBqoGiNx0Gg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org> @ 2014-06-06 13:57 ` Serge E. Hallyn 0 siblings, 0 replies; 6+ messages in thread From: Serge E. Hallyn @ 2014-06-06 13:57 UTC (permalink / raw) To: Michael Kerrisk (man-pages) Cc: Rik van Riel, Manfred Spraul, Rafael Aquini, Davidlohr Bueso, LKML, Eric W. Biederman, 1vier1-S0/GAf8tV78, Containers Quoting Michael Kerrisk (man-pages) (mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org): > [CC += Eric and containers@] > > Hi Manfred, > > On Thu, May 29, 2014 at 8:46 PM, Manfred Spraul > <manfred-nhLOkwUX5cPe2c5cEj3t2g@public.gmane.org> wrote: > > Right now, each IPC namespace starts with the kernel boot standard > > settings. > > This patch changes that: > > Now each new namespace starts with the settings from the parent > > namespace. > > > > The patch updates > > - SysV msg > > - SysV sem > > - SysV shm > > - POSIX mqueues > > > > It's just a proposal - only partially tested > > This seems like a sane idea, but maybe the containers folk and Eric > have some comments. Looks good to me. > Cheers, > > Michael > > > > -- > > Manfred > > --- > > include/linux/ipc_namespace.h | 6 ++++-- > > ipc/mqueue.c | 23 ++++++++++++++++------- > > ipc/msg.c | 16 +++++++++++----- > > ipc/namespace.c | 6 +++--- > > ipc/sem.c | 19 +++++++++++++------ > > ipc/shm.c | 19 +++++++++++++------ > > ipc/util.h | 20 ++++++++++++++------ > > 7 files changed, 74 insertions(+), 35 deletions(-) > > > > diff --git a/include/linux/ipc_namespace.h b/include/linux/ipc_namespace.h > > index e365d5e..1cc36a0 100644 > > --- a/include/linux/ipc_namespace.h > > +++ b/include/linux/ipc_namespace.h > > @@ -73,7 +73,7 @@ static inline void shm_destroy_orphaned(struct ipc_namespace *ns) {} > > #endif /* CONFIG_SYSVIPC */ > > > > #ifdef CONFIG_POSIX_MQUEUE > > -extern int mq_init_ns(struct ipc_namespace *ns); > > +extern int mq_init_ns(struct ipc_namespace *ns, struct ipc_namespace *old_ns); > > /* > > * POSIX Message Queue default values: > > * > > @@ -108,7 +108,9 @@ extern int mq_init_ns(struct ipc_namespace *ns); > > #define DFLT_MSGSIZEMAX 8192 > > #define HARD_MSGSIZEMAX (16*1024*1024) > > #else > > -static inline int mq_init_ns(struct ipc_namespace *ns) { return 0; } > > +static inline int mq_init_ns(struct ipc_namespace *ns, > > + struct ipc_namespace *old_ns) > > +{ return 0; } > > #endif > > > > #if defined(CONFIG_IPC_NS) > > diff --git a/ipc/mqueue.c b/ipc/mqueue.c > > index 4fcf39a..3473072d 100644 > > --- a/ipc/mqueue.c > > +++ b/ipc/mqueue.c > > @@ -1397,14 +1397,23 @@ static struct file_system_type mqueue_fs_type = { > > .fs_flags = FS_USERNS_MOUNT, > > }; > > > > -int mq_init_ns(struct ipc_namespace *ns) > > +int mq_init_ns(struct ipc_namespace *ns, struct ipc_namespace *old_ns) > > { > > + if (old_ns != NULL) { > > + ns->mq_queues_max = old_ns->mq_queues_max; > > + ns->mq_msg_max = old_ns->mq_msg_max; > > + ns->mq_msgsize_max = old_ns->mq_msgsize_max; > > + ns->mq_msg_default = old_ns->mq_msg_default; > > + ns->mq_msgsize_default = old_ns->mq_msgsize_default; > > + } else { > > + ns->mq_queues_max = DFLT_QUEUESMAX; > > + ns->mq_msg_max = DFLT_MSGMAX; > > + ns->mq_msgsize_max = DFLT_MSGSIZEMAX; > > + ns->mq_msg_default = DFLT_MSG; > > + ns->mq_msgsize_default = DFLT_MSGSIZE; > > + } > > + > > ns->mq_queues_count = 0; > > - ns->mq_queues_max = DFLT_QUEUESMAX; > > - ns->mq_msg_max = DFLT_MSGMAX; > > - ns->mq_msgsize_max = DFLT_MSGSIZEMAX; > > - ns->mq_msg_default = DFLT_MSG; > > - ns->mq_msgsize_default = DFLT_MSGSIZE; > > > > ns->mq_mnt = kern_mount_data(&mqueue_fs_type, ns); > > if (IS_ERR(ns->mq_mnt)) { > > @@ -1444,7 +1453,7 @@ static int __init init_mqueue_fs(void) > > > > spin_lock_init(&mq_lock); > > > > - error = mq_init_ns(&init_ipc_ns); > > + error = mq_init_ns(&init_ipc_ns, NULL); > > if (error) > > goto out_filesystem; > > > > diff --git a/ipc/msg.c b/ipc/msg.c > > index ea7e0d1..d457052 100644 > > --- a/ipc/msg.c > > +++ b/ipc/msg.c > > @@ -77,11 +77,17 @@ static int sysvipc_msg_proc_show(struct seq_file *s, void *it); > > #endif > > > > > > -void msg_init_ns(struct ipc_namespace *ns) > > +void msg_init_ns(struct ipc_namespace *ns, struct ipc_namespace *old_ns) > > { > > - ns->msg_ctlmax = MSGMAX; > > - ns->msg_ctlmnb = MSGMNB; > > - ns->msg_ctlmni = MSGMNI; > > + if (old_ns != NULL) { > > + ns->msg_ctlmax = old_ns->msg_ctlmax; > > + ns->msg_ctlmnb = old_ns->msg_ctlmnb; > > + ns->msg_ctlmni = old_ns->msg_ctlmni; > > + } else { > > + ns->msg_ctlmax = MSGMAX; > > + ns->msg_ctlmnb = MSGMNB; > > + ns->msg_ctlmni = MSGMNI; > > + } > > > > atomic_set(&ns->msg_bytes, 0); > > atomic_set(&ns->msg_hdrs, 0); > > @@ -98,7 +104,7 @@ void msg_exit_ns(struct ipc_namespace *ns) > > > > void __init msg_init(void) > > { > > - msg_init_ns(&init_ipc_ns); > > + msg_init_ns(&init_ipc_ns, NULL); > > > > ipc_init_proc_interface("sysvipc/msg", > > " key msqid perms cbytes qnum lspid lrpid uid gid cuid cgid stime rtime ctime\n", > > diff --git a/ipc/namespace.c b/ipc/namespace.c > > index 6c01c2a..33ee4be 100644 > > --- a/ipc/namespace.c > > +++ b/ipc/namespace.c > > @@ -41,9 +41,9 @@ static struct ipc_namespace *create_ipc_ns(struct user_namespace *user_ns, > > } > > atomic_inc(&nr_ipc_ns); > > > > - sem_init_ns(ns); > > - msg_init_ns(ns); > > - shm_init_ns(ns); > > + sem_init_ns(ns, old_ns); > > + msg_init_ns(ns, old_ns); > > + shm_init_ns(ns, old_ns); > > > > ns->user_ns = get_user_ns(user_ns); > > > > diff --git a/ipc/sem.c b/ipc/sem.c > > index bee5554..0e232e6 100644 > > --- a/ipc/sem.c > > +++ b/ipc/sem.c > > @@ -170,12 +170,19 @@ static int sysvipc_sem_proc_show(struct seq_file *s, void *it); > > #define sc_semopm sem_ctls[2] > > #define sc_semmni sem_ctls[3] > > > > -void sem_init_ns(struct ipc_namespace *ns) > > +void sem_init_ns(struct ipc_namespace *ns, struct ipc_namespace *old_ns) > > { > > - ns->sc_semmsl = SEMMSL; > > - ns->sc_semmns = SEMMNS; > > - ns->sc_semopm = SEMOPM; > > - ns->sc_semmni = SEMMNI; > > + if (old_ns != NULL) { > > + ns->sc_semmsl = old_ns->sc_semmsl; > > + ns->sc_semmns = old_ns->sc_semmns; > > + ns->sc_semopm = old_ns->sc_semopm; > > + ns->sc_semmni = old_ns->sc_semmni; > > + } else { > > + ns->sc_semmsl = SEMMSL; > > + ns->sc_semmns = SEMMNS; > > + ns->sc_semopm = SEMOPM; > > + ns->sc_semmni = SEMMNI; > > + } > > ns->used_sems = 0; > > ipc_init_ids(&ns->ids[IPC_SEM_IDS]); > > } > > @@ -190,7 +197,7 @@ void sem_exit_ns(struct ipc_namespace *ns) > > > > void __init sem_init(void) > > { > > - sem_init_ns(&init_ipc_ns); > > + sem_init_ns(&init_ipc_ns, NULL); > > ipc_init_proc_interface("sysvipc/sem", > > " key semid perms nsems uid gid cuid cgid otime ctime\n", > > IPC_SEM_IDS, sysvipc_sem_proc_show); > > diff --git a/ipc/shm.c b/ipc/shm.c > > index 7645961..5c54b25 100644 > > --- a/ipc/shm.c > > +++ b/ipc/shm.c > > @@ -72,12 +72,19 @@ static void shm_destroy(struct ipc_namespace *ns, struct shmid_kernel *shp); > > static int sysvipc_shm_proc_show(struct seq_file *s, void *it); > > #endif > > > > -void shm_init_ns(struct ipc_namespace *ns) > > +void shm_init_ns(struct ipc_namespace *ns, struct ipc_namespace *old_ns) > > { > > - ns->shm_ctlmax = SHMMAX; > > - ns->shm_ctlall = SHMALL; > > - ns->shm_ctlmni = SHMMNI; > > - ns->shm_rmid_forced = 0; > > + if (old_ns != NULL) { > > + ns->shm_ctlmax = old_ns->shm_ctlmax; > > + ns->shm_ctlall = old_ns->shm_ctlall; > > + ns->shm_ctlmni = old_ns->shm_ctlmni; > > + ns->shm_rmid_forced = old_ns->shm_rmid_forced; > > + } else { > > + ns->shm_ctlmax = SHMMAX; > > + ns->shm_ctlall = SHMALL; > > + ns->shm_ctlmni = SHMMNI; > > + ns->shm_rmid_forced = 0; > > + } > > ns->shm_tot = 0; > > ipc_init_ids(&shm_ids(ns)); > > } > > @@ -110,7 +117,7 @@ void shm_exit_ns(struct ipc_namespace *ns) > > > > static int __init ipc_ns_init(void) > > { > > - shm_init_ns(&init_ipc_ns); > > + shm_init_ns(&init_ipc_ns, NULL); > > return 0; > > } > > > > diff --git a/ipc/util.h b/ipc/util.h > > index 9c47d6f..a66d8f2 100644 > > --- a/ipc/util.h > > +++ b/ipc/util.h > > @@ -30,17 +30,25 @@ static inline void mq_put_mnt(struct ipc_namespace *ns) { } > > #endif > > > > #ifdef CONFIG_SYSVIPC > > -void sem_init_ns(struct ipc_namespace *ns); > > -void msg_init_ns(struct ipc_namespace *ns); > > -void shm_init_ns(struct ipc_namespace *ns); > > +void sem_init_ns(struct ipc_namespace *ns, struct ipc_namespace *old_ns); > > +void msg_init_ns(struct ipc_namespace *ns, struct ipc_namespace *old_ns); > > +void shm_init_ns(struct ipc_namespace *ns, struct ipc_namespace *old_ns); > > > > void sem_exit_ns(struct ipc_namespace *ns); > > void msg_exit_ns(struct ipc_namespace *ns); > > void shm_exit_ns(struct ipc_namespace *ns); > > #else > > -static inline void sem_init_ns(struct ipc_namespace *ns) { } > > -static inline void msg_init_ns(struct ipc_namespace *ns) { } > > -static inline void shm_init_ns(struct ipc_namespace *ns) { } > > +static inline void sem_init_ns(struct ipc_namespace *ns, > > + struct ipc_namespace *old_ns) > > +{ } > > + > > +static inline void msg_init_ns(struct ipc_namespace *ns, > > + struct ipc_namespace *old_ns) > > +{ } > > + > > +static inline void shm_init_ns(struct ipc_namespace *ns, > > + struct ipc_namespace *old_ns) > > +{ } > > > > static inline void sem_exit_ns(struct ipc_namespace *ns) { } > > static inline void msg_exit_ns(struct ipc_namespace *ns) { } > > -- > > 1.9.3 > > > > > > -- > Michael Kerrisk > Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/ > Linux/UNIX System Programming Training: http://man7.org/training/ > _______________________________________________ > Containers mailing list > Containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org > https://lists.linuxfoundation.org/mailman/listinfo/containers ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2014-08-15 13:42 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <1407828557-31995-1-git-send-email-manfred@colorfullife.com>
[not found] ` <1407828557-31995-2-git-send-email-manfred@colorfullife.com>
[not found] ` <1407828557-31995-3-git-send-email-manfred@colorfullife.com>
[not found] ` <1407828557-31995-3-git-send-email-manfred-nhLOkwUX5cPe2c5cEj3t2g@public.gmane.org>
2014-08-12 7:29 ` [PATCH 3/3] ipc namespace: copy settings from parent namespace Manfred Spraul
[not found] ` <1407828557-31995-4-git-send-email-manfred-nhLOkwUX5cPe2c5cEj3t2g@public.gmane.org>
2014-08-12 10:37 ` Eric W. Biederman
[not found] ` <877g2ec7tg.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2014-08-12 20:39 ` Manfred Spraul
2014-08-15 13:42 ` Rafael Aquini
[not found] <1401389200-6758-1-git-send-email-manfred@colorfullife.com>
[not found] ` <1401389200-6758-2-git-send-email-manfred@colorfullife.com>
[not found] ` <1401389200-6758-3-git-send-email-manfred@colorfullife.com>
[not found] ` <1401389200-6758-4-git-send-email-manfred@colorfullife.com>
[not found] ` <1401389200-6758-4-git-send-email-manfred-nhLOkwUX5cPe2c5cEj3t2g@public.gmane.org>
2014-06-05 12:54 ` Michael Kerrisk (man-pages)
[not found] ` <CAKgNAkj+7foMQkZixytZSb9sJrBB6yoCb1Sik7ODBqoGiNx0Gg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-06-06 13:57 ` Serge E. Hallyn
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox