From: Kirill Korotaev <dev-3ImXcnM4P+0@public.gmane.org>
To: "Serge E. Hallyn" <serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
Cc: Linux Containers
<containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org>,
Oleg Nesterov <oleg-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>,
Pavel Emelyanov <xemul-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
Subject: Re: [PATCH 11/15] Signal semantics
Date: Thu, 02 Aug 2007 12:35:32 +0400 [thread overview]
Message-ID: <46B19754.4050908@sw.ru> (raw)
In-Reply-To: <20070801161335.GA10747-6s5zFf/epYLPQpwDFJZrxKsjOiXwFzmk@public.gmane.org>
Serge E. Hallyn wrote:
> Quoting Pavel Emelyanov (xemul-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org):
>
>>[snip]
>>
>>
>>>>| Maybe it's worth disabling cross-namespaces ptracing...
>>>>
>>>>I think so too. Its probably not a serious limitation ?
>>>
>>>Several people think we will implement 'namespace entering' through a
>>>ptrace hack, where maybe the admin ptraces the init in a child pidns,
>>
>>Why not implement namespace entering w/o any hacks? :)
>
>
> I did, as a patch on top of the nsproxy container subsystem. The
> response was that that is a hack, and ptrace is cleaner :)
>
> So the current options for namespace entering would be:
>
> * using Cedric's bind_ns() functionality, which assigns an
> integer global id to a namespace, and allows a process to
> enter a namespace by that global id
looks more or less good and what OVZ actually does.
So I would prefer this one.
> * using my nsproxy container subsystem patch, which lets
> a process enter another namespace using
> echo pid > /container/some/cont/directory/tasks
> and eventually might allow construction of custom
> namespaces, i.e.
> mkdir /container/c1/c2
> ln -s /container/c1/c1/network /container/c1/c2/network
> echo $$ > /container/c1/c2/tasks
Sound ok and logical as well.
> * using ptrace to coerce a process in the target namespace
> into forking and executing the desired program.
you'll need to change ptrace interface in this case imho...
doesn't sound ok at all... at least for me. So I agree with Pavel.
>>>makes it fork, and makes the child execute what it wants (i.e. ps -ef).
>>>
>>>You're talking about killing that functionality?
>>
>>No. We're talking about disabling the things that are not supposed
>>to work at all.
>
>
> Uh, well in the abstract that sounds like a sound policy...
Pavel simply meant that no one plans to disable functionality in question.
Thanks,
Kirill
next prev parent reply other threads:[~2007-08-02 8:35 UTC|newest]
Thread overview: 104+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-07-26 14:45 [RFC][PATCH 0/15] Pid namespaces Pavel Emelyanov
[not found] ` <46A8B37B.6050108-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2007-07-26 14:46 ` [PATCH 1/15] Move exit_task_namespaces() Pavel Emelyanov
[not found] ` <46A8B3C4.5080601-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2007-07-26 16:10 ` Dave Hansen
2007-07-27 6:38 ` Pavel Emelyanov
2007-07-26 16:47 ` Oleg Nesterov
[not found] ` <20070726164724.GA81-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-07-26 16:59 ` Kirill Korotaev
2007-07-27 8:07 ` Oleg Nesterov
[not found] ` <20070727080758.GA509-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-07-27 8:24 ` Pavel Emelyanov
[not found] ` <46A9ABC1.1000800-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2007-07-27 8:35 ` Oleg Nesterov
[not found] ` <20070727083541.GA528-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-07-27 8:37 ` Pavel Emelyanov
2007-08-02 16:20 ` Oleg Nesterov
[not found] ` <20070802162023.GB137-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-08-06 8:00 ` Pavel Emelyanov
[not found] ` <46B6D52C.3010405-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2007-08-06 9:54 ` Oleg Nesterov
[not found] ` <20070806095421.GA85-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-08-06 9:58 ` Pavel Emelyanov
[not found] ` <46B6F0DA.4080904-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2007-08-06 10:38 ` Oleg Nesterov
[not found] ` <20070806103838.GA129-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-08-06 11:21 ` Pavel Emelyanov
[not found] ` <46B7044A.4030508-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2007-08-06 12:54 ` Oleg Nesterov
[not found] ` <20070806125419.GB91-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-08-06 13:38 ` Pavel Emelyanov
2007-08-06 11:29 ` Pavel Emelyanov
[not found] ` <46B7060E.3020609-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2007-08-06 12:50 ` Oleg Nesterov
[not found] ` <20070806125032.GA91-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-08-06 13:36 ` Pavel Emelyanov
[not found] ` <46B723F3.8020905-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2007-08-06 13:57 ` Oleg Nesterov
2007-07-26 14:47 ` [PATCH 2/15] Introduce MS_KERNMOUNT flag Pavel Emelyanov
2007-07-26 14:48 ` [PATCH 3/15] kern_siginfo helper Pavel Emelyanov
[not found] ` <46A8B42F.5070605-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2007-07-29 11:41 ` Oleg Nesterov
[not found] ` <20070729114154.GE120-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-07-30 6:07 ` Pavel Emelyanov
[not found] ` <46AD8032.90005-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2007-07-31 0:21 ` sukadev-r/Jw6+rmf7HQT0dZR+AlfA
2007-07-26 14:48 ` [PATCH 4/15] Make proc_flust_task() flush entries from multiple proc trees Pavel Emelyanov
2007-07-26 14:49 ` [PATCH 5/15] Introduce struct upid Pavel Emelyanov
[not found] ` <46A8B486.3030006-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2007-07-29 9:52 ` Oleg Nesterov
[not found] ` <20070729095210.GA120-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-07-30 5:58 ` Pavel Emelyanov
2007-07-26 14:50 ` [PATCH 6/15] Make alloc_pid(), free_pid() and put_pid() work with " Pavel Emelyanov
[not found] ` <46A8B4AE.6040903-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2007-07-29 10:16 ` Oleg Nesterov
[not found] ` <20070729101651.GB120-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-07-30 6:03 ` Pavel Emelyanov
2007-07-26 14:51 ` [PATCH 7/15] Helpers to obtain pid numbers Pavel Emelyanov
[not found] ` <46A8B4D6.1080301-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2007-07-26 19:03 ` Dave Hansen
2007-07-27 6:40 ` Pavel Emelyanov
2007-07-29 12:10 ` Oleg Nesterov
[not found] ` <20070729121051.GF120-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-07-30 6:11 ` Pavel Emelyanov
2007-07-26 14:51 ` [PATCH 8/15] Helpers to find the task by its numerical ids Pavel Emelyanov
[not found] ` <46A8B502.8070606-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2007-07-26 19:05 ` Dave Hansen
2007-07-27 6:43 ` Pavel Emelyanov
2007-07-29 12:40 ` Oleg Nesterov
[not found] ` <20070729124045.GG120-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-07-30 6:15 ` Pavel Emelyanov
2007-07-26 14:52 ` [PATCH 9/15] Move alloc_pid() after the namespace is cloned Pavel Emelyanov
[not found] ` <46A8B531.3050602-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2007-07-27 15:12 ` Oleg Nesterov
[not found] ` <20070727151238.GA336-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-07-30 6:17 ` Pavel Emelyanov
[not found] ` <46AD8266.8050802-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2007-07-30 23:43 ` sukadev-r/Jw6+rmf7HQT0dZR+AlfA
2007-07-31 5:49 ` sukadev-r/Jw6+rmf7HQT0dZR+AlfA
2007-07-26 14:54 ` [PATCH 10/15] Make each namespace has its own proc tree Pavel Emelyanov
[not found] ` <46A8B59E.7050009-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2007-07-26 17:38 ` Dave Hansen
2007-07-29 15:58 ` Oleg Nesterov
[not found] ` <20070729155841.GI120-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-07-29 17:04 ` Oleg Nesterov
[not found] ` <20070729170436.GA941-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-07-30 6:45 ` Pavel Emelyanov
2007-07-30 6:43 ` Pavel Emelyanov
2007-07-26 14:55 ` [PATCH 11/15] Signal semantics Pavel Emelyanov
[not found] ` <46A8B5C7.9040407-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2007-07-27 12:31 ` Oleg Nesterov
[not found] ` <20070727123153.GA92-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-07-27 13:38 ` Pavel Emelyanov
[not found] ` <46A9F54B.5050000-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2007-07-27 18:46 ` sukadev-r/Jw6+rmf7HQT0dZR+AlfA
[not found] ` <20070727184604.GB1072-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2007-07-27 19:59 ` Serge E. Hallyn
[not found] ` <20070727195943.GA25878-6s5zFf/epYLPQpwDFJZrxKsjOiXwFzmk@public.gmane.org>
2007-07-27 20:23 ` sukadev-r/Jw6+rmf7HQT0dZR+AlfA
[not found] ` <20070727202337.GC1072-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2007-07-30 9:34 ` Pavel Emelyanov
2007-07-30 9:31 ` Pavel Emelyanov
[not found] ` <46ADB000.1000705-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2007-08-01 16:13 ` Serge E. Hallyn
[not found] ` <20070801161335.GA10747-6s5zFf/epYLPQpwDFJZrxKsjOiXwFzmk@public.gmane.org>
2007-08-02 8:35 ` Kirill Korotaev [this message]
[not found] ` <46B19754.4050908-3ImXcnM4P+0@public.gmane.org>
2007-08-02 20:09 ` Serge E. Hallyn
2007-07-29 11:25 ` Oleg Nesterov
2007-07-26 14:56 ` [PATCH 12/15] Miscelaneous stuff for pid namespaces Pavel Emelyanov
[not found] ` <46A8B601.4020108-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2007-07-27 6:22 ` sukadev-r/Jw6+rmf7HQT0dZR+AlfA
[not found] ` <20070727062213.GE23584-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2007-07-27 6:53 ` Pavel Emelyanov
2007-07-26 14:56 ` [PATCH 13/15] Clone the pid namespace Pavel Emelyanov
2007-07-26 14:57 ` [PATCH 14/15] Destroy pid namespace on init's death Pavel Emelyanov
[not found] ` <46A8B663.9040206-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2007-07-29 10:41 ` Oleg Nesterov
[not found] ` <20070729104145.GC120-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-07-30 11:56 ` Pavel Emelyanov
[not found] ` <46ADD202.9030502-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2007-07-30 15:46 ` Oleg Nesterov
[not found] ` <20070730154639.GA127-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-07-31 6:19 ` sukadev-r/Jw6+rmf7HQT0dZR+AlfA
[not found] ` <20070731061917.GB17013-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2007-07-31 9:07 ` Oleg Nesterov
[not found] ` <20070731090721.GA110-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-08-01 6:16 ` sukadev-r/Jw6+rmf7HQT0dZR+AlfA
[not found] ` <20070801061616.GA5405-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2007-08-01 16:00 ` Dave Hansen
2007-08-01 19:51 ` Oleg Nesterov
[not found] ` <20070801195123.GB196-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-08-02 8:37 ` Kirill Korotaev
[not found] ` <46B197E3.3040309-3ImXcnM4P+0@public.gmane.org>
2007-08-02 16:08 ` Oleg Nesterov
[not found] ` <20070802160851.GA137-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-08-02 17:08 ` Oleg Nesterov
[not found] ` <20070802170820.GA2566-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-08-03 6:22 ` sukadev-r/Jw6+rmf7HQT0dZR+AlfA
[not found] ` <20070803062227.GA16833-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2007-08-03 10:55 ` Oleg Nesterov
[not found] ` <20070803105557.GA91-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-08-03 21:36 ` sukadev-r/Jw6+rmf7HQT0dZR+AlfA
2007-08-02 7:37 ` sukadev-r/Jw6+rmf7HQT0dZR+AlfA
2007-08-01 19:48 ` Oleg Nesterov
[not found] ` <20070801194811.GA196-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-08-02 7:29 ` sukadev-r/Jw6+rmf7HQT0dZR+AlfA
[not found] ` <20070802072958.GA729-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2007-08-02 15:40 ` Oleg Nesterov
[not found] ` <20070802154018.GA93-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-08-02 17:20 ` sukadev-r/Jw6+rmf7HQT0dZR+AlfA
[not found] ` <20070802172033.GA8011-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2007-08-02 17:31 ` Oleg Nesterov
[not found] ` <20070802173128.GA2616-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-08-02 18:36 ` sukadev-r/Jw6+rmf7HQT0dZR+AlfA
[not found] ` <20070802183608.GB15332-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2007-08-02 18:49 ` Oleg Nesterov
[not found] ` <20070802184953.GA316-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-08-02 19:13 ` Serge E. Hallyn
2007-07-26 14:58 ` [PATCH 15/15] Hooks over the code to show correct values to user Pavel Emelyanov
[not found] ` <46A8B6AD.4000307-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2007-07-27 5:57 ` sukadev-r/Jw6+rmf7HQT0dZR+AlfA
[not found] ` <20070727055736.GC23584-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2007-07-27 6:44 ` Pavel Emelyanov
2007-07-29 14:31 ` Oleg Nesterov
[not found] ` <20070729143136.GH120-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>
2007-07-30 6:49 ` Pavel Emelyanov
[not found] ` <46AD89E6.1030607-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2007-07-31 10:04 ` Oleg Nesterov
2007-07-27 4:22 ` [RFC][PATCH 0/15] Pid namespaces sukadev-r/Jw6+rmf7HQT0dZR+AlfA
[not found] ` <20070727042213.GB23584-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2007-07-27 6:08 ` sukadev-r/Jw6+rmf7HQT0dZR+AlfA
[not found] ` <20070727060856.GD23584-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2007-07-27 6:47 ` Pavel Emelyanov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=46B19754.4050908@sw.ru \
--to=dev-3imxcnm4p+0@public.gmane.org \
--cc=containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org \
--cc=oleg-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org \
--cc=serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org \
--cc=xemul-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox