From: Cedric Le Goater <clg-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
To: sukadev-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org
Cc: "Denis V. Lunev" <den-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>,
containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org,
"Eric W. Biederman"
<ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
Subject: Re: [patch -mm 1/5] mqueue namespace : add struct mq_namespace
Date: Wed, 03 Oct 2007 09:44:40 +0200 [thread overview]
Message-ID: <47034868.5010505@fr.ibm.com> (raw)
In-Reply-To: <20071002163020.GA11207-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
sukadev-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org wrote:
> Cedric Le Goater [clg-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org] wrote:
> |
> | >> however, we have an issue with the signal notification in __do_notify()
> | >> we could kill a process in a different pid namespace.
> | >
> | > So I took a quick look at the code as it is (before this patchset)
> | > and the taking a reference to a socket and the taking a reference to
> | > a struct pid should do the right thing when we intersect with other
> | > namespaces. It certainly does not look like a fundamental issue.
>
> |
> | right. this should be covered when the pid namespace signal handling is
> | complete. kill_pid_info() should fail to send a signal to a sibling or
> | a parent pid namespace.
> |
> | I guess we should add a WARNING() to say that we're attempting to do so.
>
> Just want to clarify how a signal is sent to a parent ns.
>
> A process P1 sets itself up to be notified when a message arrives
> on a queue.
>
> P1 then clones P2 with CLONE_NEWPID.
>
> P2 writes to the message queue and thus signals P1
>
> What should the semantics be here ?
>
> I guess it makes less sense for two namespaces to be dependent on the same
> message queue this way. But, if P2 writes to the queue, technically, the
> queue is not empty, so P1 should be notified, no ?
>
> This sounds similar to the SIGIO signal case (F_SETOWN). My understanding
> was that we would notify whoever was set to receive the notification, even
> if they were in a parent ns (again my reasoning was its based on the state
> of a file).
yes
> IOW, should we change kill_pid_info() ? If the caller can 'see' the
> 'struct pid' they can signal it. The expectation was that callers would
> call find_vpid() and thus only see processes in their namespace.
I think we have to decide on some limitations with signals and make sure
that we cannot send a signal to a sibling pid namespace. This can occur
in some special namespaces unshare configuration which should never be used
but to make sure, let's add a big WARNING when we detect such a pid namespace
violation.
If it is what you mean, I agree :)
Thanks,
C.
next prev parent reply other threads:[~2007-10-03 7:44 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20071002084608.149781400@fr.ibm.com>
2007-10-02 8:46 ` [patch -mm 1/5] mqueue namespace : add struct mq_namespace Cedric Le Goater
2007-10-02 8:46 ` [patch -mm 2/5] mqueue namespace : add unshare support Cedric Le Goater
2007-10-02 8:46 ` [patch -mm 3/5] mqueue namespace : add get_sb_single_per_data() Cedric Le Goater
2007-10-02 8:46 ` [patch -mm 4/5] mqueue namespace : enable the namespace Cedric Le Goater
2007-10-02 8:46 ` [patch -mm 5/5] mqueue namespace : make sysctl work per namespace Cedric Le Goater
[not found] ` <20071002084906.477406083@fr.ibm.com>
[not found] ` <20071002084906.477406083-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
2007-10-02 9:06 ` [patch -mm 1/5] mqueue namespace : add struct mq_namespace Kirill Korotaev
[not found] ` <47020A29.9060403-3ImXcnM4P+0@public.gmane.org>
2007-10-02 10:13 ` Cedric Le Goater
[not found] ` <470219BC.3050702-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
2007-10-02 10:59 ` Eric W. Biederman
[not found] ` <m1ir5plr3c.fsf-T1Yj925okcoyDheHMi7gv2pdwda3JcWeAL8bYrjMMd8@public.gmane.org>
2007-10-02 12:21 ` Cedric Le Goater
[not found] ` <470237C7.5000902-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
2007-10-02 16:30 ` sukadev-r/Jw6+rmf7HQT0dZR+AlfA
[not found] ` <20071002163020.GA11207-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2007-10-02 17:16 ` Eric W. Biederman
[not found] ` <m1k5q5jv29.fsf-T1Yj925okcoyDheHMi7gv2pdwda3JcWeAL8bYrjMMd8@public.gmane.org>
2007-10-03 7:12 ` Cedric Le Goater
[not found] ` <470340F8.50806-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
2007-10-03 7:38 ` Cedric Le Goater
[not found] ` <47034712.9060101-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
2007-10-03 14:32 ` Eric W. Biederman
2007-10-03 7:44 ` Cedric Le Goater [this message]
[not found] ` <47034868.5010505-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
2007-10-03 13:59 ` Serge E. Hallyn
[not found] ` <20071003135955.GA7934-6s5zFf/epYLPQpwDFJZrxKsjOiXwFzmk@public.gmane.org>
2007-10-03 14:11 ` Cedric Le Goater
[not found] ` <4703A30F.2010007-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
2007-10-03 16:56 ` sukadev-r/Jw6+rmf7HQT0dZR+AlfA
[not found] ` <20071003165644.GA338-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2007-10-03 17:03 ` Eric W. Biederman
[not found] ` <m1myv0ceqp.fsf-T1Yj925okcoyDheHMi7gv2pdwda3JcWeAL8bYrjMMd8@public.gmane.org>
2007-10-03 17:09 ` sukadev-r/Jw6+rmf7HQT0dZR+AlfA
[not found] ` <20071003170930.GB338-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2007-10-04 13:12 ` Cedric Le Goater
[not found] ` <4704E6C7.5010908-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
2007-10-04 13:32 ` Serge E. Hallyn
2007-10-02 17:02 ` Eric W. Biederman
[not found] ` <20071002084608.149781400-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
2007-10-02 10:50 ` [patch -mm 0/5] mqueue namespace Eric W. Biederman
[not found] ` <m1przxlrim.fsf-T1Yj925okcoyDheHMi7gv2pdwda3JcWeAL8bYrjMMd8@public.gmane.org>
2007-10-02 11:06 ` Cedric Le Goater
2007-10-02 11:01 ` Eric W. Biederman
[not found] ` <m1ejgdlr0a.fsf-T1Yj925okcoyDheHMi7gv2pdwda3JcWeAL8bYrjMMd8@public.gmane.org>
2007-10-02 11:41 ` Cedric Le Goater
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47034868.5010505@fr.ibm.com \
--to=clg-nmtc/0zbporqt0dzr+alfa@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=den-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=sukadev-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox