From: Cedric Le Goater <clg-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
To: "Serge E. Hallyn" <serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
Cc: containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org
Subject: Re: [PATCH] namespaces: introduce sys_hijack (v4)
Date: Tue, 16 Oct 2007 10:51:04 +0200 [thread overview]
Message-ID: <47147B78.2060206@fr.ibm.com> (raw)
In-Reply-To: <20071010183234.GA24770-6s5zFf/epYLPQpwDFJZrxKsjOiXwFzmk@public.gmane.org>
>> hmm, I'm wondering how this is going to work for a process which
>> would have unshared its device (pts) namespace. How are we going
>> to link the pts living in different namespaces if the stdios of the
>> hijacked process is using them ? like in the case of a shell, which
>> is certainly something we would like to hijacked.
>>
>> it looks like a challenge for me. maybe I'm wrong.
>
> Might be a problem, but tough to address that until we actually
> have a dev ns or devpts ns and established semantics.
>
> Note the filestruct comes from current, not the hijack target, so
> presumably we can work around the tty issue in any case by
> keeping an open file across the hijack?
>
> For instance, use the attached modified version of hijack.c
> which puts a writeable fd for /tmp/helloworld in fd 5, then
> does hijack, then from the resulting shell do
>
> echo ab >&5
>
> So we should easily be able to work around it.
yes. it should.
> Or am i missing something?
I guess we need to work a little more on the pts/device namespace
to see how it interacts.
>>> The effect is a sort of namespace enter. The following program
>>> uses sys_hijack to 'enter' all namespaces of the specified pid.
>>> For instance in one terminal, do
>>>
>>> mount -t cgroup -ons /cgroup
>>> hostname
>>> qemu
>>> ns_exec -u /bin/sh
>>> hostname serge
>>> echo $$
>>> 1073
>>> cat /proc/$$/cgroup
>>> ns:/node_1073
>> Is there a reason to have the 'node_' prefix ? couldn't we just
>> use $pid ?
>
> Good question. It's just how the ns-cgroup does it... If you want to
> send in a patch to change that, I'll ack it.
just below.
I gave a quick look to the ns subsystem and didn't see how the node_$pid
was destroyed. do we have to do a rmdir ?
Thanks,
C.
Signed-off-by: Cedric Le Goater <clg-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
---
kernel/cgroup.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: 2.6.23-mm1/kernel/cgroup.c
===================================================================
--- 2.6.23-mm1.orig/kernel/cgroup.c
+++ 2.6.23-mm1/kernel/cgroup.c
@@ -2604,7 +2604,7 @@ int cgroup_clone(struct task_struct *tsk
cg = tsk->cgroups;
parent = task_cgroup(tsk, subsys->subsys_id);
- snprintf(nodename, MAX_CGROUP_TYPE_NAMELEN, "node_%d", tsk->pid);
+ snprintf(nodename, MAX_CGROUP_TYPE_NAMELEN, "%d", tsk->pid);
/* Pin the hierarchy */
atomic_inc(&parent->root->sb->s_active);
next prev parent reply other threads:[~2007-10-16 8:51 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-10-09 20:09 [PATCH] namespaces: introduce sys_hijack (v4) Serge E. Hallyn
[not found] ` <20071009200928.GA21846-6s5zFf/epYLPQpwDFJZrxKsjOiXwFzmk@public.gmane.org>
2007-10-10 17:06 ` Cedric Le Goater
[not found] ` <470D068F.8050405-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
2007-10-10 18:32 ` Serge E. Hallyn
[not found] ` <20071010183234.GA24770-6s5zFf/epYLPQpwDFJZrxKsjOiXwFzmk@public.gmane.org>
2007-10-16 8:51 ` Cedric Le Goater [this message]
[not found] ` <47147B78.2060206-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
2007-10-16 14:31 ` Serge E. Hallyn
2007-10-11 22:15 ` Serge E. Hallyn
[not found] ` <20071011221534.GA28604-6s5zFf/epYLPQpwDFJZrxKsjOiXwFzmk@public.gmane.org>
2007-10-12 9:30 ` Cedric Le Goater
2007-10-16 9:09 ` [Devel] " Paul Menage
[not found] ` <6599ad830710160209w64765f2ao6a1f811b4ea50708-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2007-10-16 14:37 ` Serge E. Hallyn
[not found] ` <20071016143744.GC30799-6s5zFf/epYLPQpwDFJZrxKsjOiXwFzmk@public.gmane.org>
2007-10-16 16:32 ` Paul Menage
[not found] ` <6599ad830710160932t3769bc29w8a6461274226633d-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2007-10-16 18:57 ` Serge E. Hallyn
[not found] ` <20071016185737.GA4115-6s5zFf/epYLPQpwDFJZrxKsjOiXwFzmk@public.gmane.org>
2007-10-16 19:03 ` Paul Menage
[not found] ` <6599ad830710161203h50198ae5o73bfacad32dd8bb6-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2007-10-16 19:12 ` Serge E. Hallyn
[not found] ` <20071016191200.GB4115-6s5zFf/epYLPQpwDFJZrxKsjOiXwFzmk@public.gmane.org>
2007-10-16 19:29 ` Paul Menage
2007-10-16 19:32 ` Paul Menage
2007-10-16 21:28 ` Cedric Le Goater
[not found] ` <47152CF6.7000605-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
2007-10-16 21:32 ` Serge E. Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47147B78.2060206@fr.ibm.com \
--to=clg-nmtc/0zbporqt0dzr+alfa@public.gmane.org \
--cc=containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org \
--cc=serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox