From: Oren Laadan <orenl-eQaUEPhvms7ENvBUuze7eA@public.gmane.org>
To: "Serge E. Hallyn" <serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
Cc: Linux Containers <containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org>
Subject: Re: [PATCH 4/6] cr: checkpoint and restore task credentials
Date: Thu, 21 May 2009 02:03:14 -0400 [thread overview]
Message-ID: <4A14EEA2.4030808@cs.columbia.edu> (raw)
In-Reply-To: <20090520221600.GA3925-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
Serge E. Hallyn wrote:
> Quoting Oren Laadan (orenl-eQaUEPhvms7ENvBUuze7eA@public.gmane.org):
>>> /* read the entire state of the current task */
>>> int restore_task(struct ckpt_ctx *ctx)
>>> {
>>> int ret;
>>> + struct cred *realcred, *ecred;
>>>
>>> - ret = restore_task_struct(ctx);
>>> + ret = restore_task_struct(ctx, &realcred, &ecred);
>> Actually, this is one of several cases where we need to restore some
>> resources but only apply it to a process at the end of its restart.
>>
>> Another example would be restoring pending signals and the blocked
>> signal mask in the future.
>>
>> I suggest that we keep a pointer on the task_struct to a structure
>> that will hold all that do-later work. The structure can encapsulate
>> the pending work either explicitly - e.g. a struct with fields like
>> realcred, ecred, signal mask, etc... - or implicitly, by reusing the
>> deferqueue framework, per task.
>>
>> Actually, that pointer can be kept on the ckpt_ctx structure, to be
>> used by the current-restarting-task only.
>>
>>> ckpt_debug("ret %d\n", ret);
>>> if (ret < 0)
>>> goto out;
>>> @@ -671,6 +1120,10 @@ int restore_task(struct ckpt_ctx *ctx)
>>> goto out;
>>> ret = restore_cpu(ctx);
>>> ckpt_debug("cpu: ret %d\n", ret);
>>> + if (ret < 0)
>>> + goto out;
>>> + ret = restore_creds(ctx, realcred, ecred);
>> ... and this would then be called from a restore_task_finalize()
>> function explicitly or implicitly by deferqueue_run().
>
> deferqueue_run() won't do, since that's done only once for the
> whole container, and we (as you say above) want to reuse one
> set of fields in the ckpt_ctx for each task's sys_restart() run.
I meant to add another deferqueue (either per task or on the
ckpt_ctx), for this specific purpose.
Oren.
>
> I'll go ahead and put fields in the ckpt_ctx this time around
> and use those, but won't go further right now as I'd be
> overgeneralizing before we have the signals and such work
> done. When we do that, we can move the restore_creds() fn
> if appropriate.
>
> -serge
>
next prev parent reply other threads:[~2009-05-21 6:03 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-05-19 1:44 [PATCH 0/6] cr: credentials Serge E. Hallyn
[not found] ` <20090519014446.GA28277-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-05-19 1:45 ` [PATCH 1/6] cr: break out new_user_ns() Serge E. Hallyn
2009-05-19 1:45 ` [PATCH 2/6] cr: split core function out of some set*{u,g}id functions Serge E. Hallyn
2009-05-19 1:45 ` [PATCH 3/6] cr: capabilities: define checkpoint and restore fns Serge E. Hallyn
2009-05-19 1:45 ` [PATCH 4/6] cr: checkpoint and restore task credentials Serge E. Hallyn
2009-05-19 1:45 ` [PATCH 5/6] cr: restore file->f_cred Serge E. Hallyn
[not found] ` <20090519014546.GE28312-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-05-20 15:08 ` Oren Laadan
[not found] ` <4A141CEE.2080100-eQaUEPhvms7ENvBUuze7eA@public.gmane.org>
2009-05-20 15:25 ` Serge E. Hallyn
[not found] ` <20090520152527.GA28585-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-05-20 15:26 ` Oren Laadan
2009-05-19 1:45 ` [PATCH 6/6] user namespaces: debug refcounts Serge E. Hallyn
[not found] ` <20090519014538.GD28312-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-05-19 8:26 ` [PATCH 4/6] cr: checkpoint and restore task credentials David Howells
[not found] ` <16258.1242721606-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2009-05-19 13:35 ` Serge E. Hallyn
[not found] ` <20090519133526.GB32685-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-05-19 14:26 ` David Howells
[not found] ` <19394.1242743199-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2009-05-19 14:46 ` Serge E. Hallyn
2009-05-20 15:35 ` Oren Laadan
[not found] ` <4A142350.1060308-eQaUEPhvms7ENvBUuze7eA@public.gmane.org>
2009-05-20 15:53 ` Serge E. Hallyn
[not found] ` <20090520155332.GA28999-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-05-20 16:08 ` Oren Laadan
[not found] ` <4A142B05.4040907-eQaUEPhvms7ENvBUuze7eA@public.gmane.org>
2009-05-20 16:13 ` Serge E. Hallyn
2009-05-20 16:54 ` Oren Laadan
[not found] ` <4A1435E0.3010306-eQaUEPhvms7ENvBUuze7eA@public.gmane.org>
2009-05-20 21:40 ` Serge E. Hallyn
[not found] ` <20090520214027.GA3517-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-05-21 14:02 ` Oren Laadan
[not found] ` <4A155EEC.9070509-eQaUEPhvms7ENvBUuze7eA@public.gmane.org>
2009-05-21 14:14 ` Serge E. Hallyn
2009-05-20 21:52 ` Serge E. Hallyn
[not found] ` <20090520215250.GB3517-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-05-21 14:13 ` Oren Laadan
2009-05-20 22:16 ` Serge E. Hallyn
[not found] ` <20090520221600.GA3925-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-05-21 6:03 ` Oren Laadan [this message]
2009-05-20 16:56 ` Oren Laadan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4A14EEA2.4030808@cs.columbia.edu \
--to=orenl-eqauephvms7envbuuze7ea@public.gmane.org \
--cc=containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org \
--cc=serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox