From: ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org (Eric W. Biederman)
To: Aditya Kali <adityakali-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
Cc: linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org,
serge.hallyn-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org,
tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org,
cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
mingo-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org
Subject: Re: [PATCHv1 6/8] cgroup: restrict cgroup operations within task's cgroupns
Date: Sat, 18 Oct 2014 21:57:30 -0700 [thread overview]
Message-ID: <8761fgpsg5.fsf@x220.int.ebiederm.org> (raw)
In-Reply-To: <1413235430-22944-7-git-send-email-adityakali-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org> (Aditya Kali's message of "Mon, 13 Oct 2014 14:23:48 -0700")
Aditya Kali <adityakali-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org> writes:
> Restrict following operations within the calling tasks:
> * cgroup_mkdir & cgroup_rmdir
> * cgroup_attach_task
> * writes to cgroup files outside of task's cgroupns-root
>
> Also, read of /proc/<pid>/cgroup file is now restricted only
> to tasks under same cgroupns-root. If a task tries to look
> at cgroup of another task outside of its cgroupns-root, then
> it won't be able to see anything for the default hierarchy.
> This is same as if the cgroups are not mounted.
So I think this patch is out of order.
We should add the namespace infrastructre and the restrictions before
we allow creation of the namespace. Otherwise there is a bisection
point where cgroup namespaces are broken or at the very least have a
security hole. Since we can anticipate this let's see if we can figure
out how to avoid it.
Eric
> Signed-off-by: Aditya Kali <adityakali-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
> ---
> kernel/cgroup.c | 34 +++++++++++++++++++++++++++++++++-
> 1 file changed, 33 insertions(+), 1 deletion(-)
>
> diff --git a/kernel/cgroup.c b/kernel/cgroup.c
> index f8099b4..2fc0dfa 100644
> --- a/kernel/cgroup.c
> +++ b/kernel/cgroup.c
> @@ -2318,6 +2318,12 @@ static int cgroup_attach_task(struct cgroup *dst_cgrp,
> struct task_struct *task;
> int ret;
>
> + /* Only allow changing cgroups accessible within task's cgroup
> + * namespace. i.e. 'dst_cgrp' should be a descendant of task's
> + * cgroupns->root_cgrp. */
> + if (!cgroup_is_descendant(dst_cgrp, task_cgroupns_root(leader)))
> + return -EPERM;
> +
> /* look up all src csets */
> down_read(&css_set_rwsem);
> rcu_read_lock();
> @@ -2882,6 +2888,10 @@ static ssize_t cgroup_file_write(struct kernfs_open_file *of, char *buf,
> struct cgroup_subsys_state *css;
> int ret;
>
> + /* Reject writes to cgroup files outside of task's cgroupns-root. */
> + if (!cgroup_is_descendant(cgrp, task_cgroupns_root(current)))
> + return -EINVAL;
> +
> if (cft->write)
> return cft->write(of, buf, nbytes, off);
>
> @@ -4560,6 +4570,13 @@ static int cgroup_mkdir(struct kernfs_node *parent_kn, const char *name,
> parent = cgroup_kn_lock_live(parent_kn);
> if (!parent)
> return -ENODEV;
> +
> + /* Allow mkdir only within process's cgroup namespace root. */
> + if (!cgroup_is_descendant(parent, task_cgroupns_root(current))) {
> + ret = -EPERM;
> + goto out_unlock;
> + }
> +
> root = parent->root;
>
> /* allocate the cgroup and its ID, 0 is reserved for the root */
> @@ -4822,6 +4839,13 @@ static int cgroup_rmdir(struct kernfs_node *kn)
> if (!cgrp)
> return 0;
>
> + /* Allow rmdir only within process's cgroup namespace root.
> + * The process can't delete its own root anyways. */
> + if (!cgroup_is_descendant(cgrp, task_cgroupns_root(current))) {
> + cgroup_kn_unlock(kn);
> + return -EPERM;
> + }
> +
> ret = cgroup_destroy_locked(cgrp);
>
> cgroup_kn_unlock(kn);
> @@ -5051,6 +5075,15 @@ int proc_cgroup_show(struct seq_file *m, struct pid_namespace *ns,
> if (root == &cgrp_dfl_root && !cgrp_dfl_root_visible)
> continue;
>
> + cgrp = task_cgroup_from_root(tsk, root);
> +
> + /* The cgroup path on default hierarchy is shown only if it
> + * falls under current task's cgroupns-root.
> + */
> + if (root == &cgrp_dfl_root &&
> + !cgroup_is_descendant(cgrp, task_cgroupns_root(current)))
> + continue;
> +
> seq_printf(m, "%d:", root->hierarchy_id);
> for_each_subsys(ss, ssid)
> if (root->subsys_mask & (1 << ssid))
> @@ -5059,7 +5092,6 @@ int proc_cgroup_show(struct seq_file *m, struct pid_namespace *ns,
> seq_printf(m, "%sname=%s", count ? "," : "",
> root->name);
> seq_putc(m, ':');
> - cgrp = task_cgroup_from_root(tsk, root);
> path = cgroup_path(cgrp, buf, PATH_MAX);
> if (!path) {
> retval = -ENAMETOOLONG;
next prev parent reply other threads:[~2014-10-19 4:57 UTC|newest]
Thread overview: 158+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <adityakali-cgroupns>
2014-07-17 19:52 ` [PATCH 0/5] RFC: CGroup Namespaces Aditya Kali
[not found] ` <1405626731-12220-1-git-send-email-adityakali@google.com>
[not found] ` <1405626731-12220-1-git-send-email-adityakali-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2014-07-17 19:52 ` [PATCH 1/5] kernfs: Add API to get generate relative kernfs path Aditya Kali
[not found] ` <1405626731-12220-2-git-send-email-adityakali-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2014-07-24 15:10 ` Serge Hallyn
2014-07-17 19:52 ` [PATCH 2/5] sched: new clone flag CLONE_NEWCGROUP for cgroup namespace Aditya Kali
2014-07-17 19:52 ` [PATCH 3/5] cgroup: add function to get task's cgroup on default hierarchy Aditya Kali
[not found] ` <1405626731-12220-4-git-send-email-adityakali-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2014-07-24 16:59 ` Serge Hallyn
2014-07-17 19:52 ` [PATCH 4/5] cgroup: export cgroup_get() and cgroup_put() Aditya Kali
[not found] ` <1405626731-12220-5-git-send-email-adityakali-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2014-07-24 17:03 ` Serge Hallyn
2014-07-17 19:52 ` [PATCH 5/5] cgroup: introduce cgroup namespaces Aditya Kali
[not found] ` <1405626731-12220-6-git-send-email-adityakali-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2014-07-17 19:57 ` Andy Lutomirski
[not found] ` <CALCETrWXMMGzptvEu6TfzTjBou4t==W39_nNB5FJwSk2Zy8uCQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-07-17 20:55 ` Aditya Kali
[not found] ` <CAGr1F2Ht1q_nYGJwmQvEEyj8r3R1stgD=g3s8_5zYOTogjz-UQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-07-18 16:51 ` Andy Lutomirski
[not found] ` <CALCETrW6YpyJBmr3sZC6KL03GP4dcGYavQF5DFZfys6Cok-vpw@mail.gmail.com>
[not found] ` <CALCETrW6YpyJBmr3sZC6KL03GP4dcGYavQF5DFZfys6Cok-vpw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-07-18 18:51 ` Aditya Kali
[not found] ` <CAGr1F2GwZvZLPGLWKPPOt3vREwwVNbVPrgE6YJ01bACKejbc4Q-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-07-18 18:57 ` Andy Lutomirski
[not found] ` <CALCETrVeeL71sfVdbzRx0FpGrvQKbviEmUcMEosbUU+UJNQu9w-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-07-21 22:11 ` Aditya Kali
[not found] ` <CAGr1F2Fd_4=WUm4STPd4kdd5tNLO6aQ1OOQMKnRqyOKZSGvCpg@mail.gmail.com>
[not found] ` <CAGr1F2Fd_4=WUm4STPd4kdd5tNLO6aQ1OOQMKnRqyOKZSGvCpg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-07-21 22:16 ` Andy Lutomirski
[not found] ` <CALCETrUhd41LFfF9epbVYJSOwqBq308Z8RZG9tzyPfx+Joe15Q@mail.gmail.com>
[not found] ` <CALCETrUhd41LFfF9epbVYJSOwqBq308Z8RZG9tzyPfx+Joe15Q-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-07-23 19:52 ` Aditya Kali
2014-07-18 16:00 ` [PATCH 0/5] RFC: CGroup Namespaces Serge Hallyn
2014-07-24 16:10 ` Serge Hallyn
2014-07-24 16:36 ` Serge Hallyn
[not found] ` <1405626731-12220-3-git-send-email-adityakali@google.com>
[not found] ` <1405626731-12220-3-git-send-email-adityakali-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2014-07-24 17:01 ` [PATCH 2/5] sched: new clone flag CLONE_NEWCGROUP for cgroup namespace Serge Hallyn
[not found] ` <20140724170119.GR26600@ubuntumail>
2014-07-31 19:48 ` Aditya Kali
[not found] ` <CAGr1F2FAiSFR_Y3t1=eBVoAtJvh4m=cNUi+vG146nDkgtBjisQ@mail.gmail.com>
[not found] ` <CAGr1F2FAiSFR_Y3t1=eBVoAtJvh4m=cNUi+vG146nDkgtBjisQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-08-04 23:12 ` Serge Hallyn
[not found] ` <20140724163628.GN26600@ubuntumail>
2014-07-25 19:29 ` [PATCH 0/5] RFC: CGroup Namespaces Aditya Kali
[not found] ` <CAGr1F2GcAema-E2q6PFj=R0Z505iD7JshrMuMdfPTJ95wMiQMA@mail.gmail.com>
[not found] ` <CAGr1F2GcAema-E2q6PFj=R0Z505iD7JshrMuMdfPTJ95wMiQMA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-07-25 20:27 ` Andy Lutomirski
2014-07-29 4:51 ` Serge E. Hallyn
[not found] ` <20140729045159.GB31047@mail.hallyn.com>
[not found] ` <20140729045159.GB31047-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2014-07-29 15:08 ` Andy Lutomirski
[not found] ` <CALCETrW5yQLo-SvDgqjt881OD1GnuxMmGKjoohYT4nwtYw=9+w-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-07-29 16:06 ` Serge E. Hallyn
2014-10-13 21:23 ` [PATCHv1 0/8] " Aditya Kali
[not found] ` <1413235430-22944-1-git-send-email-adityakali-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2014-10-13 21:23 ` [PATCHv1 1/8] kernfs: Add API to generate relative kernfs path Aditya Kali
2014-10-13 21:23 ` [PATCHv1 2/8] sched: new clone flag CLONE_NEWCGROUP for cgroup namespace Aditya Kali
[not found] ` <1413235430-22944-3-git-send-email-adityakali-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2014-10-16 16:08 ` Serge E. Hallyn
2014-10-13 21:23 ` [PATCHv1 3/8] cgroup: add function to get task's cgroup on default hierarchy Aditya Kali
2014-10-13 21:23 ` [PATCHv1 4/8] cgroup: export cgroup_get() and cgroup_put() Aditya Kali
[not found] ` <1413235430-22944-5-git-send-email-adityakali-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2014-10-16 16:14 ` Serge E. Hallyn
2014-10-13 21:23 ` [PATCHv1 5/8] cgroup: introduce cgroup namespaces Aditya Kali
[not found] ` <1413235430-22944-6-git-send-email-adityakali-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2014-10-16 16:37 ` Serge E. Hallyn
[not found] ` <20141016163703.GE1392@mail.hallyn.com>
[not found] ` <20141016163703.GE1392-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2014-10-24 1:03 ` Aditya Kali
[not found] ` <CAGr1F2E0VdBafZg6P2yeP6bgxsMEm53fEuT29HTLygTKobgi-w-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-10-25 3:16 ` Serge E. Hallyn
2014-10-13 21:23 ` [PATCHv1 6/8] cgroup: restrict cgroup operations within task's cgroupns Aditya Kali
[not found] ` <1413235430-22944-7-git-send-email-adityakali-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2014-10-17 9:28 ` Serge E. Hallyn
[not found] ` <20141017092814.GA8848-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2014-10-22 19:06 ` Aditya Kali
2014-10-19 4:57 ` Eric W. Biederman [this message]
2014-10-13 21:23 ` [PATCHv1 7/8] cgroup: cgroup namespace setns support Aditya Kali
2014-10-13 21:23 ` [PATCHv1 8/8] cgroup: mount cgroupns-root when inside non-init cgroupns Aditya Kali
2014-10-14 22:42 ` [PATCHv1 0/8] CGroup Namespaces Andy Lutomirski
[not found] ` <CALCETrVnjrBt3odufhAirf45_REq-S9T=HpoEWqmFef2M6PucA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-10-14 23:33 ` Aditya Kali
2014-10-19 4:54 ` Eric W. Biederman
[not found] ` <87k33wpsl3.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-07-22 18:10 ` Vincent Batts
[not found] ` <1413235430-22944-2-git-send-email-adityakali@google.com>
[not found] ` <1413235430-22944-2-git-send-email-adityakali-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2014-10-16 16:07 ` [PATCHv1 1/8] kernfs: Add API to generate relative kernfs path Serge E. Hallyn
[not found] ` <1413235430-22944-4-git-send-email-adityakali@google.com>
[not found] ` <1413235430-22944-4-git-send-email-adityakali-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2014-10-16 16:13 ` [PATCHv1 3/8] cgroup: add function to get task's cgroup on default hierarchy Serge E. Hallyn
[not found] ` <1413235430-22944-8-git-send-email-adityakali@google.com>
[not found] ` <1413235430-22944-8-git-send-email-adityakali-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2014-10-16 21:12 ` [PATCHv1 7/8] cgroup: cgroup namespace setns support Serge E. Hallyn
[not found] ` <20141016211236.GA4308-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2014-10-16 21:17 ` Andy Lutomirski
2014-10-16 21:22 ` Aditya Kali
[not found] ` <CAGr1F2EH0ynfFihTh1dv=n1faxUh0zS3ggk303bwGnDnW2PUCw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-10-16 21:47 ` Serge E. Hallyn
[not found] ` <20141016214710.GA4759-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2014-10-19 5:23 ` Eric W. Biederman
[not found] ` <87iojgmy3o.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2014-10-19 18:26 ` Andy Lutomirski
[not found] ` <CALCETrUC=yW72d2hDzjESmZAt85x1WcGz4L-DrtY5YXAQxbpMA@mail.gmail.com>
[not found] ` <CALCETrUC=yW72d2hDzjESmZAt85x1WcGz4L-DrtY5YXAQxbpMA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-10-20 4:55 ` Eric W.Biederman
[not found] ` <44072106-c0f3-46b8-b2b5-9b1cbd1b7d88@email.android.com>
[not found] ` <44072106-c0f3-46b8-b2b5-9b1cbd1b7d88-2ueSQiBKiTY7tOexoI0I+QC/G2K4zDHf@public.gmane.org>
2014-10-21 0:20 ` Andy Lutomirski
[not found] ` <CALCETrXhGnBM_xx=Auz3WRQXkqhGGTWuZN=PU+A9HZ7Ek27FLA@mail.gmail.com>
[not found] ` <CALCETrXhGnBM_xx=Auz3WRQXkqhGGTWuZN=PU+A9HZ7Ek27FLA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-10-21 4:49 ` Eric W. Biederman
[not found] ` <87zjcq10ya.fsf@x220.int.ebiederm.org>
[not found] ` <87zjcq10ya.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2014-10-21 5:03 ` Andy Lutomirski
[not found] ` <CALCETrVkMtsnEh57jFZrdx5vHbz97BdO7OuupT+xVNnWpJjxng-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-10-21 5:42 ` Eric W. Biederman
[not found] ` <87lhoayo59.fsf@x220.int.ebiederm.org>
[not found] ` <87lhoayo59.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2014-10-21 5:49 ` Andy Lutomirski
[not found] ` <CALCETrVFKvtHpTfY3kuE5ZTrwQAzuDmk6dm-mbQffDHAZmq-KQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-10-21 18:49 ` Aditya Kali
[not found] ` <CAGr1F2Ee2MCKOwALR2YV7ppDmyHxO6+EsHqSc1+WcwKFPPQB0w@mail.gmail.com>
[not found] ` <CAGr1F2Ee2MCKOwALR2YV7ppDmyHxO6+EsHqSc1+WcwKFPPQB0w-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-10-21 19:02 ` Andy Lutomirski
[not found] ` <CALCETrWXDMRsexfvmh2CiMW4WX0ZLJ4pJvzHU55PEBk=NmnyZg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-10-21 22:33 ` Aditya Kali
[not found] ` <CAGr1F2FdQ4VF1_o7mdybZ-WhLLhFxdgkNnzotHOwnhLU8W+YCw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-10-21 22:42 ` Andy Lutomirski
[not found] ` <CALCETrXEAegFmSs2LnfSJR0tQmqZudnESDER8CoqKxOCBFMwdA@mail.gmail.com>
[not found] ` <CALCETrXEAegFmSs2LnfSJR0tQmqZudnESDER8CoqKxOCBFMwdA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-10-22 0:46 ` Aditya Kali
[not found] ` <CAGr1F2HYGG9=jwugywD8tUdB+dOjN4z+3BSpqL_m2aaM+3Rz1A-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-10-22 0:58 ` Andy Lutomirski
[not found] ` <CALCETrUtqozUE=Lr5d2dBKd_vaLzfVvVv8g6ZALz1MWqVzj9dQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-10-22 18:37 ` Aditya Kali
[not found] ` <CAGr1F2EBDCVrXZd7fOdffQ2C0c25T8co4wfxRc8P0Jb18yq2uQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-10-22 18:50 ` Andy Lutomirski
2014-10-22 19:42 ` Tejun Heo
2014-10-17 9:52 ` Serge E. Hallyn
[not found] ` <1413235430-22944-9-git-send-email-adityakali@google.com>
[not found] ` <1413235430-22944-9-git-send-email-adityakali-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2014-10-17 12:19 ` [PATCHv1 8/8] cgroup: mount cgroupns-root when inside non-init cgroupns Serge E. Hallyn
2014-10-31 19:18 ` [PATCHv2 0/7] CGroup Namespaces Aditya Kali
[not found] ` <1414783141-6947-1-git-send-email-adityakali-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2014-10-31 19:18 ` [PATCHv2 1/7] kernfs: Add API to generate relative kernfs path Aditya Kali
2014-10-31 19:18 ` [PATCHv2 2/7] sched: new clone flag CLONE_NEWCGROUP for cgroup namespace Aditya Kali
2014-10-31 19:18 ` [PATCHv2 3/7] cgroup: add function to get task's cgroup on default hierarchy Aditya Kali
2014-10-31 19:18 ` [PATCHv2 4/7] cgroup: export cgroup_get() and cgroup_put() Aditya Kali
2014-10-31 19:18 ` [PATCHv2 5/7] cgroup: introduce cgroup namespaces Aditya Kali
[not found] ` <1414783141-6947-6-git-send-email-adityakali-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2014-11-01 0:02 ` Andy Lutomirski
[not found] ` <CALCETrWzYPngmWPMWnSFyiTPDwNJYPpXUj1C-294uQgjvp9wcA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-11-01 0:58 ` Eric W. Biederman
[not found] ` <87y4rvspnd.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2014-11-03 23:42 ` Aditya Kali
2014-11-03 23:40 ` Aditya Kali
2014-11-04 1:56 ` Aditya Kali
2014-10-31 19:19 ` [PATCHv2 6/7] cgroup: cgroup namespace setns support Aditya Kali
2014-10-31 19:19 ` [PATCHv2 7/7] cgroup: mount cgroupns-root when inside non-init cgroupns Aditya Kali
2014-11-04 13:10 ` [PATCHv2 0/7] CGroup Namespaces Vivek Goyal
[not found] ` <20141104131030.GA2937-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2014-11-06 17:33 ` Aditya Kali
[not found] ` <CAGr1F2Hm4+aCUz3RqkgUhbJAQtWvUbb2CRDkW5rJSZkwLM_huw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-11-26 22:58 ` Richard Weinberger
[not found] ` <CAFLxGvybiem34J3zrtVhW=4itSdczassNt9RcuxnpJQeAz-JVA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-12-02 19:14 ` Aditya Kali
[not found] ` <1414783141-6947-8-git-send-email-adityakali@google.com>
[not found] ` <1414783141-6947-8-git-send-email-adityakali-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2014-11-01 0:07 ` [PATCHv2 7/7] cgroup: mount cgroupns-root when inside non-init cgroupns Andy Lutomirski
2014-11-01 1:09 ` Eric W. Biederman
[not found] ` <87y4rvrakn.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2014-11-03 22:43 ` Aditya Kali
[not found] ` <CAGr1F2Hd_PS_AscBGMXdZC9qkHGRUp-MeQvJksDOQkRBB3RGoA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-11-03 22:56 ` Andy Lutomirski
2014-11-04 13:46 ` Tejun Heo
[not found] ` <20141104134633.GA14014@htj.dyndns.org>
[not found] ` <20141104134633.GA14014-Gd/HAXX7CRxy/B6EtB590w@public.gmane.org>
2014-11-04 15:00 ` Andy Lutomirski
[not found] ` <CALCETrUggQCJyxsTWRNrjt3GM=R0VMU6RjMkU1aw3YUNMx1xEw@mail.gmail.com>
[not found] ` <CALCETrUggQCJyxsTWRNrjt3GM=R0VMU6RjMkU1aw3YUNMx1xEw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-11-04 15:50 ` Serge E. Hallyn
[not found] ` <20141104155052.GA7027-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2014-11-12 17:48 ` Aditya Kali
2014-11-03 22:46 ` Aditya Kali
2014-11-04 1:59 ` Aditya Kali
[not found] ` <CALCETrXTaZ3SJ_t-gnbc93BVZXg-912NqO78kFd0Tpi-5-dZoQ@mail.gmail.com>
[not found] ` <CALCETrXTaZ3SJ_t-gnbc93BVZXg-912NqO78kFd0Tpi-5-dZoQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-11-01 2:59 ` Eric W. Biederman
2014-11-03 23:12 ` Aditya Kali
[not found] ` <CALCETrW64-6xC6psP-8k0H-1GfVnWBTeEBNSrE_sH+-DFtuZQQ@mail.gmail.com>
[not found] ` <CALCETrW64-6xC6psP-8k0H-1GfVnWBTeEBNSrE_sH+-DFtuZQQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-11-03 23:23 ` Aditya Kali
[not found] ` <CAGr1F2GX45gC-V7kEzVjp-EiYfdPDVBRs+99nASpgFVAdYX+1w@mail.gmail.com>
[not found] ` <CAGr1F2GX45gC-V7kEzVjp-EiYfdPDVBRs+99nASpgFVAdYX+1w-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-11-03 23:48 ` Andy Lutomirski
[not found] ` <CALCETrUB_xx5zno26k5UjAFt77nZTpgyndD4AuBSZxiZBNjXSw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-11-04 0:12 ` Aditya Kali
[not found] ` <CAGr1F2EV4p_nJP_oMe3N8pBPedAZHbdB=XCMPjSEZTC9jmZoAg@mail.gmail.com>
[not found] ` <CAGr1F2EV4p_nJP_oMe3N8pBPedAZHbdB=XCMPjSEZTC9jmZoAg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-11-04 0:17 ` Andy Lutomirski
[not found] ` <CALCETrXeG2t=fW9HbkirDZudw9pbDwoqDq5ygJBkBMbqqoDAvw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-11-04 0:49 ` Aditya Kali
[not found] ` <CAGr1F2FuPQxLraYv7PstJ9c8H-XQsgawaAtj4AS77B+_0k2o+A-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-11-03 23:15 ` Andy Lutomirski
2014-11-04 13:57 ` Tejun Heo
[not found] ` <20141104135726.GB14014@htj.dyndns.org>
[not found] ` <20141104135726.GB14014-Gd/HAXX7CRxy/B6EtB590w@public.gmane.org>
2014-11-06 17:28 ` Aditya Kali
[not found] ` <87a94blj6m.fsf@x220.int.ebiederm.org>
[not found] ` <87a94blj6m.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2014-11-01 3:29 ` Andy Lutomirski
2014-12-05 1:55 ` [PATCHv3 0/8] CGroup Namespaces Aditya Kali
[not found] ` <1417744550-6461-1-git-send-email-adityakali-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2014-12-05 1:55 ` [PATCHv3 1/8] kernfs: Add API to generate relative kernfs path Aditya Kali
2014-12-05 1:55 ` [PATCHv3 2/8] sched: new clone flag CLONE_NEWCGROUP for cgroup namespace Aditya Kali
2014-12-05 1:55 ` [PATCHv3 3/8] cgroup: add function to get task's cgroup on default hierarchy Aditya Kali
2014-12-05 1:55 ` [PATCHv3 4/8] cgroup: export cgroup_get() and cgroup_put() Aditya Kali
2014-12-05 1:55 ` [PATCHv3 5/8] cgroup: introduce cgroup namespaces Aditya Kali
[not found] ` <1417744550-6461-6-git-send-email-adityakali-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2014-12-12 8:54 ` Zefan Li
2014-12-05 1:55 ` [PATCHv3 6/8] cgroup: cgroup namespace setns support Aditya Kali
2014-12-05 1:55 ` [PATCHv3 7/8] cgroup: mount cgroupns-root when inside non-init cgroupns Aditya Kali
2014-12-05 1:55 ` [PATCHv3 8/8] cgroup: Add documentation for cgroup namespaces Aditya Kali
[not found] ` <1417744550-6461-9-git-send-email-adityakali-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2014-12-12 8:54 ` Zefan Li
[not found] ` <548AAD42.5010002-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2015-01-05 22:54 ` Aditya Kali
2014-12-14 23:05 ` Richard Weinberger
[not found] ` <548E17CE.8010704-/L3Ra7n9ekc@public.gmane.org>
2015-01-05 22:48 ` Aditya Kali
[not found] ` <CAGr1F2HA6mzFwgp5ngX8P7=198-5CmCjLmuCJ8j3eQ08J2d9Qw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-01-05 22:52 ` Richard Weinberger
[not found] ` <54AB15BD.8020007-/L3Ra7n9ekc@public.gmane.org>
2015-01-05 23:53 ` Eric W. Biederman
[not found] ` <87lhlgpyxk.fsf@x220.int.ebiederm.org>
[not found] ` <87lhlgpyxk.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-01-06 0:07 ` Richard Weinberger
2015-01-06 0:10 ` Aditya Kali
[not found] ` <CAGr1F2HSi_D07r2c5CKOsjSR1+58k9G2MrtACsd+HV6XKvJ7cA@mail.gmail.com>
[not found] ` <CAGr1F2HSi_D07r2c5CKOsjSR1+58k9G2MrtACsd+HV6XKvJ7cA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-01-06 0:17 ` Richard Weinberger
[not found] ` <54AB2992.6060707@nod.at>
[not found] ` <54AB2992.6060707-/L3Ra7n9ekc@public.gmane.org>
2015-01-06 23:20 ` Aditya Kali
[not found] ` <CAGr1F2EGOUSEd3-G4PS0mq=9kU1nWG4CwHUOQaNUATepc11_Sw@mail.gmail.com>
[not found] ` <CAGr1F2EGOUSEd3-G4PS0mq=9kU1nWG4CwHUOQaNUATepc11_Sw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-01-06 23:39 ` Richard Weinberger
2015-01-07 9:28 ` Richard Weinberger
[not found] ` <54ACFC38.5070007-/L3Ra7n9ekc@public.gmane.org>
2015-01-07 14:45 ` Eric W. Biederman
[not found] ` <87fvbmir9q.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-01-07 19:30 ` Serge E. Hallyn
[not found] ` <20150107193059.GA1857@mail.hallyn.com>
[not found] ` <20150107193059.GA1857-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2015-01-07 22:14 ` Eric W. Biederman
[not found] ` <87bnma6xwv.fsf@x220.int.ebiederm.org>
[not found] ` <87bnma6xwv.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-01-07 22:45 ` Tejun Heo
[not found] ` <20150107224430.GA28414-Gd/HAXX7CRxy/B6EtB590w@public.gmane.org>
2015-01-07 23:02 ` Eric W. Biederman
[not found] ` <878uhe42km.fsf@x220.int.ebiederm.org>
[not found] ` <878uhe42km.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-01-07 23:06 ` Tejun Heo
[not found] ` <20150107230615.GA28630-Gd/HAXX7CRxy/B6EtB590w@public.gmane.org>
2015-01-07 23:09 ` Eric W. Biederman
[not found] ` <87fvbm2nni.fsf@x220.int.ebiederm.org>
[not found] ` <87fvbm2nni.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-01-07 23:16 ` Tejun Heo
2015-01-07 23:27 ` Eric W. Biederman
[not found] ` <87y4peyxw5.fsf@x220.int.ebiederm.org>
[not found] ` <87y4peyxw5.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-01-07 23:35 ` Tejun Heo
[not found] ` <20150107233553.GC28630-Gd/HAXX7CRxy/B6EtB590w@public.gmane.org>
2015-02-11 3:46 ` Serge E. Hallyn
[not found] ` <20150211034616.GA25022@mail.hallyn.com>
[not found] ` <20150211034616.GA25022-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2015-02-11 4:09 ` Tejun Heo
[not found] ` <20150211040957.GC21356-piEFEHQLUPpN0TnZuCh8vA@public.gmane.org>
2015-02-11 4:29 ` Serge E. Hallyn
[not found] ` <20150211042942.GA27931@mail.hallyn.com>
[not found] ` <20150211042942.GA27931-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2015-02-11 5:02 ` Eric W. Biederman
2015-02-11 5:10 ` Tejun Heo
[not found] ` <87oap1qbv3.fsf@x220.int.ebiederm.org>
[not found] ` <87oap1qbv3.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-02-11 5:17 ` Tejun Heo
[not found] ` <20150211051704.GB24897@mtj.duckdns.org>
[not found] ` <20150211051704.GB24897-qYNAdHglDFBN0TnZuCh8vA@public.gmane.org>
2015-02-11 6:29 ` Eric W. Biederman
[not found] ` <87twytklkv.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-02-11 14:36 ` Tejun Heo
2015-02-11 16:00 ` Serge E. Hallyn
[not found] ` <20150211160023.GA1579@mail.hallyn.com>
[not found] ` <20150211160023.GA1579-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2015-02-11 16:03 ` Tejun Heo
[not found] ` <20150211160347.GE21356@htj.duckdns.org>
[not found] ` <20150211160347.GE21356-piEFEHQLUPpN0TnZuCh8vA@public.gmane.org>
2015-02-11 16:18 ` Serge E. Hallyn
2015-01-07 18:57 ` Aditya Kali
2014-12-05 3:20 ` [PATCHv3 0/8] CGroup Namespaces Aditya Kali
[not found] ` <1417744550-6461-8-git-send-email-adityakali@google.com>
[not found] ` <1417744550-6461-8-git-send-email-adityakali-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2014-12-12 8:55 ` [PATCHv3 7/8] cgroup: mount cgroupns-root when inside non-init cgroupns Zefan Li
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8761fgpsg5.fsf@x220.int.ebiederm.org \
--to=ebiederm-as9lmozglivwk0htik3j/w@public.gmane.org \
--cc=adityakali-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org \
--cc=cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org \
--cc=mingo-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=serge.hallyn-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org \
--cc=tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox