From mboxrd@z Thu Jan 1 00:00:00 1970 From: ebiederm@xmission.com (Eric W. Biederman) Date: Wed, 28 Mar 2018 18:04:22 -0500 Subject: [REVIEW][PATCH 09/11] ipc/shm: Fix shmctl(..., IPC_STAT, ...) between pid namespaces. In-Reply-To: <1091a91e-f8ee-b091-6d95-78b33520fb2d@oracle.com> (NAGARATHNAM MUTHUSAMY's message of "Fri, 23 Mar 2018 14:41:29 -0700") References: <87vadmobdw.fsf_-_@xmission.com> <20180323191614.32489-9-ebiederm@xmission.com> <7df62190-2407-bfd4-d144-7304a8ea8ae3@oracle.com> <87lgeio4tb.fsf@xmission.com> <1091a91e-f8ee-b091-6d95-78b33520fb2d@oracle.com> Message-ID: <87woxvajk9.fsf@xmission.com> To: linux-security-module@vger.kernel.org List-Id: linux-security-module.vger.kernel.org NAGARATHNAM MUTHUSAMY writes: > On 3/23/2018 2:33 PM, ebiederm at xmission.com wrote: >> NAGARATHNAM MUTHUSAMY writes: >> >>> Thanks! >>> >>> Reviewed-by: Nagarathnam Muthusamy >> Does this look like it will address the issue you have been fighting >> with pids? > > We do use IPC shared memory but it is a single large one, shared by multiple > levels. We are currently looking into using a similar solution based on file > locks. > When a new level is created, a file representing that level could be created in > a common path which could be locked by the init process of that level. > Parent levels could query the locking pid of that file to get the pid > translation > of the init process of the required level. Then it could open a file descriptor > and use the translate_pid API for further translations. Do you want to resend the translate_pid API with file descriptors as it was in the lwn article? That I will apply. Eric -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo at vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html