* Private namespaces @ 2003-05-05 13:23 Adrian Etchevarne 2003-04-16 13:23 ` Andries Brouwer 2003-04-16 13:40 ` Lee Causier 0 siblings, 2 replies; 8+ messages in thread From: Adrian Etchevarne @ 2003-05-05 13:23 UTC (permalink / raw) To: linux-kernel Hello, I've been looking for instructions to use private namespaces in Linux, without results. Can anyone tell where is the documentation about it? (I'm not refering to chroot(), but to /proc/<pid>/mounts). Or the proper files in the kernel sources? Thanks, Adrian. ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Private namespaces 2003-05-05 13:23 Private namespaces Adrian Etchevarne @ 2003-04-16 13:23 ` Andries Brouwer 2003-04-19 14:52 ` Florin Iucha 2003-04-16 13:40 ` Lee Causier 1 sibling, 1 reply; 8+ messages in thread From: Andries Brouwer @ 2003-04-16 13:23 UTC (permalink / raw) To: Adrian Etchevarne; +Cc: linux-kernel On Mon, May 05, 2003 at 10:23:56AM -0300, Adrian Etchevarne wrote: > I've been looking for instructions to use private namespaces in Linux, > without results. Can anyone tell where is the documentation about it? > (I'm not refering to chroot(), but to /proc/<pid>/mounts). Or the proper > files in the kernel sources? A tiny demo program is given in http://www.win.tue.nl/~aeb/linux/lk/lk-6.html#ss6.3.3 In the kernel source, grep for CLONE_NEWNS. ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Private namespaces 2003-04-16 13:23 ` Andries Brouwer @ 2003-04-19 14:52 ` Florin Iucha 2003-04-19 16:21 ` Andries Brouwer 0 siblings, 1 reply; 8+ messages in thread From: Florin Iucha @ 2003-04-19 14:52 UTC (permalink / raw) To: Andries Brouwer; +Cc: linux-kernel [-- Attachment #1: Type: text/plain, Size: 804 bytes --] On Wed, Apr 16, 2003 at 03:23:24PM +0200, Andries Brouwer wrote: > On Mon, May 05, 2003 at 10:23:56AM -0300, Adrian Etchevarne wrote: > > > I've been looking for instructions to use private namespaces in Linux, > > without results. Can anyone tell where is the documentation about it? > > (I'm not refering to chroot(), but to /proc/<pid>/mounts). Or the proper > > files in the kernel sources? > > A tiny demo program is given in > http://www.win.tue.nl/~aeb/linux/lk/lk-6.html#ss6.3.3 > > In the kernel source, grep for CLONE_NEWNS. I have compiled the sample program on 2.5.67-pre6 and it fails with clone: Cannot allocate memory when run as a regular user. Is there a workaround? Thank you, florin -- "NT is to UNIX what a doughnut is to a particle accelerator." [-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --] ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Private namespaces 2003-04-19 14:52 ` Florin Iucha @ 2003-04-19 16:21 ` Andries Brouwer 2003-04-19 21:35 ` Andrew Morton 0 siblings, 1 reply; 8+ messages in thread From: Andries Brouwer @ 2003-04-19 16:21 UTC (permalink / raw) To: linux-kernel On Sat, Apr 19, 2003 at 09:52:39AM -0500, Florin Iucha wrote: > I have compiled the sample program on 2.5.67-pre6 and it fails with > clone: Cannot allocate memory > when run as a regular user. Is there a workaround? Well, the comment says "Exercise Play with this in several situations. You may have to be root." and the source says if (! (flags & CLONE_NEWNS)) return 0; if (!capable(CAP_SYS_ADMIN)) { put_namespace(namespace); return -EPERM; } so there is not much hope for a regular user. Now you ask: but why ENOMEM? That is a tiny flaw in the kernel source. I suppose --- fork.c~ Tue Mar 25 04:54:46 2003 +++ fork.c Sat Apr 19 18:21:44 2003 @@ -873,7 +873,8 @@ goto bad_fork_cleanup_sighand; if (copy_mm(clone_flags, p)) goto bad_fork_cleanup_signal; - if (copy_namespace(clone_flags, p)) + retval = copy_namespace(clone_flags, p); + if (retval) goto bad_fork_cleanup_mm; retval = copy_thread(0, clone_flags, stack_start, stack_size, p, regs); if (retval) would fix that. Andries ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Private namespaces 2003-04-19 16:21 ` Andries Brouwer @ 2003-04-19 21:35 ` Andrew Morton 0 siblings, 0 replies; 8+ messages in thread From: Andrew Morton @ 2003-04-19 21:35 UTC (permalink / raw) To: Andries Brouwer; +Cc: linux-kernel Andries Brouwer <aebr@win.tue.nl> wrote: > > Now you ask: but why ENOMEM? > That is a tiny flaw in the kernel source. That code's all fairly careless with its return values, isn't it? How does this look? kernel/fork.c | 23 +++++++++++------------ 1 files changed, 11 insertions(+), 12 deletions(-) diff -puN kernel/fork.c~clone-retval-fix kernel/fork.c --- 25/kernel/fork.c~clone-retval-fix 2003-04-19 14:28:05.000000000 -0700 +++ 25-akpm/kernel/fork.c 2003-04-19 14:31:26.000000000 -0700 @@ -568,7 +568,7 @@ static inline int copy_fs(unsigned long } tsk->fs = __copy_fs_struct(current->fs); if (!tsk->fs) - return -1; + return -ENOMEM; return 0; } @@ -703,7 +703,7 @@ static inline int copy_sighand(unsigned sig = kmem_cache_alloc(sighand_cachep, GFP_KERNEL); tsk->sighand = sig; if (!sig) - return -1; + return -ENOMEM; spin_lock_init(&sig->siglock); atomic_set(&sig->count, 1); memcpy(sig->action, current->sighand->action, sizeof(sig->action)); @@ -721,7 +721,7 @@ static inline int copy_signal(unsigned l sig = kmem_cache_alloc(signal_cachep, GFP_KERNEL); tsk->signal = sig; if (!sig) - return -1; + return -ENOMEM; atomic_set(&sig->count, 1); sig->group_exit = 0; sig->group_exit_code = 0; @@ -866,23 +866,22 @@ static struct task_struct *copy_process( p->security = NULL; p->as_io_context = NULL; - retval = -ENOMEM; - if (security_task_alloc(p)) + if ((retval = security_task_alloc(p))) goto bad_fork_cleanup; /* copy all the process information */ - if (copy_semundo(clone_flags, p)) + if ((retval = copy_semundo(clone_flags, p))) goto bad_fork_cleanup_security; - if (copy_files(clone_flags, p)) + if ((retval = copy_files(clone_flags, p))) goto bad_fork_cleanup_semundo; - if (copy_fs(clone_flags, p)) + if ((retval = copy_fs(clone_flags, p))) goto bad_fork_cleanup_files; - if (copy_sighand(clone_flags, p)) + if ((retval = copy_sighand(clone_flags, p))) goto bad_fork_cleanup_fs; - if (copy_signal(clone_flags, p)) + if ((retval = copy_signal(clone_flags, p))) goto bad_fork_cleanup_sighand; - if (copy_mm(clone_flags, p)) + if ((retval = copy_mm(clone_flags, p))) goto bad_fork_cleanup_signal; - if (copy_namespace(clone_flags, p)) + if ((retval = copy_namespace(clone_flags, p))) goto bad_fork_cleanup_mm; retval = copy_thread(0, clone_flags, stack_start, stack_size, p, regs); if (retval) _ ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Private namespaces 2003-05-05 13:23 Private namespaces Adrian Etchevarne 2003-04-16 13:23 ` Andries Brouwer @ 2003-04-16 13:40 ` Lee Causier 1 sibling, 0 replies; 8+ messages in thread From: Lee Causier @ 2003-04-16 13:40 UTC (permalink / raw) To: Adrian Etchevarne; +Cc: linux-kernel http://www.win.tue.nl/~aeb/linux/lk/lk-6.html Take a look at 6.3.3 "Per-process namespaces" [-- snip --] "BUGS: The program mount does not know about this feature yet, so updates /etc/mtab. Reality is visible in /proc/mounts. Some kernel versions have a bug that would cause the new process to have a strange working directory. Probably that is avoided if this is started with a working directory / or so - not in some mounted filesystem." I found symlinking /etc/mtab to /proc/self/mounts (or /proc/mounts, mhich is a symlink to /proc/self/mounts) solved the mount bug. HTH Regards, Lee Edward Causier. On Mon, 2003-05-05 at 14:23, Adrian Etchevarne wrote: > Hello, > I've been looking for instructions to use private namespaces in Linux, > without results. Can anyone tell where is the documentation about it? > (I'm not refering to chroot(), but to /proc/<pid>/mounts). Or the proper > files in the kernel sources? > > Thanks, > Adrian. > > > - > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > Please read the FAQ at http://www.tux.org/lkml/ ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Private namespaces
@ 2003-04-19 22:18 Andries.Brouwer
2003-04-19 22:22 ` Andrew Morton
0 siblings, 1 reply; 8+ messages in thread
From: Andries.Brouwer @ 2003-04-19 22:18 UTC (permalink / raw)
To: aebr, akpm; +Cc: linux-kernel
> How does this look?
Ach - just a moment ago I submitted only that single
improvement, but you do the whole list.
(It is OK, of course. I looked for a second and concluded that
in all other cases the return value was in fact -ENOMEM, so that
no change was required. Only in the case of security_task_alloc()
is a different value, -EPERM, likely.)
Concerning style - I don't like
if ((retval = copy_sighand(clone_flags, p)))
very much.
Where there is an if() one expects a boolean condition,
and in superficial reading one can easily mistake = for ==,
in spite of the additional parentheses.
Just
retval = copy_sighand(clone_flags, p);
if (retval)
is so much clearer.
Andries
^ permalink raw reply [flat|nested] 8+ messages in thread* Re: Private namespaces 2003-04-19 22:18 Andries.Brouwer @ 2003-04-19 22:22 ` Andrew Morton 0 siblings, 0 replies; 8+ messages in thread From: Andrew Morton @ 2003-04-19 22:22 UTC (permalink / raw) To: Andries.Brouwer; +Cc: linux-kernel Andries.Brouwer@cwi.nl wrote: > > Concerning style - I don't like > > if ((retval = copy_sighand(clone_flags, p))) > > very much. Me either. But in this case there are so darn many of them it seems acceptable. ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2003-04-19 22:10 UTC | newest] Thread overview: 8+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2003-05-05 13:23 Private namespaces Adrian Etchevarne 2003-04-16 13:23 ` Andries Brouwer 2003-04-19 14:52 ` Florin Iucha 2003-04-19 16:21 ` Andries Brouwer 2003-04-19 21:35 ` Andrew Morton 2003-04-16 13:40 ` Lee Causier -- strict thread matches above, loose matches on Subject: below -- 2003-04-19 22:18 Andries.Brouwer 2003-04-19 22:22 ` Andrew Morton
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox