Re: (pspace,pid) vs true pid virtualization

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Herbert Poetzl <herbert@13thfloor.at>
To: Kirill Korotaev <dev@sw.ru>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>,
	"Serge E. Hallyn" <serue@us.ibm.com>,
	linux-kernel@vger.kernel.org, vserver@list.linux-vserver.org,
	Alan Cox <alan@lxorguk.ukuu.org.uk>,
	Dave Hansen <haveblue@us.ibm.com>,
	Arjan van de Ven <arjan@infradead.org>,
	Suleiman Souhlal <ssouhlal@FreeBSD.org>,
	Hubertus Franke <frankeh@watson.ibm.com>,
	Cedric Le Goater <clg@fr.ibm.com>,
	Kyle Moffett <mrmacman_g4@mac.com>, Greg <gkurz@fr.ibm.com>,
	Linus Torvalds <torvalds@osdl.org>, Andrew Morton <akpm@osdl.org>,
	Greg KH <greg@kroah.com>, Rik van Riel <riel@redhat.com>,
	Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>,
	Andrey Savochkin <saw@sawoct.com>,
	Kirill Korotaev <dev@openvz.org>, Andi Kleen <ak@suse.de>,
	Benjamin Herrenschmidt <benh@kernel.crashing.org>,
	Jeff Garzik <jgarzik@pobox.com>,
	Trond Myklebust <trond.myklebust@fys.uio.no>,
	Jes Sorensen <jes@sgi.com>
Subject: Re: (pspace,pid) vs true pid virtualization
Date: Mon, 20 Feb 2006 16:36:07 +0100	[thread overview]
Message-ID: <20060220153606.GD18841@MAIL.13thfloor.at> (raw)
In-Reply-To: <43F9D5DF.6030009@sw.ru>

On Mon, Feb 20, 2006 at 05:44:47PM +0300, Kirill Korotaev wrote:
>> >fine, agreed on this finally, same for OpenVZ.
>> hey we have soemthing :)
> :)

>>>> definitely, we (Linux-VServer) added this some time ago
>>>> and it helps to maintain/restart a guest.

>>> but why sys_waitpid? we can make it in many other ways,

>> yes, we currently have a syscall switch command 
>> to wait for the guest, but, of course, it is
>> very similar to the 'normal' unix waitpid()

> this is more logically clean to me, since containers/namespaces are
> not tasks. If someone wants to use more unix-like semantics, he can
> obtain fd for namespace and call select/poll on it :))))

well, I'm neither for nor against a separate syscall
here, don't get me wrong, but it will take ages to
get the 'new' syscalls added to all archs, and the
arch maintainers will probably have a dozent reasons
why this particular syscall is completely wrong :)

>>> And we had issues in OpenVZ, that very fast VPS stop/start can fail
>>> due to not freed resources yet.

>> this is a design problem, if your design allows
>> to have _more_ than one pid space with the same
>> identifier/properties, but with only one active
>> and thus reachable space, it is no problem to 
>> create a new one right after the old one did send
>> the event (which doesn't mean that it was destroyed
>> just that the last process left the space)

> see my another email about sockets.

which one?

[ some context lost here ]

>>> How about third party apps?

>> I don't think we care about third party apps when
>> adding new kernel functionality, especially not
>> proprietary ones which cannot be modified easily

> Even if we don't take into account proprietary apps, there too many
> opensource control panels, management tools etc. So this doesn't look
> good to me anyhow.

well, they would see exactly the same as before, not
more and not less, new features will require new tools
and/or adaptations to the old ones. period.

>>> agreed. Though I don't like a backdoor name :) 
>>> It is just a way to get access to VPS.

>> well, it is often a way to get access to the VPS
>> without the 'owner' of that VPS even knowing, so
>> IMHO it's a backdoor, access would be via sshd or
>> console :)

> When you have a physical box there are many ways to get access to it
> without knowing passwords etc. This is the same.

does that change what it is, a backdoor circumventing
established security? I don't think so ...

best,
Herbert

> Kirill

next prev parent reply	other threads:[~2006-02-20 15:36 UTC|newest]

Thread overview: 45+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-02-15 14:59 (pspace,pid) vs true pid virtualization Serge E. Hallyn
2006-02-15 22:12 ` Eric W. Biederman
2006-02-16 14:29   ` Serge E. Hallyn
2006-02-16 16:37     ` Eric W. Biederman
2006-02-16 17:53       ` Serge E. Hallyn
2006-02-16 18:19         ` Eric W. Biederman
2006-02-16 18:44           ` Serge E. Hallyn
2006-02-16 18:52             ` Dave Hansen
2006-02-17 10:57               ` Eric W. Biederman
2006-02-17 11:44                 ` Herbert Poetzl
2006-02-17 12:16                   ` Eric W. Biederman
2006-02-17 12:44                     ` Herbert Poetzl
2006-02-17 13:15                       ` Eric W. Biederman
2006-02-17 13:39                       ` Hubertus Franke
2006-02-17 21:40                         ` Herbert Poetzl
2006-02-17 11:04             ` Eric W. Biederman
2006-02-20 10:06       ` Kirill Korotaev
2006-02-17  3:35     ` Hubertus Franke
2006-02-17 14:53       ` Serge E. Hallyn
2006-02-20  9:37     ` Kirill Korotaev
2006-02-20 12:47       ` Herbert Poetzl
2006-02-20 14:34         ` Kirill Korotaev
2006-02-20 15:27           ` Herbert Poetzl
2006-02-16 14:30   ` Herbert Poetzl
2006-02-16 15:37     ` Serge E. Hallyn
2006-02-16 17:13       ` Eric W. Biederman
2006-02-16 17:57         ` Serge E. Hallyn
2006-02-20  9:54       ` Kirill Korotaev
2006-02-20 18:19         ` Dave Hansen
2006-02-16 16:59     ` Eric W. Biederman
2006-02-16 17:41     ` Dave Hansen
2006-02-16 19:12       ` Herbert Poetzl
2006-02-16 19:38         ` Dave Hansen
2006-02-16 21:11           ` Sam Vilain
2006-02-20 10:10       ` Kirill Korotaev
2006-02-20  9:50     ` Kirill Korotaev
2006-02-20 13:00       ` Herbert Poetzl
2006-02-20 14:44         ` Kirill Korotaev
2006-02-20 15:36           ` Herbert Poetzl [this message]
2006-02-20  9:13   ` Kirill Korotaev
2006-02-20 18:07     ` Dave Hansen
2006-02-15 23:24 ` Sam Vilain
2006-02-16  5:50   ` Eric W. Biederman
2006-02-20  9:17   ` Kirill Korotaev
2006-02-20 20:01     ` Sam Vilain

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20060220153606.GD18841@MAIL.13thfloor.at \
    --to=herbert@13thfloor.at \
    --cc=ak@suse.de \
    --cc=akpm@osdl.org \
    --cc=alan@lxorguk.ukuu.org.uk \
    --cc=arjan@infradead.org \
    --cc=benh@kernel.crashing.org \
    --cc=clg@fr.ibm.com \
    --cc=dev@openvz.org \
    --cc=dev@sw.ru \
    --cc=ebiederm@xmission.com \
    --cc=frankeh@watson.ibm.com \
    --cc=gkurz@fr.ibm.com \
    --cc=greg@kroah.com \
    --cc=haveblue@us.ibm.com \
    --cc=jes@sgi.com \
    --cc=jgarzik@pobox.com \
    --cc=kuznet@ms2.inr.ac.ru \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mrmacman_g4@mac.com \
    --cc=riel@redhat.com \
    --cc=saw@sawoct.com \
    --cc=serue@us.ibm.com \
    --cc=ssouhlal@FreeBSD.org \
    --cc=torvalds@osdl.org \
    --cc=trond.myklebust@fys.uio.no \
    --cc=vserver@list.linux-vserver.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox