public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed
From: JANAK DESAI <janak@us.ibm.com>
To: Al Viro <viro@ftp.linux.org.uk>
Cc: Ingo Molnar <mingo@elte.hu>,
	chrisw@osdl.org, dwmw2@infradead.org, jamie@shareable.org,
	serue@us.ibm.com, linuxram@us.ibm.com, jmorris@namei.org,
	sds@tycho.nsa.gov, akpm@osdl.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH -mm 1/5] New system call, unshare
Date: Fri, 09 Dec 2005 09:15:53 -0500	[thread overview]
Message-ID: <43999199.70608@us.ibm.com> (raw)
In-Reply-To: <20051209120244.GL27946@ftp.linux.org.uk>

Al Viro wrote:

>On Fri, Dec 09, 2005 at 11:55:02AM +0100, Ingo Molnar wrote:
>  
>
>>* JANAK DESAI <janak@us.ibm.com> wrote:
>>
>>    
>>
>>>[PATCH -mm 1/5] unshare system call: System call handler function 
>>>sys_unshare
>>>      
>>>
>>>+       if (unshare_flags & ~(CLONE_NEWNS | CLONE_VM))
>>>+               goto errout;
>>>      
>>>
>>just curious, did you consider all the other CLONE_* flags as well, to 
>>see whether it makes sense to add unshare support for them?
>>    
>>
>
>IMO the right thing to do is
>	* accept *all* flags from the very beginning
>	* check constraints ("CLONE_NEWNS must be accompanied by CLONE_FS")
>and either -EINVAL if they are not satisfied or silently force them.
>	* for each unimplemented flag check if we corresponding thing
>is shared; -EINVAL otherwise.
>
>Then for each flag we care to implement we should replace such check with
>actual unsharing - a patch per flag.
>
>CLONE_FS and CLONE_FILES are *definitely* worth implementing and are
>trivial to implement.  The only thing we must take care of is doing
>all replacements under task_lock, without dropping it between updates.
>  
>

Ok, thanks. I will restructure code and reorganize patches accordingly 
and post
updated patches.

To answer Ingo's question, we did look at other flags when I started. 
However,
I wanted to keep the system call simple enough, with atleast namespace 
unsharing,
so it would get accepted. In the original discussion on fsdevel, 
unsharing of vm
was mentioned as useful so I added that in addition to namespace unsharing.

>I would say that CLONE_SIGHAND is also an obvious candidate for adding.
>  
>
I did have signal handler unsharing in one of the earlier incarnation of 
the patch,
however Chris Wright alerted me (on IRC) to a possible problem with posix
real time signals if we allow unsharing of signal handlers. He pointed 
me to the
way send_sigqueue is stashing sighand lock for later use and since 
timers are
flushed on exec and exit, it may lead to an oops. Since my primary 
interest was
in namespace unsharing, I disallowed unsharing of signal handler. I will 
take a
look at it more detail and come back with specific issues with sighand
unsharing.

Thanks.

>-
>To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
>the body of a message to majordomo@vger.kernel.org
>More majordomo info at  http://vger.kernel.org/majordomo-info.html
>Please read the FAQ at  http://www.tux.org/lkml/
>
>
>  
>


  reply	other threads:[~2005-12-09 14:16 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-12-08 22:09 [PATCH -mm 1/5] New system call, unshare JANAK DESAI
2005-12-09 10:55 ` Ingo Molnar
2005-12-09 12:02   ` Al Viro
2005-12-09 14:15     ` JANAK DESAI [this message]
2005-12-09 14:34       ` Al Viro
2005-12-09 14:48         ` JANAK DESAI
2005-12-09 19:01       ` Ingo Molnar
2005-12-09 19:57         ` JANAK DESAI

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=43999199.70608@us.ibm.com \
    --to=janak@us.ibm.com \
    --cc=akpm@osdl.org \
    --cc=chrisw@osdl.org \
    --cc=dwmw2@infradead.org \
    --cc=jamie@shareable.org \
    --cc=jmorris@namei.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linuxram@us.ibm.com \
    --cc=mingo@elte.hu \
    --cc=sds@tycho.nsa.gov \
    --cc=serue@us.ibm.com \
    --cc=viro@ftp.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox