public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed
From: Pavel Emelyanov <xemul@openvz.org>
To: Ingo Molnar <mingo@elte.hu>
Cc: Peter Zijlstra <peterz@infradead.org>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	Andrew Morton <akpm@linux-foundation.org>,
	linux-kernel@vger.kernel.org, Ulrich Drepper <drepper@redhat.com>
Subject: Re: [patch] PID namespace design bug, workaround
Date: Thu, 01 Nov 2007 18:30:32 +0300	[thread overview]
Message-ID: <4729F118.3080506@openvz.org> (raw)
In-Reply-To: <20071101151753.GA6181@elte.hu>

Ingo Molnar wrote:
> * Pavel Emelyanov <xemul@openvz.org> wrote:
> 
>> The "fix" I mention is just returning -EINVAL in case user orders 
>> CLONE_NEWPIDS and compiling out all the namespace cloning code. This 
>> is just a more elegant way to get rid of pid namespaces rather than 
>> Ingo proposed.
> 
> unfortunately i have to NACK that approach. We never allowed broken 
> user-space visible APIs into the kernel like that because it just gives 
> a vector for that breakage to become de-facto used and forced upon the 
> core kernel. Even if they can be .config turned off. That's just a lame 
> excuse that delays the fixing of it. We may mark features that have a 
> good expectation to be fixed as CONFIG_EXPERIMENTAL, and we may mark 

Pid namespaces have more than a good expectations to be fixed, so
feel free to mark the (currently pending) PID_NS config option with
"depends on EXPERIMENTAL".

All the problems I know are slowly getting fixed, but most of them are
just related to "bad pid value is reported to the user space when we 
work inside some new namespace".

Unfortunately, as I can see, all the discussions of pid namespaces 
happen behind my bask, so all I can is just fix the problems I'm 
aware of.

> drivers that nobody maintains anymore as CONFIG_BROKEN, but we dont 
> introduce new core syscall features with CONFIG_BROKEN! We never did and 
> i hope we never will.
> 
> The _only_ way to force the fixing of such type of breakages is to not 
> offer them _at all_. Really, you are proposing a major new extension to 
> lots of important core Linux APIs so please try to solve this problem 
> cleanly, it's really severe. Right now as things stand this containers 

I'm sure, that no *new* problems appear in case you don't enter the new
namespace, so just disable the pid space creation code (with EXPERIMENTAL 
option) and live with the original kernel.

If you point me one, I'd be glad to fix it.

> sub-feature is "a little bit pregnant". This is one of the few cases 
> where we really _must_ say no.
> 
> 	Ingo
> 


  reply	other threads:[~2007-11-01 15:31 UTC|newest]

Thread overview: 41+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-11-01 14:43 [patch] PID namespace design bug, workaround Ingo Molnar
2007-11-01 14:51 ` Pavel Emelyanov
2007-11-01 14:56   ` Peter Zijlstra
2007-11-01 15:06     ` Pavel Emelyanov
2007-11-01 15:17       ` Ingo Molnar
2007-11-01 15:30         ` Pavel Emelyanov [this message]
2007-11-01 14:56   ` Ulrich Drepper
2007-11-01 15:05     ` Pavel Emelyanov
2007-11-02  0:21       ` Ulrich Drepper
2007-11-02  7:55         ` Pavel Emelyanov
2007-11-02  8:04           ` Andrew Morton
2007-11-02  8:14             ` Pavel Emelyanov
2007-11-02 14:05               ` Ulrich Drepper
2007-11-02 14:21                 ` Pavel Emelyanov
2007-11-02 15:34                   ` Ulrich Drepper
2007-11-02 15:58                     ` Pavel Emelyanov
2007-11-02 21:39                       ` Theodore Tso
2007-11-03  4:34                       ` Ulrich Drepper
2007-11-06  7:49                         ` Pavel Emelyanov
2007-11-03 20:01                   ` sukadev
2007-11-04  7:17                     ` Eric W. Biederman
2007-11-02 17:30             ` Dave Hansen
2007-11-02 17:39               ` Linus Torvalds
2007-11-03  4:02                 ` Nicholas Miell
2007-11-03 20:12                 ` Ingo Molnar
2007-11-03 22:40                   ` Linus Torvalds
2007-11-03 23:55                     ` Arjan van de Ven
2007-11-04  0:21                       ` david
2007-11-04 10:38                     ` [patch] PID namespaces Ingo Molnar
2007-11-04 20:12                       ` Dave Hansen
2007-11-05 14:47                       ` Denys Vlasenko
2007-11-20 22:53                   ` Futexes and network filesystems Er ic W. Biederman
2007-11-21  6:16                     ` Kyle Moffett
2007-11-21  6:30                       ` Eric W. Biederman
2007-11-01 16:12     ` [patch] PID namespace design bug, workaround Dave Hansen
2007-11-01 14:53 ` Ulrich Drepper
2007-11-01 15:05   ` Ingo Molnar
2007-11-01 18:57     ` Theodore Tso
2007-11-01 19:53       ` Ingo Molnar
2007-11-02  0:23         ` Ulrich Drepper
2007-11-01 15:02 ` Pavel Emelyanov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4729F118.3080506@openvz.org \
    --to=xemul@openvz.org \
    --cc=akpm@linux-foundation.org \
    --cc=drepper@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@elte.hu \
    --cc=peterz@infradead.org \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox