From: Oren Laadan <orenl@librato.com>
To: Alexey Dobriyan <adobriyan@gmail.com>
Cc: "Serge E. Hallyn" <serue@us.ibm.com>,
arnd@arndb.de, Containers <containers@lists.linux-foundation.org>,
Nathan Lynch <nathanl@austin.ibm.com>,
linux-kernel@vger.kernel.org,
"Eric W. Biederman" <ebiederm@xmission.com>,
hpa@zytor.com, mingo@elte.hu,
Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>,
torvalds@linux-foundation.org, Pavel Emelyanov <xemul@openvz.org>
Subject: Re: [RFC][v7][PATCH 0/9] Implement clone2() system call
Date: Wed, 30 Sep 2009 13:41:45 -0400 [thread overview]
Message-ID: <4AC39859.3090703@librato.com> (raw)
In-Reply-To: <20090930053443.GA1010@x200>
Alexey Dobriyan wrote:
> On Thu, Sep 24, 2009 at 01:35:56PM -0500, Serge E. Hallyn wrote:
>> Quoting Alexey Dobriyan (adobriyan@gmail.com):
>>> I don't like this even more.
>>>
>>> Pid namespaces are hierarchical _and_ anonymous, so simply
>>> set of numbers doesn't describe the final object.
>>>
>>> struct pid isn't special, it's just another invariant if you like
>>> as far as C/R is concerned, but system call is made special wrt pids.
>>>
>>> What will be in an image? I hope "struct kstate_image_pid" with several
>> Sure pid namespaces are anonymous, but we will give each an 'objref'
>> valid only for a checkpoint image, and store the relationship between
>> pid namespaces based on those objrefs. Basically the same way that user
>> structs and hierarchical user namespaces are handled right now.
>
> OK, that's certainly doable.
>
> You're commiting yourself to creation of tasks in userspace if this goes in. :-\
> Which can let you into putting wrong kind of relations into image.
A malicious user can put "wrong" king of relations into the image,
regardless of whether the tasks are created in the kernel or in
userspace. As long as the creation follows the "instructions" in
the image, the result would be the same.
> IIRC, clone_flags were in image (still?), but tomorrow kernel will get
> new way to acquire, say, uts_ns, which, in theory, can't be described by
> a set of consecutive clones, so, you'll have to fixup something in kernel.
The only thing enforced in user space is task relations, threads
and (as a by-product) session id's. The rest are refined in the
kernel. This includes uts_ns, for example.
(FWIW, _any_ clone relationships can be described by a set of
clones. In particular because that's how they were constructed
in the first place).
Oren.
next prev parent reply other threads:[~2009-09-30 17:41 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-09-24 16:55 [RFC][v7][PATCH 0/9] Implement clone2() system call Sukadev Bhattiprolu
2009-09-24 17:00 ` [RFC][v7][PATCH 1/9]: Factor out code to allocate pidmap page Sukadev Bhattiprolu
2009-09-24 17:00 ` [RFC][v7][PATCH 2/9]: Have alloc_pidmap() return actual error code Sukadev Bhattiprolu
2009-09-24 17:01 ` [RFC][v7][PATCH 3/9] Make pid_max a pid_ns property Sukadev Bhattiprolu
2009-09-24 17:45 ` Oren Laadan
2009-09-24 17:01 ` [RFC][v7][PATCH 4/9]: Add target_pid parameter to alloc_pidmap() Sukadev Bhattiprolu
2009-09-24 17:47 ` Oren Laadan
2009-09-24 17:01 ` [RFC][v7][PATCH 5/9]: Add target_pids parameter to alloc_pid() Sukadev Bhattiprolu
2009-09-24 17:02 ` [RFC][v7][PATCH 6/9]: Add target_pids parameter to copy_process() Sukadev Bhattiprolu
2009-09-24 17:02 ` [RFC][v7][PATCH 7/9]: Define do_fork_with_pids() Sukadev Bhattiprolu
2009-09-24 17:03 ` [RFC][v7][PATCH 8/9]: Define clone2() syscall Sukadev Bhattiprolu
2009-09-24 21:43 ` Arnd Bergmann
2009-09-25 8:23 ` Louis Rilling
2009-09-25 10:56 ` Louis Rilling
2009-09-29 18:05 ` Sukadev Bhattiprolu
2009-09-29 18:40 ` Roland McGrath
2009-09-29 18:44 ` H. Peter Anvin
2009-09-29 19:02 ` Arjan van de Ven
2009-09-29 19:10 ` Linus Torvalds
2009-09-29 20:02 ` H. Peter Anvin
2009-09-29 22:11 ` Linus Torvalds
2009-09-29 22:19 ` H. Peter Anvin
2009-09-30 16:15 ` Arnd Bergmann
2009-09-30 16:27 ` Linus Torvalds
2009-09-30 17:59 ` Arnd Bergmann
2009-09-30 19:14 ` Linus Torvalds
2009-09-30 6:48 ` Roland McGrath
2009-09-29 20:00 ` H. Peter Anvin
2009-09-29 21:58 ` Oren Laadan
2009-09-24 17:03 ` [RFC][v7][PATCH 9/9]: Document " Sukadev Bhattiprolu
2009-09-24 18:05 ` Randy Dunlap
2009-09-25 2:31 ` KOSAKI Motohiro
2009-09-24 17:44 ` [RFC][v7][PATCH 0/9] Implement clone2() system call Oren Laadan
2009-09-24 20:15 ` Sukadev Bhattiprolu
2009-09-24 22:06 ` Oren Laadan
2009-09-24 22:21 ` Arnd Bergmann
2009-09-24 23:19 ` Oren Laadan
2009-10-01 2:36 ` Sukadev Bhattiprolu
2009-10-01 15:19 ` Oren Laadan
2009-09-24 17:57 ` Alexey Dobriyan
2009-09-24 18:35 ` Serge E. Hallyn
2009-09-30 5:34 ` Alexey Dobriyan
2009-09-30 17:41 ` Oren Laadan [this message]
2009-10-02 20:27 ` Alexey Dobriyan
2009-10-02 21:06 ` Oren Laadan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4AC39859.3090703@librato.com \
--to=orenl@librato.com \
--cc=adobriyan@gmail.com \
--cc=arnd@arndb.de \
--cc=containers@lists.linux-foundation.org \
--cc=ebiederm@xmission.com \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=nathanl@austin.ibm.com \
--cc=serue@us.ibm.com \
--cc=sukadev@linux.vnet.ibm.com \
--cc=torvalds@linux-foundation.org \
--cc=xemul@openvz.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox