From: ebiederm@xmission.com (Eric W. Biederman)
To: Andrei Vagin <avagin@virtuozzo.com>
Cc: <avagin@openvz.org>, <containers@lists.linux-foundation.org>,
<linux-kernel@vger.kernel.org>,
Serge Hallyn <serge.hallyn@canonical.com>,
Kees Cook <keescook@chromium.org>
Subject: Re: [PATCH 0/2 v2] userns: show current values of user namespace counters
Date: Mon, 10 Oct 2016 15:44:09 -0500 [thread overview]
Message-ID: <871szo53za.fsf@x220.int.ebiederm.org> (raw)
In-Reply-To: <20161010162202.GA31628@outlook.office365.com> (Andrei Vagin's message of "Mon, 10 Oct 2016 09:22:03 -0700")
Andrei Vagin <avagin@virtuozzo.com> writes:
> On Thu, Oct 06, 2016 at 02:33:53PM -0500, Eric W. Biederman wrote:
>> Andrei Vagin <avagin@virtuozzo.com> writes:
>>
>> > Hello Eric,
>> >
>> > What do you think about this series? It should be useful to know current
>> > usage for user counters.
>>
>> I am in favor of knowing the values. Unless there is a good reason not
>> to we should export the values with a read-only sysctl. I believe that
>> is what other similar limits do.
>
> I want to have a place where I will be able to get limits for all
> users. I can't imagine how to do this with a sysctl. It will looks like
> multiline sysct-s, what doesn't look good. I will think. If you will
> have any ideas let me know. Thanks.
Something that has been on my wish list for a while has been to modify
/proc/sys/... to also show up under /proc/<pid>/sys/... for the
non-global values. Now it might make sense to show these things in an
alternate filesystem.
At the same time I am a little leary of the desire. Changing these
limits and watching them in a per-process / per-user sense is fine.
However their fundamental purpose is to be set and forget limits and
that only rarely should anyone need to mess with. Which makes the
primary purpose of looking at them debugging and verifying that the
limits are set to reasonable values.
Active management if someone wants to go there is possible but it will
never be the primary purpose of these limits.
>> As for having per process knowledge I think that is probably something
>> we want to solve for these sysctls as well.
>>
>> I don't think I saw anyone looking at this code from the perspective of
>> information leaks. I think we need to ask that question, as similar
>> interfaces have been problematic from an information leak point of view.
>
> It's a good question.
I expect that we don't actually care. The kernel tends to leak a lot of
this kind of information. But I figure we should at least be able to
say we thought about it and we don't care.
Eric
prev parent reply other threads:[~2016-10-10 20:46 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-15 20:10 [PATCH 0/2 v2] userns: show current values of user namespace counters Andrei Vagin
2016-08-15 20:10 ` [PATCH 1/2] kernel: " Andrei Vagin
2016-08-16 20:00 ` Kees Cook
2016-08-16 20:05 ` Serge E. Hallyn
2016-08-16 22:44 ` Andrei Vagin
2016-08-15 20:10 ` [PATCH 2/2] Documentation: describe /proc/<pid>/userns_counts Andrei Vagin
2016-08-16 22:53 ` [PATCH 0/2 v2] userns: show current values of user namespace counters Serge E. Hallyn
2016-10-06 17:51 ` Andrei Vagin
2016-10-06 19:33 ` Eric W. Biederman
2016-10-10 16:22 ` Andrei Vagin
2016-10-10 20:44 ` Eric W. Biederman [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=871szo53za.fsf@x220.int.ebiederm.org \
--to=ebiederm@xmission.com \
--cc=avagin@openvz.org \
--cc=avagin@virtuozzo.com \
--cc=containers@lists.linux-foundation.org \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=serge.hallyn@canonical.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox