From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933916AbcHDOt4 (ORCPT ); Thu, 4 Aug 2016 10:49:56 -0400 Received: from out03.mta.xmission.com ([166.70.13.233]:34120 "EHLO out03.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933685AbcHDOty (ORCPT ); Thu, 4 Aug 2016 10:49:54 -0400 From: ebiederm@xmission.com (Eric W. Biederman) To: Hari Bathini Cc: daniel@iogearbox.net, peterz@infradead.org, linux-kernel@vger.kernel.org, acme@kernel.org, alexander.shishkin@linux.intel.com, mingo@redhat.com, paulus@samba.org, kernel@kyup.com, rostedt@goodmis.org, viro@zeniv.linux.org.uk, aravinda@linux.vnet.ibm.com, ananth@in.ibm.com References: <146965470618.23765.7329786743211962695.stgit@hbathini.in.ibm.com> <146965486994.23765.17493394560604547789.stgit@hbathini.in.ibm.com> <8760rhdz0e.fsf@x220.int.ebiederm.org> Date: Thu, 04 Aug 2016 09:12:39 -0500 In-Reply-To: (Hari Bathini's message of "Thu, 4 Aug 2016 17:56:20 +0530") Message-ID: <87shuk62so.fsf@x220.int.ebiederm.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-XM-SPF: eid=1bVJal-0001lD-K9;;;mid=<87shuk62so.fsf@x220.int.ebiederm.org>;;;hst=in02.mta.xmission.com;;;ip=67.3.204.119;;;frm=ebiederm@xmission.com;;;spf=neutral X-XM-AID: U2FsdGVkX1/vy1YFkdvgk+FKcTnG1J4DwSFtqn2IiHg= X-SA-Exim-Connect-IP: 67.3.204.119 X-SA-Exim-Mail-From: ebiederm@xmission.com X-Spam-Report: * -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP * 0.0 TVD_RCVD_IP Message was received from an IP address * 0.7 XMSubLong Long Subject * 0.0 T_TM2_M_HEADER_IN_MSG BODY: No description available. * 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% * [score: 0.4995] * -0.0 DCC_CHECK_NEGATIVE Not listed in DCC * [sa07 1397; Body=1 Fuz1=1 Fuz2=1] * 0.0 T_TooManySym_01 4+ unique symbols in subject X-Spam-DCC: XMission; sa07 1397; Body=1 Fuz1=1 Fuz2=1 X-Spam-Combo: ;Hari Bathini X-Spam-Relay-Country: X-Spam-Timing: total 510 ms - load_scoreonly_sql: 0.08 (0.0%), signal_user_changed: 4.2 (0.8%), b_tie_ro: 2.9 (0.6%), parse: 1.19 (0.2%), extract_message_metadata: 4.8 (0.9%), get_uri_detail_list: 1.73 (0.3%), tests_pri_-1000: 4.3 (0.8%), tests_pri_-950: 2.1 (0.4%), compile_eval: 0.45 (0.1%), tests_pri_-900: 1.74 (0.3%), tests_pri_-400: 29 (5.7%), check_bayes: 27 (5.4%), b_tokenize: 11 (2.2%), b_tok_get_all: 7 (1.4%), b_comp_prob: 3.0 (0.6%), b_tok_touch_all: 2.8 (0.6%), b_finish: 0.81 (0.2%), tests_pri_0: 443 (86.8%), check_dkim_signature: 0.77 (0.2%), check_dkim_adsp: 4.2 (0.8%), tests_pri_500: 5 (1.0%), rewrite_mail: 0.00 (0.0%) Subject: Re: [RFC PATCH v2 3/3] tracefs: add 'newinstance' mount option X-Spam-Flag: No X-SA-Exim-Version: 4.2.1 (built Thu, 05 May 2016 13:38:54 -0600) X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hari Bathini writes: > Hi Eric, > > > Thanks for the comments.. > > > On Thursday 04 August 2016 08:24 AM, Eric W. Biederman wrote: >> Hari Bathini writes: >> >>> When tracefs is mounted inside a container, its files are visible to >>> all containers. This implies that a user from within a container can >>> list/delete uprobes registered elsewhere, leading to security issues >>> and/or denial of service (Eg. deleting a probe that is registered from >>> elsewhere). This patch addresses this problem by adding mount option >>> 'newinstance', allowing containers to have their own instance mounted >>> separately. Something like the below from within a container: >> newinstance is an anti-pattern in devpts and should not be copied. >> To fix some severe defects of devpts we had to always create new >> istances and the code and the testing to make that all work was > > OK.. > >> not pleasant. Please don't add another option that we will just have to >> make redundant later. > > IIUC, you mean, implicitly create a new instance for tracefs mount > inside container without the need for a new option? Yes. Or always create a new instance. Whatever makes sense. If we don't have to bind things to a namespace all the better. Eric