From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753683AbcDOKth (ORCPT ); Fri, 15 Apr 2016 06:49:37 -0400 Received: from cn.fujitsu.com ([59.151.112.132]:5092 "EHLO heian.cn.fujitsu.com" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1752327AbcDOKtR (ORCPT ); Fri, 15 Apr 2016 06:49:17 -0400 X-IronPort-AV: E=Sophos;i="5.22,518,1449504000"; d="scan'208";a="5640354" From: Zhao Lei To: CC: , "Eric W. Biederman" , Mateusz Guzik , Kamezawa Hiroyuki , Zhao Lei Subject: [PATCH 0/3] [RFC] Write dump into container's filesystem for pipe_type core_pattern Date: Fri, 15 Apr 2016 18:47:10 +0800 Message-ID: X-Mailer: git-send-email 1.8.5.1 MIME-Version: 1.0 Content-Type: text/plain X-yoursite-MailScanner-ID: 6E5D542B55EB.A82FB X-yoursite-MailScanner: Found to be clean X-yoursite-MailScanner-From: zhaolei@cn.fujitsu.com Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org In current system, when we set core_pattern to a pipe, both pipe program and program's output are in host's filesystem. But when we set core_pattern to a file, the container will write dump into container's filesystem. For example, when we set following core_pattern: # echo "|/my_dump_pipe %s %c %p %u %g %t e" >/proc/sys/kernel/core_pattern and trigger a segment fault in a container, my_dump_pipe is searched from host's filesystem, and it will write coredump into host's filesystem too. In a privileged container, user can destroy host system by following command: # # In a container # echo "|/bin/dd of=/boot/vmlinuz" >/proc/sys/kernel/core_pattern # make_dump Actually, all operation in a container should not change host's environment, the container should use core_pattern as its private setting. In detail, in core dump action: 1: Search pipe program in container's fs namespace. 2: Run pipe program in container's fs namespace to write coredump to it. I rewrited this patch from origional: http://www.gossamer-threads.com/lists/linux/kernel/2395715?do=post_view_flat and changed the impliment way and function detail discussed in: http://www.gossamer-threads.com/lists/linux/kernel/2397602?nohighlight=1#2397602 Changes against previous impliment: 1: Avoid forking thread from the crach process. Suggested-by: Eric W. Biederman 2: To keep compatibility with current code, if user hadn't change core_pattern in container, the dump file will still write to the host filesystem. Suggested-by: Eric W. Biederman Zhao Lei (3): [RFC] Save dump_root into pid_namespace [RFC] Make dump_pipe thread possilbe to select the rootfs [RFC] Write dump into container's filesystem for pipe_type core_pattern fs/coredump.c | 19 ++++++++++++++++++- fs/fs_struct.c | 25 ++++++++++++++++--------- include/linux/fs_struct.h | 3 ++- include/linux/kmod.h | 4 +++- include/linux/pid_namespace.h | 3 +++ include/linux/sched.h | 5 +++-- init/do_mounts_initrd.c | 3 ++- init/main.c | 4 ++-- kernel/fork.c | 34 ++++++++++++++++++++-------------- kernel/kmod.c | 13 ++++++++----- kernel/kthread.c | 3 ++- kernel/pid.c | 1 + kernel/pid_namespace.c | 6 ++++++ kernel/sysctl.c | 30 ++++++++++++++++++++++++++---- lib/kobject_uevent.c | 3 ++- security/keys/request_key.c | 2 +- 16 files changed, 115 insertions(+), 43 deletions(-) -- 1.8.5.1