From mboxrd@z Thu Jan  1 00:00:00 1970
From: Paul Durrant <Paul.Durrant@citrix.com>
Subject: Re: [PATCH v4 4/6] tools/dm_restrict: Unshare mount and
 IPC namespaces on Linux
Date: Tue, 6 Nov 2018 09:16:35 +0000
Message-ID: <48cdd789994e421faaf825a7d9b50aa0@AMSPEX02CL03.citrite.net>
References: <20181105180711.20322-1-george.dunlap@citrix.com>
 <20181105180711.20322-4-george.dunlap@citrix.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Return-path: <xen-devel-bounces@lists.xenproject.org>
Received: from all-amaz-eas1.inumbo.com ([34.197.232.57]
 helo=us1-amaz-eas2.inumbo.com)
 by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from
 <srs0=9pgl=nr=citrix.com=prvs=84117823e=paul.durrant@srs-us1.protection.inumbo.net>)
 id 1gJxTT-0005hr-QK
 for xen-devel@lists.xenproject.org; Tue, 06 Nov 2018 09:16:39 +0000
In-Reply-To: <20181105180711.20322-4-george.dunlap@citrix.com>
Content-Language: en-US
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xenproject.org>
List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xenproject.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>
To: "xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>
Cc: Anthony Perard <anthony.perard@citrix.com>, Ian Jackson <Ian.Jackson@citrix.com>, Wei Liu <wei.liu2@citrix.com>, George Dunlap <George.Dunlap@citrix.com>
List-Id: xen-devel@lists.xenproject.org

DQoNCj4gLS0tLS1PcmlnaW5hbCBNZXNzYWdlLS0tLS0NCj4gRnJvbTogWGVuLWRldmVsIFttYWls
dG86eGVuLWRldmVsLWJvdW5jZXNAbGlzdHMueGVucHJvamVjdC5vcmddIE9uIEJlaGFsZg0KPiBP
ZiBHZW9yZ2UgRHVubGFwDQo+IFNlbnQ6IDA1IE5vdmVtYmVyIDIwMTggMTg6MDcNCj4gVG86IHhl
bi1kZXZlbEBsaXN0cy54ZW5wcm9qZWN0Lm9yZw0KPiBDYzogQW50aG9ueSBQZXJhcmQgPGFudGhv
bnkucGVyYXJkQGNpdHJpeC5jb20+OyBJYW4gSmFja3Nvbg0KPiA8SWFuLkphY2tzb25AY2l0cml4
LmNvbT47IFdlaSBMaXUgPHdlaS5saXUyQGNpdHJpeC5jb20+OyBHZW9yZ2UgRHVubGFwDQo+IDxH
ZW9yZ2UuRHVubGFwQGNpdHJpeC5jb20+DQo+IFN1YmplY3Q6IFtYZW4tZGV2ZWxdIFtQQVRDSCB2
NCA0LzZdIHRvb2xzL2RtX3Jlc3RyaWN0OiBVbnNoYXJlIG1vdW50IGFuZA0KPiBJUEMgbmFtZXNw
YWNlcyBvbiBMaW51eA0KPiANCj4gUUVNVSBydW5uaW5nIHVuZGVyIFhlbiBkb2Vzbid0IG5lZWQg
bW91bnQgb3IgSVBDIGZ1bmN0aW9uYWxpdHkuDQo+IENyZWF0ZSBhbmQgZW50ZXIgc2VwYXJhdGUg
bmFtZXNwYWNlcyBmb3IgZWFjaCBvZiB0aGVzZSBiZWZvcmUNCj4gZXhlY3V0aW5nIFFFTVUsIHNv
IHRoYXQgaW4gdGhlIGV2ZW50IHRoYXQgb3RoZXIgcmVzdHJpY3Rpb25zIGZhaWwsIHRoZQ0KPiBw
cm9jZXNzIHdvbid0IGJlIGFibGUgdG8gZXZlbiBuYW1lIHN5c3RlbSBtb3VudCBwb2ludHMgb3Ig
ZXhzdGluZw0KPiBub24tZmlsZS1iYXNlZCBJUEMgZGVzY3JpcHRvcnMgdG8gYXR0ZW1wdCB0byBh
dHRhY2sgdGhlbS4NCj4gDQo+IFVuc2hhcmluZyBpcyBzb21ldGhpbmcgYSBwcm9jZXNzIGNhbiBv
bmx5IGRvIHRvIGl0c2VsZiAoaXQgd291bGQNCj4gc2VlbSk7IHNvIGFkZCBhbiBvcy1zcGVjaWZp
YyAiZG1fcHJlZXhlY19yZXN0cmljdCgpIiBob29rIGp1c3QgYmVmb3JlDQo+IHdlIGV4ZWMoKSB0
aGUgZGV2aWNlIG1vZGVsLg0KPiANCj4gQWxzbyBhZGQgY2hlY2tzIHRvIGRlcHJpdi1wcm9jZXNz
LWNoZWNrZXIuc2ggdG8gdmVyaWZ5IHRoYXQgZG0gaXMNCj4gcnVubmluZyBpbiBhIG5ldyBuYW1l
c3BhY2UgKG9yIGF0IGxlYXN0LCBhIGRpZmZlcmVudCBvbmUgdGhhbiB0aGUNCj4gY2FsbGVyKS4N
Cj4gDQo+IFN1Z2dlc3RlZC1ieTogUm9zcyBMYWdlcndhbGwgPHJvc3MubGFnZXJ3YWxsQGNpdHJp
eC5jb20+DQo+IFNpZ25lZC1vZmYtYnk6IEdlb3JnZSBEdW5sYXAgPGdlb3JnZS5kdW5sYXBAY2l0
cml4LmNvbT4NCj4gQWNrZWQtYnk6IElhbiBKYWNrc29uIDxpYW4uamFja3NvbkBldS5jaXRyaXgu
Y29tPg0KPiAtLS0NCj4gQ2hhbmdlcyBzaW5jZSB2MzoNCj4gLSBGaXggc29tZSBtb3JlIHN0eWxl
IGlzc3Vlcw0KPiANCj4gQ2hhbmdlcyBzaW5jZSB2MjoNCj4gLSBSZXR1cm4gYW4gZXJyb3IgcmF0
aGVyIHRoYW4gY2FsbGluZyBleGl0KCkNCj4gLSBVc2UgTE9HRSgpIGFuZCBwcmludCB0byB0aGUg
Y3VycmVudCBzdGRlcnIgZmQsIHJhdGhlciB0aGFuDQo+ICAgcHJpbnRpbmcgdG8gdGhlIG5ldyBz
dGRlcnIgZmQgdmlhIHdyaXRlKCkNCj4gLSBVc2UgciBmb3IgZXh0ZXJuYWwgcmV0dXJuIHZhbHVl
cyByYXRoZXIgdGhhbiByYy4NCj4gDQo+IENDOiBJYW4gSmFja3NvbiA8aWFuLmphY2tzb25AY2l0
cml4LmNvbT4NCj4gQ0M6IFdlaSBMaXUgPHdlaS5saXUyQGNpdHJpeC5jb20+DQo+IENDOiBBbnRo
b255IFBlcmFyZCA8YW50aG9ueS5wZXJhcmRAY2l0cml4LmNvbT4NCj4gLS0tDQo+ICBkb2NzL2Rl
c2lnbnMvcWVtdS1kZXByaXZpbGVnZS5tZCB8IDEyICsrKysrKy0tLS0tLQ0KPiAgdG9vbHMvbGli
eGwvbGlieGxfZG0uYyAgICAgICAgICAgfCAgNSArKysrKw0KPiAgdG9vbHMvbGlieGwvbGlieGxf
ZnJlZWJzZC5jICAgICAgfCAgNSArKysrKw0KPiAgdG9vbHMvbGlieGwvbGlieGxfaW50ZXJuYWwu
aCAgICAgfCAgNSArKysrKw0KPiAgdG9vbHMvbGlieGwvbGlieGxfbGludXguYyAgICAgICAgfCAx
NCArKysrKysrKysrKysrKw0KPiAgdG9vbHMvbGlieGwvbGlieGxfbmV0YnNkLmMgICAgICAgfCAg
NSArKysrKw0KPiAgNiBmaWxlcyBjaGFuZ2VkLCA0MCBpbnNlcnRpb25zKCspLCA2IGRlbGV0aW9u
cygtKQ0KPiANCj4gZGlmZiAtLWdpdCBhL2RvY3MvZGVzaWducy9xZW11LWRlcHJpdmlsZWdlLm1k
IGIvZG9jcy9kZXNpZ25zL3FlbXUtDQo+IGRlcHJpdmlsZWdlLm1kDQo+IGluZGV4IDAzOTViYmJi
NDAuLmE0NjFlYmJhZGQgMTAwNjQ0DQo+IC0tLSBhL2RvY3MvZGVzaWducy9xZW11LWRlcHJpdmls
ZWdlLm1kDQo+ICsrKyBiL2RvY3MvZGVzaWducy9xZW11LWRlcHJpdmlsZWdlLm1kDQo+IEBAIC03
OCwxMiArNzgsNiBAQCBUaGVuIGFkZHMgdGhlIGZvbGxvd2luZyB0byB0aGUgcWVtdSBjb21tYW5k
LWxpbmU6DQo+IA0KPiAgJycnVGVzdGVkJycnOiBOb3QgdGVzdGVkDQo+IA0KPiAtIyMgUmVzdHJp
Y3Rpb25zIC8gaW1wcm92ZW1lbnRzIHN0aWxsIHRvIGRvDQo+IC0NCj4gLVRoaXMgbGlzdHMgcG90
ZW50aWFsIHJlc3RyaWN0aW9ucyBzdGlsbCB0byBkby4gIEl0IGlzIG1lYW50IHRvIGJlDQo+IC1s
aXN0ZWQgaW4gb3JkZXIgb2YgZWFzZSBvZiBpbXBsZW1lbnRhdGlvbiwgd2l0aCBsb3ctaGFuZ2lu
ZyBmcnVpdA0KPiAtZmlyc3QuDQo+IC0NCj4gICMjIE5hbWVzcGFjZXMgZm9yIHVudXNlZCBmdW5j
dGlvbmFsaXR5IChMaW51eCBvbmx5KQ0KPiANCj4gICcnJ0Rlc2NyaXB0aW9uJycnOiBRRU1VIGRv
ZXNuJ3QgdXNlIHRoZSBmdW5jdGlvbmFsaXR5IGFzc29jaWF0ZWQgd2l0aA0KPiBAQCAtMTExLDYg
KzEwNSwxMiBAQCBjYWxsOg0KPiANCj4gIFtxZW11LW5hbWVzcGFjZXNdOiBodHRwczovL2xpc3Rz
LmdudS5vcmcvYXJjaGl2ZS9odG1sL3FlbXUtZGV2ZWwvMjAxNy0NCj4gMTAvbXNnMDQ3MjMuaHRt
bA0KPiANCj4gKyMgUmVzdHJpY3Rpb25zIC8gaW1wcm92ZW1lbnRzIHN0aWxsIHRvIGRvDQo+ICsN
Cj4gK1RoaXMgbGlzdHMgcG90ZW50aWFsIHJlc3RyaWN0aW9ucyBzdGlsbCB0byBkby4gIEl0IGlz
IG1lYW50IHRvIGJlDQo+ICtsaXN0ZWQgaW4gb3JkZXIgb2YgZWFzZSBvZiBpbXBsZW1lbnRhdGlv
biwgd2l0aCBsb3ctaGFuZ2luZyBmcnVpdA0KPiArZmlyc3QuDQo+ICsNCj4gICMjIyBCYXNpYyBS
TElNSVRzDQo+IA0KPiAgJycnRGVzY3JpcHRpb24nJyc6IEEgbnVtYmVyIG9mIGxpbWl0cyBvbiB0
aGUgcmVzb3VyY2VzIHRoYXQgYSBnaXZlbg0KPiBkaWZmIC0tZ2l0IGEvdG9vbHMvbGlieGwvbGli
eGxfZG0uYyBiL3Rvb2xzL2xpYnhsL2xpYnhsX2RtLmMNCj4gaW5kZXggYWQzZWZjYzc4My4uMjc4
Y2ZkNmU2ZSAxMDA2NDQNCj4gLS0tIGEvdG9vbHMvbGlieGwvbGlieGxfZG0uYw0KPiArKysgYi90
b29scy9saWJ4bC9saWJ4bF9kbS5jDQo+IEBAIC0yMzkzLDYgKzIzOTMsMTEgQEAgcmV0cnlfdHJh
bnNhY3Rpb246DQo+ICAgICAgICAgIGdvdG8gb3V0X2Nsb3NlOw0KPiAgICAgIGlmICghcmMpIHsg
LyogaW5uZXIgY2hpbGQgKi8NCj4gICAgICAgICAgc2V0c2lkKCk7DQo+ICsgICAgICAgIGlmIChs
aWJ4bF9kZWZib29sX3ZhbChiX2luZm8tPmRtX3Jlc3RyaWN0KSkgew0KPiArICAgICAgICAgICAg
cmMgPSBsaWJ4bF9fbG9jYWxfZG1fcHJlZXhlY19yZXN0cmljdChnYyk7DQo+ICsgICAgICAgICAg
ICBpZiAocmMpDQo+ICsgICAgICAgICAgICAgICAgX2V4aXQoLTEpOw0KPiArICAgICAgICB9DQo+
ICAgICAgICAgIGxpYnhsX19leGVjKGdjLCBudWxsLCBsb2dmaWxlX3csIGxvZ2ZpbGVfdywgZG0s
IGFyZ3MsIGVudnMpOw0KPiAgICAgIH0NCj4gDQo+IGRpZmYgLS1naXQgYS90b29scy9saWJ4bC9s
aWJ4bF9mcmVlYnNkLmMgYi90b29scy9saWJ4bC9saWJ4bF9mcmVlYnNkLmMNCj4gaW5kZXggNjQ0
MmNjZWM3Mi4uZjdlZjRhODkxMCAxMDA2NDQNCj4gLS0tIGEvdG9vbHMvbGlieGwvbGlieGxfZnJl
ZWJzZC5jDQo+ICsrKyBiL3Rvb2xzL2xpYnhsL2xpYnhsX2ZyZWVic2QuYw0KPiBAQCAtMjQ1LDMg
KzI0NSw4IEBAIGludCBsaWJ4bF9fcGNpX3RvcG9sb2d5X2luaXQobGlieGxfX2djICpnYywNCj4g
IHsNCj4gICAgICByZXR1cm4gRVJST1JfTkk7DQo+ICB9DQo+ICsNCj4gK2ludCBsaWJ4bF9fbG9j
YWxfZG1fcHJlZXhlY19yZXN0cmljdChsaWJ4bF9fZ2MgKmdjKQ0KPiArew0KPiArICAgIHJldHVy
biAwOw0KPiArfQ0KPiBkaWZmIC0tZ2l0IGEvdG9vbHMvbGlieGwvbGlieGxfaW50ZXJuYWwuaCBi
L3Rvb2xzL2xpYnhsL2xpYnhsX2ludGVybmFsLmgNCj4gaW5kZXggZmY4ODkzODVmZS4uZTQ5ODQz
NWUxNiAxMDA2NDQNCj4gLS0tIGEvdG9vbHMvbGlieGwvbGlieGxfaW50ZXJuYWwuaA0KPiArKysg
Yi90b29scy9saWJ4bC9saWJ4bF9pbnRlcm5hbC5oDQo+IEBAIC0zNzc0LDYgKzM3NzQsMTEgQEAg
c3RydWN0IGxpYnhsX19kbV9zcGF3bl9zdGF0ZSB7DQo+IA0KPiAgX2hpZGRlbiB2b2lkIGxpYnhs
X19zcGF3bl9sb2NhbF9kbShsaWJ4bF9fZWdjICplZ2MsDQo+IGxpYnhsX19kbV9zcGF3bl9zdGF0
ZSopOw0KPiANCj4gKy8qDQo+ICsgKiBDYWxsZWQgYWZ0ZXIgZm9ya2luZyBidXQgYmVmb3JlIGV4
ZWN1dGluZyB0aGUgbG9jYWwgZGV2aWNlbW9kZWwuDQo+ICsgKi8NCj4gK19oaWRkZW4gaW50IGxp
YnhsX19sb2NhbF9kbV9wcmVleGVjX3Jlc3RyaWN0KGxpYnhsX19nYyAqZ2MpOw0KPiArDQo+ICAv
KiBTdHViZG9tIGRldmljZSBtb2RlbHMuICovDQo+IA0KPiAgdHlwZWRlZiBzdHJ1Y3Qgew0KPiBk
aWZmIC0tZ2l0IGEvdG9vbHMvbGlieGwvbGlieGxfbGludXguYyBiL3Rvb2xzL2xpYnhsL2xpYnhs
X2xpbnV4LmMNCj4gaW5kZXggNmVmMGFiYzY5My4uYzdhMzQ1ZjRiYiAxMDA2NDQNCj4gLS0tIGEv
dG9vbHMvbGlieGwvbGlieGxfbGludXguYw0KPiArKysgYi90b29scy9saWJ4bC9saWJ4bF9saW51
eC5jDQo+IEBAIC0zMDcsNiArMzA3LDIwIEBAIGludCBsaWJ4bF9fcGNpX3RvcG9sb2d5X2luaXQo
bGlieGxfX2djICpnYywNCj4gICAgICByZXR1cm4gZXJyOw0KPiAgfQ0KPiANCj4gK2ludCBsaWJ4
bF9fbG9jYWxfZG1fcHJlZXhlY19yZXN0cmljdChsaWJ4bF9fZ2MgKmdjKQ0KPiArew0KPiArICAg
IGludCByOw0KPiArDQo+ICsgICAgLyogVW5zaGFyZSBtb3VudCBhbmQgSVBDIG5hbWVzcGFjZXMu
ICBUaGVzZSBhcmUgdW51c2VkIGJ5IFFFTVUuICovDQo+ICsgICAgciA9IHVuc2hhcmUoQ0xPTkVf
TkVXTlMgfCBDTE9ORV9ORVdJUEMpOw0KPiArICAgIGlmIChyKSB7DQo+ICsgICAgICAgIExPR0Uo
RVJST1IsICJsaWJ4bDogTW91bnQgYW5kIElQQyBuYW1lc3BhY2UgdW5mYWlsZWQiKTsNCj4gKyAg
ICAgICAgcmV0dXJuIEVSUk9SX0ZBSUw7DQo+ICsgICAgfQ0KPiArDQo+ICsgICAgcmV0dXJuIDA7
DQo+ICt9DQo+ICsNCj4gIC8qDQo+ICAgKiBMb2NhbCB2YXJpYWJsZXM6DQo+ICAgKiBtb2RlOiBD
DQo+IGRpZmYgLS1naXQgYS90b29scy9saWJ4bC9saWJ4bF9uZXRic2QuYyBiL3Rvb2xzL2xpYnhs
L2xpYnhsX25ldGJzZC5jDQo+IGluZGV4IDJlZGZiMDA2NDEuLmRjZTNmMWZkY2UgMTAwNjQ0DQo+
IC0tLSBhL3Rvb2xzL2xpYnhsL2xpYnhsX25ldGJzZC5jDQo+ICsrKyBiL3Rvb2xzL2xpYnhsL2xp
YnhsX25ldGJzZC5jDQo+IEBAIC0xMjQsMyArMTI0LDggQEAgaW50IGxpYnhsX19wY2lfdG9wb2xv
Z3lfaW5pdChsaWJ4bF9fZ2MgKmdjLA0KPiAgew0KPiAgICAgIHJldHVybiBFUlJPUl9OSTsNCj4g
IH0NCj4gKw0KPiArdm9pZCBsaWJ4bF9fbG9jYWxfZG1fcHJlZXhlY19yZXN0cmljdChsaWJ4bF9f
Z2MgKmdjLCBpbnQgc3RkZXJyZmQpDQo+ICt7DQo+ICsgICAgcmV0dXJuOw0KPiArfQ0KDQpUaGlz
IGlzIGEgdm9pZCBmdW5jdGlvbiB3aGVyZWFzIHRoZSBjYWxsZXIgYWx3YXlzIGFwcGVhcnMgdG8g
ZXhwZWN0IGFuIGludCByZXR1cm4gdmFsdWUsIHJlZ2FyZGxlc3Mgb2YgT1MuDQoNCiAgUGF1bA0K
DQo+IC0tDQo+IDIuMTkuMQ0KPiANCj4gDQo+IF9fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX19fDQo+IFhlbi1kZXZlbCBtYWlsaW5nIGxpc3QNCj4gWGVuLWRldmVs
QGxpc3RzLnhlbnByb2plY3Qub3JnDQo+IGh0dHBzOi8vbGlzdHMueGVucHJvamVjdC5vcmcvbWFp
bG1hbi9saXN0aW5mby94ZW4tZGV2ZWwNCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fClhlbi1kZXZlbCBtYWlsaW5nIGxpc3QKWGVuLWRldmVsQGxpc3RzLnhl
bnByb2plY3Qub3JnCmh0dHBzOi8vbGlzdHMueGVucHJvamVjdC5vcmcvbWFpbG1hbi9saXN0aW5m
by94ZW4tZGV2ZWw=