| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 17 Jul 2015 12:19:50 +0200
From: Peter Zijlstra <peterz@...radead.org>
To: Aravinda Prasad <aravinda@...ux.vnet.ibm.com>
Cc: linux-kernel@...r.kernel.org, rostedt@...dmis.org,
mingo@...hat.com, paulus@...ba.org, acme@...nel.org,
hbathini@...ux.vnet.ibm.com, ananth@...ibm.com
Subject: Re: [RFC PATCH] perf: Container-aware tracing support
On Wed, Jul 15, 2015 at 09:51:52PM +0530, Aravinda Prasad wrote:
> >> + } else if (task_active_pid_ns(current) != &init_pid_ns) {
> >
> > Why the pid namespace?
>
> This comes from my understanding of container -- having at least a
> separate PID namespace with processes inside a container grouped into a
> single perf_event cgroups subsystem.
>
> I know there are other ways to define a container, however, I thought I
> start with the above one.
Right, but you should at least mention this, preferably in a comment.
> >
> >> + /* Don't set event->cgrp if task belongs to root cgroup */
> >> + if (task_css_is_root(current, perf_event_cgrp_id))
> >> + return ret;
> >
> > So if you have the root perf_cgroup inside your container you can
> > escape?
>
> If we have root perf_cgroup inside the container then even if we set
> event->cgrp we will be including all processes in the system.
Yes, that's what I said. Why does that make sense?
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists