lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 5 Jun 2007 08:16:55 -0500
From:	"Serge E. Hallyn" <serue@...ibm.com>
To:	Pavel Emelianov <xemul@...nvz.org>
Cc:	"Serge E. Hallyn" <serue@...ibm.com>, menage@...gle.com,
	Andrew Morton <akpm@...ux-foundation.org>, dev@...ru,
	vatsa@...ibm.com, ebiederm@...ssion.com, svaidy@...ux.vnet.ibm.com,
	balbir@...ibm.com, pj@....com, cpw@....com,
	ckrm-tech@...ts.sourceforge.net, linux-kernel@...r.kernel.org,
	containers@...ts.osdl.org, mbligh@...gle.com, rohitseth@...gle.com,
	devel@...nvz.org
Subject: Re: [PATCH 1/1] containers: implement nsproxy containers subsystem

Quoting Pavel Emelianov (xemul@...nvz.org):
> Serge E. Hallyn wrote:
> > Quoting Pavel Emelianov (xemul@...nvz.org):
> >> Serge E. Hallyn wrote:
> >>> >From 190ea72d213393dd1440643b2b87b5b2128dff87 Mon Sep 17 00:00:00 2001
> >>> From: Serge E. Hallyn <serue@...ibm.com>
> >>> Date: Mon, 4 Jun 2007 14:18:52 -0400
> >>> Subject: [PATCH 1/1] containers: implement nsproxy containers subsystem
> >>>
> >>> When a task enters a new namespace via a clone() or unshare(), a new
> >>> container is created and the task moves into it.  This enables
> >> I have a design question.
> >>
> >> How the child that has a new namespace guesses what id
> >> this namespace has in containers?
> > 
> > parse /proc/$$/container
> 
> Ok.
> 
> > So more likely the parent would have to grab the cloned pid of the
> > child, parse /proc/$$/container, then rename the container.
> 
> Child can happen to die before this and we'll have an orphaned
> container. I mean, it will be deletable, but its name will be unknown.

Can we address that with a release_agent?

Or, the program which did the unshare() (or the fn which was cloned())
can print out it's /proc/getpid()/container before it (optionally resets
stdout and) executes the actual program to be run in the container.

> Maybe its better to get the containers id from the pid of new task?

Hmm, that seems reasonable.  In fact I like it.

Good idea, thanks.  I think I'll go ahead and implement that.

-serge
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ