| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 29 Nov 2007 07:57:28 -0600 From: "Serge E. Hallyn" <serue@...ibm.com> To: Andrew Morton <akpm@...ux-foundation.org> Cc: Cedric Le Goater <clg@...ibm.com>, Linux Containers <containers@...ts.osdl.org>, "Eric W. Biederman" <ebiederm@...ssion.com>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, Pavel Emelyanov <xemul@...nvz.org> Subject: Re: [patch -mm 2/4] mqueue namespace : add unshare support Quoting Andrew Morton (akpm@...ux-foundation.org): > On Thu, 29 Nov 2007 11:28:28 +0100 Cedric Le Goater <clg@...ibm.com> wrote: > > > >> Index: 2.6.24-rc3-mm2/include/linux/sched.h > > >> =================================================================== > > >> --- 2.6.24-rc3-mm2.orig/include/linux/sched.h > > >> +++ 2.6.24-rc3-mm2/include/linux/sched.h > > >> @@ -27,6 +27,7 @@ > > >> #define CLONE_NEWUSER 0x10000000 /* New user namespace */ > > >> #define CLONE_NEWPID 0x20000000 /* New pid namespace */ > > >> #define CLONE_NEWNET 0x40000000 /* New network namespace */ > > >> +#define CLONE_NEWMQ 0x80000000 /* New posix mqueue namespace */ > > > > > > That's it :) We've run out of clone flags on 32-bit platforms :( > > > > yes. > > > > I have been giving some thoughts to a clone2() to extend the flags > > There appears to be little alternative. Just thinking aloud, but given the concerns with the safety and sanity of unsharing only partial namespaces, and before much userspace is depending on any of CLONE_NEWUTS,CLONE_NEWIPC,CLONE_NEWUSER,CLONE_NEWNET,CLONE_NEWMQUEUE maybe we should have traditional clone only support CLONE_NEWNS (since it's the most useful on its own) and CLONE_NEWCONTAINER, where CLONE_NEWCONTAINER always unshares all the namespaces we know about. Then clone2 can allow more finegrained choice of namespaces. It takes the exact same clone_flags as clone(), but instead of parent_tidptr and child_tidptr args it has a ns_unshare flag which specifies which namespaces to unshare. -serge > > but > > andrew is preparing to recycle CLONE_DETACHED and CLONE_STOPPED for > > 2.6.26. Some we might have some more time in front of us. > > CLONE_DETACHED proved to be in use. There are no reports of anyone using > CLONE_STOPPED though. > > _______________________________________________ > Containers mailing list > Containers@...ts.linux-foundation.org > https://lists.linux-foundation.org/mailman/listinfo/containers - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists