| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 16 Nov 2012 08:32:43 -0800
From: ebiederm@...ssion.com (Eric W. Biederman)
To: Linux Containers <containers@...ts.linux-foundation.org>
Cc: <linux-kernel@...r.kernel.org>, Oleg Nesterov <oleg@...sign.ru>,
"Serge E. Hallyn" <serge@...lyn.com>,
Gao feng <gaofeng@...fujitsu.com>,
Andrew Morton <akpm@...ux-foundation.org>
Subject: [REVIEW][PATCH 0/11] pid namespace cleanups and enhancements
This patchset is my pile of pid namespace patches that I have been
sitting on for entirely too long. I have been running and testing these
changes for a while but if anyone sees any problems please let me know.
Feature wise this patchset adds unshare and setns support for the pid
namespace.
Cleanup wise this patchset adds an explicit count of how many pids are
hashed in a pid namespace and uses that count to trigger the unmounting
of the internal kernel mount of proc. The current scheme is buggy and
entirely too clever to continue living.
Some proc bits that were added to support the pid namespace initially
are removed, as they are no no longer necessary.
These patches are also available at:
git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git pidns-v73
Since some of this work is closely allied with the user namespace bits I
have pending I intend to merge these changes through my user namespace
tree.
Eric W. Biederman (11):
procfs: Use the proc generic infrastructure for proc/self.
procfs: Don't cache a pid in the root inode.
pidns: Capture the user namespace and filter ns_last_pid
pidns: Use task_active_pid_ns where appropriate
pidns: Make the pidns proc mount/umount logic obvious.
pidns: Don't allow new processes in a dead pid namespace.
pidns: Wait in zap_pid_ns_processes until pid_ns->nr_hashed == 1
pidns: Deny strange cases when creating pid namespaces.
pidns: Add setns support
pidns: Consolidate initialzation of special init task state
pidns: Support unsharing the pid namespace.
arch/powerpc/platforms/cell/spufs/sched.c | 2 +-
arch/um/drivers/mconsole_kern.c | 2 +-
drivers/staging/android/binder.c | 3 +-
fs/hppfs/hppfs.c | 2 +-
fs/proc/Makefile | 1 +
fs/proc/base.c | 169 +----------------------------
fs/proc/internal.h | 1 +
fs/proc/namespaces.c | 3 +
fs/proc/root.c | 16 +---
fs/proc/self.c | 59 ++++++++++
include/linux/pid_namespace.h | 10 ++-
include/linux/proc_fs.h | 1 +
init/main.c | 1 -
kernel/cgroup.c | 2 +-
kernel/events/core.c | 2 +-
kernel/exit.c | 12 --
kernel/fork.c | 42 +++++---
kernel/nsproxy.c | 4 +-
kernel/pid.c | 46 +++++++--
kernel/pid_namespace.c | 99 +++++++++++++----
kernel/signal.c | 2 +-
kernel/sysctl_binary.c | 2 +-
22 files changed, 231 insertions(+), 250 deletions(-)
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists