lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1362535117.7276.6@driftwood>
Date:	Tue, 05 Mar 2013 19:58:37 -0600
From:	Rob Landley <rob@...dley.net>
To:	"Eric W. Biederman" <ebiederm@...ssion.com>
Cc:	mtk.manpages@...il.com, linux-man <linux-man@...r.kernel.org>,
	Linux Containers <containers@...ts.linux-foundation.org>,
	lkml <linux-kernel@...r.kernel.org>
Subject: Re: For review: pid_namespaces(7) man page

On 03/04/2013 11:52:19 AM, Eric W. Biederman wrote:
> > How about this:
> >
> >        The  point  here is that unshare(2) and setns(2) change the  
> PID
> >        namespace for processes subsequently created by the caller,  
> but
> >        not  for the calling process, while clone(2) CLONE_VM  
> specifies
> >        the creation of a new thread in the same process.
> 
> Hmm.  How about this.
> 
>          The point here is that unshare(2) and setns(2) change the PID
>          namespace that will be used by in all subsequent calls to  
> clone
>          and fork by the caller, but not for the calling process, and
>          that all threads in a process must share the same PID
>          namespace.  Which makes a subsequent clone(2) CLONE_VM
>          specify the creation of a new thread in the a different PID
>          namespace but in the same process which is impossible.

CLONE_VM and CLONE_NEWPID are incompatible because all threads of the  
same process must be in the same PID namespace. Since unshare(2) and  
setns(2) change the PID namespace for subsequent calls to clone(2),  
those subsequent calls cannot create new threads (unless you setns(2)  
back to the original namespace first).

That last bit's a guess. :)

Rob--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ