| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <5871495633F38949900D2BF2DC04883E51F963@G08CNEXMBPEKD02.g08.fujitsu.local> Date: Tue, 27 May 2014 10:01:53 +0000 From: "chenhanxiao@...fujitsu.com" <chenhanxiao@...fujitsu.com> To: Vasily Kulikov <segooon@...il.com> CC: "containers@...ts.linux-foundation.org" <containers@...ts.linux-foundation.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, Serge Hallyn <serge.hallyn@...ntu.com>, "Oleg Nesterov" <oleg@...hat.com>, David Howells <dhowells@...hat.com>, "Eric W. Biederman" <ebiederm@...ssion.com>, Andrew Morton <akpm@...ux-foundation.org>, Al Viro <viro@...iv.linux.org.uk> Subject: RE: [PATCH] /proc/pid/status: show all sets of pid according to ns Hi Vasily, > -----Original Message----- > From: Vasily Kulikov [mailto:segooon@...il.com] > Sent: Tuesday, May 27, 2014 2:05 AM > To: Chen, Hanxiao/陈 晗霄 > Cc: containers@...ts.linux-foundation.org; linux-kernel@...r.kernel.org; Serge > Hallyn; Oleg Nesterov; David Howells; Eric W. Biederman; Andrew Morton; Al Viro > Subject: Re: [PATCH] /proc/pid/status: show all sets of pid according to ns > > Hi Chen, > > On Mon, May 26, 2014 at 18:05 +0800, Chen Hanxiao wrote: > > We need a direct method of getting the pid inside containers. > > If some issues occurred inside a container guest, host user > > could not know which process is in trouble just by guest pid: > > the users of container guest only knew the pid inside containers. > > This will bring obstacle for trouble shooting. > > > > This patch expands fields of Tgid and Pid: > > a) In init_pid_ns, nothing changed; > > > > b) In one pidns, they will tell the pid inside containers: > > Tgid: 1628 9 3 > > Pid: 1628 9 3 > > ** process id is 1628 in level 0, 9 in level 1, 3 in level 2. > > 1. It breaks ABI. Any application which does something like "grep pid: | cut -d: > -f2" > is now broken by the patch. Maybe add a new field like 'Pid-ns', 'PidNS', > or 'Pids' and leave the old one for compatibility? > Thanks for your comments. Adding a new field could solve backward compatibility issue. > 2. Is it OK to show internal pids to unprivileged processes? I cannot > see anything obviously dangerous with it, though. > I thinks just 'showing' them would not bring some troubles. > > c) If pidns is nested, it depends on which pidns are you in. > > Tgid: 9 3 > > Pid: 9 3 > > ** Views from level 1 for Pid 1628 in host. > > -- > Vasily Thanks, - Chen
Powered by blists - more mailing lists