lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <53EA7B69.9060800@colorfullife.com>
Date:	Tue, 12 Aug 2014 22:39:05 +0200
From:	Manfred Spraul <manfred@...orfullife.com>
To:	"Eric W. Biederman" <ebiederm@...ssion.com>
CC:	Andrew Morton <akpm@...ux-foundation.org>,
	LKML <linux-kernel@...r.kernel.org>,
	Davidlohr Bueso <davidlohr.bueso@...com>,
	Michael Kerrisk <mtk.manpages@...il.com>,
	Rafael Aquini <aquini@...hat.com>,
	Rik van Riel <riel@...hat.com>, 1vier1@....de,
	serge@...lyn.com, containers@...ts.linux-foundation.org
Subject: Re: [PATCH 3/3] ipc namespace: copy settings from parent namespace

Hi Eric,

On 08/12/2014 12:37 PM, Eric W. Biederman wrote:
> Manfred Spraul <manfred@...orfullife.com> writes:
>
> Sigh. Patches for new code during the merge window.  It is a really
> rotten time to look at new things.
>
>> Right now, each new IPC namespace starts with the kernel default values.
>> This means that changes that were made to the limits get overwritten.
>>
>> With this patch, a new namespace inherits the settings from the parent
>> namespace, which is less surprising.
> In principle I agree.
>
> In practice I have to ask what have you done to survey applications
> that use the ipc namespace to see if they will break with this change in
> semantics.
I know this is the wrong answer, but:
What I find are problems caused by the current behavior.

See e.g.:
https://bugzilla.redhat.com/show_bug.cgi?id=1004724

Some background:
The e.g. sysvshm limits were not updated for many years and many
applications only ran properly if sysvshm limits are increased.
(now the defaults are large, but only since ~3.15)

Increasing is simple: sysctl kernel.shmmax=<>, but somehow this
must happen inside the container.

Right now, the most common approach seems to be the solution from the 
bugzilla above:
Just marc /proc as read-write and do it manually.

With the patch, the kernel would propagate the value from parent to child.

--
     Manfred
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ