| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <5871495633F38949900D2BF2DC04883E5ACF79@G08CNEXMBPEKD02.g08.fujitsu.local> Date: Tue, 16 Sep 2014 09:06:58 +0000 From: "Chen, Hanxiao" <chenhanxiao@...fujitsu.com> To: "Serge E. Hallyn" <serge@...lyn.com> CC: "containers@...ts.linux-foundation.org" <containers@...ts.linux-foundation.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, Richard Weinberger <richard.weinberger@...il.com>, Serge Hallyn <serge.hallyn@...ntu.com>, "Oleg Nesterov" <oleg@...hat.com>, David Howells <dhowells@...hat.com>, "Eric W. Biederman" <ebiederm@...ssion.com>, Al Viro <viro@...iv.linux.org.uk> Subject: RE: [RFC PATCH 0/3] ns, procfs: pid conversion between ns and showing pidns hierarchy Hi, > -----Original Message----- > From: Serge E. Hallyn [mailto:serge@...lyn.com] > > Hi, > > so the below is just 30 mins worth of playing around, will hang if you give > it bad pids, and requires privilege, but shows how to get pid conversion > in some cases. Basically it gives you what I had previously suggested > for the query_pid syscall before. > Thanks for teaching me of how ucred could be used for this case. > In general, usage is > > translatepid reporter_pid dest_pid query_pid > > where reporter_pid and dest_pid are pids in your pidns. It will assume > query_pid is a valid pid in reporter_pid's pidns, and return the pid of > the same process in dest_pid's namespace. > > In particular, > > if a process in a container (say pid 1, pid 24444 in the host pidns) > reports something about another process (say pid 262) in the container, > and you have a shell (pid 1092) on the host, you can figure out the pid > for 262 in your host pidns using > > translatepid $$ 24444 262 > > or to figure out what pid 25152 on the host is knows as in the > container, > > translatepid 24444 $$ 25152 > It's very easy to use:) > I wonder whether this is enough to give you all you need. While it > won't be super-fast, you could use and ppid info to figure out who > is pid 1, etc. Yes, functionally it's very good. But for the cases of utilizes like sosreport, ps, it's a bit of slow. So the procfs still has its advantages. And also, I think the pidns hierarchy is needed. I'll send the v2 ns hierarchy patch soon. Thanks, - Chen
Powered by blists - more mailing lists