lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <1419330039-29207-1-git-send-email-chenhanxiao@cn.fujitsu.com>
Date:	Tue, 23 Dec 2014 18:20:36 +0800
From:	Chen Hanxiao <chenhanxiao@...fujitsu.com>
To:	"Eric W. Biederman" <ebiederm@...ssion.com>,
	Serge Hallyn <serge.hallyn@...ntu.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Pavel Emelyanov <xemul@...allels.com>
CC:	<containers@...ts.linux-foundation.org>,
	<linux-kernel@...r.kernel.org>,
	David Howells <dhowells@...hat.com>,
	Vasiliy Kulikov <segooon@...il.com>,
	Mateusz Guzik <mguzik@...hat.com>,
	Oleg Nesterov <oleg@...hat.com>,
	Richard Weinberger <richard.weinberger@...il.com>
Subject: [resend][PATCH v9 0/3] ns, procfs: pid conversion between ns and showing pidns hierarchy

This series will expose pid inside containers
via procfs.
Also show the hierarchy of pid namespcae.
Then we could know how pid looks inside a container
and their ns relationships.

1. helpful for nested container checkpoint/restore

  We could know whether two pids had relationship
  between each other.

      init_pid_ns 1
            │
   ┌────────────┐
  ns1                       ns2
   │                        │
  200                       300
                             │
                            ns2
                             │
                            400

  #cat /proc/pidns_hierarchy
  200 1 1
  300 1 1
  400 300 2

2. useful for pid translation from container
  Ex:
       init_pid_ns    ns1         ns2
   t1  2
   t2   `- 3          1
   t3   `- 4          3
   t4       `- 5      `- 5        1
   t5       `- 6      `- 8        3

  It could solve problems like: we see a pid 3 goes wrong
  in container's log, what is its pid on hosts:
  a) inside container:
  # readlink /proc/3/ns/pid
  pid:[4026532388]

  b) on host:
  We show it in the form of :
  <init_PID> <parent_of_init_PID> <relative PID level>

  # cat /proc/pidns_hierarchy
  14918 1 1
  16263 14918 2
  16581 1 1
  Then we could easily find /proc/16263/ns/pid->4026532388.
  On host, we knew that reported pid 3 is in level 2,
   and its parental pid ns is from pid 14918.

  c) on host, check child of 16263, grep it from status:
  NSpid:  16268   8       3

  We knew that pid 16268 is pid 3 reported by container.

v9: fix codes be inluded if CONFIG_PID_NS=n
    add docs to describe the usage of pidns_hierarchy procfs
v8: fix some improper comments
    use max() from kernel.h
v7: change pidns_hierarchy style to be consistent
    with current interface like:
    <init_PID> <parent_of_init_PID> <relative PID level>
    remove EXPERT dependent in Kconfig.
v6: fix some get_pid leaks and do some cleanups.
v5: collect pid by find_ge_pid;
    use local list inside nslist_proc_show;
    use get_pid, remove mutex lock.
v4: simplify pid collection and some performance optimizamtion;
    fix another race issue.
v3: fix a race issue and memory leak issue in pidns_hierarchy;
    add another two fielsd: NSpgid and NSsid.
v2: use a procfs text file, replacing dirs under /proc for
    showing pidns hierarchy;
    add two new fields: NStgid and NSpid
    keep fields of Tgid and Pid unchanged for back compatibility.

Chen Hanxiao (3):
  procfs: show hierarchy of pid namespace
  /proc/PID/status: show all sets of pid according to ns
  Documentation: add docs for /proc/pidns_hierarchy

 Documentation/namespaces/pidns-hierarchy.txt |  51 +++++
 fs/proc/Kconfig                              |   6 +
 fs/proc/Makefile                             |   1 +
 fs/proc/array.c                              |  16 ++
 fs/proc/internal.h                           |   9 +
 fs/proc/pidns_hierarchy.c                    | 280 +++++++++++++++++++++++++++
 fs/proc/root.c                               |   1 +
 7 files changed, 364 insertions(+)
 create mode 100644 Documentation/namespaces/pidns-hierarchy.txt
 create mode 100644 fs/proc/pidns_hierarchy.c

-- 
1.9.3

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ