lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 2 Aug 2017 17:07:19 +1000
From:   Aleksa Sarai <asarai@...e.de>
To:     Cao Shufeng <caosf.fnst@...fujitsu.com>,
        linux-kernel@...r.kernel.org
Cc:     containers@...ts.linux-foundation.org,
        mashimiao.fnst@...fujitsu.com, ebiederm@...ssion.com
Subject: Re: [PATCH_v4.1_3/3] Make core_pattern support namespace

> Currently, each container shared one copy of coredump setting
> with the host system, if host system changed the setting, each
> running containers will be affected.
> Same story happened when container changed core_pattern, both
> host and other container will be affected.
> 
> For container based on namespace design, it is good to allow
> each container keeping their own coredump setting.

 From what I can see, this is basically setting a per-pidns core_pattern 
(which is hierarchically applied). I'm not sure this actually solves the 
more general problem (that usermode helper settings aren't generally 
namespace-aware) -- and what happens if you have processes in the same 
pidns that have different mount namespaces?

If we _had_ to do it like this I would think it makes more sense to pin 
it to mountns, but I was under the impression that someone was working 
on making usermode helpers play nicer with namespaces.

Just my $0.02.

-- 
Aleksa Sarai
Software Engineer (Containers)
SUSE Linux GmbH
https://www.cyphar.com/

Powered by blists - more mailing lists