| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <8bb63f0a-d0b7-edf7-6dca-4d12641074b4@suse.de>
Date: Wed, 2 Aug 2017 17:07:19 +1000
From: Aleksa Sarai <asarai@...e.de>
To: Cao Shufeng <caosf.fnst@...fujitsu.com>,
linux-kernel@...r.kernel.org
Cc: containers@...ts.linux-foundation.org,
mashimiao.fnst@...fujitsu.com, ebiederm@...ssion.com
Subject: Re: [PATCH_v4.1_3/3] Make core_pattern support namespace
> Currently, each container shared one copy of coredump setting
> with the host system, if host system changed the setting, each
> running containers will be affected.
> Same story happened when container changed core_pattern, both
> host and other container will be affected.
>
> For container based on namespace design, it is good to allow
> each container keeping their own coredump setting.
From what I can see, this is basically setting a per-pidns core_pattern
(which is hierarchically applied). I'm not sure this actually solves the
more general problem (that usermode helper settings aren't generally
namespace-aware) -- and what happens if you have processes in the same
pidns that have different mount namespaces?
If we _had_ to do it like this I would think it makes more sense to pin
it to mountns, but I was under the impression that someone was working
on making usermode helpers play nicer with namespaces.
Just my $0.02.
--
Aleksa Sarai
Software Engineer (Containers)
SUSE Linux GmbH
https://www.cyphar.com/
Powered by blists - more mailing lists