| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 12 Sep 2018 09:51:27 -0700
From: Andi Kleen <ak@...ux.intel.com>
To: Chengdong Li <chengdong.li@...ux.alibaba.com>
Cc: ebiederm@...ssion.com, peterz@...radead.org,
kjlx@...pleofstupid.com, hbathini@...ux.vnet.ibm.com,
brendan.d.gregg@...il.com, linux-kernel@...r.kernel.org,
chengdong.licd@...baba-inc.com
Subject: Re: Question: How to switch a process namespace by nsfs "device" and
inode number directly?
On Wed, Sep 12, 2018 at 10:05:27AM +0800, Chengdong Li wrote:
> Thank you, Andi!
>
> Yes, that's a situation, also it's an important one I guess.
>
> Another case is that a process running inside a container has exited but the
> container still alive.I think this is also a common case. The potential fix
> solutions I am thinking are following:
>
> - Using nsfs "device" and inum. This is why I am asking for your help. As we
> already have nsfs "device" and inum of each thread at least.
>
> - If the current thread has exited, it's probably the parent thread and the
> leader thread of that container are still alive. If we could have those
> threads' pid, then we could use setns.
This would require perf record to parse the data stream and do this
in time. There's no guarantee it can do that in time, and it would
cause a lot more overhead. Currently the data is just passed through.
>
> If the first item is not doable, I would like to try the second one.
Yes I think that's needed.
-Andi
Powered by blists - more mailing lists