Re: Remaining work for userns

view
thread

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Eric W. Biederman

Date: Friday, July 30, 2010 - 5:23 pm

"Serge E. Hallyn" <serge@hallyn.com> writes:

quoted text> Quoting Matt Helsley (matthltc@us.ibm.com):
>> On Thu, Jul 29, 2010 at 05:39:57PM -0500, Serge E. Hallyn wrote:
>> > Quoting Matt Helsley (matthltc@us.ibm.com):
>> > > On Thu, Jul 29, 2010 at 02:58:12PM -0500, Serge E. Hallyn wrote:
>> 
>> <snip>
>> 
>> > 
>> > BTW in the past the only reason I saw for keeping ns cgroup was
>> > to lock tasks into a devices cgroup.  Until that lazy guy who was
>> > going to do it gets off his butt and implements user namespaces,
>> > you'll just have to use LSMs, which is the right way.
>> 
>> And the only missing piece of userns is replacing the cred checks
>> right? If so, it might be possible to come up with a coccinelle semantic
>> patch which would do all/most of the hard work -- depends on whether the
>> all the checks fit a small number of semantic patterns.
>
> I think the thing that always puts the brakes on when I get started
> is siginfo_t.  We need some way to reference user namespaces in there,
> without enforcing lifetime rules on siginfo.

As I recall signal delivery in the kernel lands the signal in the
queue of the destination process before the syscall returns.  If that
is true we should be able to handle signal delivery by just doing
whatever conversions are needed during delivery.

aka the userns should just be task->nsproxy->user_ns for
task->signal->queue.  We cannot unshare the user namespace so there
are no nasty races.

I am reminded that I may want to play with the user namespace and
unshare when I get setns refresh and reviewed for inclusion.  Still
none of that should affect the fact that a task should never be
able to change user namespaces.

quoted text> What you mention is definately a chunk as well, so if you are interested
> in pursuing that that'd be great.
>
> Also, reviewing the patches at the top of
> http://git.kernel.org/?p=linux/kernel/git/sergeh/linux-cr.git;a=shortlog;h=refs/heads/...
> to give us some fresh feedback on the general approach is
> valuable.
>
> And from there, the whole discussion (which we've had several times
> in the past) about how to have the VFS map userids should probably be
> had again.  (I believe august 2008 was the last time we really got
> into that)

We now have user_ns_map_uid and user_ns_map_gid in next-next.git
Serge I'm not certain how that interacts with your other work, but
it is definitely something we want to build on.

Eric

--
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

[PATCH 1/3] cgroup : add clone_children control file, Serge E. Hallyn, (Thu Jul 29, 12:56 pm)

[PATCH 2/3] cgroup : make the mount options parsing more a ..., Serge E. Hallyn, (Thu Jul 29, 12:57 pm)

[PATCH 3/3] cgroup : remove the ns_cgroup, Serge E. Hallyn, (Thu Jul 29, 12:58 pm)

Re: [PATCH 3/3] cgroup : remove the ns_cgroup, Matt Helsley, (Thu Jul 29, 2:40 pm)

Re: [PATCH 3/3] cgroup : remove the ns_cgroup, Paul Menage, (Thu Jul 29, 2:46 pm)

Re: [PATCH 3/3] cgroup : remove the ns_cgroup, Serge E. Hallyn, (Thu Jul 29, 3:39 pm)

Remaining work for userns (WAS Re: [PATCH 3/3] cgroup : re ..., Matt Helsley, (Thu Jul 29, 4:00 pm)

Re: Remaining work for userns (WAS Re: [PATCH 3/3] cgroup ..., Serge E. Hallyn, (Thu Jul 29, 4:23 pm)

Re: Remaining work for userns, Eric W. Biederman, (Fri Jul 30, 5:23 pm)

Re: [PATCH 1/3] cgroup : add clone_children control file, Li Zefan, (Tue Aug 3, 1:30 am)

Re: [PATCH 2/3] cgroup : make the mount options parsing mo ..., Li Zefan, (Tue Aug 3, 1:30 am)

Re: [PATCH 3/3] cgroup : remove the ns_cgroup, Li Zefan, (Tue Aug 3, 1:31 am)

Navigation

Popular discussions


linux-kernel:
Michael Trimarchi	Re: [PATCH] VFS: make file->f_pos access atomic on 32bit arch
Miklos Szeredi	[patch 14/15] vfs: more path_permission() conversions
Serge E. Hallyn	Re: [RFC v5][PATCH 7/8] Infrastructure for shared objects
Bernd Schmidt	Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Takashi Iwai	[PATCH 2/2] input: Add LED support to Synaptics device
git:
Junio C Hamano	Re: mingw, windows, crlf/lf, and git
Eyvind Bernhardsen	Re: Where has "git ls-remote" reference pattern matching gone?
Shawn O. Pearce	Re: Switching from CVS to GIT
Todd Zullinger	Re: [PATCH 2/2] send-email: rfc2047-quote subject lines with non-ascii characters
Santi Béjar	Re: How to use git-fmt-merge-msg?
linux-netdev:
Ramkrishna Vepa	[net-2.6 PATCH 1/10] Neterion: New driver: Driver help file
Mark Anthony	invitation / inquiry
Ingo Molnar	Re: [PATCH 08/16] dma-debug: add core checking functions
David Miller	Re: [PATCH 1/3] f_phonet: dev_kfree_skb instead of dev_kfree_skb_any in TX callback
Sascha Hauer	[PATCH 03/12] fec: do not typedef struct types
git-commits-head:
Linux Kernel Mailing List	amba: struct device - replace bus_id with dev_name(), dev_set_name()
Linux Kernel Mailing List	MIPS: Yosemite: Convert SMP startup lock to arch spinlock.
Linux Kernel Mailing List	ARM: S5PC100: IRQ and timer
Linux Kernel Mailing List	davinci: edma: clear interrupt status for interrupt enabled channels only
Linux Kernel Mailing List	x86, mm, kprobes: fault.c, simplify notify_page_fault()
openbsd-misc:
Daniel A. Ramaley	Re: [semi-OT] Can anyone recommend an OpenBSD-compatible colour laser printer?
Matthias Kilian	Re: can't get vesa @ 1280x800 or nv
Tobias Ulmer	Re: Problem after upgrade 4.5 to 4.6: ERR M
Philip Guenther	Re: SIGCHLD and libpthread.so
J.C. Roberts	Re: [semi-OT] Can anyone recommend an OpenBSD-compatible colour laser printer?

Colocation donated by:

Syndicate