This is v2 of the patch set to add namespace events in the proc connector.
The act of a process creating or joining a namespace via clone(),
unshare() or setns() is a useful signal for monitoring applications.
I am working on a monitoring application that keeps track of all the
containers and all processes inside each container. The current way of
doing it is by polling regularly in /proc for the list of processes and
in /proc/*/ns/* to know which namespaces they belong to. This is
inefficient on systems with a large number of containers and a large
number of processes.
Instead, I would inspect /proc only one time and get the updates with
the proc connector. Unfortunately, the proc connector gives me the list
of processes but does not notify me when a process changes namespaces.
So I would still need to inspect /proc/*/ns/*.
(1) Add namespace events for processes. It generates a namespace event each
time a process changes namespace via clone(), unshare() or setns().
(2) Add a way for userspace to detect if proc connector is able to send
Changes since RFC-v1: https://lkml.org/lkml/2016/9/8/588
* Supports userns.
* The reason field says exactly whether it is clone/setns/unshare.
* Sends aggregated messages containing details of several namespaces
changes. Suggested by Evgeniy Polyakov.
* Add patch 2 to detect if proc connector is able to send namespace events.
This patch set is available in the git repository at:
Alban Crequy (2):
proc connector: add namespace events
proc connector: add a "get feature" op
drivers/connector/cn_proc.c | 163 ++++++++++++++++++++++++++++++++++++++++---
include/linux/cn_proc.h | 25 +++++++
include/uapi/linux/cn_proc.h | 27 ++++++-
kernel/fork.c | 10 +++
kernel/nsproxy.c | 6 ++
5 files changed, 220 insertions(+), 11 deletions(-)