On Sun, May 17, 2009 at 12:26:06PM +0200, Andrea Righi wrote:
On Fri, May 15, 2009 at 10:06:43AM -0400, Vivek Goyal wrote:
On Fri, May 15, 2009 at 09:48:40AM +0200, Andrea Righi wrote:
On Fri, May 15, 2009 at 01:15:24PM +0800, Gui Jianfeng wrote:
Vivek Goyal wrote:
...
}
On Mon, May 18, 2009 at 10:01:14AM -0400, Vivek Goyal wrote:
On Sun, May 17, 2009 at 12:26:06PM +0200, Andrea Righi wrote:
On Fri, May 15, 2009 at 10:06:43AM -0400, Vivek Goyal wrote:
On Fri, May 15, 2009 at 09:48:40AM +0200, Andrea Righi wrote:
On Fri, May 15, 2009 at 01:15:24PM +0800,
Last commit is ed3b275 allow error string during checkpoint while
holding a spinlock.
# bash -c 'exec - - 2- ; while : ; do : ; done'
[1] 2269
# ckpt $! /tmp/bash.ckpt
BUG: sleeping function called from invalid context at mm/slub.c:1595
in_atomic(): 1, irqs_disabled(): 0, pid: 2270, name: ckpt
Last commit is ed3b275 allow error string during checkpoint while
holding a spinlock.
The failure seems to involve a vma corresponding to
/usr/lib/gconv/gconv-modules.cache which is mapped read-only and shared,
e.g.
open(/usr/lib/gconv/gconv-modules.cache, O_RDONLY) = 3
mmap2(NULL, 26048,
Quoting Nathan Lynch (n...@pobox.com):
Last commit is ed3b275 allow error string during checkpoint while
holding a spinlock.
# bash -c 'exec - - 2- ; while : ; do : ; done'
[1] 2269
# ckpt $! /tmp/bash.ckpt
BUG: sleeping function called from invalid context at mm/slub.c:1595
Yeah, not
I was keeping a few automated testcases in a tarball under
sf.net/projects/lxc. I've moved these to a git tree which you
can fetch using
git clone git://git.sr71.net/~hallyn/cr_tests.git
Two purposes for these: first, to eventually hook some of them
into LTP. Second, to try and let
Serge E. Hallyn se...@us.ibm.com writes:
Quoting Nathan Lynch (n...@pobox.com):
Last commit is ed3b275 allow error string during checkpoint while
holding a spinlock.
# bash -c 'exec - - 2- ; while : ; do : ; done'
[1] 2269
# ckpt $! /tmp/bash.ckpt
BUG: sleeping function called from
Nathan Lynch n...@pobox.com writes:
Last commit is ed3b275 allow error string during checkpoint while
holding a spinlock.
The failure seems to involve a vma corresponding to
/usr/lib/gconv/gconv-modules.cache which is mapped read-only and shared,
e.g.
Hi Gui,
Gui Jianfeng wrote:
Hi Vivek,
This patch enables per-cgroup per-device weight and ioprio_class handling.
A new cgroup interface policy is introduced. You can make use of this
file to configure weight and ioprio_class for each device in a given cgroup.
The original weight and
Quoting Nathan Lynch (n...@pobox.com):
Serge E. Hallyn se...@us.ibm.com writes:
Quoting Nathan Lynch (n...@pobox.com):
Last commit is ed3b275 allow error string during checkpoint while
holding a spinlock.
# bash -c 'exec - - 2- ; while : ; do : ; done'
[1] 2269
# ckpt $!
On Mon, May 18, 2009 at 04:36:11PM -0500, Nathan Lynch wrote:
Serge E. Hallyn se...@us.ibm.com writes:
Quoting Nathan Lynch (n...@pobox.com):
Last commit is ed3b275 allow error string during checkpoint while
holding a spinlock.
# bash -c 'exec - - 2- ; while : ; do : ; done'
[1]
Matt Helsley matth...@us.ibm.com writes:
On Mon, May 18, 2009 at 04:36:11PM -0500, Nathan Lynch wrote:
[1] Should CONFIG_CHECKPOINT depend on CONFIG_CGROUPS and/or
CONFIG_CGROUPS_FREEZER? We require tasks to be put in frozen state
before checkpoint, is there any mechanism apart from
On Mon, May 18, 2009 at 06:21:22PM -0500, Nathan Lynch wrote:
Matt Helsley matth...@us.ibm.com writes:
On Mon, May 18, 2009 at 04:36:11PM -0500, Nathan Lynch wrote:
[1] Should CONFIG_CHECKPOINT depend on CONFIG_CGROUPS and/or
CONFIG_CGROUPS_FREEZER? We require tasks to be put in
Here is my latest version of the task credentials c/r patchset.
The last patch isn't meant to go upstream - it just helped me
to straighten out the refcounting, to the point where nested
user namespace c/r now appears to be robust.
thanks,
-serge
___
Break out the core function which checks privilege and (if
allowed) creates a new user namespace, with the passed-in
creating user_struct. Note that a user_namespace, unlike
other namespace pointers, is not stored in the nsproxy.
Rather it is purely a property of user_structs.
This will let us
When restarting tasks, we want to be able to change xuid and
xgid in a struct cred, and do so with security checks. Break
the core functionality of set{fs,res}{u,g}id into cred_setX
which performs the access checks based on current_cred(),
but performs the requested change on a passed-in cred.
An application checkpoint image will store capability sets
(and the bounding set) as __u64s. Define checkpoint and
restart functions to translate between those and kernel_cap_t's.
Define a common function do_capset_tocred() which applies capability
set changes to a passed-in struct cred.
The
Create /proc/userns, which prints out all user namespaces. It
prints the address of the user_ns itself, the uid and userns address
of the user who created it, and the reference count.
Signed-off-by: Serge E. Hallyn se...@us.ibm.com
---
include/linux/user_namespace.h |2 +
kernel/user.c
This patch adds the checkpointing and restart of credentials
(uids, gids, and capabilities) to Oren's c/r patchset (on top
of v14). It goes to great pains to re-use (and define when
needed) common helpers, in order to make sure that as security
code is modified, the cr code will be updated. Some
Ony seems useful if you're using coda or hppfs, but go ahead and
restore a file's f_cred. This is set to the cred of the task doing
the open, so often it will be the same as that of the restarted task.
Signed-off-by: Serge E. Hallyn se...@us.ibm.com
---
checkpoint/files.c | 16
20 matches
Mail list logo