Hi Kamezawa-san,
KAMEZAWA Hiroyuki wrote:
> On Wed, 20 Aug 2008 16:12:47 +0900 (JST)
> Hirokazu Takahashi <[EMAIL PROTECTED]> wrote:
>
>> - I think this kind of thread application should control its I/O requests
>>inside of the application. I guess it seems to quite difficult to
>>determ
Quoting Andrey Mirkin ([EMAIL PROTECTED]):
> On Friday 01 August 2008 01:28 Serge E. Hallyn wrote:
> > Quoting Andrey Mirkin ([EMAIL PROTECTED]):
> > > Hello Oren,
> > >
> > > That is great, that you have proposed your version of
> > > checkpointing/restart. In a few days I will send a patchset wit
>From kernel perspective, allow entrance in nf_hook_slow().
Stuff which uses nf_register_hook/nf_register_hooks, but otherwise not
netns-ready:
DECnet netfilter
ipt_CLUSTERIP
nf_nat_standalone.c together with XFRM (?)
IPVS
several individual match modules
* make registered ebtables list per-netns
* for that, duplicate table at the very beginning of register,
we can't add one table to multiple lists.
* propagate netns from userspace socket down to iterators over list,
* register individual modules only in init_net for a minute.
Signed-off-by: Alex
ip_route_me_harder() is called on output codepaths:
1) IPVS: honestly, not sure, looks like it can be called during forwarding
2) IPv4 REJECT: refreshing comment re skb->dst is valid and assigment of
skb->dst right before call :^)
3) NAT: called in LOCAL_OUT hook
4) iptable_mangle: LOCAL_OUT hoo
What is unconfirmed connection in one netns can very well be confirmed
in another.
Signed-off-by: Alexey Dobriyan <[EMAIL PROTECTED]>
---
include/net/netfilter/nf_conntrack_core.h |1 -
include/net/netns/conntrack.h |2 ++
net/netfilter/nf_conntrack_core.c |6 +++-
Signed-off-by: Alexey Dobriyan <[EMAIL PROTECTED]>
---
net/bridge/br_netfilter.c |3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/net/bridge/br_netfilter.c
+++ b/net/bridge/br_netfilter.c
@@ -357,7 +357,7 @@ static int br_nf_pre_routing_finish(struct sk_buff *skb)
Signed-off-by: Alexey Dobriyan <[EMAIL PROTECTED]>
---
include/net/netns/bridge.h |1
net/bridge/netfilter/ebtable_nat.c | 48 -
2 files changed, 33 insertions(+), 16 deletions(-)
--- a/include/net/netns/bridge.h
+++ b/include/net/netns/bridge.h
Signed-off-by: Alexey Dobriyan <[EMAIL PROTECTED]>
---
include/net/netns/bridge.h|1
net/bridge/netfilter/ebtable_filter.c | 51 --
2 files changed, 38 insertions(+), 14 deletions(-)
--- a/include/net/netns/bridge.h
+++ b/include/net/netns/bridg
Serge E. Hallyn [EMAIL PROTECTED] wrote:
| Suka, I think you are missing Eric's point.
Yes, sorry I missed it. The bind mount should work. Thanks.
___
Containers mailing list
[EMAIL PROTECTED]
https://lists.linux-foundation.org/mailman/listinfo/container
Signed-off-by: Alexey Dobriyan <[EMAIL PROTECTED]>
---
include/net/netns/bridge.h|1
net/bridge/netfilter/ebtable_broute.c | 36 +-
2 files changed, 28 insertions(+), 9 deletions(-)
--- a/include/net/netns/bridge.h
+++ b/include/net/netns/bridge
So far it wasn't needed, because modules were pinned just right to prevent
ebtables from
unloading when cleanup was necessary.
ebt_unregster_table() is called during netns stop now, so...
Signed-off-by: Alexey Dobriyan <[EMAIL PROTECTED]>
---
net/bridge/netfilter/ebtables.c |3 ++-
1 file
* make registered ebtables list per-netns
* for that, duplicate table at the very beginning of register,
we can't add one table to multiple lists.
* propagate netns from userspace socket down to iterators over list,
* register individual modules only in init_net for a minute.
Signed-off-by: Alex
Signed-off-by: Alexey Dobriyan <[EMAIL PROTECTED]>
---
net/bridge/br.c | 22 --
net/bridge/br_if.c |4 ++--
net/bridge/br_private.h |2 +-
3 files changed, 19 insertions(+), 9 deletions(-)
--- a/net/bridge/br.c
+++ b/net/bridge/br.c
@@ -28,6 +28,10 @@ s
Bridge as netdevice doesn't cross netns boundaries.
Bridge ports and bridge itself live in same netns.
Notifiers are fixed.
netns propagated from userspace socket.
Signed-off-by: Alexey Dobriyan <[EMAIL PROTECTED]>
---
net/bridge/br_device.c |3 ++-
net/bridge/br_if.c | 11 +
Signed-off-by: Alexey Dobriyan <[EMAIL PROTECTED]>
---
include/net/netns/ipv4.h |2 +
net/ipv4/netfilter/nf_nat_core.c | 71 +++
2 files changed, 45 insertions(+), 28 deletions(-)
--- a/include/net/netns/ipv4.h
+++ b/include/net/netns/ipv4.h
@@ -
Signed-off-by: Alexey Dobriyan <[EMAIL PROTECTED]>
---
net/ipv4/netfilter/nf_nat_pptp.c |3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/net/ipv4/netfilter/nf_nat_pptp.c
+++ b/net/ipv4/netfilter/nf_nat_pptp.c
@@ -73,7 +73,7 @@ static void pptp_nat_expected(struct nf_conn *ct,
Note, sysctl table is always duplicated, this is simpler, less special-cased,
less mistakes (and did one mistake in first version of this patch).
Signed-off-by: Alexey Dobriyan <[EMAIL PROTECTED]>
---
include/net/netns/conntrack.h |4 +
net/netfilter/nf_conntrack_standalone.c | 7
Signed-off-by: Alexey Dobriyan <[EMAIL PROTECTED]>
---
net/ipv4/netfilter/ipt_MASQUERADE.c |6 +-
1 file changed, 1 insertion(+), 5 deletions(-)
--- a/net/ipv4/netfilter/ipt_MASQUERADE.c
+++ b/net/ipv4/netfilter/ipt_MASQUERADE.c
@@ -120,16 +120,13 @@ static int masq_device_event(struct n
Signed-off-by: Alexey Dobriyan <[EMAIL PROTECTED]>
---
net/netfilter/nf_conntrack_h323_main.c |3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/net/netfilter/nf_conntrack_h323_main.c
+++ b/net/netfilter/nf_conntrack_h323_main.c
@@ -1218,7 +1218,7 @@ static struct nf_conntrack_expe
Signed-off-by: Alexey Dobriyan <[EMAIL PROTECTED]>
---
include/net/netns/ipv4.h |1
net/ipv4/netfilter/nf_nat_rule.c | 40 +++
2 files changed, 29 insertions(+), 12 deletions(-)
--- a/include/net/netns/ipv4.h
+++ b/include/net/netns/ipv4.h
@@ -3
* make keymap list per-netns
* do the same for lock while I'm at it (not strictly necessary)
* flush keymap at netns stop and module unload time.
Signed-off-by: Alexey Dobriyan <[EMAIL PROTECTED]>
---
include/linux/netfilter/nf_conntrack_proto_gre.h |2
net/netfilter/nf_conntrack_pptp.c
Signed-off-by: Alexey Dobriyan <[EMAIL PROTECTED]>
---
net/netfilter/nf_conntrack_helper.c | 41 +---
1 file changed, 24 insertions(+), 17 deletions(-)
--- a/net/netfilter/nf_conntrack_helper.c
+++ b/net/netfilter/nf_conntrack_helper.c
@@ -123,29 +123,18 @@ int
Signed-off-by: Alexey Dobriyan <[EMAIL PROTECTED]>
---
net/netfilter/nf_conntrack_sip.c |3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/net/netfilter/nf_conntrack_sip.c
+++ b/net/netfilter/nf_conntrack_sip.c
@@ -775,7 +775,7 @@ static int set_expected_rtp_rtcp(struct sk_buff *sk
Signed-off-by: Alexey Dobriyan <[EMAIL PROTECTED]>
---
net/ipv4/netfilter/nf_nat_rule.c |7 +++
1 file changed, 3 insertions(+), 4 deletions(-)
--- a/net/ipv4/netfilter/nf_nat_rule.c
+++ b/net/ipv4/netfilter/nf_nat_rule.c
@@ -91,13 +91,13 @@ static unsigned int ipt_snat_target(struct sk_
Default value is the one at the end of module load (config or module option).
Signed-off-by: Alexey Dobriyan <[EMAIL PROTECTED]>
---
include/net/netfilter/nf_conntrack_acct.h | 10 ++--
include/net/netns/conntrack.h |2
net/netfilter/nf_conntrack_acct.c | 67
Signed-off-by: Alexey Dobriyan <[EMAIL PROTECTED]>
---
net/netfilter/nf_conntrack_pptp.c | 35 ++-
1 file changed, 26 insertions(+), 9 deletions(-)
--- a/net/netfilter/nf_conntrack_pptp.c
+++ b/net/netfilter/nf_conntrack_pptp.c
@@ -121,7 +121,7 @@ static void pp
Conntrack code will use it for
a) removing expectations and helpers when corresponding module is removed, and
b) removing conntracks when L3 protocol conntrack module is removed.
Signed-off-by: Alexey Dobriyan <[EMAIL PROTECTED]>
---
net/core/net_namespace.c |2 +-
1 file changed, 1 insertio
Signed-off-by: Alexey Dobriyan <[EMAIL PROTECTED]>
---
include/net/netfilter/nf_conntrack.h |1 -
include/net/netns/conntrack.h |1 +
net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c |2 +-
net/ipv4/netfilter/nf_conntrack_proto_icmp.c |2 +-
net/ipv6/net
Add init_net checks to e. g. create kmem caches once.
Signed-off-by: Alexey Dobriyan <[EMAIL PROTECTED]>
---
net/netfilter/nf_conntrack_core.c | 111 +---
net/netfilter/nf_conntrack_expect.c | 27 +---
2 files changed, 81 insertions(+), 57 deletions(-)
-
Make untracked conntrack per-netns. Compare conntracks with relevant
untracked one.
The following code you'll start laughing at this code:
if (ct == ct->ct_net->ct.untracked)
...
let me remind you that ->ct_net is set in only one place, and never
overwritten later.
All o
Signed-off-by: Alexey Dobriyan <[EMAIL PROTECTED]>
---
net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c | 60 --
1 file changed, 40 insertions(+), 20 deletions(-)
--- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c
+++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4
Signed-off-by: Alexey Dobriyan <[EMAIL PROTECTED]>
---
include/net/netfilter/nf_conntrack_ecache.h| 27 +
include/net/netns/conntrack.h |5
net/ipv4/netfilter/nf_conntrack_proto_icmp.c |4 ++-
net/ipv4/netfilter/nf_nat_helper.c
Signed-off-by: Alexey Dobriyan <[EMAIL PROTECTED]>
---
net/ipv4/netfilter/nf_nat_core.c |8
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/net/ipv4/netfilter/nf_nat_core.c
+++ b/net/ipv4/netfilter/nf_nat_core.c
@@ -588,6 +588,10 @@ static int __net_init nf_nat_net_init(struct
Make per-netns expectation hash and expectation count.
Expectation always belongs to netns to which it's master conntrack belongs.
This is natural and allows to not bloat expectations.
Proc files and leaf users in protocol modules are stubbed to init_net,
this is temporary.
Signed-off-by: Alexey
Signed-off-by: Alexey Dobriyan <[EMAIL PROTECTED]>
---
net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c | 14 +-
net/netfilter/nf_conntrack_standalone.c | 15 +--
2 files changed, 18 insertions(+), 11 deletions(-)
--- a/net/ipv4/netfilter/nf_conntra
Signed-off-by: Alexey Dobriyan <[EMAIL PROTECTED]>
---
include/net/netfilter/nf_conntrack_l4proto.h | 15 +++
include/net/netns/conntrack.h |1 +
net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c |2 +-
net/ipv4/netfilter/nf_conntrack_proto_icmp.c |6 ++
Signed-off-by: Alexey Dobriyan <[EMAIL PROTECTED]>
---
include/net/netfilter/nf_conntrack.h |8 +--
include/net/netns/conntrack.h |1
net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c |4 -
net/netfilter/nf_conntrack_core.c
Start massacre in every netns when proto in unregistered (read: rmmod).
Signed-off-by: Alexey Dobriyan <[EMAIL PROTECTED]>
---
net/netfilter/nf_conntrack_proto.c | 11 ---
1 file changed, 8 insertions(+), 3 deletions(-)
--- a/net/netfilter/nf_conntrack_proto.c
+++ b/net/netfilter/nf_c
Signed-off-by: Alexey Dobriyan <[EMAIL PROTECTED]>
---
net/netfilter/nf_conntrack_expect.c | 24 +---
1 file changed, 13 insertions(+), 11 deletions(-)
--- a/net/netfilter/nf_conntrack_expect.c
+++ b/net/netfilter/nf_conntrack_expect.c
@@ -423,16 +423,18 @@ EXPORT_SYMBOL_GP
Statistics part of stat/nf_conntrack is from init_net, this is temporary.
Signed-off-by: Alexey Dobriyan <[EMAIL PROTECTED]>
---
net/netfilter/nf_conntrack_standalone.c | 52 +++-
1 file changed, 31 insertions(+), 21 deletions(-)
--- a/net/netfilter/nf_conntrack_st
Again, netns is deducible in every single ->error hook, but we're going
to use it everywhere for nf_conntrack_checksum and stats, so pass it from
upper layer.
Signed-off-by: Alexey Dobriyan <[EMAIL PROTECTED]>
---
include/net/netfilter/nf_conntrack_l4proto.h |2 +-
net/ipv4/netfilter/nf_co
It's deducible as is, but it's also known at nf_conntrack_in() time allowing
to not branch and make code simpler later.
Signed-off-by: Alexey Dobriyan <[EMAIL PROTECTED]>
---
include/net/netfilter/nf_conntrack_core.h |2 +-
net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c |4 ++--
net
* make per-netns conntrack hash
Other solution is to add ->ct_net pointer to tuplehashes and still has one
hash, I tried that it's ugly and requires more code deep down in protocol
modules et al.
* propagate netns pointer to where needed, e. g. to conntrack iterators.
Signed-off-by: Alexey
One comment: #ifdefs around #include is necessary to overcome amazing compile
breakages in NOTRACK-in-netns patch (see below).
Signed-off-by: Alexey Dobriyan <[EMAIL PROTECTED]>
---
include/net/net_namespace.h |6 ++
include/net/netfilter/nf_conntrack_core.h |4 ++--
in
Signed-off-by: Alexey Dobriyan <[EMAIL PROTECTED]>
---
net/ipv6/netfilter/ip6t_REJECT.c | 23 ---
1 file changed, 12 insertions(+), 11 deletions(-)
--- a/net/ipv6/netfilter/ip6t_REJECT.c
+++ b/net/ipv6/netfilter/ip6t_REJECT.c
@@ -35,7 +35,7 @@ MODULE_DESCRIPTION("Xtables: p
Sysctls and proc files are stubbed to init_net's one. This is temporary.
Signed-off-by: Alexey Dobriyan <[EMAIL PROTECTED]>
---
include/net/netfilter/nf_conntrack.h |1 -
include/net/netns/conntrack.h |3 +++
net/ipv4/netfilter/nf_conntrack_l3prot
Quoting Andrew Morton ([EMAIL PROTECTED]):
>
> (switched to email. Please respond via emailed reply-to-all, not via the
> bugzilla web interface).
>
> On Thu, 21 Aug 2008 05:58:52 -0700 (PDT) [EMAIL PROTECTED] wrote:
>
> > http://bugzilla.kernel.org/show_bug.cgi?id=11391
> >
> >Sum
Signed-off-by: Alexey Dobriyan <[EMAIL PROTECTED]>
---
net/ipv6/netfilter/ip6table_mangle.c | 31 +--
1 file changed, 21 insertions(+), 10 deletions(-)
--- a/net/ipv6/netfilter/ip6table_mangle.c
+++ b/net/ipv6/netfilter/ip6table_mangle.c
@@ -67,17 +67,29 @@ static s
Conntrack (struct nf_conn) gets pointer to netns: ->ct_net -- netns in which
it was created. It comes from netdevice.
->ct_net is write-once field.
Every conntrack in system has ->ct_net initialized, no exceptions.
->ct_net doesn't pin netns: conntracks are recycled after timeouts and
pinning ba
Signed-off-by: Alexey Dobriyan <[EMAIL PROTECTED]>
---
net/ipv6/netfilter/ip6table_raw.c | 20
1 file changed, 16 insertions(+), 4 deletions(-)
--- a/net/ipv6/netfilter/ip6table_raw.c
+++ b/net/ipv6/netfilter/ip6table_raw.c
@@ -45,25 +45,37 @@ static struct xt_table packet
Now that dev_net() exists, the usefullness of them is even less. Also they're
a big problem in resolving circular header dependencies necessary for
NOTRACK-in-netns patch. See below.
Signed-off-by: Alexey Dobriyan <[EMAIL PROTECTED]>
---
include/linux/netfilter.h | 53
Eric W. Biederman wrote:
> Cedric Le Goater <[EMAIL PROTECTED]> writes:
>
>> H. Peter Anvin wrote:
>>> Cedric Le Goater wrote:
> I suggest "newinstance", but "newns" works, too.
Could we also use this mount option to 'unshare' a new posix message
queue namespace ?
>>> Sorry, I fail t
Quoting [EMAIL PROTECTED] ([EMAIL PROTECTED]):
> H. Peter Anvin [EMAIL PROTECTED] wrote:
> > [EMAIL PROTECTED] wrote:
> >> I had the new ptmx node only in 'multi-mount' mode initially. But if users
> >> want the multi-mount semantics, /dev/ptmx must be a symlink. If its a
> >> symlink,
> >> we bre
Eric W. Biederman wrote:
>
> The point of making it a bind is to address the concerns about
> backwards compatibility in user space. In particular security
> conscious applications and applications that perform sanity checks
> are known to ignore things if they are the wrong type in the filesyste
"H. Peter Anvin" <[EMAIL PROTECTED]> writes:
> Eric W. Biederman wrote:
>>> I had the new ptmx node only in 'multi-mount' mode initially. But if users
>>> want the multi-mount semantics, /dev/ptmx must be a symlink. If its a
> symlink,
>>> we break in the single-mount case (which does not have the
[EMAIL PROTECTED] wrote:
>
> Hmm, so, single and multi-mount don't coexist ? i.e some are multi-mounts
> while others are single-mounts.
>
> The way I looked at is that even if a distro has not yet updated the
> startup script (fstab), we could use the multi-mount. Maybe a container
> startup scr
H. Peter Anvin [EMAIL PROTECTED] wrote:
> [EMAIL PROTECTED] wrote:
>> I had the new ptmx node only in 'multi-mount' mode initially. But if users
>> want the multi-mount semantics, /dev/ptmx must be a symlink. If its a
>> symlink,
>> we break in the single-mount case (which does not have the ptmx n
Cedric Le Goater <[EMAIL PROTECTED]> writes:
> H. Peter Anvin wrote:
>> Cedric Le Goater wrote:
>
I suggest "newinstance", but "newns" works, too.
>>>
>>> Could we also use this mount option to 'unshare' a new posix message
>>> queue namespace ?
>>
>> Sorry, I fail to see the connection
Eric W. Biederman wrote:
>> I had the new ptmx node only in 'multi-mount' mode initially. But if users
>> want the multi-mount semantics, /dev/ptmx must be a symlink. If its a
>> symlink,
>> we break in the single-mount case (which does not have the ptmx node and
>> we don't support mknod in pts).
[EMAIL PROTECTED] writes:
> H. Peter Anvin [EMAIL PROTECTED] wrote:
>> Alan Cox wrote:
auto-created, than supporting mknod(2) inside the devpts filesystem. It's
not a matter of "changing the user space"; it's a matter of what makes
most sense inside the kernel.
>>> Having an extra
[EMAIL PROTECTED] wrote:
>
> I had the new ptmx node only in 'multi-mount' mode initially. But if users
> want the multi-mount semantics, /dev/ptmx must be a symlink. If its a symlink,
> we break in the single-mount case (which does not have the ptmx node and
> we don't support mknod in pts).
>
Quoting Cedric Le Goater ([EMAIL PROTECTED]):
> H. Peter Anvin wrote:
> > Cedric Le Goater wrote:
>
> >>> I suggest "newinstance", but "newns" works, too.
> >>
> >> Could we also use this mount option to 'unshare' a new posix message
> >> queue namespace ?
> >
> > Sorry, I fail to see the con
H. Peter Anvin [EMAIL PROTECTED] wrote:
> Alan Cox wrote:
>>> auto-created, than supporting mknod(2) inside the devpts filesystem. It's
>>> not a matter of "changing the user space"; it's a matter of what makes
>>> most sense inside the kernel.
>> Having an extra node with different permissions s
> That makes sense. But if Suka does that, then is creating the device
> when the newns flag is specified ok with you, Alan?
Sounds a good basis yes.
___
Containers mailing list
[EMAIL PROTECTED]
https://lists.linux-foundation.org/mailman/listinfo/cont
Quoting H. Peter Anvin ([EMAIL PROTECTED]):
> Alan Cox wrote:
>>> auto-created, than supporting mknod(2) inside the devpts filesystem.
>>> It's not a matter of "changing the user space"; it's a matter of what
>>> makes most sense inside the kernel.
>>
>> Having an extra node with different permi
H. Peter Anvin wrote:
> Cedric Le Goater wrote:
>>> I suggest "newinstance", but "newns" works, too.
>>
>> Could we also use this mount option to 'unshare' a new posix message
>> queue namespace ?
>
> Sorry, I fail to see the connection with devpts here? Are you
> suggesting using the same o
Cedric Le Goater wrote:
> H. Peter Anvin wrote:
>> Cedric Le Goater wrote:
I suggest "newinstance", but "newns" works, too.
>>> Could we also use this mount option to 'unshare' a new posix message
>>> queue namespace ?
>> Sorry, I fail to see the connection with devpts here? Are you
>> sugges
Alan Cox wrote:
>> auto-created, than supporting mknod(2) inside the devpts filesystem.
>> It's not a matter of "changing the user space"; it's a matter of what
>> makes most sense inside the kernel.
>
> Having an extra node with different permissions suddenely appear without
> warning isn't I t
> auto-created, than supporting mknod(2) inside the devpts filesystem.
> It's not a matter of "changing the user space"; it's a matter of what
> makes most sense inside the kernel.
Having an extra node with different permissions suddenely appear without
warning isn't I think good behaviour. I'm
Arnd Bergmann wrote:
> On Thursday 21 August 2008, Oren Laadan wrote:
>
>> Using a single handle (crid or a special file descriptor) to identify
>> the whole checkpoint is very useful - to be able to stream it (eg. over
>> the network, or through filters). It is also very important for future
>>
Cedric Le Goater wrote:
>>>
>> I suggest "newinstance", but "newns" works, too.
>
> Could we also use this mount option to 'unshare' a new posix message queue
> namespace ?
>
Sorry, I fail to see the connection with devpts here? Are you
suggesting using the same option for another filesystem
H. Peter Anvin wrote:
> [EMAIL PROTECTED] wrote:
>>> I don't like the name "newmnt" for the option; it is not just another
>>> mount, but a whole new instance of the pty space.
>> I agree. Its mostly a place-holder for now. How about newns or newptsns ?
>>
>
> I suggest "newinstance", but "newns
(switched to email. Please respond via emailed reply-to-all, not via the
bugzilla web interface).
On Thu, 21 Aug 2008 05:58:52 -0700 (PDT) [EMAIL PROTECTED] wrote:
> http://bugzilla.kernel.org/show_bug.cgi?id=11391
>
>Summary: Kernel NULL pointer dereference in do_notify_parent()
>
Alan Cox wrote:
>> This patch has the kernel internally create the [ptmx, c, 5:2] device
>> when mounting devpts filesystem. The permissions for the device node
>> can be specified by the '-o ptmx_mode=0666' option. The default mode
>> is 0666.
>
> NAK
>
>> Hopefully, presence of the 'ptmx'
This patch enables tagging on every class directory if struct class
has a tag_type.
In addition device_del and device_rename were modified to use
sysfs_delete_link and sysfs_rename_link respectively to ensure
when these operations happen on devices whose classes have
tag_ops that they work proper
* Balbir Singh <[EMAIL PROTECTED]> wrote:
> Ingo Molnar wrote:
> > * Oren Laadan <[EMAIL PROTECTED]> wrote:
> >
> >> checkpoint/ckpt_x86.c | 28
> >> checkpoint/rstr_x86.c |2 +
> >
> > please move these into arch/x86/mm/checkpoint.c and
> > arch/x86/mm/restore.c. (also, please
On Wed, Aug 20, 2008 at 11:07:16PM -0400, Oren Laadan wrote:
>
> Dump the files_struct of a task with 'struct cr_hdr_files', followed by
> all open file descriptors. Since FDs can be shared, they are assigned a
> tag and registered in the object hash.
>
> For each open FD there is a 'struct cr_hdr_
On Wed, Aug 20, 2008 at 11:06:50PM -0400, Oren Laadan wrote:
>
> Infrastructure to handle objects that may be shared and referenced by
> multiple tasks or other objects, e..g open files, memory address space
> etc.
>
> The state of shared objects is saved once. On the first encounter, the
> state i
From: Serge Hallyn <[EMAIL PROTECTED]>
Mark the /sys/kernel/uids directory to be tagged so that processes in
different user namespaces can remount /sys and see their own uid
listings.
Without this patch, having CONFIG_FAIR_SCHED=y makes user namespaces
unusable, because when you
clone(CLONE_NEW
Fernando Luis Vázquez Cao wrote:
> Hi Balbir,
>
> On Thu, 2008-08-21 at 09:02 +0530, Balbir Singh wrote:
>> Fernando Luis Vázquez Cao wrote:
>>> On Wed, 2008-08-20 at 20:48 +0900, Hirokazu Takahashi wrote:
Hi,
>> Tsuruta-san, how about your bio-cgroup's tracking concerning this?
Ingo Molnar wrote:
> * Oren Laadan <[EMAIL PROTECTED]> wrote:
>
>> checkpoint/ckpt_x86.c | 28
>> checkpoint/rstr_x86.c |2 +
>
> please move these into arch/x86/mm/checkpoint.c and
> arch/x86/mm/restore.c. (also, please dont try to abbreviate too much in
> filenames, makes it ha
On Wed, Aug 20, 2008 at 11:05:39PM -0400, Oren Laadan wrote:
>
> Restoring the memory address space begins with nuking the existing one
> of the current process, and then reading the VMA state and contents.
> Call do_mmap_pgoffset() for each VMA and then read in the data.
[...]
> diff --git a/che
On Wed, Aug 20, 2008 at 11:05:15PM -0400, Oren Laadan wrote:
>
> For each VMA, there is a 'struct cr_vma'; if the VMA is file-mapped,
> it will be followed by the file name. The cr_vma->npages will tell
> how many pages were dumped for this VMA. Then it will be followed
> by the actual data: firs
Summary from the tty side:
- tty changes as proposed are an ugly hack
- I'm opposed to magically producing device nodes that were not there
before
- the pty driver doesn't use ->driver_data which is probably what you
want for some of the back walking
- tty and pty code in this area is currently in
> This patch has the kernel internally create the [ptmx, c, 5:2] device
> when mounting devpts filesystem. The permissions for the device node
> can be specified by the '-o ptmx_mode=0666' option. The default mode
> is 0666.
NAK
> Hopefully, presence of the 'ptmx' node in /dev/pts does not
On Wed, 20 Aug 2008 19:26:21 -0700
[EMAIL PROTECTED] wrote:
>
> From: Sukadev Bhattiprolu <[EMAIL PROTECTED]>
> Subject: [RFC][PATCH 1/8]: /dev/tty tweak in init_dev()
>
> When opening /dev/tty, __tty_open() finds the tty using get_current_tty().
> When __tty_open() calls init_dev() it passes in
On Wed, Aug 20, 2008 at 11:04:13PM -0400, Oren Laadan wrote:
>
> Add those interfaces, as well as helpers needed to easily manage the
> file format. The code is roughly broken out as follows:
>
> ckpt/sys.c - user/kernel data transfer, as well as setup of the
> checkpoint/restart context (a per-che
On Thursday 21 August 2008, Oren Laadan wrote:
>
> Arnd Bergmann wrote:
> Extending this view in the context of security - we can require sysadmin
> privilege to restart, and then sysadmin is responsible for the contents
> of the file. The kernel will ensure the the data isn't corrupted. Much
> l
These two functions do 90% of the same work and it doesn't significantly
obfuscate the function to allow both the parent dir and the name to change
at the same time. So merge them together to simplify maintenance, and
increase testing.
Signed-off-by: Eric W. Biederman <[EMAIL PROTECTED]>
---
fs
The problem. When implementing a network namespace I need to be able
to have multiple network devices with the same name. Currently this
is a problem for /sys/class/net/*, /sys/devices/virtual/net/*, and
potentially a few other directories of the form /sys/ ... /net/*.
What this patch does is t
* Oren Laadan <[EMAIL PROTECTED]> wrote:
> checkpoint/ckpt_x86.c | 28
> checkpoint/rstr_x86.c |2 +
please move these into arch/x86/mm/checkpoint.c and
arch/x86/mm/restore.c. (also, please dont try to abbreviate too much in
filenames, makes it harder to follow changes later on,
From: [EMAIL PROTECTED] (Eric W. Biederman)
Date: Wed, 20 Aug 2008 23:39:13 -0700
>
> The problem. Network devices show up in sysfs and with the network
> namespace active multiple devices with the same name can show up in
> the same directory, ouch!
>
> To avoid that problem and allow existing
93 matches
Mail list logo
