Re: [PATCH] nsproxy: remove judge of timens_on_fork()'s return val

On Sun, Nov 15, 2020 at 10:36 AM Hui Su wrote: > > timens_on_fork() always return 0, and maybe not > need to judge the return value in copy_namespaces(). Thank you for cleaning this up. I think we can go even further and change timens_on_fork to return nothing: -int timens_on_fork(struct

Re: [PATCHv7 15/33] posix-timers: Make clock_nanosleep() time namespace aware

On Sun, Oct 13, 2019 at 9:28 PM kbuild test robot wrote: > > Hi Dmitry, > > Thank you for the patch! Yet something to improve: > > [auto build test ERROR on linus/master] > [cannot apply to v5.4-rc2 next-20191011] > [if your patch is applied to the wrong git tree, please drop us a note to help >

Re: [RFC 00/20] ns: Introduce Time Namespace

On Thu, Sep 27, 2018 at 11:41:49PM +0200, Thomas Gleixner wrote: > On Thu, 27 Sep 2018, Thomas Gleixner wrote: > > Add time skew via NTP/PTP into the picture and you might have to adjust > > timers as well, because you need to guarantee that they are not expiring > > early. > > > > I haven't

Re: [RFC 00/20] ns: Introduce Time Namespace

On Thu, Sep 27, 2018 at 11:41:49PM +0200, Thomas Gleixner wrote: > On Thu, 27 Sep 2018, Thomas Gleixner wrote: > > Add time skew via NTP/PTP into the picture and you might have to adjust > > timers as well, because you need to guarantee that they are not expiring > > early. > > > > I haven't

Re: Setting monotonic time?

On Mon, Oct 01, 2018 at 11:15:32AM +0200, Eric W. Biederman wrote: > > In the context of process migration there is a simpler subproblem that I > think it is worth exploring if we can do something about. > > For a cluster of machines all running with synchronized > clocks. CLOCK_REALTIME

Re: Setting monotonic time?

On Mon, Oct 01, 2018 at 11:15:32AM +0200, Eric W. Biederman wrote: > > In the context of process migration there is a simpler subproblem that I > think it is worth exploring if we can do something about. > > For a cluster of machines all running with synchronized > clocks. CLOCK_REALTIME

Re: [RFC 00/20] ns: Introduce Time Namespace

On Tue, Sep 25, 2018 at 12:02:32AM +0200, Eric W. Biederman wrote: > Andrey Vagin writes: > > > On Fri, Sep 21, 2018 at 02:27:29PM +0200, Eric W. Biederman wrote: > >> Dmitry Safonov writes: > >> > >> > Discussions around time virtualization are there

Re: [RFC 00/20] ns: Introduce Time Namespace

On Tue, Sep 25, 2018 at 12:02:32AM +0200, Eric W. Biederman wrote: > Andrey Vagin writes: > > > On Fri, Sep 21, 2018 at 02:27:29PM +0200, Eric W. Biederman wrote: > >> Dmitry Safonov writes: > >> > >> > Discussions around time virtualization are there

Re: [RFC 00/20] ns: Introduce Time Namespace

On Fri, Sep 21, 2018 at 02:27:29PM +0200, Eric W. Biederman wrote: > Dmitry Safonov writes: > > > Discussions around time virtualization are there for a long time. > > The first attempt to implement time namespace was in 2006 by Jeff Dike. > > From that time, the topic appears on and off in

Re: [RFC 00/20] ns: Introduce Time Namespace

On Fri, Sep 21, 2018 at 02:27:29PM +0200, Eric W. Biederman wrote: > Dmitry Safonov writes: > > > Discussions around time virtualization are there for a long time. > > The first attempt to implement time namespace was in 2006 by Jeff Dike. > > From that time, the topic appears on and off in

Re: [linux-next] Kernel panic while tetsing criu

On Thu, Aug 16, 2018 at 06:18:35PM +0300, Cyrill Gorcunov wrote: > On Thu, Aug 16, 2018 at 09:51:36AM -0500, Eric W. Biederman wrote: > ... > > > > That patch is incorrect as it misses the rcu_read_unlock. > > > > > > p.s. Andrew noticed the problem and asked me to notify, > > > also he has been

Re: [linux-next] Kernel panic while tetsing criu

On Thu, Aug 16, 2018 at 06:18:35PM +0300, Cyrill Gorcunov wrote: > On Thu, Aug 16, 2018 at 09:51:36AM -0500, Eric W. Biederman wrote: > ... > > > > That patch is incorrect as it misses the rcu_read_unlock. > > > > > > p.s. Andrew noticed the problem and asked me to notify, > > > also he has been

Re: [PATCH 2/2] fs/lock: show locks taken by processes from another pidns

On Thu, Jun 14, 2018 at 07:00:07AM -0400, Jeff Layton wrote: > On Fri, 2018-06-08 at 17:27 +0300, Konstantin Khorenko wrote: > > Currently if we face a lock taken by a process invisible in the current > > pidns we skip the lock completely, but this > > > > 1) makes the output not that nice > >

Re: [PATCH 2/2] fs/lock: show locks taken by processes from another pidns

On Thu, Jun 14, 2018 at 07:00:07AM -0400, Jeff Layton wrote: > On Fri, 2018-06-08 at 17:27 +0300, Konstantin Khorenko wrote: > > Currently if we face a lock taken by a process invisible in the current > > pidns we skip the lock completely, but this > > > > 1) makes the output not that nice > >

Re: [PATCH 2/2] fs/lock: show locks taken by processes from another pidns

On Fri, Jun 08, 2018 at 05:27:12PM +0300, Konstantin Khorenko wrote: > Currently if we face a lock taken by a process invisible in the current > pidns we skip the lock completely, but this > > 1) makes the output not that nice > (root@vz7)/: cat /proc/${PID_A2}/fdinfo/3 > pos:4 >

Re: [PATCH 2/2] fs/lock: show locks taken by processes from another pidns

On Fri, Jun 08, 2018 at 05:27:12PM +0300, Konstantin Khorenko wrote: > Currently if we face a lock taken by a process invisible in the current > pidns we skip the lock completely, but this > > 1) makes the output not that nice > (root@vz7)/: cat /proc/${PID_A2}/fdinfo/3 > pos:4 >

Re: [PATCH 1/2] fs/lock: skip lock owner pid translation in case we are in init_pid_ns

c/${PID_A2}/fdinfo/3 > pos:4 > flags: 0212 > mnt_id: 257 > lock: (root@vz7)/: > > After the patch: > === > (root@vz7)/:cat /proc/${PID_A2}/fdinfo/3 > pos:4 > flags: 0212 > mnt_id: 295 > lock: 1: FLOCK ADVISORY WRITE ${PID_

Re: [PATCH 1/2] fs/lock: skip lock owner pid translation in case we are in init_pid_ns

c/${PID_A2}/fdinfo/3 > pos:4 > flags: 0212 > mnt_id: 257 > lock: (root@vz7)/: > > After the patch: > === > (root@vz7)/:cat /proc/${PID_A2}/fdinfo/3 > pos:4 > flags: 0212 > mnt_id: 295 > lock: 1: FLOCK ADVISORY WRITE ${PID_

Re: [PATCH] mnt: allow to add a mount into an existing group

On Tue, Jan 24, 2017 at 02:03:23PM +1300, Eric W. Biederman wrote: > Andrei Vagin writes: > > > Now a shared group can be only inherited from a source mount. > > This patch adds an ability to add a mount into an existing shared > > group. > > This sounds like a lot of the

Re: [PATCH] mnt: allow to add a mount into an existing group

On Tue, Jan 24, 2017 at 02:03:23PM +1300, Eric W. Biederman wrote: > Andrei Vagin writes: > > > Now a shared group can be only inherited from a source mount. > > This patch adds an ability to add a mount into an existing shared > > group. > > This sounds like a lot of the discussion on bind

Re: [inotify] fee1df54b6: BUG_kmalloc-#(Not_tainted):Freepointer_corrupt

On Tue, Dec 13, 2016 at 11:34 AM, Nikolay Borisov wrote: > > > On 13.12.2016 20:51, Eric W. Biederman wrote: >> Nikolay Borisov writes: >> >>> So this thing resurfaced again and I took a hard look into the code but >>> couldn't find anything

Re: [inotify] fee1df54b6: BUG_kmalloc-#(Not_tainted):Freepointer_corrupt

On Tue, Dec 13, 2016 at 11:34 AM, Nikolay Borisov wrote: > > > On 13.12.2016 20:51, Eric W. Biederman wrote: >> Nikolay Borisov writes: >> >>> So this thing resurfaced again and I took a hard look into the code but >>> couldn't find anything suspicious. So the allocating and freeing >>> contexts

Re: [ISSUE] mm: Add a user_ns owner to mm_struct and fix ptrace_may_access

On Mon, Oct 24, 2016 at 01:59:59PM +0300, Cyrill Gorcunov wrote: > Hi Eric! A few days ago we've noticed that our zombie00 test case started > failing: > https://ci.openvz.org/job/CRIU/view/All/job/CRIU-linux-next/406/console > --- > Run zdtm/static/zombie00 in h >

Re: [ISSUE] mm: Add a user_ns owner to mm_struct and fix ptrace_may_access

On Mon, Oct 24, 2016 at 01:59:59PM +0300, Cyrill Gorcunov wrote: > Hi Eric! A few days ago we've noticed that our zombie00 test case started > failing: > https://ci.openvz.org/job/CRIU/view/All/job/CRIU-linux-next/406/console > --- > Run zdtm/static/zombie00 in h >

Re: [PATCH] net: skip genenerating uevents for network namespaces that are exiting

Hi Cong, On Thu, Oct 20, 2016 at 10:25 PM, Andrey Vagin <ava...@openvz.org> wrote: > On Thu, Oct 20, 2016 at 8:10 PM, Cong Wang <xiyou.wangc...@gmail.com> wrote: >> On Thu, Oct 20, 2016 at 7:46 PM, Andrei Vagin <ava...@openvz.org> wrote: >>> No one can

Re: [PATCH] net: skip genenerating uevents for network namespaces that are exiting

Hi Cong, On Thu, Oct 20, 2016 at 10:25 PM, Andrey Vagin wrote: > On Thu, Oct 20, 2016 at 8:10 PM, Cong Wang wrote: >> On Thu, Oct 20, 2016 at 7:46 PM, Andrei Vagin wrote: >>> No one can see these events, because a network namespace can not be >>> destroyed, if it has

Re: [PATCH] net: skip genenerating uevents for network namespaces that are exiting

On Thu, Oct 20, 2016 at 8:10 PM, Cong Wang wrote: > On Thu, Oct 20, 2016 at 7:46 PM, Andrei Vagin wrote: >> No one can see these events, because a network namespace can not be >> destroyed, if it has sockets. >> > > Are you sure? kobject_uevent_env()

Re: [PATCH] net: skip genenerating uevents for network namespaces that are exiting

On Thu, Oct 20, 2016 at 8:10 PM, Cong Wang wrote: > On Thu, Oct 20, 2016 at 7:46 PM, Andrei Vagin wrote: >> No one can see these events, because a network namespace can not be >> destroyed, if it has sockets. >> > > Are you sure? kobject_uevent_env() seems sending uevents to all > network

Re: [RFC][PATCH] mount: In mark_umount_candidates and __propogate_umount visit each mount once

On Thu, Oct 13, 2016 at 2:46 PM, Andrei Vagin wrote: > On Thu, Oct 13, 2016 at 02:53:46PM -0500, Eric W. Biederman wrote: >> >> Adrei Vagin pointed out that time to executue propagate_umount can go >> non-linear (and take a ludicrious amount of time) when the mount >>

Re: [RFC][PATCH] mount: In mark_umount_candidates and __propogate_umount visit each mount once

On Thu, Oct 13, 2016 at 2:46 PM, Andrei Vagin wrote: > On Thu, Oct 13, 2016 at 02:53:46PM -0500, Eric W. Biederman wrote: >> >> Adrei Vagin pointed out that time to executue propagate_umount can go >> non-linear (and take a ludicrious amount of time) when the mount >> propogation trees of the

Re: [PATCH 1/4] kernel: add a helper to get an owning user namespace for a namespace

On Tue, Aug 30, 2016 at 7:41 PM, Serge E. Hallyn <se...@hallyn.com> wrote: > On Fri, Aug 26, 2016 at 04:08:08PM -0700, Andrei Vagin wrote: >> From: Andrey Vagin <ava...@openvz.org> >> >> Return -EPERM if an owning user namespace is outside of a process &g

Re: [PATCH 1/4] kernel: add a helper to get an owning user namespace for a namespace

On Tue, Aug 30, 2016 at 7:41 PM, Serge E. Hallyn wrote: > On Fri, Aug 26, 2016 at 04:08:08PM -0700, Andrei Vagin wrote: >> From: Andrey Vagin >> >> Return -EPERM if an owning user namespace is outside of a process >> current user namespace. >> >> v2: I

Re: [PATCH 1/4] kernel: add a helper to get an owning user namespace for a namespace

On Tue, Aug 30, 2016 at 7:56 PM, Serge E. Hallyn wrote: > On Fri, Aug 26, 2016 at 04:08:08PM -0700, Andrei Vagin wrote: >> +struct ns_common *ns_get_owner(struct ns_common *ns) >> +{ >> + struct user_namespace *my_user_ns = current_user_ns(); >> + struct user_namespace

Re: [PATCH 1/4] kernel: add a helper to get an owning user namespace for a namespace

On Tue, Aug 30, 2016 at 7:56 PM, Serge E. Hallyn wrote: > On Fri, Aug 26, 2016 at 04:08:08PM -0700, Andrei Vagin wrote: >> +struct ns_common *ns_get_owner(struct ns_common *ns) >> +{ >> + struct user_namespace *my_user_ns = current_user_ns(); >> + struct user_namespace *owner, *p; >> + >>

Re: [PATCH 0/5 RFC] Add an interface to discover relationships between namespaces

>>> Hi Andrey, >>> >>> On 07/14/2016 08:20 PM, Andrey Vagin wrote: >> >> >> >> >>> >>> Could you add here an of the API in detail: what do these FDs refer to, >>> and how do you use them to solve the use case? And could you

Re: [PATCH 0/5 RFC] Add an interface to discover relationships between namespaces

On Thu, Jul 21, 2016 at 11:48 PM, Michael Kerrisk (man-pages) wrote: > Hi Andrey, > > > On 07/21/2016 11:06 PM, Andrew Vagin wrote: >> >> On Thu, Jul 21, 2016 at 04:41:12PM +0200, Michael Kerrisk (man-pages) >> wrote: >>> >>> Hi Andrey, &g

[PATCH 3/3] selftests: check O_ATROOT and AT_FDROOT flags

Signed-off-by: Andrey Vagin <ava...@openvz.org> --- tools/testing/selftests/Makefile| 1 + tools/testing/selftests/lookup/.gitignore | 1 + tools/testing/selftests/lookup/Makefile | 8 +++ tools/testing/selftests/lookup/lookup_at_root.c | 71

[PATCH 0/3 v3] fs: allow to use dirfd as root for openat and other *at syscalls

uot;Eric W. Biederman" <ebied...@xmission.com> Cc: Arnd Bergmann <a...@arndb.de> Cc: "J. Bruce Fields" <bfie...@redhat.com> Cc: Miklos Szeredi <mszer...@redhat.com> Cc: NeilBrown <ne...@suse.de> Cc: Shuah Khan <shua...@osg.samsung.com> Cc:

[PATCH 3/3] selftests: check O_ATROOT and AT_FDROOT flags

Signed-off-by: Andrey Vagin --- tools/testing/selftests/Makefile| 1 + tools/testing/selftests/lookup/.gitignore | 1 + tools/testing/selftests/lookup/Makefile | 8 +++ tools/testing/selftests/lookup/lookup_at_root.c | 71 + tools/testing

[PATCH 0/3 v3] fs: allow to use dirfd as root for openat and other *at syscalls

c: Arnd Bergmann Cc: "J. Bruce Fields" Cc: Miklos Szeredi Cc: NeilBrown Cc: Shuah Khan Cc: Omar Sandoval Signed-off-by: Andrey Vagin Andrey Vagin (3): namei: add LOOKUP_DFD_ROOT to use dfd as root fs: allow to use dirfd as root for openat and other

[PATCH 2/3 v2] fs: allow to use dirfd as root for openat and other *at syscalls

and in this case we need these new flags O_ATROOT or AT_FDROOT. If O_ATROOT is set for openat() or AT_FDROOT is set for fstatat, linkat, unlinkat, path_init is executed with the LOOKUP_DFD_ROOT flag. v2: fix a value of O_ATROOT to not intersect with other constans Signed-off-by: Andrey Vagin <

[PATCH 2/3 v2] fs: allow to use dirfd as root for openat and other *at syscalls

and in this case we need these new flags O_ATROOT or AT_FDROOT. If O_ATROOT is set for openat() or AT_FDROOT is set for fstatat, linkat, unlinkat, path_init is executed with the LOOKUP_DFD_ROOT flag. v2: fix a value of O_ATROOT to not intersect with other constans Signed-off-by: Andrey Vagin

[PATCH 1/3 v2] namei: add LOOKUP_DFD_ROOT to use dfd as root

. For this we add this new flag. If LOOKUP_DFD_ROOT is set, path_init() initializes nd->root and nd->path to the same value. Changes since v1: * initialize nd->root_seq (thanks to Omar Sandoval for reporting and fixing this issue) Cc: Omar Sandoval <osan...@osandov.com> Signed-off-b

[PATCH 1/3 v2] namei: add LOOKUP_DFD_ROOT to use dfd as root

. For this we add this new flag. If LOOKUP_DFD_ROOT is set, path_init() initializes nd->root and nd->path to the same value. Changes since v1: * initialize nd->root_seq (thanks to Omar Sandoval for reporting and fixing this issue) Cc: Omar Sandoval Signed-off-by: Andrey Vagin --- f

[PATCH 4/5] nsfs: add ioctl to get a parent namespace

Pid and user namepaces are hierarchical. There is no way to discover parent-child relationships. In a future we will use this interface to dump and restore nested namespaces. Signed-off-by: Andrey Vagin <ava...@openvz.org> --- fs/nsfs.c | 4 include/linux/proc_ns.h

[PATCH 3/5] nsfs: add ioctl to get an owning user namespace for ns file descriptor

, Eric W. Biederman proposed to use ioctl-s for this purpose. The NS_GET_USERNS ioctl returns a file descriptor to an owning user namespace. It returns EPERM if a target namespace is outside of a current user namespace. Link: https://lkml.org/lkml/2016/7/6/158 Signed-off-by: Andrey Vagin <

[PATCH 4/5] nsfs: add ioctl to get a parent namespace

Pid and user namepaces are hierarchical. There is no way to discover parent-child relationships. In a future we will use this interface to dump and restore nested namespaces. Signed-off-by: Andrey Vagin --- fs/nsfs.c | 4 include/linux/proc_ns.h | 1 + include/uapi

[PATCH 3/5] nsfs: add ioctl to get an owning user namespace for ns file descriptor

, Eric W. Biederman proposed to use ioctl-s for this purpose. The NS_GET_USERNS ioctl returns a file descriptor to an owning user namespace. It returns EPERM if a target namespace is outside of a current user namespace. Link: https://lkml.org/lkml/2016/7/6/158 Signed-off-by: Andrey Vagin --- fs

[PATCH 1/5] namespaces: move user_ns into ns_common

. Originally this idea was suggested by James Bottomley. Signed-off-by: Andrey Vagin <ava...@openvz.org> --- drivers/net/bonding/bond_main.c | 2 +- drivers/net/tun.c | 4 ++-- fs/mount.h | 1 - fs/namespace.c

[PATCH 1/5] namespaces: move user_ns into ns_common

. Originally this idea was suggested by James Bottomley. Signed-off-by: Andrey Vagin --- drivers/net/bonding/bond_main.c | 2 +- drivers/net/tun.c | 4 ++-- fs/mount.h | 1 - fs/namespace.c | 14 +++--- fs

[PATCH 5/5] tools/testing: add a test to check nsfs ioctl-s

. Signed-off-by: Andrey Vagin <ava...@openvz.org> --- tools/testing/selftests/Makefile | 1 + tools/testing/selftests/nsfs/Makefile | 12 + tools/testing/selftests/nsfs/owner.c | 91 +++ tools/testing/selftests/nsfs/pidns.c

[PATCH 2/5] kernel: add a helper to get an owning user namespace for a namespace

Return -EPERM if an owning user namespace is outside of a process current user namespace. Signed-off-by: Andrey Vagin <ava...@openvz.org> --- include/linux/user_namespace.h | 7 +++ kernel/user_namespace.c| 24 2 files changed, 31 insertions(+) diff

[PATCH 5/5] tools/testing: add a test to check nsfs ioctl-s

. Signed-off-by: Andrey Vagin --- tools/testing/selftests/Makefile | 1 + tools/testing/selftests/nsfs/Makefile | 12 + tools/testing/selftests/nsfs/owner.c | 91 +++ tools/testing/selftests/nsfs/pidns.c | 74 4 files changed

[PATCH 2/5] kernel: add a helper to get an owning user namespace for a namespace

Return -EPERM if an owning user namespace is outside of a process current user namespace. Signed-off-by: Andrey Vagin --- include/linux/user_namespace.h | 7 +++ kernel/user_namespace.c| 24 2 files changed, 31 insertions(+) diff --git a/include/linux

Re: [PATCH 0/5 RFC] Add an interface to discover relationships between namespaces

Hello, I forgot to add --cc-cover for git send-email, so everyone who is in Cc got only a cover letter. All messages were sent in mail lists. Sorry for inconvenience. On Thu, Jul 14, 2016 at 11:20 AM, Andrey Vagin <ava...@openvz.org> wrote: > Each namespace has an owning user namespac

Re: [PATCH 0/5 RFC] Add an interface to discover relationships between namespaces

Hello, I forgot to add --cc-cover for git send-email, so everyone who is in Cc got only a cover letter. All messages were sent in mail lists. Sorry for inconvenience. On Thu, Jul 14, 2016 at 11:20 AM, Andrey Vagin wrote: > Each namespace has an owning user namespace and now there is not

[PATCH 1/5] namespaces: move user_ns into ns_common

. Originally this idea was suggested by James Bottomley. Signed-off-by: Andrey Vagin <ava...@openvz.org> --- drivers/net/bonding/bond_main.c | 2 +- drivers/net/tun.c | 4 ++-- fs/mount.h | 1 - fs/namespace.c

[PATCH 1/5] namespaces: move user_ns into ns_common

. Originally this idea was suggested by James Bottomley. Signed-off-by: Andrey Vagin --- drivers/net/bonding/bond_main.c | 2 +- drivers/net/tun.c | 4 ++-- fs/mount.h | 1 - fs/namespace.c | 14 +++--- fs

[PATCH 4/5] nsfs: add ioctl to get a parent namespace

Pid and user namepaces are hierarchical. There is no way to discover parent-child relationships. In a future we will use this interface to dump and restore nested namespaces. Signed-off-by: Andrey Vagin <ava...@openvz.org> --- fs/nsfs.c | 4 include/linux/proc_ns.h

[PATCH 5/5] tools/testing: add a test to check nsfs ioctl-s

. Signed-off-by: Andrey Vagin <ava...@openvz.org> --- tools/testing/selftests/Makefile | 1 + tools/testing/selftests/nsfs/Makefile | 12 + tools/testing/selftests/nsfs/owner.c | 91 +++ tools/testing/selftests/nsfs/pidns.c

[PATCH 2/5] kernel: add a helper to get an owning user namespace for a namespace

Return -EPERM if an owning user namespace is outside of a process current user namespace. Signed-off-by: Andrey Vagin <ava...@openvz.org> --- include/linux/user_namespace.h | 7 +++ kernel/user_namespace.c| 24 2 files changed, 31 insertions(+) diff

[PATCH 4/5] nsfs: add ioctl to get a parent namespace

Pid and user namepaces are hierarchical. There is no way to discover parent-child relationships. In a future we will use this interface to dump and restore nested namespaces. Signed-off-by: Andrey Vagin --- fs/nsfs.c | 4 include/linux/proc_ns.h | 1 + include/uapi

[PATCH 5/5] tools/testing: add a test to check nsfs ioctl-s

. Signed-off-by: Andrey Vagin --- tools/testing/selftests/Makefile | 1 + tools/testing/selftests/nsfs/Makefile | 12 + tools/testing/selftests/nsfs/owner.c | 91 +++ tools/testing/selftests/nsfs/pidns.c | 74 4 files changed

[PATCH 2/5] kernel: add a helper to get an owning user namespace for a namespace

Return -EPERM if an owning user namespace is outside of a process current user namespace. Signed-off-by: Andrey Vagin --- include/linux/user_namespace.h | 7 +++ kernel/user_namespace.c| 24 2 files changed, 31 insertions(+) diff --git a/include/linux

[PATCH 3/5] nsfs: add ioctl to get an owning user namespace for ns file descriptor

, Eric W. Biederman proposed to use ioctl-s for this purpose. The NS_GET_USERNS ioctl returns a file descriptor to an owning user namespace. It returns EPERM if a target namespace is outside of a current user namespace. Link: https://lkml.org/lkml/2016/7/6/158 Signed-off-by: Andrey Vagin <

[PATCH 3/5] nsfs: add ioctl to get an owning user namespace for ns file descriptor

, Eric W. Biederman proposed to use ioctl-s for this purpose. The NS_GET_USERNS ioctl returns a file descriptor to an owning user namespace. It returns EPERM if a target namespace is outside of a current user namespace. Link: https://lkml.org/lkml/2016/7/6/158 Signed-off-by: Andrey Vagin --- fs

[PATCH 0/5 RFC] Add an interface to discover relationships between namespaces

Each namespace has an owning user namespace and now there is not way to discover these relationships. Pid and user namepaces are hierarchical. There is no way to discover parent-child relationships too. Why we may want to know relationships between namespaces? One use would be visualization, in

[PATCH 0/5 RFC] Add an interface to discover relationships between namespaces

Each namespace has an owning user namespace and now there is not way to discover these relationships. Pid and user namepaces are hierarchical. There is no way to discover parent-child relationships too. Why we may want to know relationships between namespaces? One use would be visualization, in

Re: [PATCH 1/3] namei: add LOOKUP_DFD_ROOT to use dfd as root

On Fri, Jul 1, 2016 at 5:55 PM, Omar Sandoval <osan...@osandov.com> wrote: > On Tue, Jun 28, 2016 at 10:38:28AM -0700, Andrey Vagin wrote: >> The problem is that a pathname can contain absolute symlinks and now >> they are resolved relative to the current root. >> &

Re: [PATCH 1/3] namei: add LOOKUP_DFD_ROOT to use dfd as root

On Fri, Jul 1, 2016 at 5:55 PM, Omar Sandoval wrote: > On Tue, Jun 28, 2016 at 10:38:28AM -0700, Andrey Vagin wrote: >> The problem is that a pathname can contain absolute symlinks and now >> they are resolved relative to the current root. >> >> If we want to o

[PATCH 1/3 v2] namei: add LOOKUP_DFD_ROOT to use dfd as root

. For this we add this new flag. If LOOKUP_DFD_ROOT is set, path_init() initializes nd->root and nd->path to the same value. Changes since v1: * initialize nd->root_seq (thanks to Omar Sandoval for reporting and fixing this issue) Cc: Omar Sandoval <osan...@osandov.com> Signed-off-b

[PATCH 1/3 v2] namei: add LOOKUP_DFD_ROOT to use dfd as root

. For this we add this new flag. If LOOKUP_DFD_ROOT is set, path_init() initializes nd->root and nd->path to the same value. Changes since v1: * initialize nd->root_seq (thanks to Omar Sandoval for reporting and fixing this issue) Cc: Omar Sandoval Signed-off-by: Andrey Vagin --- f

[PATCH 0/3 v2] fs: allow to use dirfd as root for openat and other *at syscalls

ds" <bfie...@redhat.com> Cc: Miklos Szeredi <mszer...@redhat.com> Cc: NeilBrown <ne...@suse.de> Cc: Shuah Khan <shua...@osg.samsung.com> Signed-off-by: Andrey Vagin <ava...@openvz.org> Andrey Vagin (3): namei: add LOOKUP_DFD_ROOT to use dfd as root fs: al

[PATCH 3/3] selftests: check O_ATROOT and AT_FDROOT flags

Signed-off-by: Andrey Vagin <ava...@openvz.org> --- tools/testing/selftests/Makefile| 1 + tools/testing/selftests/lookup/.gitignore | 1 + tools/testing/selftests/lookup/Makefile | 8 +++ tools/testing/selftests/lookup/lookup_at_root.c | 71

[PATCH 2/3] fs: allow to use dirfd as root for openat and other *at syscalls

and in this case we need these new flags O_ATROOT or AT_FDROOT. If O_ATROOT is set for openat() or AT_FDROOT is set for fstatat, linkat, unlinkat, path_init is executed with the LOOKUP_DFD_ROOT flag. v2: fix a value of O_ATROOT to not intersect with other constans Signed-off-by: Andrey Vagin <

[PATCH 1/3] namei: add LOOKUP_DFD_ROOT to use dfd as root

. For this we add this new flag. If LOOKUP_DFD_ROOT is set, path_init() initializes nd->root and nd->path to the same value. Signed-off-by: Andrey Vagin <ava...@openvz.org> --- fs/namei.c| 12 +++- include/linux/namei.h | 2 ++ 2 files changed, 13 insertions(+), 1 delet

[PATCH 0/3 v2] fs: allow to use dirfd as root for openat and other *at syscalls

o /run. Changes since the first version: - change a value of O_ATROOT to not intersect with other constants. Cc: Alexander Viro Cc: "Eric W. Biederman" Cc: Arnd Bergmann Cc: "J. Bruce Fields" Cc: Miklos Szeredi Cc: NeilBrown Cc: Shuah Khan Signed-off-by: Andrey Vagin

[PATCH 3/3] selftests: check O_ATROOT and AT_FDROOT flags

Signed-off-by: Andrey Vagin --- tools/testing/selftests/Makefile| 1 + tools/testing/selftests/lookup/.gitignore | 1 + tools/testing/selftests/lookup/Makefile | 8 +++ tools/testing/selftests/lookup/lookup_at_root.c | 71 + tools/testing

[PATCH 2/3] fs: allow to use dirfd as root for openat and other *at syscalls

and in this case we need these new flags O_ATROOT or AT_FDROOT. If O_ATROOT is set for openat() or AT_FDROOT is set for fstatat, linkat, unlinkat, path_init is executed with the LOOKUP_DFD_ROOT flag. v2: fix a value of O_ATROOT to not intersect with other constans Signed-off-by: Andrey Vagin

[PATCH 1/3] namei: add LOOKUP_DFD_ROOT to use dfd as root

. For this we add this new flag. If LOOKUP_DFD_ROOT is set, path_init() initializes nd->root and nd->path to the same value. Signed-off-by: Andrey Vagin --- fs/namei.c| 12 +++- include/linux/namei.h | 2 ++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/fs/n

[PATCH] tcp: add an ability to dump and restore window parameters

bove. Cc: Pavel Emelyanov <xe...@parallels.com> Cc: "David S. Miller" <da...@davemloft.net> Cc: Alexey Kuznetsov <kuz...@ms2.inr.ac.ru> Cc: James Morris <jmor...@namei.org> Cc: Hideaki YOSHIFUJI <yoshf...@linux-ipv6.org> Cc: Patrick McHardy <ka..

[PATCH] tcp: add an ability to dump and restore window parameters

bove. Cc: Pavel Emelyanov Cc: "David S. Miller" Cc: Alexey Kuznetsov Cc: James Morris Cc: Hideaki YOSHIFUJI Cc: Patrick McHardy Signed-off-by: Andrey Vagin --- include/uapi/linux/tcp.h | 10 + net/ipv4/tcp.c | 57 +++

[PATCH 0/2] [RFC] fs: allow to use dirfd as root for openat and other *at syscalls

..@zeniv.linux.org.uk> Cc: "Eric W. Biederman" <ebied...@xmission.com> Signed-off-by: Andrey Vagin <ava...@openvz.org> Andrey Vagin (2): namei: add LOOKUP_DFD_ROOT to use dfd as root fs: allow to use dirfd as root for openat and other *at syscalls fs/

[PATCH 0/2] [RFC] fs: allow to use dirfd as root for openat and other *at syscalls

| O_ATROOT); close(dirfd); One more thing is that chroot isn't avaliable for unprivileged users. We met this problem, when we tryed to dump an ubuntu container and failed to resolve /proc/PID/root/var/run/mysqld/mysqld.sock, because /var/run was a symlink to /run. Cc: Alexander Viro Cc

[PATCH 1/2] namei: add LOOKUP_DFD_ROOT to use dfd as root

. For this we add this new flag. Signed-off-by: Andrey Vagin <ava...@openvz.org> --- fs/namei.c| 12 +++- include/linux/namei.h | 2 ++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/fs/namei.c b/fs/namei.c index 70580ab..5f08b69 100644 --- a/fs/namei.c ++

[PATCH 1/2] namei: add LOOKUP_DFD_ROOT to use dfd as root

. For this we add this new flag. Signed-off-by: Andrey Vagin --- fs/namei.c| 12 +++- include/linux/namei.h | 2 ++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/fs/namei.c b/fs/namei.c index 70580ab..5f08b69 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -2148,7

[PATCH 2/2] fs: allow to use dirfd as root for openat and other *at syscalls

namespace and in this case you can use a new flag O_ATROOT or AT_FDROOT. Signed-off-by: Andrey Vagin <ava...@openvz.org> --- fs/exec.c| 4 +++- fs/namei.c | 10 ++ fs/open.c| 6 +- fs/

[PATCH 2/2] fs: allow to use dirfd as root for openat and other *at syscalls

namespace and in this case you can use a new flag O_ATROOT or AT_FDROOT. Signed-off-by: Andrey Vagin --- fs/exec.c| 4 +++- fs/namei.c | 10 ++ fs/open.c| 6 +- fs/stat.c| 4 +++- fs/utimes.c

[PATCH] tcp: extend window to fit all restored unacked data in a send queue

shf...@linux-ipv6.org> Cc: Patrick McHardy <ka...@trash.net> Signed-off-by: Andrey Vagin <ava...@openvz.org> --- net/ipv4/tcp_output.c | 4 1 file changed, 4 insertions(+) diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c index 79a03b8..b36f968 100644 --- a/net/ipv4/tcp_o

[PATCH] tcp: extend window to fit all restored unacked data in a send queue

seq, becuse tcp_sequence() returns false (seq < tp->rcv_nxt). Cc: Pavel Emelyanov Cc: "David S. Miller" Cc: Alexey Kuznetsov Cc: James Morris Cc: Hideaki YOSHIFUJI Cc: Patrick McHardy Signed-off-by: Andrey Vagin --- net/ipv4/tcp_output.c | 4 1 file changed, 4 insertions(+

Re: task_diag: add a new interface to get information about processes

Hi Stephen, On Wed, May 4, 2016 at 1:22 PM, Stephen Hemminger wrote: > I understand how reading /proc or /sys can be a bottleneck, but this > proposed method using a system call is the wrong way to do this. > > Why not use netlink like other systems do which allows a

Re: task_diag: add a new interface to get information about processes

Hi Stephen, On Wed, May 4, 2016 at 1:22 PM, Stephen Hemminger wrote: > I understand how reading /proc or /sys can be a bottleneck, but this > proposed method using a system call is the wrong way to do this. > > Why not use netlink like other systems do which allows a message > based response

[PATCH 03/15] proc: export next_tgid()

It's going to be used in task_diag Signed-off-by: Andrey Vagin <ava...@openvz.org> --- fs/proc/base.c | 6 +- fs/proc/internal.h | 6 ++ 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/fs/proc/base.c b/fs/proc/base.c index 614f1d0..9e5fd1c 100644 --- a/fs/proc/

[PATCH 06/15] task_diag: add a new group to get tasks memory mappings (v2)

as: | struct task_diag_vma | filename | ... Cc: David Ahern <dsah...@gmail.com> Signed-off-by: Andrey Vagin <ava...@openvz.org> --- fs/proc/internal.h | 21 fs/proc/task_diag.c| 279 - fs/proc/task_mmu.c | 18

[PATCH 04/15] task_diag: add a new interface to get information about tasks (v4)

instead of netlink Cc: David Ahern <dsah...@gmail.com> Signed-off-by: Andrey Vagin <ava...@openvz.org> --- fs/proc/Kconfig| 13 ++ fs/proc/Makefile | 3 + fs/proc/task_diag.c| 424 + include/uapi/linux

[PATCH 03/15] proc: export next_tgid()

It's going to be used in task_diag Signed-off-by: Andrey Vagin --- fs/proc/base.c | 6 +- fs/proc/internal.h | 6 ++ 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/fs/proc/base.c b/fs/proc/base.c index 614f1d0..9e5fd1c 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c

[PATCH 06/15] task_diag: add a new group to get tasks memory mappings (v2)

as: | struct task_diag_vma | filename | ... Cc: David Ahern Signed-off-by: Andrey Vagin --- fs/proc/internal.h | 21 fs/proc/task_diag.c| 279 - fs/proc/task_mmu.c | 18 +-- include/uapi/linux/task_diag.h | 85

[PATCH 04/15] task_diag: add a new interface to get information about tasks (v4)

instead of netlink Cc: David Ahern Signed-off-by: Andrey Vagin --- fs/proc/Kconfig| 13 ++ fs/proc/Makefile | 3 + fs/proc/task_diag.c| 424 + include/uapi/linux/task_diag.h | 66 +++ 4 files changed, 506

[PATCH 01/15] proc: pick out a function to iterate task children

This function will be used in task_diag. Signed-off-by: Andrey Vagin <ava...@openvz.org> --- fs/proc/array.c| 53 + fs/proc/internal.h | 3 +++ 2 files changed, 36 insertions(+), 20 deletions(-) diff --git a/fs/proc/array.c b/f

[PATCH 01/15] proc: pick out a function to iterate task children

This function will be used in task_diag. Signed-off-by: Andrey Vagin --- fs/proc/array.c| 53 + fs/proc/internal.h | 3 +++ 2 files changed, 36 insertions(+), 20 deletions(-) diff --git a/fs/proc/array.c b/fs/proc/array.c index b6c00ce

  1   2   3   4   5   >