On 3/8/24 08:55, Julian Anastasov wrote:
>
> Hello,
>
> On Thu, 7 Mar 2024, Michael Weiß wrote:
>
>> Configuring ipvs in a non-initial user namespace using the genl
>> netlink interface, e.g., by 'ipvsadm' is currently resulting in an
>> '-EPERM'. This is
/netfilter/ipvs.sh' using
preliminary created network namespaces from unprivileged GyroidOS
containers.
Signed-off-by: Michael Weiß
---
net/netfilter/ipvs/ip_vs_ctl.c | 36 +-
1 file changed, 18 insertions(+), 18 deletions(-)
diff --git a/net/netfilter/ipvs/ip_
'ima-modsig' was not in the list of selectable templates in Kconfig.
The missing Kconfig options were added to support the ima-modsig
template as default template.
Signed-off-by: Michael Weiß
---
security/integrity/ima/Kconfig | 3 +++
1 file changed, 3 insertions(+)
diff --git a/security
This fixes a minor typo introduced by commit 3442841d:
"docs: ABI: testing: make the files compatible with ReST output"
Signed-off-by: Michael Weiß
---
Documentation/ABI/testing/ima_policy | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Documentation/A
to the timens offset, the
offset of the time namespace also needs to be applied before the
process stats are given to userspace.
This avoids that processes shown, e.g., by 'ps' appear as time
travelers in the corresponding time namespace.
Signed-off-by: Michael Weiß
Reviewed-by: Andrei Vagin
coder readability/consistency.
v3 Changes:
leave getboottime64() unchanged and shift the boot timestamp in
'fs/proc/stat.c' as result of the discussion with Andrei and Thomas.
v2 Changes:
Fixed compile errors with TIME_NS not set in config
Michael Weiß (3):
timens: additional helper functions
Test that btime value of /proc/stat is as expected in the time namespace
using a simple parser to get btime from /proc/stat.
Signed-off-by: Michael Weiß
Reviewed-by: Andrei Vagin
Acked-by: Thomas Gleixner
---
tools/testing/selftests/timens/procfs.c | 58 -
1 file
Provide functions for time_namespace to subtract the boottime offset
from a timespec64 as well as to apply the boottime offset to u64 types in
nanoseconds.
Signed-off-by: Michael Weiß
Reviewed-by: Andrei Vagin
Acked-by: Thomas Gleixner
---
include/linux/time_namespace.h | 22
Thomas,
On 26.10.20 11:28, Thomas Gleixner wrote:
> On Mon, Oct 19 2020 at 21:52, Michael Weiß wrote:
>
>> '/proc/stat' provides the field 'btime' which states the time stamp of
>> system boot in seconds. In case of time namespaces, the offset to the
>> boot time stamp
to the timens offset, the
offset of the time namespace also needs to be applied before the
process stats are given to userspace.
This avoids that processes shown, e.g., by 'ps' appear as time
travelers in the corresponding time namespace.
Signed-off-by: Michael Weiß
---
fs/proc/array.c | 6
Provide functions for time_namespace to subtract the boottime offset
from a timespec64 as well as to apply the boottime offset to u64 types in
nanoseconds.
Signed-off-by: Michael Weiß
---
include/linux/time_namespace.h | 22 ++
1 file changed, 22 insertions(+)
diff --git
of the discussion with Andrei and Thomas.
v2 Changes:
Fixed compile errors with TIME_NS not set in config
Michael Weiß (3):
timens: additional helper functions for boottime offset handling
fs/proc: apply the time namespace offset to /proc/stat btime
selftests/timens: added selftest
Test that btime value of /proc/stat is as expected in the time namespace
using a simple parser to get btime from /proc/stat.
Signed-off-by: Michael Weiß
---
tools/testing/selftests/timens/procfs.c | 58 -
1 file changed, 57 insertions(+), 1 deletion(-)
diff --git
On 15.10.20 09:53, Andrei Vagin wrote:
> On Sun, Oct 11, 2020 at 04:59:23PM +0200, Michael Weiß wrote:
>> @@ -79,6 +80,20 @@ static u64 get_iowait_time(struct kernel_cpustat *kcs,
>> int cpu)
>>
>> #endif
>>
>> +static void get_boottime(struct t
getboottime64() unchanged and shift the boot timestamp in
'fs/proc/stat.c' as result of the discussion with Andrei and Thomas.
v2 Changes:
Fixed compile errors with TIME_NS not set in config
Reported-by: kernel test robot
Michael Weiß (3):
timens: additional helper function to add boottime in nsec
fs
Provide a helper function to apply the boottime offset to u64 types
in nanoseconds.
Signed-off-by: Michael Weiß
---
include/linux/time_namespace.h | 13 +
1 file changed, 13 insertions(+)
diff --git a/include/linux/time_namespace.h b/include/linux/time_namespace.h
index
Test that btime value of /proc/stat is as expected in the time namespace
using a simple parser to get btime from /proc/stat.
Signed-off-by: Michael Weiß
---
tools/testing/selftests/timens/procfs.c | 58 -
1 file changed, 57 insertions(+), 1 deletion(-)
diff --git
to the timens offset, the
offset of the time namespace also needs to be applied before the
process stats are given to userspace.
This avoids that processes shown, e.g., by 'ps' appear as time
travelers in the corresponding time namespace.
Signed-off-by: Michael Weiß
---
fs/proc/array.c | 6
On 10.10.20 09:19, Andrei Vagin wrote:
> On Fri, Oct 09, 2020 at 03:28:15PM +0200, Christian Brauner wrote:
>> On Thu, Oct 08, 2020 at 07:39:42AM +0200, Michael Weiß wrote:
>>> getboottime64() provides the time stamp of system boot. In case of
>>> time namespaces,
Test that btime value of /proc/stat is as expected in the time namespace
using a simple parser to get btime from /proc/stat.
Signed-off-by: Michael Weiß
---
tools/testing/selftests/timens/procfs.c | 58 -
1 file changed, 57 insertions(+), 1 deletion(-)
diff --git
to virtualize boottime of a container, this leaks
information about the host system boot time.
Therefore, we make getboottime64() to respect the time namespace offset
for boottime by subtracting the boottime offset.
Signed-off-by: Michael Weiß
---
kernel/time/timekeeping.c | 3 +++
1 file changed, 3
Provide a helper function to apply the boottime offset to u64 types
in nanoseconds.
Signed-off-by: Michael Weiß
---
include/linux/time_namespace.h | 13 +
1 file changed, 13 insertions(+)
diff --git a/include/linux/time_namespace.h b/include/linux/time_namespace.h
index
as time
travelers in the corresponding time namespace.
Signed-off-by: Michael Weiß
---
fs/proc/array.c | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/fs/proc/array.c b/fs/proc/array.c
index 65ec2029fa80..277f654f289e 100644
--- a/fs/proc/array.c
+++ b/fs/proc/array.c
errors with TIME_NS not set in config
Reported-by: kernel test robot
Michael Weiß (4):
timens: additional helper function to add boottime in nsec
time: make getboottime64 aware of time namespace
fs/proc: apply timens offset for start_boottime of processes
selftests/timens: added selftest
Test that btime value of /proc/stat is as expected in the time namespace
using a simple parser to get btime from /proc/stat.
Signed-off-by: Michael Weiß
---
tools/testing/selftests/timens/procfs.c | 58 -
1 file changed, 57 insertions(+), 1 deletion(-)
diff --git
to virtualize boottime of a container, this leaks
information about the host system boot time.
Therefore, we make getboottime64() to respect the time namespace offset
for boottime by subtracting the boottime offset.
Signed-off-by: Michael Weiß
---
kernel/time/timekeeping.c | 3 +++
1 file changed, 3
namespace.
(A selftest to check the expected /proc/stat 'btime' inside the
namespace is provided.)
Further, to avoid to show processes as time travelers inside of the
time namespace the boottime offset then needs to be added to the
start_bootime provided by the task_struct.
Michael Weiß (4):
timens
as time
travelers in the corresponding time namespace.
Signed-off-by: Michael Weiß
---
fs/proc/array.c | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/fs/proc/array.c b/fs/proc/array.c
index 65ec2029fa80..277f654f289e 100644
--- a/fs/proc/array.c
+++ b/fs/proc/array.c
Provide a helper function to apply the boottime offset to u64 types
in nanoseconds.
Signed-off-by: Michael Weiß
---
include/linux/time_namespace.h | 7 +++
1 file changed, 7 insertions(+)
diff --git a/include/linux/time_namespace.h b/include/linux/time_namespace.h
index 5b6031385db0
29 matches
Mail list logo
