Quoting Nikolay Borisov (n.borisov.l...@gmail.com):
> This patch changes the export attributes of the init_user_ns from
> GPL-only to any modules. This needed so that non-gpl modules, such as
> ZFS, utilize functions like i_(uid|gid)_(read|write).
>
> Signed-off-by: Nikolay Borisov
Quoting Nikolay Borisov (n.borisov.l...@gmail.com):
> This patch changes the export attributes of the init_user_ns from
> GPL-only to any modules. This needed so that non-gpl modules, such as
> ZFS, utilize functions like i_(uid|gid)_(read|write).
>
> Signed-off-by: Nikolay Borisov
Seems
Hey James,
I probably did something wrong - but i applied your patch onto 4.6,
compiled in shiftfs, did
mount -t shiftfs -o uidmap=0:10:65536,gidmap=0:10:65536 /home/ubuntu
/mnt
and ls segfaults and gives me kernel syslog msgs like:
[ 1089.744726] ===
[
Hey James,
I probably did something wrong - but i applied your patch onto 4.6,
compiled in shiftfs, did
mount -t shiftfs -o uidmap=0:10:65536,gidmap=0:10:65536 /home/ubuntu
/mnt
and ls segfaults and gives me kernel syslog msgs like:
[ 1089.744726] ===
[
Quoting Djalal Harouni (tix...@gmail.com):
> Hi,
>
> On Wed, May 04, 2016 at 11:30:09PM +0000, Serge Hallyn wrote:
> > Quoting Djalal Harouni (tix...@gmail.com):
> > > This is version 2 of the VFS:userns support portable root filesystems
> > > RFC. Changes since
Quoting Djalal Harouni (tix...@gmail.com):
> Hi,
>
> On Wed, May 04, 2016 at 11:30:09PM +0000, Serge Hallyn wrote:
> > Quoting Djalal Harouni (tix...@gmail.com):
> > > This is version 2 of the VFS:userns support portable root filesystems
> > > RFC. Changes since
Quoting Tyler Hicks (tyhi...@canonical.com):
> The capability check should not be audited since it is only being used
> to determine the inode permissions. A failed check does not indicate a
> violation of security policy but, when an LSM is enabled, a denial audit
> message was being generated.
>
Quoting Tyler Hicks (tyhi...@canonical.com):
> The capability check should not be audited since it is only being used
> to determine the inode permissions. A failed check does not indicate a
> violation of security policy but, when an LSM is enabled, a denial audit
> message was being generated.
>
Quoting Tyler Hicks (tyhi...@canonical.com):
> When checking the current cred for a capability in a specific user
> namespace, it isn't always desirable to have the LSMs audit the check.
> This patch adds a noaudit variant of ns_capable() for when those
> situations arise.
>
> The common logic
Quoting Tyler Hicks (tyhi...@canonical.com):
> When checking the current cred for a capability in a specific user
> namespace, it isn't always desirable to have the LSMs audit the check.
> This patch adds a noaudit variant of ns_capable() for when those
> situations arise.
>
> The common logic
Quoting Djalal Harouni (tix...@gmail.com):
> This is version 2 of the VFS:userns support portable root filesystems
> RFC. Changes since version 1:
>
> * Update documentation and remove some ambiguity about the feature.
> Based on Josh Triplett comments.
> * Use a new email address to send the
Quoting Djalal Harouni (tix...@gmail.com):
> This is version 2 of the VFS:userns support portable root filesystems
> RFC. Changes since version 1:
>
> * Update documentation and remove some ambiguity about the feature.
> Based on Josh Triplett comments.
> * Use a new email address to send the
Quoting Djalal Harouni (tix...@gmail.com):
> If a process gets access to a mount from a different user
> namespace, that process should not be able to take advantage of
> setuid files or selinux entrypoints from that filesystem. Prevent
> this by treating mounts from other mount namespaces and
Quoting Djalal Harouni (tix...@gmail.com):
> If a process gets access to a mount from a different user
> namespace, that process should not be able to take advantage of
> setuid files or selinux entrypoints from that filesystem. Prevent
> this by treating mounts from other mount namespaces and
Hi,
I've sent a few patches and emails over the past months about supporting
file capabilities in user namespace confined containers. A few of the
requirements as I see them are:
1. Root in a user namespace should be able to set file capabilities on a binary
for use by any user mapped into his
Hi,
I've sent a few patches and emails over the past months about supporting
file capabilities in user namespace confined containers. A few of the
requirements as I see them are:
1. Root in a user namespace should be able to set file capabilities on a binary
for use by any user mapped into his
From: Serge Hallyn <serge.hal...@ubuntu.com>
This can only be set by root in his own namespace, and will
only be respected by namespaces with that same root kuid
mapped as root, or namespaces descended from it.
This allows a simple setxattr to work, allows tar/untar to
work, and allows us
From: Serge Hallyn
This can only be set by root in his own namespace, and will
only be respected by namespaces with that same root kuid
mapped as root, or namespaces descended from it.
This allows a simple setxattr to work, allows tar/untar to
work, and allows us to tar in one namespace
From: Serge Hallyn <serge.hal...@ubuntu.com>
When showing a cgroupfs entry in mountinfo, show the
path of the mount root dentry relative to the reader's
cgroup namespace root.
Signed-off-by: Serge Hallyn <serge.hal...@ubuntu.com>
---
fs/kernfs/mount.c | 14 ++
i
From: Serge Hallyn
When showing a cgroupfs entry in mountinfo, show the
path of the mount root dentry relative to the reader's
cgroup namespace root.
Signed-off-by: Serge Hallyn
---
fs/kernfs/mount.c | 14 ++
include/linux/kernfs.h | 2 ++
kernel/cgroup.c| 35
With the current cgroup namespace patches, the root dentry path of a
mount as shown in /proc/self/mountinfo is the full global cgroup
path. It is common for userspace to use /proc/self/mountinfo to
search for cgroup mountpoints, and expect the root dentry path to
relate to the cgroup paths in
From: Serge Hallyn <serge.hal...@ubuntu.com>
We've calculated @len to be the bytes we need for '/..' entries from
@kn_from to the common ancestor, and calculated @nlen to be the extra
bytes we need to get from the common ancestor to @kn_to. We use them
as such at the end. But in th
With the current cgroup namespace patches, the root dentry path of a
mount as shown in /proc/self/mountinfo is the full global cgroup
path. It is common for userspace to use /proc/self/mountinfo to
search for cgroup mountpoints, and expect the root dentry path to
relate to the cgroup paths in
From: Serge Hallyn
We've calculated @len to be the bytes we need for '/..' entries from
@kn_from to the common ancestor, and calculated @nlen to be the extra
bytes we need to get from the common ancestor to @kn_to. We use them
as such at the end. But in the loop copying the actual entries, we
Quoting Kees Cook (keesc...@chromium.org):
> This section of code initially looks redundant, but is required. This
> improves the comment to explain more clearly why the reset is needed.
>
> Signed-off-by: Kees Cook
Thanks, Kees.
Acked-by: Serge E. Hallyn
Quoting Kees Cook (keesc...@chromium.org):
> This section of code initially looks redundant, but is required. This
> improves the comment to explain more clearly why the reset is needed.
>
> Signed-off-by: Kees Cook
Thanks, Kees.
Acked-by: Serge E. Hallyn
> ---
> fs/exec.c | 7 ++-
> 1
Quoting Andy Lutomirski (l...@kernel.org):
> We used to have ptmx be owned by the inner uid and gid 0. Change
> this: if the owner and group are both mapped but are not both 0,
> then use the owner instead.
>
> For container-style namespaces (LXC, etc), this should have no
> effect -- UID 0 is
Quoting Andy Lutomirski (l...@kernel.org):
> We used to have ptmx be owned by the inner uid and gid 0. Change
> this: if the owner and group are both mapped but are not both 0,
> then use the owner instead.
>
> For container-style namespaces (LXC, etc), this should have no
> effect -- UID 0 is
Quoting Eric W. Biederman (ebied...@xmission.com):
> Seth Forshee writes:
>
> > Some full-OS container software bind mounts debugfs into containers to
> > satisfy the assumptions of older userspaces which expect to be able to
> > mount debugfs. This regressed in 4.1
Quoting Eric W. Biederman (ebied...@xmission.com):
> Seth Forshee writes:
>
> > Some full-OS container software bind mounts debugfs into containers to
> > satisfy the assumptions of older userspaces which expect to be able to
> > mount debugfs. This regressed in 4.1 due to the addition of
Quoting Alban Crequy (alban.cre...@gmail.com):
> Hi,
>
> On 29 January 2016 at 09:54, wrote:
> > Hi,
> >
> > following is a revised set of the CGroup Namespace patchset which Aditya
> > Kali has previously sent. The code can also be found in the cgroupns.v10
> > branch
Quoting Alban Crequy (alban.cre...@gmail.com):
> Hi,
>
> On 29 January 2016 at 09:54, wrote:
> > Hi,
> >
> > following is a revised set of the CGroup Namespace patchset which Aditya
> > Kali has previously sent. The code can also be found in the cgroupns.v10
> > branch of
> >
> >
Quoting Tycho Andersen (tycho.ander...@canonical.com):
> Operations with the GENL_ADMIN_PERM flag fail permissions checks because
> this flag means we call netlink_capable, which uses the init user ns.
>
> Instead, let's introduce a new flag, GENL_UNS_ADMIN_PERM for operations
> which should be
Quoting Tycho Andersen (tycho.ander...@canonical.com):
> Operations with the GENL_ADMIN_PERM flag fail permissions checks because
> this flag means we call netlink_capable, which uses the init user ns.
>
> Instead, let's introduce a new flag, GENL_UNS_ADMIN_PERM for operations
> which should be
-tools
(like libcontainer, lxc, lmctfy, etc.) to create completely virtualized
containers without leaking system level cgroup hierarchy to the task.
This patch only implements the 'unshare' part of the cgroupns.
Signed-off-by: Aditya Kali
Signed-off-by: Serge Hallyn
---
Changelog: 2015-11-24
() while creating new cgroupns
- use task_lock() instead of rcu_read_lock() while accessing
task->nsproxy
- optimized setns() to own cgroupns
- simplified code around sane-behavior mount option parsing
4. Restored ACKs from Serge Hallyn from v1 on few patches that have
not chan
From: Aditya Kali
The new function kernfs_path_from_node() generates and returns kernfs
path of a given kernfs_node relative to a given parent kernfs_node.
Signed-off-by: Aditya Kali
Signed-off-by: Serge E. Hallyn
Acked-by: Greg Kroah-Hartman
---
Changelog 20151125:
- Fully-wing
From: Serge Hallyn
Signed-off-by: Aditya Kali
Signed-off-by: Serge Hallyn
Signed-off-by: Tejun Heo
---
Changelog (2015-12-08):
Merge into Documentation/cgroup.txt
Changelog (2015-12-22):
Reformat to try to follow the style of the rest of the cgroup.txt file.
Changelog (2015-12-22):
tj
From: Serge Hallyn
This patch enables cgroup mounting inside userns when a process
as appropriate privileges. The cgroup filesystem mounted is
rooted at the cgroupns-root. Thus, in a container-setup, only
the hierarchy under the cgroupns-root is exposed inside the container.
This allows
From: Serge Hallyn
allowing root in a non-init user namespace to mount it. This should
now be safe, because
1. non-init-root cannot mount a previously unbound subsystem
2. the task doing the mount must be privileged with respect to the
user namespace owning the cgroup namespace
3
From: Aditya Kali
CLONE_NEWCGROUP will be used to create new cgroup namespace.
Signed-off-by: Aditya Kali
Signed-off-by: Serge Hallyn
---
include/uapi/linux/sched.h |3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/include/uapi/linux/sched.h b/include/uapi/linux
From: Aditya Kali
Add a new kernfs api is added to lookup the dentry for a particular
kernfs path.
Signed-off-by: Aditya Kali
Signed-off-by: Serge E. Hallyn
Acked-by: Greg Kroah-Hartman
---
Changelog:
20151116 - Don't allow user namespaces to bind new subsystems
20151118 -
From: Aditya Kali
setns on a cgroup namespace is allowed only if
task has CAP_SYS_ADMIN in its current user-namespace and
over the user-namespace associated with target cgroupns.
No implicit cgroup changes happen with attaching to another
cgroupns. It is expected that the somone moves the
From: Aditya Kali
setns on a cgroup namespace is allowed only if
task has CAP_SYS_ADMIN in its current user-namespace and
over the user-namespace associated with target cgroupns.
No implicit cgroup changes happen with attaching to another
cgroupns. It is expected that the
;
Signed-off-by: Serge Hallyn <serge.hal...@canonical.com>
---
Changelog: 2015-11-24
- move cgroup_namespace.c into cgroup.c (and .h)
- reformatting
- make get_cgroup_ns return void
- rename ns->root_cgrps to root_cset.
Changelog: 2015-12-08
- Move in
() while creating new cgroupns
- use task_lock() instead of rcu_read_lock() while accessing
task->nsproxy
- optimized setns() to own cgroupns
- simplified code around sane-behavior mount option parsing
4. Restored ACKs from Serge Hallyn from v1 on few patches that have
not chan
From: Aditya Kali
The new function kernfs_path_from_node() generates and returns kernfs
path of a given kernfs_node relative to a given parent kernfs_node.
Signed-off-by: Aditya Kali
Signed-off-by: Serge E. Hallyn
From: Serge Hallyn <serge.hal...@ubuntu.com>
This patch enables cgroup mounting inside userns when a process
as appropriate privileges. The cgroup filesystem mounted is
rooted at the cgroupns-root. Thus, in a container-setup, only
the hierarchy under the cgroupns-root is exposed
From: Serge Hallyn <serge.hal...@ubuntu.com>
Signed-off-by: Aditya Kali <adityak...@google.com>
Signed-off-by: Serge Hallyn <serge.hal...@canonical.com>
Signed-off-by: Tejun Heo <t...@kernel.org>
---
Changelog (2015-12-08):
Merge into Documentation/cgroup.txt
Changelog
From: Serge Hallyn <serge.hal...@ubuntu.com>
allowing root in a non-init user namespace to mount it. This should
now be safe, because
1. non-init-root cannot mount a previously unbound subsystem
2. the task doing the mount must be privileged with respect to the
user namespace
From: Aditya Kali <adityak...@google.com>
CLONE_NEWCGROUP will be used to create new cgroup namespace.
Signed-off-by: Aditya Kali <adityak...@google.com>
Signed-off-by: Serge Hallyn <serge.hal...@canonical.com>
---
include/uapi/linux/sched.h |3 +--
1 file changed,
From: Aditya Kali
Add a new kernfs api is added to lookup the dentry for a particular
kernfs path.
Signed-off-by: Aditya Kali
Signed-off-by: Serge E. Hallyn
Acked-by: Greg Kroah-Hartman
---
Quoting Josh Boyer (jwbo...@fedoraproject.org):
> On Tue, Jan 26, 2016 at 9:46 AM, Austin S. Hemmelgarn
> wrote:
> > On 2016-01-26 09:38, Josh Boyer wrote:
> >>
> >> On Mon, Jan 25, 2016 at 11:57 PM, Eric W. Biederman
> >> wrote:
> >>>
> >>> Kees Cook writes:
> >>>
> On Mon, Jan 25, 2016
Quoting Josh Boyer (jwbo...@fedoraproject.org):
> On Mon, Jan 25, 2016 at 11:57 PM, Eric W. Biederman
> wrote:
> > Kees Cook writes:
> >
> >> On Mon, Jan 25, 2016 at 11:33 AM, Eric W. Biederman
> >> wrote:
> >>> Kees Cook writes:
>
> Well, I don't know about less weird, but it would
Quoting Josh Boyer (jwbo...@fedoraproject.org):
> On Mon, Jan 25, 2016 at 11:57 PM, Eric W. Biederman
> wrote:
> > Kees Cook writes:
> >
> >> On Mon, Jan 25, 2016 at 11:33 AM, Eric W. Biederman
> >> wrote:
> >>> Kees Cook
Quoting Josh Boyer (jwbo...@fedoraproject.org):
> On Tue, Jan 26, 2016 at 9:46 AM, Austin S. Hemmelgarn
> wrote:
> > On 2016-01-26 09:38, Josh Boyer wrote:
> >>
> >> On Mon, Jan 25, 2016 at 11:57 PM, Eric W. Biederman
> >> wrote:
> >>>
> >>> Kees Cook
Quoting Kees Cook (keesc...@chromium.org):
> On Fri, Jan 22, 2016 at 7:02 PM, Eric W. Biederman
> > So I have concerns about both efficacy and usability with the proposed
> > sysctl.
>
> Two distros already have this sysctl because it was so strongly
> requested by their users. This needs to be
Quoting Kees Cook (keesc...@chromium.org):
> On Fri, Jan 22, 2016 at 7:02 PM, Eric W. Biederman
> > So I have concerns about both efficacy and usability with the proposed
> > sysctl.
>
> Two distros already have this sysctl because it was so strongly
> requested by their users. This needs to be
Quoting Kees Cook (keesc...@chromium.org):
> On Fri, Jan 22, 2016 at 2:55 PM, Robert Święcki wrote:
> > 2016-01-22 23:50 GMT+01:00 Kees Cook :
> >
> >>> Seems that Debian and some older Ubuntu versions are already using
> >>>
> >>> $ sysctl -a | grep usern
> >>> kernel.unprivileged_userns_clone =
Quoting Kees Cook (keesc...@chromium.org):
> On Fri, Jan 22, 2016 at 2:55 PM, Robert Święcki wrote:
> > 2016-01-22 23:50 GMT+01:00 Kees Cook :
> >
> >>> Seems that Debian and some older Ubuntu versions are already using
> >>>
> >>> $ sysctl -a | grep usern
> >>> kernel.unprivileged_userns_clone =
Quoting Kees Cook (keesc...@chromium.org):
> On Fri, Jan 22, 2016 at 2:55 PM, Robert Święcki wrote:
> > 2016-01-22 23:50 GMT+01:00 Kees Cook :
> >
> >>> Seems that Debian and some older Ubuntu versions are already using
> >>>
> >>> $ sysctl -a | grep
Quoting Kees Cook (keesc...@chromium.org):
> On Fri, Jan 22, 2016 at 2:55 PM, Robert Święcki wrote:
> > 2016-01-22 23:50 GMT+01:00 Kees Cook :
> >
> >>> Seems that Debian and some older Ubuntu versions are already using
> >>>
> >>> $ sysctl -a | grep
From: Aditya Kali
The new function kernfs_path_from_node() generates and returns kernfs
path of a given kernfs_node relative to a given parent kernfs_node.
Signed-off-by: Aditya Kali
Signed-off-by: Serge E. Hallyn
Acked-by: Greg Kroah-Hartman
---
Changelog 20151125:
- Fully-wing
of rcu_read_lock() while accessing
task->nsproxy
- optimized setns() to own cgroupns
- simplified code around sane-behavior mount option parsing
4. Restored ACKs from Serge Hallyn from v1 on few patches that have
not changed since then.
Changes from V1:
1. No pinning of processes within cgrou
From: Serge Hallyn
This patch enables cgroup mounting inside userns when a process
as appropriate privileges. The cgroup filesystem mounted is
rooted at the cgroupns-root. Thus, in a container-setup, only
the hierarchy under the cgroupns-root is exposed inside the container.
This allows
From: Serge Hallyn
allowing root in a non-init user namespace to mount it. This should
now be safe, because
1. non-init-root cannot mount a previously unbound subsystem
2. the task doing the mount must be privileged with respect to the
user namespace owning the cgroup namespace
3
From: Serge Hallyn
Signed-off-by: Aditya Kali
Signed-off-by: Serge Hallyn
Signed-off-by: Tejun Heo
---
Changelog (2015-12-08):
Merge into Documentation/cgroup.txt
Changelog (2015-12-22):
Reformat to try to follow the style of the rest of the cgroup.txt file.
Changelog (2015-12-22):
tj
From: Aditya Kali
Add a new kernfs api is added to lookup the dentry for a particular
kernfs path.
Signed-off-by: Aditya Kali
Signed-off-by: Serge E. Hallyn
Acked-by: Greg Kroah-Hartman
---
Changelog:
20151116 - Don't allow user namespaces to bind new subsystems
20151118 -
From: Aditya Kali
setns on a cgroup namespace is allowed only if
task has CAP_SYS_ADMIN in its current user-namespace and
over the user-namespace associated with target cgroupns.
No implicit cgroup changes happen with attaching to another
cgroupns. It is expected that the somone moves the
-tools
(like libcontainer, lxc, lmctfy, etc.) to create completely virtualized
containers without leaking system level cgroup hierarchy to the task.
This patch only implements the 'unshare' part of the cgroupns.
Signed-off-by: Aditya Kali
Signed-off-by: Serge Hallyn
---
Changelog: 2015-11-24
From: Aditya Kali
CLONE_NEWCGROUP will be used to create new cgroup namespace.
Signed-off-by: Aditya Kali
Signed-off-by: Serge Hallyn
---
include/uapi/linux/sched.h |3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/include/uapi/linux/sched.h b/include/uapi/linux
From: Aditya Kali
setns on a cgroup namespace is allowed only if
task has CAP_SYS_ADMIN in its current user-namespace and
over the user-namespace associated with target cgroupns.
No implicit cgroup changes happen with attaching to another
cgroupns. It is expected that the
;
Signed-off-by: Serge Hallyn <serge.hal...@canonical.com>
---
Changelog: 2015-11-24
- move cgroup_namespace.c into cgroup.c (and .h)
- reformatting
- make get_cgroup_ns return void
- rename ns->root_cgrps to root_cset.
Changelog: 2015-12-08
- Move in
From: Aditya Kali <adityak...@google.com>
CLONE_NEWCGROUP will be used to create new cgroup namespace.
Signed-off-by: Aditya Kali <adityak...@google.com>
Signed-off-by: Serge Hallyn <serge.hal...@canonical.com>
---
include/uapi/linux/sched.h |3 +--
1 file changed,
From: Aditya Kali
Add a new kernfs api is added to lookup the dentry for a particular
kernfs path.
Signed-off-by: Aditya Kali
Signed-off-by: Serge E. Hallyn
Acked-by: Greg Kroah-Hartman
---
From: Serge Hallyn <serge.hal...@ubuntu.com>
This patch enables cgroup mounting inside userns when a process
as appropriate privileges. The cgroup filesystem mounted is
rooted at the cgroupns-root. Thus, in a container-setup, only
the hierarchy under the cgroupns-root is exposed
From: Serge Hallyn <serge.hal...@ubuntu.com>
allowing root in a non-init user namespace to mount it. This should
now be safe, because
1. non-init-root cannot mount a previously unbound subsystem
2. the task doing the mount must be privileged with respect to the
user namespace
From: Serge Hallyn <serge.hal...@ubuntu.com>
Signed-off-by: Aditya Kali <adityak...@google.com>
Signed-off-by: Serge Hallyn <serge.hal...@canonical.com>
Signed-off-by: Tejun Heo <t...@kernel.org>
---
Changelog (2015-12-08):
Merge into Documentation/cgroup.txt
Changelog
From: Aditya Kali
The new function kernfs_path_from_node() generates and returns kernfs
path of a given kernfs_node relative to a given parent kernfs_node.
Signed-off-by: Aditya Kali
Signed-off-by: Serge E. Hallyn
of rcu_read_lock() while accessing
task->nsproxy
- optimized setns() to own cgroupns
- simplified code around sane-behavior mount option parsing
4. Restored ACKs from Serge Hallyn from v1 on few patches that have
not changed since then.
Changes from V1:
1. No pinning of processes within cgrou
On Mon Dec 28 2015 09:47:35 AM PST, Tejun Heo wrote:
> Hello,
>
> I did some heavy editing of the documentation. How does this look?
Thanks Tejun, just three things (which come from my version):
> Did I miss anything?
>
> Thanks.
> ---
> Documentation/cgroup.txt | 146
>
On Mon Dec 28 2015 09:47:35 AM PST, Tejun Heo wrote:
> Hello,
>
> I did some heavy editing of the documentation. How does this look?
Thanks Tejun, just three things (which come from my version):
> Did I miss anything?
>
> Thanks.
> ---
> Documentation/cgroup.txt |
-tools
(like libcontainer, lxc, lmctfy, etc.) to create completely virtualized
containers without leaking system level cgroup hierarchy to the task.
This patch only implements the 'unshare' part of the cgroupns.
Signed-off-by: Aditya Kali
Signed-off-by: Serge Hallyn
---
Changelog: 2015-11-24
From: Aditya Kali
The new function kernfs_path_from_node() generates and returns kernfs
path of a given kernfs_node relative to a given parent kernfs_node.
Signed-off-by: Aditya Kali
Signed-off-by: Serge E. Hallyn
---
Changelog 20151125:
- Fully-wing multilinecomments
- Rework
From: Serge Hallyn
This patch enables cgroup mounting inside userns when a process
as appropriate privileges. The cgroup filesystem mounted is
rooted at the cgroupns-root. Thus, in a container-setup, only
the hierarchy under the cgroupns-root is exposed inside the container.
This allows
From: Serge Hallyn
allowing root in a non-init user namespace to mount it. This should
now be safe, because
1. non-init-root cannot mount a previously unbound subsystem
2. the task doing the mount must be privileged with respect to the
user namespace owning the cgroup namespace
3
From: Aditya Kali
Add a new kernfs api is added to lookup the dentry for a particular
kernfs path.
Signed-off-by: Aditya Kali
Signed-off-by: Serge E. Hallyn
---
Changelog:
20151116 - Don't allow user namespaces to bind new subsystems
20151118 - postpone the FS_USERNS_MOUNT
From: Aditya Kali
Signed-off-by: Aditya Kali
Signed-off-by: Serge Hallyn
---
Changelog (2015-12-08):
Merge into Documentation/cgroup.txt
Changelog (2015-12-22):
Reformat to try to follow the style of the rest of the cgroup.txt file.
Signed-off-by: Serge Hallyn
---
Documentation
From: Aditya Kali
setns on a cgroup namespace is allowed only if
task has CAP_SYS_ADMIN in its current user-namespace and
over the user-namespace associated with target cgroupns.
No implicit cgroup changes happen with attaching to another
cgroupns. It is expected that the somone moves the
From: Aditya Kali
CLONE_NEWCGROUP will be used to create new cgroup namespace.
Signed-off-by: Aditya Kali
Signed-off-by: Serge Hallyn
---
include/uapi/linux/sched.h |3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/include/uapi/linux/sched.h b/include/uapi/linux
oxy
- optimized setns() to own cgroupns
- simplified code around sane-behavior mount option parsing
4. Restored ACKs from Serge Hallyn from v1 on few patches that have
not changed since then.
Changes from V1:
1. No pinning of processes within cgroupns. Tasks can be freely moved
across cgroups e
Quoting Alban Crequy (alban.cre...@gmail.com):
> From: Alban Crequy
>
> This adds the selftest "cgroupns_test" in order to test the CGroup
> Namespace patchset.
>
> cgroupns_test creates two child processes. They perform a list of
> actions defined by the array cgroupns_test. This array can
Quoting Alban Crequy (alban.cre...@gmail.com):
> From: Alban Crequy
>
> This adds the selftest "cgroupns_test" in order to test the CGroup
> Namespace patchset.
>
> cgroupns_test creates two child processes. They perform a list of
> actions defined by the array cgroupns_test. This array can
Quoting Alban Crequy (alban.cre...@gmail.com):
> From: Alban Crequy
>
> This adds the selftest "cgroupns_test" in order to test the CGroup
> Namespace patchset.
>
> cgroupns_test creates two child processes. They perform a list of
> actions defined by the array cgroupns_test.
From: Serge Hallyn <serge.hal...@ubuntu.com>
This patch enables cgroup mounting inside userns when a process
as appropriate privileges. The cgroup filesystem mounted is
rooted at the cgroupns-root. Thus, in a container-setup, only
the hierarchy under the cgroupns-root is exposed
From: Aditya Kali
The new function kernfs_path_from_node() generates and returns kernfs
path of a given kernfs_node relative to a given parent kernfs_node.
Signed-off-by: Aditya Kali
Signed-off-by: Serge E. Hallyn
---
From: Serge Hallyn <serge.hal...@ubuntu.com>
allowing root in a non-init user namespace to mount it. This should
now be safe, because
1. non-init-root cannot mount a previously unbound subsystem
2. the task doing the mount must be privileged with respect to the
user namespace
From: Aditya Kali
setns on a cgroup namespace is allowed only if
task has CAP_SYS_ADMIN in its current user-namespace and
over the user-namespace associated with target cgroupns.
No implicit cgroup changes happen with attaching to another
cgroupns. It is expected that the
oxy
- optimized setns() to own cgroupns
- simplified code around sane-behavior mount option parsing
4. Restored ACKs from Serge Hallyn from v1 on few patches that have
not changed since then.
Changes from V1:
1. No pinning of processes within cgroupns. Tasks can be freely moved
across cgroups e
From: Aditya Kali <adityak...@google.com>
CLONE_NEWCGROUP will be used to create new cgroup namespace.
Signed-off-by: Aditya Kali <adityak...@google.com>
Signed-off-by: Serge Hallyn <serge.hal...@canonical.com>
---
include/uapi/linux/sched.h |3 +--
1 file changed,
1 - 100 of 628 matches
Mail list logo