Re: [PATCH] userns: Allow init_user_ns to be used from non-gpl modules

Quoting Nikolay Borisov (n.borisov.l...@gmail.com): > This patch changes the export attributes of the init_user_ns from > GPL-only to any modules. This needed so that non-gpl modules, such as > ZFS, utilize functions like i_(uid|gid)_(read|write). > > Signed-off-by: Nikolay Borisov

Re: [PATCH] userns: Allow init_user_ns to be used from non-gpl modules

Quoting Nikolay Borisov (n.borisov.l...@gmail.com): > This patch changes the export attributes of the init_user_ns from > GPL-only to any modules. This needed so that non-gpl modules, such as > ZFS, utilize functions like i_(uid|gid)_(read|write). > > Signed-off-by: Nikolay Borisov Seems

Re: [RFC 1/1] shiftfs: uid/gid shifting bind mount

Hey James, I probably did something wrong - but i applied your patch onto 4.6, compiled in shiftfs, did mount -t shiftfs -o uidmap=0:10:65536,gidmap=0:10:65536 /home/ubuntu /mnt and ls segfaults and gives me kernel syslog msgs like: [ 1089.744726] === [

Re: [RFC 1/1] shiftfs: uid/gid shifting bind mount

Hey James, I probably did something wrong - but i applied your patch onto 4.6, compiled in shiftfs, did mount -t shiftfs -o uidmap=0:10:65536,gidmap=0:10:65536 /home/ubuntu /mnt and ls segfaults and gives me kernel syslog msgs like: [ 1089.744726] === [

Re: [RFC v2 PATCH 0/8] VFS:userns: support portable root filesystems

Quoting Djalal Harouni (tix...@gmail.com): > Hi, > > On Wed, May 04, 2016 at 11:30:09PM +0000, Serge Hallyn wrote: > > Quoting Djalal Harouni (tix...@gmail.com): > > > This is version 2 of the VFS:userns support portable root filesystems > > > RFC. Changes since

Re: [RFC v2 PATCH 0/8] VFS:userns: support portable root filesystems

Quoting Djalal Harouni (tix...@gmail.com): > Hi, > > On Wed, May 04, 2016 at 11:30:09PM +0000, Serge Hallyn wrote: > > Quoting Djalal Harouni (tix...@gmail.com): > > > This is version 2 of the VFS:userns support portable root filesystems > > > RFC. Changes since

Re: [PATCH 2/2] net: Use ns_capable_noaudit() when determining net sysctl permissions

Quoting Tyler Hicks (tyhi...@canonical.com): > The capability check should not be audited since it is only being used > to determine the inode permissions. A failed check does not indicate a > violation of security policy but, when an LSM is enabled, a denial audit > message was being generated. >

Re: [PATCH 2/2] net: Use ns_capable_noaudit() when determining net sysctl permissions

Quoting Tyler Hicks (tyhi...@canonical.com): > The capability check should not be audited since it is only being used > to determine the inode permissions. A failed check does not indicate a > violation of security policy but, when an LSM is enabled, a denial audit > message was being generated. >

Re: [PATCH 1/2] kernel: Add noaudit variant of ns_capable()

Quoting Tyler Hicks (tyhi...@canonical.com): > When checking the current cred for a capability in a specific user > namespace, it isn't always desirable to have the LSMs audit the check. > This patch adds a noaudit variant of ns_capable() for when those > situations arise. > > The common logic

Re: [PATCH 1/2] kernel: Add noaudit variant of ns_capable()

Quoting Tyler Hicks (tyhi...@canonical.com): > When checking the current cred for a capability in a specific user > namespace, it isn't always desirable to have the LSMs audit the check. > This patch adds a noaudit variant of ns_capable() for when those > situations arise. > > The common logic

Re: [RFC v2 PATCH 0/8] VFS:userns: support portable root filesystems

Quoting Djalal Harouni (tix...@gmail.com): > This is version 2 of the VFS:userns support portable root filesystems > RFC. Changes since version 1: > > * Update documentation and remove some ambiguity about the feature. > Based on Josh Triplett comments. > * Use a new email address to send the

Re: [RFC v2 PATCH 0/8] VFS:userns: support portable root filesystems

Quoting Djalal Harouni (tix...@gmail.com): > This is version 2 of the VFS:userns support portable root filesystems > RFC. Changes since version 1: > > * Update documentation and remove some ambiguity about the feature. > Based on Josh Triplett comments. > * Use a new email address to send the

Re: [RFC v2 PATCH 3/8] fs: Treat foreign mounts as nosuid

Quoting Djalal Harouni (tix...@gmail.com): > If a process gets access to a mount from a different user > namespace, that process should not be able to take advantage of > setuid files or selinux entrypoints from that filesystem. Prevent > this by treating mounts from other mount namespaces and

Re: [RFC v2 PATCH 3/8] fs: Treat foreign mounts as nosuid

Quoting Djalal Harouni (tix...@gmail.com): > If a process gets access to a mount from a different user > namespace, that process should not be able to take advantage of > setuid files or selinux entrypoints from that filesystem. Prevent > this by treating mounts from other mount namespaces and

namespaced file capabilities

Hi, I've sent a few patches and emails over the past months about supporting file capabilities in user namespace confined containers. A few of the requirements as I see them are: 1. Root in a user namespace should be able to set file capabilities on a binary for use by any user mapped into his

namespaced file capabilities

Hi, I've sent a few patches and emails over the past months about supporting file capabilities in user namespace confined containers. A few of the requirements as I see them are: 1. Root in a user namespace should be able to set file capabilities on a binary for use by any user mapped into his

[PATCH 1/1] simplified security.nscapability xattr

From: Serge Hallyn <serge.hal...@ubuntu.com> This can only be set by root in his own namespace, and will only be respected by namespaces with that same root kuid mapped as root, or namespaces descended from it. This allows a simple setxattr to work, allows tar/untar to work, and allows us

[PATCH 1/1] simplified security.nscapability xattr

From: Serge Hallyn This can only be set by root in his own namespace, and will only be respected by namespaces with that same root kuid mapped as root, or namespaces descended from it. This allows a simple setxattr to work, allows tar/untar to work, and allows us to tar in one namespace

[PATCH 2/2] mountinfo: implement show_path for kernfs and cgroup

From: Serge Hallyn <serge.hal...@ubuntu.com> When showing a cgroupfs entry in mountinfo, show the path of the mount root dentry relative to the reader's cgroup namespace root. Signed-off-by: Serge Hallyn <serge.hal...@ubuntu.com> --- fs/kernfs/mount.c | 14 ++ i

[PATCH 2/2] mountinfo: implement show_path for kernfs and cgroup

From: Serge Hallyn When showing a cgroupfs entry in mountinfo, show the path of the mount root dentry relative to the reader's cgroup namespace root. Signed-off-by: Serge Hallyn --- fs/kernfs/mount.c | 14 ++ include/linux/kernfs.h | 2 ++ kernel/cgroup.c| 35

Show virtualized dentry root in mountinfo for cgroupfs

With the current cgroup namespace patches, the root dentry path of a mount as shown in /proc/self/mountinfo is the full global cgroup path. It is common for userspace to use /proc/self/mountinfo to search for cgroup mountpoints, and expect the root dentry path to relate to the cgroup paths in

[PATCH 1/2] kernfs_path_from_node_locked: don't overwrite nlen

From: Serge Hallyn <serge.hal...@ubuntu.com> We've calculated @len to be the bytes we need for '/..' entries from @kn_from to the common ancestor, and calculated @nlen to be the extra bytes we need to get from the common ancestor to @kn_to. We use them as such at the end. But in th

Show virtualized dentry root in mountinfo for cgroupfs

With the current cgroup namespace patches, the root dentry path of a mount as shown in /proc/self/mountinfo is the full global cgroup path. It is common for userspace to use /proc/self/mountinfo to search for cgroup mountpoints, and expect the root dentry path to relate to the cgroup paths in

[PATCH 1/2] kernfs_path_from_node_locked: don't overwrite nlen

From: Serge Hallyn We've calculated @len to be the bytes we need for '/..' entries from @kn_from to the common ancestor, and calculated @nlen to be the extra bytes we need to get from the common ancestor to @kn_to. We use them as such at the end. But in the loop copying the actual entries, we

Re: [PATCH] exec: clarify reasoning for euid/egid reset

Quoting Kees Cook (keesc...@chromium.org): > This section of code initially looks redundant, but is required. This > improves the comment to explain more clearly why the reset is needed. > > Signed-off-by: Kees Cook Thanks, Kees. Acked-by: Serge E. Hallyn

Re: [PATCH] exec: clarify reasoning for euid/egid reset

Quoting Kees Cook (keesc...@chromium.org): > This section of code initially looks redundant, but is required. This > improves the comment to explain more clearly why the reset is needed. > > Signed-off-by: Kees Cook Thanks, Kees. Acked-by: Serge E. Hallyn > --- > fs/exec.c | 7 ++- > 1

Re: [PATCH] devpts: Make ptmx be owned by the userns owner instead of userns-local 0

Quoting Andy Lutomirski (l...@kernel.org): > We used to have ptmx be owned by the inner uid and gid 0. Change > this: if the owner and group are both mapped but are not both 0, > then use the owner instead. > > For container-style namespaces (LXC, etc), this should have no > effect -- UID 0 is

Re: [PATCH] devpts: Make ptmx be owned by the userns owner instead of userns-local 0

Quoting Andy Lutomirski (l...@kernel.org): > We used to have ptmx be owned by the inner uid and gid 0. Change > this: if the owner and group are both mapped but are not both 0, > then use the owner instead. > > For container-style namespaces (LXC, etc), this should have no > effect -- UID 0 is

Re: [PATCH 0/2] Fix debugfs bind mount regression

Quoting Eric W. Biederman (ebied...@xmission.com): > Seth Forshee writes: > > > Some full-OS container software bind mounts debugfs into containers to > > satisfy the assumptions of older userspaces which expect to be able to > > mount debugfs. This regressed in 4.1

Re: [PATCH 0/2] Fix debugfs bind mount regression

Quoting Eric W. Biederman (ebied...@xmission.com): > Seth Forshee writes: > > > Some full-OS container software bind mounts debugfs into containers to > > satisfy the assumptions of older userspaces which expect to be able to > > mount debugfs. This regressed in 4.1 due to the addition of

Re: [lxc-devel] CGroup Namespaces (v10)

Quoting Alban Crequy (alban.cre...@gmail.com): > Hi, > > On 29 January 2016 at 09:54, wrote: > > Hi, > > > > following is a revised set of the CGroup Namespace patchset which Aditya > > Kali has previously sent. The code can also be found in the cgroupns.v10 > > branch

Re: [lxc-devel] CGroup Namespaces (v10)

Quoting Alban Crequy (alban.cre...@gmail.com): > Hi, > > On 29 January 2016 at 09:54, wrote: > > Hi, > > > > following is a revised set of the CGroup Namespace patchset which Aditya > > Kali has previously sent. The code can also be found in the cgroupns.v10 > > branch of > > > >

Re: [PATCH v2] openvswitch: allow management from inside user namespaces

Quoting Tycho Andersen (tycho.ander...@canonical.com): > Operations with the GENL_ADMIN_PERM flag fail permissions checks because > this flag means we call netlink_capable, which uses the init user ns. > > Instead, let's introduce a new flag, GENL_UNS_ADMIN_PERM for operations > which should be

Re: [PATCH v2] openvswitch: allow management from inside user namespaces

Quoting Tycho Andersen (tycho.ander...@canonical.com): > Operations with the GENL_ADMIN_PERM flag fail permissions checks because > this flag means we call netlink_capable, which uses the init user ns. > > Instead, let's introduce a new flag, GENL_UNS_ADMIN_PERM for operations > which should be

[PATCH 3/8] cgroup: introduce cgroup namespaces

-tools (like libcontainer, lxc, lmctfy, etc.) to create completely virtualized containers without leaking system level cgroup hierarchy to the task. This patch only implements the 'unshare' part of the cgroupns. Signed-off-by: Aditya Kali Signed-off-by: Serge Hallyn --- Changelog: 2015-11-24

CGroup Namespaces (v10)

() while creating new cgroupns - use task_lock() instead of rcu_read_lock() while accessing task->nsproxy - optimized setns() to own cgroupns - simplified code around sane-behavior mount option parsing 4. Restored ACKs from Serge Hallyn from v1 on few patches that have not chan

[PATCH 1/8] kernfs: Add API to generate relative kernfs path

From: Aditya Kali The new function kernfs_path_from_node() generates and returns kernfs path of a given kernfs_node relative to a given parent kernfs_node. Signed-off-by: Aditya Kali Signed-off-by: Serge E. Hallyn Acked-by: Greg Kroah-Hartman --- Changelog 20151125: - Fully-wing

[PATCH 7/8] cgroup: Add documentation for cgroup namespaces

From: Serge Hallyn Signed-off-by: Aditya Kali Signed-off-by: Serge Hallyn Signed-off-by: Tejun Heo --- Changelog (2015-12-08): Merge into Documentation/cgroup.txt Changelog (2015-12-22): Reformat to try to follow the style of the rest of the cgroup.txt file. Changelog (2015-12-22): tj

[PATCH 6/8] cgroup: mount cgroupns-root when inside non-init cgroupns

From: Serge Hallyn This patch enables cgroup mounting inside userns when a process as appropriate privileges. The cgroup filesystem mounted is rooted at the cgroupns-root. Thus, in a container-setup, only the hierarchy under the cgroupns-root is exposed inside the container. This allows

[PATCH 8/8] Add FS_USERNS_FLAG to cgroup fs

From: Serge Hallyn allowing root in a non-init user namespace to mount it. This should now be safe, because 1. non-init-root cannot mount a previously unbound subsystem 2. the task doing the mount must be privileged with respect to the user namespace owning the cgroup namespace 3

[PATCH 2/8] sched: new clone flag CLONE_NEWCGROUP for cgroup namespace

From: Aditya Kali CLONE_NEWCGROUP will be used to create new cgroup namespace. Signed-off-by: Aditya Kali Signed-off-by: Serge Hallyn --- include/uapi/linux/sched.h |3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/include/uapi/linux/sched.h b/include/uapi/linux

[PATCH 5/8] kernfs: define kernfs_node_dentry

From: Aditya Kali Add a new kernfs api is added to lookup the dentry for a particular kernfs path. Signed-off-by: Aditya Kali Signed-off-by: Serge E. Hallyn Acked-by: Greg Kroah-Hartman --- Changelog: 20151116 - Don't allow user namespaces to bind new subsystems 20151118 -

[PATCH 4/8] cgroup: cgroup namespace setns support

From: Aditya Kali setns on a cgroup namespace is allowed only if task has CAP_SYS_ADMIN in its current user-namespace and over the user-namespace associated with target cgroupns. No implicit cgroup changes happen with attaching to another cgroupns. It is expected that the somone moves the

[PATCH 4/8] cgroup: cgroup namespace setns support

From: Aditya Kali setns on a cgroup namespace is allowed only if task has CAP_SYS_ADMIN in its current user-namespace and over the user-namespace associated with target cgroupns. No implicit cgroup changes happen with attaching to another cgroupns. It is expected that the

[PATCH 3/8] cgroup: introduce cgroup namespaces

; Signed-off-by: Serge Hallyn <serge.hal...@canonical.com> --- Changelog: 2015-11-24 - move cgroup_namespace.c into cgroup.c (and .h) - reformatting - make get_cgroup_ns return void - rename ns->root_cgrps to root_cset. Changelog: 2015-12-08 - Move in

CGroup Namespaces (v10)

() while creating new cgroupns - use task_lock() instead of rcu_read_lock() while accessing task->nsproxy - optimized setns() to own cgroupns - simplified code around sane-behavior mount option parsing 4. Restored ACKs from Serge Hallyn from v1 on few patches that have not chan

[PATCH 1/8] kernfs: Add API to generate relative kernfs path

From: Aditya Kali The new function kernfs_path_from_node() generates and returns kernfs path of a given kernfs_node relative to a given parent kernfs_node. Signed-off-by: Aditya Kali Signed-off-by: Serge E. Hallyn

[PATCH 6/8] cgroup: mount cgroupns-root when inside non-init cgroupns

From: Serge Hallyn <serge.hal...@ubuntu.com> This patch enables cgroup mounting inside userns when a process as appropriate privileges. The cgroup filesystem mounted is rooted at the cgroupns-root. Thus, in a container-setup, only the hierarchy under the cgroupns-root is exposed

[PATCH 7/8] cgroup: Add documentation for cgroup namespaces

From: Serge Hallyn <serge.hal...@ubuntu.com> Signed-off-by: Aditya Kali <adityak...@google.com> Signed-off-by: Serge Hallyn <serge.hal...@canonical.com> Signed-off-by: Tejun Heo <t...@kernel.org> --- Changelog (2015-12-08): Merge into Documentation/cgroup.txt Changelog

[PATCH 8/8] Add FS_USERNS_FLAG to cgroup fs

From: Serge Hallyn <serge.hal...@ubuntu.com> allowing root in a non-init user namespace to mount it. This should now be safe, because 1. non-init-root cannot mount a previously unbound subsystem 2. the task doing the mount must be privileged with respect to the user namespace

[PATCH 2/8] sched: new clone flag CLONE_NEWCGROUP for cgroup namespace

From: Aditya Kali <adityak...@google.com> CLONE_NEWCGROUP will be used to create new cgroup namespace. Signed-off-by: Aditya Kali <adityak...@google.com> Signed-off-by: Serge Hallyn <serge.hal...@canonical.com> --- include/uapi/linux/sched.h |3 +-- 1 file changed,

[PATCH 5/8] kernfs: define kernfs_node_dentry

From: Aditya Kali Add a new kernfs api is added to lookup the dentry for a particular kernfs path. Signed-off-by: Aditya Kali Signed-off-by: Serge E. Hallyn Acked-by: Greg Kroah-Hartman ---

Re: [kernel-hardening] Re: [PATCH 0/2] sysctl: allow CLONE_NEWUSER to be disabled

Quoting Josh Boyer (jwbo...@fedoraproject.org): > On Tue, Jan 26, 2016 at 9:46 AM, Austin S. Hemmelgarn > wrote: > > On 2016-01-26 09:38, Josh Boyer wrote: > >> > >> On Mon, Jan 25, 2016 at 11:57 PM, Eric W. Biederman > >> wrote: > >>> > >>> Kees Cook writes: > >>> > On Mon, Jan 25, 2016

Re: [kernel-hardening] Re: [PATCH 0/2] sysctl: allow CLONE_NEWUSER to be disabled

Quoting Josh Boyer (jwbo...@fedoraproject.org): > On Mon, Jan 25, 2016 at 11:57 PM, Eric W. Biederman > wrote: > > Kees Cook writes: > > > >> On Mon, Jan 25, 2016 at 11:33 AM, Eric W. Biederman > >> wrote: > >>> Kees Cook writes: > > Well, I don't know about less weird, but it would

Re: [kernel-hardening] Re: [PATCH 0/2] sysctl: allow CLONE_NEWUSER to be disabled

Quoting Josh Boyer (jwbo...@fedoraproject.org): > On Mon, Jan 25, 2016 at 11:57 PM, Eric W. Biederman > wrote: > > Kees Cook writes: > > > >> On Mon, Jan 25, 2016 at 11:33 AM, Eric W. Biederman > >> wrote: > >>> Kees Cook

Re: [kernel-hardening] Re: [PATCH 0/2] sysctl: allow CLONE_NEWUSER to be disabled

Quoting Josh Boyer (jwbo...@fedoraproject.org): > On Tue, Jan 26, 2016 at 9:46 AM, Austin S. Hemmelgarn > wrote: > > On 2016-01-26 09:38, Josh Boyer wrote: > >> > >> On Mon, Jan 25, 2016 at 11:57 PM, Eric W. Biederman > >> wrote: > >>> > >>> Kees Cook

Re: [kernel-hardening] Re: [PATCH 0/2] sysctl: allow CLONE_NEWUSER to be disabled

Quoting Kees Cook (keesc...@chromium.org): > On Fri, Jan 22, 2016 at 7:02 PM, Eric W. Biederman > > So I have concerns about both efficacy and usability with the proposed > > sysctl. > > Two distros already have this sysctl because it was so strongly > requested by their users. This needs to be

Re: [kernel-hardening] Re: [PATCH 0/2] sysctl: allow CLONE_NEWUSER to be disabled

Quoting Kees Cook (keesc...@chromium.org): > On Fri, Jan 22, 2016 at 7:02 PM, Eric W. Biederman > > So I have concerns about both efficacy and usability with the proposed > > sysctl. > > Two distros already have this sysctl because it was so strongly > requested by their users. This needs to be

Re: [PATCH 2/2] sysctl: allow CLONE_NEWUSER to be disabled

Quoting Kees Cook (keesc...@chromium.org): > On Fri, Jan 22, 2016 at 2:55 PM, Robert Święcki wrote: > > 2016-01-22 23:50 GMT+01:00 Kees Cook : > > > >>> Seems that Debian and some older Ubuntu versions are already using > >>> > >>> $ sysctl -a | grep usern > >>> kernel.unprivileged_userns_clone =

Re: [PATCH 2/2] sysctl: allow CLONE_NEWUSER to be disabled

Quoting Kees Cook (keesc...@chromium.org): > On Fri, Jan 22, 2016 at 2:55 PM, Robert Święcki wrote: > > 2016-01-22 23:50 GMT+01:00 Kees Cook : > > > >>> Seems that Debian and some older Ubuntu versions are already using > >>> > >>> $ sysctl -a | grep usern > >>> kernel.unprivileged_userns_clone =

Re: [PATCH 2/2] sysctl: allow CLONE_NEWUSER to be disabled

Quoting Kees Cook (keesc...@chromium.org): > On Fri, Jan 22, 2016 at 2:55 PM, Robert Święcki wrote: > > 2016-01-22 23:50 GMT+01:00 Kees Cook : > > > >>> Seems that Debian and some older Ubuntu versions are already using > >>> > >>> $ sysctl -a | grep

Re: [PATCH 2/2] sysctl: allow CLONE_NEWUSER to be disabled

Quoting Kees Cook (keesc...@chromium.org): > On Fri, Jan 22, 2016 at 2:55 PM, Robert Święcki wrote: > > 2016-01-22 23:50 GMT+01:00 Kees Cook : > > > >>> Seems that Debian and some older Ubuntu versions are already using > >>> > >>> $ sysctl -a | grep

[PATCH 1/8] kernfs: Add API to generate relative kernfs path

From: Aditya Kali The new function kernfs_path_from_node() generates and returns kernfs path of a given kernfs_node relative to a given parent kernfs_node. Signed-off-by: Aditya Kali Signed-off-by: Serge E. Hallyn Acked-by: Greg Kroah-Hartman --- Changelog 20151125: - Fully-wing

CGroup Namespaces (v9)

of rcu_read_lock() while accessing task->nsproxy - optimized setns() to own cgroupns - simplified code around sane-behavior mount option parsing 4. Restored ACKs from Serge Hallyn from v1 on few patches that have not changed since then. Changes from V1: 1. No pinning of processes within cgrou

[PATCH 6/8] cgroup: mount cgroupns-root when inside non-init cgroupns

From: Serge Hallyn This patch enables cgroup mounting inside userns when a process as appropriate privileges. The cgroup filesystem mounted is rooted at the cgroupns-root. Thus, in a container-setup, only the hierarchy under the cgroupns-root is exposed inside the container. This allows

[PATCH 8/8] Add FS_USERNS_FLAG to cgroup fs

From: Serge Hallyn allowing root in a non-init user namespace to mount it. This should now be safe, because 1. non-init-root cannot mount a previously unbound subsystem 2. the task doing the mount must be privileged with respect to the user namespace owning the cgroup namespace 3

[PATCH 7/8] cgroup: Add documentation for cgroup namespaces

From: Serge Hallyn Signed-off-by: Aditya Kali Signed-off-by: Serge Hallyn Signed-off-by: Tejun Heo --- Changelog (2015-12-08): Merge into Documentation/cgroup.txt Changelog (2015-12-22): Reformat to try to follow the style of the rest of the cgroup.txt file. Changelog (2015-12-22): tj

[PATCH 5/8] kernfs: define kernfs_node_dentry

From: Aditya Kali Add a new kernfs api is added to lookup the dentry for a particular kernfs path. Signed-off-by: Aditya Kali Signed-off-by: Serge E. Hallyn Acked-by: Greg Kroah-Hartman --- Changelog: 20151116 - Don't allow user namespaces to bind new subsystems 20151118 -

[PATCH 4/8] cgroup: cgroup namespace setns support

From: Aditya Kali setns on a cgroup namespace is allowed only if task has CAP_SYS_ADMIN in its current user-namespace and over the user-namespace associated with target cgroupns. No implicit cgroup changes happen with attaching to another cgroupns. It is expected that the somone moves the

[PATCH 3/8] cgroup: introduce cgroup namespaces

-tools (like libcontainer, lxc, lmctfy, etc.) to create completely virtualized containers without leaking system level cgroup hierarchy to the task. This patch only implements the 'unshare' part of the cgroupns. Signed-off-by: Aditya Kali Signed-off-by: Serge Hallyn --- Changelog: 2015-11-24

[PATCH 2/8] sched: new clone flag CLONE_NEWCGROUP for cgroup namespace

From: Aditya Kali CLONE_NEWCGROUP will be used to create new cgroup namespace. Signed-off-by: Aditya Kali Signed-off-by: Serge Hallyn --- include/uapi/linux/sched.h |3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/include/uapi/linux/sched.h b/include/uapi/linux

[PATCH 4/8] cgroup: cgroup namespace setns support

From: Aditya Kali setns on a cgroup namespace is allowed only if task has CAP_SYS_ADMIN in its current user-namespace and over the user-namespace associated with target cgroupns. No implicit cgroup changes happen with attaching to another cgroupns. It is expected that the

[PATCH 3/8] cgroup: introduce cgroup namespaces

; Signed-off-by: Serge Hallyn <serge.hal...@canonical.com> --- Changelog: 2015-11-24 - move cgroup_namespace.c into cgroup.c (and .h) - reformatting - make get_cgroup_ns return void - rename ns->root_cgrps to root_cset. Changelog: 2015-12-08 - Move in

[PATCH 2/8] sched: new clone flag CLONE_NEWCGROUP for cgroup namespace

From: Aditya Kali <adityak...@google.com> CLONE_NEWCGROUP will be used to create new cgroup namespace. Signed-off-by: Aditya Kali <adityak...@google.com> Signed-off-by: Serge Hallyn <serge.hal...@canonical.com> --- include/uapi/linux/sched.h |3 +-- 1 file changed,

[PATCH 5/8] kernfs: define kernfs_node_dentry

From: Aditya Kali Add a new kernfs api is added to lookup the dentry for a particular kernfs path. Signed-off-by: Aditya Kali Signed-off-by: Serge E. Hallyn Acked-by: Greg Kroah-Hartman ---

[PATCH 6/8] cgroup: mount cgroupns-root when inside non-init cgroupns

From: Serge Hallyn <serge.hal...@ubuntu.com> This patch enables cgroup mounting inside userns when a process as appropriate privileges. The cgroup filesystem mounted is rooted at the cgroupns-root. Thus, in a container-setup, only the hierarchy under the cgroupns-root is exposed

[PATCH 8/8] Add FS_USERNS_FLAG to cgroup fs

From: Serge Hallyn <serge.hal...@ubuntu.com> allowing root in a non-init user namespace to mount it. This should now be safe, because 1. non-init-root cannot mount a previously unbound subsystem 2. the task doing the mount must be privileged with respect to the user namespace

[PATCH 7/8] cgroup: Add documentation for cgroup namespaces

From: Serge Hallyn <serge.hal...@ubuntu.com> Signed-off-by: Aditya Kali <adityak...@google.com> Signed-off-by: Serge Hallyn <serge.hal...@canonical.com> Signed-off-by: Tejun Heo <t...@kernel.org> --- Changelog (2015-12-08): Merge into Documentation/cgroup.txt Changelog

[PATCH 1/8] kernfs: Add API to generate relative kernfs path

From: Aditya Kali The new function kernfs_path_from_node() generates and returns kernfs path of a given kernfs_node relative to a given parent kernfs_node. Signed-off-by: Aditya Kali Signed-off-by: Serge E. Hallyn

CGroup Namespaces (v9)

of rcu_read_lock() while accessing task->nsproxy - optimized setns() to own cgroupns - simplified code around sane-behavior mount option parsing 4. Restored ACKs from Serge Hallyn from v1 on few patches that have not changed since then. Changes from V1: 1. No pinning of processes within cgrou

Re: [PATCH 7/8] cgroup: Add documentation for cgroup namespaces

On Mon Dec 28 2015 09:47:35 AM PST, Tejun Heo wrote: > Hello, > > I did some heavy editing of the documentation. How does this look? Thanks Tejun, just three things (which come from my version): > Did I miss anything? > > Thanks. > --- > Documentation/cgroup.txt | 146 >

Re: [PATCH 7/8] cgroup: Add documentation for cgroup namespaces

On Mon Dec 28 2015 09:47:35 AM PST, Tejun Heo wrote: > Hello, > > I did some heavy editing of the documentation. How does this look? Thanks Tejun, just three things (which come from my version): > Did I miss anything? > > Thanks. > --- > Documentation/cgroup.txt |  

[PATCH 3/8] cgroup: introduce cgroup namespaces

-tools (like libcontainer, lxc, lmctfy, etc.) to create completely virtualized containers without leaking system level cgroup hierarchy to the task. This patch only implements the 'unshare' part of the cgroupns. Signed-off-by: Aditya Kali Signed-off-by: Serge Hallyn --- Changelog: 2015-11-24

[PATCH 1/8] kernfs: Add API to generate relative kernfs path

From: Aditya Kali The new function kernfs_path_from_node() generates and returns kernfs path of a given kernfs_node relative to a given parent kernfs_node. Signed-off-by: Aditya Kali Signed-off-by: Serge E. Hallyn --- Changelog 20151125: - Fully-wing multilinecomments - Rework

[PATCH 6/8] cgroup: mount cgroupns-root when inside non-init cgroupns

From: Serge Hallyn This patch enables cgroup mounting inside userns when a process as appropriate privileges. The cgroup filesystem mounted is rooted at the cgroupns-root. Thus, in a container-setup, only the hierarchy under the cgroupns-root is exposed inside the container. This allows

[PATCH 8/8] Add FS_USERNS_FLAG to cgroup fs

From: Serge Hallyn allowing root in a non-init user namespace to mount it. This should now be safe, because 1. non-init-root cannot mount a previously unbound subsystem 2. the task doing the mount must be privileged with respect to the user namespace owning the cgroup namespace 3

[PATCH 5/8] kernfs: define kernfs_node_dentry

From: Aditya Kali Add a new kernfs api is added to lookup the dentry for a particular kernfs path. Signed-off-by: Aditya Kali Signed-off-by: Serge E. Hallyn --- Changelog: 20151116 - Don't allow user namespaces to bind new subsystems 20151118 - postpone the FS_USERNS_MOUNT

[PATCH 7/8] cgroup: Add documentation for cgroup namespaces

From: Aditya Kali Signed-off-by: Aditya Kali Signed-off-by: Serge Hallyn --- Changelog (2015-12-08): Merge into Documentation/cgroup.txt Changelog (2015-12-22): Reformat to try to follow the style of the rest of the cgroup.txt file. Signed-off-by: Serge Hallyn --- Documentation

[PATCH 4/8] cgroup: cgroup namespace setns support

From: Aditya Kali setns on a cgroup namespace is allowed only if task has CAP_SYS_ADMIN in its current user-namespace and over the user-namespace associated with target cgroupns. No implicit cgroup changes happen with attaching to another cgroupns. It is expected that the somone moves the

[PATCH 2/8] sched: new clone flag CLONE_NEWCGROUP for cgroup namespace

From: Aditya Kali CLONE_NEWCGROUP will be used to create new cgroup namespace. Signed-off-by: Aditya Kali Signed-off-by: Serge Hallyn --- include/uapi/linux/sched.h |3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/include/uapi/linux/sched.h b/include/uapi/linux

CGroup Namespaces (v8)

oxy - optimized setns() to own cgroupns - simplified code around sane-behavior mount option parsing 4. Restored ACKs from Serge Hallyn from v1 on few patches that have not changed since then. Changes from V1: 1. No pinning of processes within cgroupns. Tasks can be freely moved across cgroups e

Re: [PATCH] [RFC] selftests/cgroupns: new test for cgroup namespaces

Quoting Alban Crequy (alban.cre...@gmail.com): > From: Alban Crequy > > This adds the selftest "cgroupns_test" in order to test the CGroup > Namespace patchset. > > cgroupns_test creates two child processes. They perform a list of > actions defined by the array cgroupns_test. This array can

Re: [PATCH] [RFC] selftests/cgroupns: new test for cgroup namespaces

Quoting Alban Crequy (alban.cre...@gmail.com): > From: Alban Crequy > > This adds the selftest "cgroupns_test" in order to test the CGroup > Namespace patchset. > > cgroupns_test creates two child processes. They perform a list of > actions defined by the array cgroupns_test. This array can

Re: [PATCH] [RFC] selftests/cgroupns: new test for cgroup namespaces

Quoting Alban Crequy (alban.cre...@gmail.com): > From: Alban Crequy > > This adds the selftest "cgroupns_test" in order to test the CGroup > Namespace patchset. > > cgroupns_test creates two child processes. They perform a list of > actions defined by the array cgroupns_test.

[PATCH 6/8] cgroup: mount cgroupns-root when inside non-init cgroupns

From: Serge Hallyn <serge.hal...@ubuntu.com> This patch enables cgroup mounting inside userns when a process as appropriate privileges. The cgroup filesystem mounted is rooted at the cgroupns-root. Thus, in a container-setup, only the hierarchy under the cgroupns-root is exposed

[PATCH 1/8] kernfs: Add API to generate relative kernfs path

From: Aditya Kali The new function kernfs_path_from_node() generates and returns kernfs path of a given kernfs_node relative to a given parent kernfs_node. Signed-off-by: Aditya Kali Signed-off-by: Serge E. Hallyn ---

[PATCH 8/8] Add FS_USERNS_FLAG to cgroup fs

From: Serge Hallyn <serge.hal...@ubuntu.com> allowing root in a non-init user namespace to mount it. This should now be safe, because 1. non-init-root cannot mount a previously unbound subsystem 2. the task doing the mount must be privileged with respect to the user namespace

[PATCH 4/8] cgroup: cgroup namespace setns support

From: Aditya Kali setns on a cgroup namespace is allowed only if task has CAP_SYS_ADMIN in its current user-namespace and over the user-namespace associated with target cgroupns. No implicit cgroup changes happen with attaching to another cgroupns. It is expected that the

CGroup Namespaces (v8)

oxy - optimized setns() to own cgroupns - simplified code around sane-behavior mount option parsing 4. Restored ACKs from Serge Hallyn from v1 on few patches that have not changed since then. Changes from V1: 1. No pinning of processes within cgroupns. Tasks can be freely moved across cgroups e

[PATCH 2/8] sched: new clone flag CLONE_NEWCGROUP for cgroup namespace

From: Aditya Kali <adityak...@google.com> CLONE_NEWCGROUP will be used to create new cgroup namespace. Signed-off-by: Aditya Kali <adityak...@google.com> Signed-off-by: Serge Hallyn <serge.hal...@canonical.com> --- include/uapi/linux/sched.h |3 +-- 1 file changed,

  1   2   3   4   5   6   7   >