Re: [lxc-devel] [PATCH 5/7] cgroup: mount cgroupns-root when inside non-init cgroupns

Hello, Serge. On Tue, Dec 08, 2015 at 05:21:24PM -0600, Serge E. Hallyn wrote: > > Heh, is kernfs_obtain_root() the right name? Maybe > > kernfs_node_to_inode()? > > kernfs_node_to_dentry? > > This would presumably make the question of whether to pass in a namespace > moot? Sounds good.

[lxc-devel] [PATCH 3/8] cgroup: introduce cgroup namespaces

From: Aditya Kali Introduce the ability to create new cgroup namespace. The newly created cgroup namespace remembers the cgroup of the process at the point of creation of the cgroup namespace (referred as cgroupns-root). The main purpose of cgroup namespace is to

[lxc-devel] [PATCH 2/8] sched: new clone flag CLONE_NEWCGROUP for cgroup namespace

From: Aditya Kali CLONE_NEWCGROUP will be used to create new cgroup namespace. Signed-off-by: Aditya Kali Signed-off-by: Serge Hallyn --- include/uapi/linux/sched.h |3 +-- 1 file changed, 1 insertion(+), 2

[lxc-devel] [PATCH 1/8] kernfs: Add API to generate relative kernfs path

From: Aditya Kali The new function kernfs_path_from_node() generates and returns kernfs path of a given kernfs_node relative to a given parent kernfs_node. Signed-off-by: Aditya Kali Signed-off-by: Serge E. Hallyn ---

[lxc-devel] [PATCH 6/8] cgroup: mount cgroupns-root when inside non-init cgroupns

From: Serge Hallyn This patch enables cgroup mounting inside userns when a process as appropriate privileges. The cgroup filesystem mounted is rooted at the cgroupns-root. Thus, in a container-setup, only the hierarchy under the cgroupns-root is exposed inside the

[lxc-devel] CGroup Namespaces (v7)

Hi, following is a revised set of the CGroup Namespace patchset which Aditya Kali has previously sent. The code can also be found in the cgroupns.v7 branch of https://git.kernel.org/cgit/linux/kernel/git/sergeh/linux-security.git/ To summarize the semantics: 1. CLONE_NEWCGROUP re-uses

[lxc-devel] [PATCH 5/8] kernfs: define kernfs_node_dentry

From: Aditya Kali Add a new kernfs api is added to lookup the dentry for a particular kernfs path. Signed-off-by: Aditya Kali Signed-off-by: Serge E. Hallyn --- Changelog: 20151116 - Don't allow user namespaces

[lxc-devel] [PATCH 8/8] Add FS_USERNS_FLAG to cgroup fs

From: Serge Hallyn allowing root in a non-init user namespace to mount it. This should now be safe, because 1. non-init-root cannot mount a previously unbound subsystem 2. the task doing the mount must be privileged with respect to the user namespace owning the

Re: [lxc-devel] [PATCH 1/8] kernfs: Add API to generate relative kernfs path

Hey, On Wed, Dec 09, 2015 at 10:13:27PM +, Serge Hallyn wrote: > we can rename kn_root to from here if you think that's clearer (and > change the order here as well). I think it'd be better for them to be consistent and in the same order - the target and then the optional base. > > Was

Re: [lxc-devel] [PATCH 1/8] kernfs: Add API to generate relative kernfs path

Quoting Tejun Heo (t...@kernel.org): > Hello, Serge. > > On Wed, Dec 09, 2015 at 01:28:54PM -0600, serge.hal...@ubuntu.com wrote: > > +/* kernfs_node_depth - compute depth from @from to @to */ > > +static size_t kernfs_depth(struct kernfs_node *from, struct kernfs_node > > *to) > ... > > +char

Re: [lxc-devel] [PATCH 1/8] kernfs: Add API to generate relative kernfs path

Hello, Serge. On Wed, Dec 09, 2015 at 01:28:54PM -0600, serge.hal...@ubuntu.com wrote: > +/* kernfs_node_depth - compute depth from @from to @to */ > +static size_t kernfs_depth(struct kernfs_node *from, struct kernfs_node *to) ... > +char *kernfs_path(struct kernfs_node *kn, char *buf, size_t

Re: [lxc-devel] [PATCH 1/8] kernfs: Add API to generate relative kernfs path

On Wed, Dec 09, 2015 at 05:36:51PM -0500, Tejun Heo wrote: > Hey, > > On Wed, Dec 09, 2015 at 10:13:27PM +, Serge Hallyn wrote: > > we can rename kn_root to from here if you think that's clearer (and > > change the order here as well). > > I think it'd be better for them to be consistent and

[lxc-devel] [PATCH] fix 'lxc.mount.entry' key when clearing unexpanded config

Closes #712 Signed-off-by: Serge Hallyn --- src/lxc/confile.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lxc/confile.c b/src/lxc/confile.c index ce6786c..1185d7d 100644 --- a/src/lxc/confile.c +++ b/src/lxc/confile.c @@ -2533,7 +2533,7 @@

Re: [lxc-devel] [PATCH 1/8] kernfs: Add API to generate relative kernfs path

On Wed, Dec 09, 2015 at 05:36:51PM -0500, Tejun Heo wrote: > Hey, > > On Wed, Dec 09, 2015 at 10:13:27PM +, Serge Hallyn wrote: > > we can rename kn_root to from here if you think that's clearer (and > > change the order here as well). > > I think it'd be better for them to be consistent and

Re: [lxc-devel] [PATCH] Add LXC_TARGET env to Korean lxc.container.conf(5)

On Fri, Dec 04, 2015 at 09:13:45AM +, Sungbae Yoo wrote: > > Update for commit c154af9 > > Signed-off-by: Sungbae Yoo Acked-by: Stéphane Graber > > diff --git a/doc/ko/lxc.container.conf.sgml.in > b/doc/ko/lxc.container.conf.sgml.in > index

[lxc-devel] [PATCH] Add concise explanations

- explain functions in list.h - let lxc_list_len() return size_t instead of int Signed-off-by: Christian Brauner --- I'm working on some stuff that employs struct lxc_list. I already previously found that list.h lacked some short documentation so here it is.

Re: [lxc-devel] [PATCH] fix 'lxc.mount.entry' key when clearing unexpanded config

On Thu, Dec 10, 2015 at 02:12:41AM +, Serge Hallyn wrote: > Closes #712 > > Signed-off-by: Serge Hallyn Acked-by: Stéphane Graber > --- > src/lxc/confile.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git

[lxc-devel] [lxc/lxc] 8164f0: api wrapper: only reset the current config if this...

Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: 8164f0e253e9c148a3c3c09eec5e0ebe56602805 https://github.com/lxc/lxc/commit/8164f0e253e9c148a3c3c09eec5e0ebe56602805 Author: Tycho Andersen Date: 2015-12-09 (Wed, 09 Dec 2015)

Re: [lxc-devel] [PATCH] Update get_item test after the lxc.mount.entry fix

Quoting Stéphane Graber (stgra...@ubuntu.com): > Signed-off-by: Stéphane Graber (*&$)(**$)(*#$*#( Acked-by: Serge E. Hallyn > --- > src/tests/get_item.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git

[lxc-devel] [lxc/lxc] 6a5640: Update get_item test after the lxc.mount.entry fix

Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: 6a5640665cde64664cc1a4d5e97a334905a0e860 https://github.com/lxc/lxc/commit/6a5640665cde64664cc1a4d5e97a334905a0e860 Author: Stéphane Graber Date: 2015-12-09 (Wed, 09 Dec 2015) Changed

Re: [lxc-devel] [PATCH 1/3] cgroup: add cgroup_escape() call

On Wed, Dec 09, 2015 at 02:58:20AM +, Serge Hallyn wrote: > Quoting Tycho Andersen (tycho.ander...@canonical.com): > > + bool ret = true, cgm_connected = false; > > Sorry, can you rename this disconnect_cgm or cgm_needs_disconnect ? Sure, see attached. Tycho >From