Cedric Le Goater <clg@xxxxxxxxxx> writes: > Hello Kirill, > > Kirill Korotaev wrote: >> Cedric, >> >> how safe does it intersect with netlinks from network namespace? >> I see mqueues can send netlink messages, have you checked how safe it is? > > a ref is taken on the 'struct sock' in the mq_notify() syscall and the > skbuff which will be send to notify the user is also allocated in the > mq_notify() syscall. So we should be in the same net namespace when we > register the notification and when we notify. > > I hope the net guys can confirm or we will easily check in the next > -lxc patchset which will merge this patchset with netns. > > however, we have an issue with the signal notification in __do_notify() > we could kill a process in a different pid namespace. So I took a quick look at the code as it is (before this patchset) and the taking a reference to a socket and the taking a reference to a struct pid should do the right thing when we intersect with other namespaces. It certainly does not look like a fundamental issue. In practice the patchset as written does conflict with the network namespace work in the net-2.6.24 tree so some adjustments will need to be made. Eric _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
