Re: [PATCH 18/38] C/R: core stuff

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, May 27, 2009 at 04:56:27PM -0400, Oren Laadan wrote:
> > Now here goes second version, with prefixes fixed (kstate_") like Ingo
> > suggested and so Linus could look at the code and with C/R code moved
> > close to usual code and with more checks added (which you should have
> > already!) to not restore null selector in %cs for example.
> 
> It is far from perfect. In fact, it's even clearly commented as such,
> and exactly there.  It would have been helpful if you pointed that
> out in a review, or even - god forbid - sent a patch to improve it.

This is ridiculous.

First, you declare that restart(2) should be allowed for anyone(!).
and then send patchset for inclusion in -mm which doesn't even check
if selectors are right!

> But it works, and it lets people play with a more-than-a-toy
> implementation and provide us with important feedback. Oh, and by
> the way, it doesn't require that people use containers to try it out.

Setting up container for playing is not hard:

	CLONE_NEWUTS=y
	CLONE_NEWIPC=y
	CLONE_NEWPID=y
	CLONE_NEWUSER=y
	CLONE_NEWNET=y

#define _GNU_SOURCE
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sched.h>
#include <sys/mount.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/wait.h>
#include <fcntl.h>

#define CLONE_NEWNS	0x00020000
#define CLONE_NEWUTS	0x04000000
#define CLONE_NEWIPC	0x08000000
#define CLONE_NEWUSER	0x10000000
#define CLONE_NEWPID	0x20000000
#define CLONE_NEWNET	0x40000000

static int fn(void *_argv)
{
	char **argv = (char **)_argv;

	setsid();
	setpgid(getpid(), getpid());

	execve(argv[0], argv, __environ);
	return 1;
}

int main(int argc, char *argv[])
{
	unsigned long flags = 0;
	int status;
	pid_t pid;
	void *p;

	flags |= CLONE_NEWNS;
	flags |= CLONE_NEWUTS;
	flags |= CLONE_NEWIPC;
	flags |= CLONE_NEWUSER;
	flags |= CLONE_NEWPID;
	flags |= CLONE_NEWNET;

	p = malloc(4 * 4096);
	if (!p)
		return 1;
	argv++;
	pid = clone(fn, p + 4 * 4096, flags, (void *)argv);
	fprintf(stderr, "pid = %d\n", pid);
	if (pid == -1)
		return 1;
	waitpid(pid, &status, __WALL);
	return 0;
}
_______________________________________________
Containers mailing list
Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linux-foundation.org/mailman/listinfo/containers
[Index of Archives]     [Cgroups]     [Netdev]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Bugtraq]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Admin]     [Samba]

  Powered by Linux