On Wed, Sep 30, 2009 at 01:41:45PM -0400, Oren Laadan wrote: > Alexey Dobriyan wrote: > > On Thu, Sep 24, 2009 at 01:35:56PM -0500, Serge E. Hallyn wrote: > >> Quoting Alexey Dobriyan (adobriyan@xxxxxxxxx): > >>> I don't like this even more. > >>> > >>> Pid namespaces are hierarchical _and_ anonymous, so simply > >>> set of numbers doesn't describe the final object. > >>> > >>> struct pid isn't special, it's just another invariant if you like > >>> as far as C/R is concerned, but system call is made special wrt pids. > >>> > >>> What will be in an image? I hope "struct kstate_image_pid" with several > >> Sure pid namespaces are anonymous, but we will give each an 'objref' > >> valid only for a checkpoint image, and store the relationship between > >> pid namespaces based on those objrefs. Basically the same way that user > >> structs and hierarchical user namespaces are handled right now. > > > > OK, that's certainly doable. > > > > You're commiting yourself to creation of tasks in userspace if this goes in. :-\ > > Which can let you into putting wrong kind of relations into image. > > A malicious user can put "wrong" king of relations into the image, > regardless of whether the tasks are created in the kernel or in > userspace. As long as the creation follows the "instructions" in > the image, the result would be the same. Wrong as in "fundamentally wrong", not malicious. In case of uts_ns, the correct data to put into image is "task uses this uts_ns", not "at this point do clone(CLONE_NEWUTS)". BTW, now I'm convinced that nsproxy should not even be mentioned be in an image, it's irrelevant technical detail, not future-proof at all. _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
