Dongsheng Yang <yangds.fnst@xxxxxxxxxxxxxx> writes: > On 12/24/2015 12:36 AM, Eric W. Biederman wrote: >> Dongsheng Yang <yangds.fnst@xxxxxxxxxxxxxx> writes: > [...] > > Hi Eric, > Happy new year and sorry for the late reply. >> >> Given the other constraints on an implementation the pid namespace looks >> by far the one best suited to host such a sysctl if it is possible to >> implement safely. > > So you think it's better to isolate the core_pattern in pid_namespace, > am I right? Roughly. > But, core_file_path and user_mode_helper_path in core_pattern are much > more related with mnt_namespace IMO. > > Could you help to explain it more? You need a full complement of namespaces, to execute a user mode helper. Really roughly you need a namespaced equivalent of kthreadd, with a full complement of namespaces and cgroups setup in the container. Further it is necessary to have a clear rule that says which processes that dump core are affected. For a hierarchical pid namespace this is straight forward. For a mount namespace I don't know how that could be implemented. And yes the whole kthreadd thing that user mode helper does to launch a task is necessary to have a clean and predicatable environment. Of course the default rule of dropping a file named core in the current directory of the process that died works for everyone, with no kernel modifications needed. Eric _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
