Nikolay Borisov <kernel@xxxxxxxx> writes: > Hello Eric, > > Another day, another version... > > So this is version 3 of the patches initially posted at [1]. > Version 2 can be fount at [2] > > So I reworked the way the state for namespaces are created and > the code is indeed a lot cleaner and easier to understand. I've > also moved from using uid and instead always work with kuids. > Finally I reworked the hashtable to be a global one and indexed by > the kuid value. With this I believe I have adressed all your points > in your previous review. > > I still haven't tackled the issue with the semantics of the sysctls. > But judging from your last reply about being content with just setting > the limit at the top-level I believe the way to fix this would be > make a custom proc handler that writes to the variable in the > current userns. Opinions? So first let me say thank you for this. It was a very good starting point for my thinking on other sysctls. I have been proceeding on another track I will post in just a minute that addresses some different sysctls. Those I know how to pick a reasonable sanity check limit on a per user system wide basis and not a per user basis so I don't have any per user limits. Otherwise it is pretty much the same case as here. Please take a look at those patches on how to address creating per user namespace sysctls. After those patches settle I will be willing to look at these more. Eric > [1] http://thread.gmane.org/gmane.linux.kernel/2232000 > [2] https://lists.linuxfoundation.org/pipermail/containers/2016-June/037019.html > > Nikolay Borisov (4): > hashtable: Add __HASHTABLE_INITIALIZER > misc: Rename the HASH_SIZE macro > userns/inotify: Initial implementation of inotify per-userns > inotify: Convert to using new userns infrastructure > > fs/logfs/dir.c | 6 +- > fs/notify/inotify/inotify.h | 2 + > fs/notify/inotify/inotify_fsnotify.c | 14 +++- > fs/notify/inotify/inotify_user.c | 136 +++++++++++++++++++++++++++---- > include/linux/fsnotify_backend.h | 4 +- > include/linux/hashtable.h | 3 + > include/linux/sched.h | 4 - > include/linux/user_namespace.h | 45 ++++++++++ > kernel/user_namespace.c | 106 +++++++++++++++++++++++- > net/ipv6/ip6_gre.c | 8 +- > net/ipv6/ip6_tunnel.c | 10 +-- > net/ipv6/ip6_vti.c | 10 +-- > net/ipv6/sit.c | 10 +-- > security/keys/encrypted-keys/encrypted.c | 32 ++++---- > 14 files changed, 327 insertions(+), 63 deletions(-) _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
