Re: [RFC PATCH 0/4] namespacefs: Proof-of-Concept

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On 22.11.21 г. 17:47 ч., James Bottomley wrote:
Hmm, Isn't that true only if somehow we know that (3) happened before
(4).
This depends.  There are only two parented namespaces: pid and user.
You said you were only interested in pid for now.  setns on the process
only affects pid_for_children because you have to fork to enter the pid
namespace, so in your scenario X has a new ns/pid_for_children but its
own ns/pid never changed.  It's the ns/pid not the ns/pid_for_children
which is the parent.  This makes me suspect that the specific thing
you're trying to do: trace the pid parentage, can actually be done with
the information we have now.

This is very good point indeed. Thank you very much!
Yordan


If you do this with the user_ns, then you have a problem because it's
not fork on entry.  But, as I listed in the examples, there are a load
of other problems with tracing the user_ns tree.




[Index of Archives]     [Cgroups]     [Netdev]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Bugtraq]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Admin]     [Samba]

  Powered by Linux