>>> -sh-4.4# ./getdelays -d -p 186 -v >>> print delayacct stats ON >>> debug on >>> Error getting family id, errno 0 >>> >>> As more and more applications are deployed in containers like Docker, >>> it is necessary to support getdelays to be used in net namespace. >>> Taskstats is safe for use per namespace as genetlink checks the >>> capability of namespace message by netlink_ns_capable(). >>> >>> Make taskstats available via genetlink per namespace. >> >> Let me add a polite nack to this patch. > >> Taskstats is completely senseless in a network namespace. There is no >> translation of identifiers into the context of the receiver of the >> message. > >The interface of taskstats is genetlink that is sensible in net namsespace. > >> To make this work requires updating the taskstats code to do something >> sensible when in a pid namespace, as well as when in a network >> namespace. > > Yes. Taskstats already does convert the input process ID into the task in the > correspoding pid namsespace. Do you mean to add some check of current user's > capability like SYS_ADMIN or else? Actually, here, I think it's meaningful to set the genl_family's netnsok of Taskstat as true. As you said, Taskstats itself is senseless in a network namespace. So, we don't have to limit it to the only init_net_ns, it is basically okay to make it available in all network namespace. Certainly, maybe taskstats itself also needs to updated, because it does seem to be missing something to just use CAP_NET_ADMIN as the acquisition restriction of taskstat. Thanks, xu xin
