OpenVZ Forum: Devel » [PATCH 0/13] Pid namespaces (OpenVZ view)

Home » Mailing lists » Devel » [PATCH 0/13] Pid namespaces (OpenVZ view)

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

[PATCH 3/13] Introduciton of config option and clone flag [message #13287 is a reply to message #13284]

Thu, 24 May 2007 12:42

Pavel Emelianov
Messages: 1149
Registered: September 2006

Senior Member

The config option is CONFIG_PID_NS. The flag is CLONE_NEWPIDS.

As I have already said - cloning of pid namespace from fork()
is not allowed - use unshare for this.

Signed-off-by: Pavel Emelianov <xemul@openvz.org>

---

diff --git a/init/Kconfig b/init/Kconfig
index 2a46e35..59e4625 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -127,6 +127,16 @@ config SWAP_PREFETCH
Workstations and multiuser workstation servers will most likely want
to say Y.

+config PID_NS
+ bool "Pid namespaces"
+ default n
+ help
+ Enable pid namespaces support. When on task is allowed to unshare
+ its pid namespace from parent and become its init. After this task
+ all its children will see only the tasks from this namespace.
+ However tasks from parent namespace see all the tasks in the system.
+ Ony one level of nesting is alowed. Tasks cannot leave the namespace.
+
config SYSVIPC
bool "System V IPC"
---help---
diff --git a/include/linux/sched.h b/include/linux/sched.h
index d4de6d8..7743a11 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -26,6 +26,7 @@
#define CLONE_STOPPED 0x02000000 /* Start in stopped state */
#define CLONE_NEWUTS 0x04000000 /* New utsname group? */
#define CLONE_NEWIPC 0x08000000 /* New ipcs */
+#define CLONE_NEWPIDS 0x10000000 /* New pids */

/*
* Scheduling policies
diff --git a/kernel/fork.c b/kernel/fork.c
index d7207a1..3ab517c 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -1606,7 +1612,7 @@ asmlinkage long sys_unshare(unsigned lon
err = -EINVAL;
if (unshare_flags & ~(CLONE_THREAD|CLONE_FS|CLONE_NEWNS|CLONE_SIGHAND|
CLONE_VM|CLONE_FILES|CLONE_SYSVSEM|
- CLONE_NEWUTS|CLONE_NEWIPC))
+ CLONE_NEWUTS|CLONE_NEWIPC|CLONE_NEWPIDS))
goto bad_unshare_out;

if ((err = unshare_thread(unshare_flags)))
diff --git a/kernel/nsproxy.c b/kernel/nsproxy.c
index 1bc4b55..9bcc047 100644
--- a/kernel/nsproxy.c
+++ b/kernel/nsproxy.c
@@ -110,6 +110,9 @@ int copy_namespaces(int flags, struct ta

get_nsproxy(old_ns);

+ if (flags & CLONE_NEWPIDS)
+ return -EINVAL;
+
if (!(flags & (CLONE_NEWNS | CLONE_NEWUTS | CLONE_NEWIPC)))
return 0;

@@ -154,7 +157,8 @@ int unshare_nsproxy_namespaces(unsigned
struct nsproxy *old_ns = current->nsproxy;
int err = 0;

- if (!(unshare_flags & (CLONE_NEWNS | CLONE_NEWUTS | CLONE_NEWIPC)))
+ if (!(unshare_flags & (CLONE_NEWNS | CLONE_NEWUTS |
+ CLONE_NEWIPC | CLONE_NEWPIDS)))
return 0;

#ifndef CONFIG_IPC_NS
@@ -166,6 +170,10 @@ int unshare_nsproxy_namespaces(unsigned
if (unshare_flags & CLONE_NEWUTS)
return -EINVAL;
#endif
+#ifndef CONFIG_PID_NS
+ if (unshare_flags & CLONE_NEWPIDS)
+ return -EINVAL;
+#endif

if (!capable(CAP_SYS_ADMIN))
return -EPERM;

Report message to a moderator

[Message index]

		[PATCH 0/13] Pid namespaces (OpenVZ view) By: Pavel Emelianov on Thu, 24 May 2007 12:32
		[PATCH 1/13] Round up the API By: Pavel Emelianov on Thu, 24 May 2007 12:35
		Re: [PATCH 1/13] Round up the API By: serue on Thu, 24 May 2007 16:09
		Re: [PATCH 1/13] Round up the API By: ebiederm on Thu, 24 May 2007 16:22
		Re: [PATCH 1/13] Round up the API By: Pavel Emelianov on Thu, 24 May 2007 16:31
		Re: [PATCH 1/13] Round up the API By: serue on Thu, 24 May 2007 16:48
		Re: [PATCH 1/13] Round up the API By: Pavel Emelianov on Fri, 25 May 2007 07:00
		Re: [PATCH 1/13] Round up the API By: serue on Fri, 25 May 2007 13:02
		[PATCH 2/13] Small preparations for namespaces By: Pavel Emelianov on Thu, 24 May 2007 12:37
		Re: [PATCH 2/13] Small preparations for namespaces By: serue on Thu, 24 May 2007 16:08
		Re: [PATCH 2/13] Small preparations for namespaces By: Pavel Emelianov on Fri, 25 May 2007 06:58
		Re: [PATCH 2/13] Small preparations for namespaces By: serue on Fri, 25 May 2007 13:01
		Re: [PATCH 2/13] Small preparations for namespaces By: Pavel Emelianov on Fri, 25 May 2007 13:21
		Re: [PATCH 2/13] Small preparations for namespaces By: serue on Fri, 25 May 2007 13:55
		[PATCH 3/13] Introduciton of config option and clone flag By: Pavel Emelianov on Thu, 24 May 2007 12:42
		Re: [PATCH 3/13] Introduciton of config option and clone flag By: ebiederm on Thu, 24 May 2007 15:39
		[PATCH 4/13] Introduce the vpid fields and helpers for getting them By: Pavel Emelianov on Thu, 24 May 2007 12:44
		[PATCH 5/13] Expand the pid/task seeking functions set By: Pavel Emelianov on Thu, 24 May 2007 12:46
		Re: [PATCH 5/13] Expand the pid/task seeking functions set By: Dave Hansen on Thu, 24 May 2007 17:11
		Re: [PATCH 5/13] Expand the pid/task seeking functions set By: Pavel Emelianov on Fri, 25 May 2007 07:08
		Re: [PATCH 5/13] Expand the pid/task seeking functions set By: Sukadev Bhattiprolu on Fri, 25 May 2007 23:36
		[PATCH 6/13] Pid allocation/freeing procedures By: Pavel Emelianov on Thu, 24 May 2007 12:49
		[PATCH 7/13] Set virtual pids for a newly cloned task By: Pavel Emelianov on Thu, 24 May 2007 12:53
		[PATCH 8/13] The namespace cloning By: Pavel Emelianov on Thu, 24 May 2007 12:57
		[PATCH 9/13] Make proc be able to have multiple super blocks By: Pavel Emelianov on Thu, 24 May 2007 13:01
		[PATCH 10/13] Make proc draw pids from appropriate namespace By: Pavel Emelianov on Thu, 24 May 2007 13:04
		[PATCH 11/13] Changes to show virtual ids to user By: Pavel Emelianov on Thu, 24 May 2007 13:06
		Re: [PATCH 11/13] Changes to show virtual ids to user By: ebiederm on Thu, 24 May 2007 16:05
		Re: [PATCH 11/13] Changes to show virtual ids to user By: xemul on Thu, 24 May 2007 16:15
		Re: [PATCH 11/13] Changes to show virtual ids to user By: ebiederm on Thu, 24 May 2007 16:33
		Re: [PATCH 11/13] Changes to show virtual ids to user By: Pavel Emelianov on Fri, 25 May 2007 06:33
		Re: [PATCH 11/13] Changes to show virtual ids to user By: ebiederm on Fri, 25 May 2007 15:48
		Re: [PATCH 11/13] Changes to show virtual ids to user By: Cedric Le Goater on Tue, 29 May 2007 12:32
		Re: [PATCH 11/13] Changes to show virtual ids to user By: Pavel Emelianov on Thu, 31 May 2007 07:57
		Re: [PATCH 11/13] Changes to show virtual ids to user By: Pavel Emelianov on Thu, 31 May 2007 08:00
		Re: [PATCH 11/13] Changes to show virtual ids to user By: ebiederm on Thu, 31 May 2007 11:26
		Re: [PATCH 11/13] Changes to show virtual ids to user By: Pavel Emelianov on Thu, 31 May 2007 11:46
		Re: [PATCH 11/13] Changes to show virtual ids to user By: ebiederm on Thu, 31 May 2007 13:41
		[PATCH 12/13] Show appropriate pids in proc By: Pavel Emelianov on Thu, 24 May 2007 13:08
		[PATCH 13/13] Make all proc entres accessible in a namespace By: Pavel Emelianov on Thu, 24 May 2007 13:13
		Instructions of how to make testing easy By: Pavel Emelianov on Thu, 24 May 2007 13:19
		Re: Instructions of how to make testing easy By: Pavel Emelianov on Thu, 24 May 2007 16:16
		Re: Instructions of how to make testing easy By: Cedric Le Goater on Thu, 24 May 2007 14:55
		Re: [PATCH 0/13] Pid namespaces (OpenVZ view) By: serue on Thu, 24 May 2007 15:09
		Re: [PATCH 0/13] Pid namespaces (OpenVZ view) By: xemul on Thu, 24 May 2007 16:11
		Re: [PATCH 0/13] Pid namespaces (OpenVZ view) By: serue on Thu, 24 May 2007 16:59
		Re: [PATCH 0/13] Pid namespaces (OpenVZ view) By: ebiederm on Thu, 24 May 2007 18:56
		Re: [PATCH 0/13] Pid namespaces (OpenVZ view) By: serue on Thu, 24 May 2007 19:10
		Re: [PATCH 0/13] Pid namespaces (OpenVZ view) By: Pavel Emelianov on Fri, 25 May 2007 07:08
		Re: [PATCH 0/13] Pid namespaces (OpenVZ view) By: serue on Fri, 25 May 2007 13:25
		Re: [PATCH 0/13] Pid namespaces (OpenVZ view) By: Pavel Emelianov on Fri, 25 May 2007 13:53
		Re: [PATCH 0/13] Pid namespaces (OpenVZ view) By: serue on Fri, 25 May 2007 14:25
		Re: [PATCH 0/13] Pid namespaces (OpenVZ view) By: Pavel Emelianov on Mon, 28 May 2007 07:48
		Re: [PATCH 0/13] Pid namespaces (OpenVZ view) By: ebiederm on Tue, 29 May 2007 04:30
		Re: [PATCH 0/13] Pid namespaces (OpenVZ view) By: Pavel Emelianov on Tue, 29 May 2007 07:47
		Re: [PATCH 0/13] Pid namespaces (OpenVZ view) By: ebiederm on Tue, 29 May 2007 12:36
		Re: [PATCH 0/13] Pid namespaces (OpenVZ view) By: Pavel Emelianov on Fri, 25 May 2007 07:06
		Re: [PATCH 0/13] Pid namespaces (OpenVZ view) By: ebiederm on Fri, 25 May 2007 14:55
		Re: [PATCH 0/13] Pid namespaces (OpenVZ view) By: ebiederm on Thu, 24 May 2007 16:00
		Re: [PATCH 0/13] Pid namespaces (OpenVZ view) By: serue on Thu, 24 May 2007 16:20
		Re: [PATCH 0/13] Pid namespaces (OpenVZ view) By: Pavel Emelianov on Fri, 25 May 2007 06:29
		Re: [PATCH 0/13] Pid namespaces (OpenVZ view) By: serue on Fri, 25 May 2007 13:29
		Re: [PATCH 0/13] Pid namespaces (OpenVZ view) By: Pavel Emelianov on Thu, 24 May 2007 16:26
		Re: [PATCH 0/13] Pid namespaces (OpenVZ view) By: ebiederm on Thu, 24 May 2007 19:18
		Re: [PATCH 0/13] Pid namespaces (OpenVZ view) By: Pavel Emelianov on Fri, 25 May 2007 07:15
		Re: Re: [PATCH 0/13] Pid namespaces (OpenVZ view) By: dev on Mon, 28 May 2007 11:50
		Re: [PATCH 0/13] Pid namespaces (OpenVZ view) By: ebiederm on Tue, 29 May 2007 13:07
		Re: [PATCH 0/13] Pid namespaces (OpenVZ view) By: Daniel Lezcano on Thu, 24 May 2007 16:41
		Re: [PATCH 0/13] Pid namespaces (OpenVZ view) By: Pavel Emelianov on Fri, 25 May 2007 07:26
		Re: [PATCH 0/13] Pid namespaces (OpenVZ view) By: Daniel Lezcano on Fri, 25 May 2007 08:30

Previous Topic:	Re: [ckrm-tech] [RFC] [PATCH 0/3] Add group fairness to CFS
Next Topic:	[RFC][PATCH 0/16] Enable cloning of pid namespace

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Sun Jul 27 03:15:16 GMT 2025

Total time taken to generate the page: 0.43635 seconds