Cedric Le Goater <clg@fr.ibm.com> writes:
> Hello Kirill,
>
> Kirill Korotaev wrote:
>> Cedric,
>>
>> how safe does it intersect with netlinks from network namespace?
>> I see mqueues can send netlink messages, have you checked how safe it is?
>
> a ref is taken on the 'struct sock' in the mq_notify() syscall and the
> skbuff which will be send to notify the user is also allocated in the
> mq_notify() syscall. So we should be in the same net namespace when we
> register the notification and when we notify.
>
> I hope the net guys can confirm or we will easily check in the next
> -lxc patchset which will merge this patchset with netns.
>
> however, we have an issue with the signal notification in __do_notify()
> we could kill a process in a different pid namespace.
So I took a quick look at the code as it is (before this patchset)
and the taking a reference to a socket and the taking a reference to
a struct pid should do the right thing when we intersect with other
namespaces. It certainly does not look like a fundamental issue.
In practice the patchset as written does conflict with the network
namespace work in the net-2.6.24 tree so some adjustments will need
to be made.
Eric
_______________________________________________
Containers mailing list
Containers@lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers
OpenVZ Forum
Members
Search
Help
Register
Login
Home
