OpenVZ Forum: Devel » [PATCH] IPC namespace

Home » Mailing lists » Devel » [PATCH] IPC namespace

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

Re: [PATCH 2/6] IPC namespace - utils [message #3724 is a reply to message #3720]

Mon, 12 June 2006 21:05

Cedric Le Goater
Messages: 443
Registered: February 2006

Senior Member

Eric W. Biederman wrote:
> Cedric Le Goater <clg@fr.ibm.com> writes:
>
>> I've used the ipc namespace patchset in rc6-mm2. Thanks for putting this
>> together, it works pretty well ! A few questions when we clone :
>>
>> * We should do something close to what exit_sem() already does to clear the
>> sem_undo list from the task doing the clone() or unshare().
>
> Possibly which case are you trying to prevent?

task records a list of struct sem_undo each containing a semaphore id. When
we unshare ipc namespace, we break the 'reference' between the semaphore id
and the struct sem_array because the struct sem_array are cleared and freed
in the new namespace. When the task exit, that inconstency could lead to
unexpected results in exit_sem(), task locks, BUG_ON, etc. Nope ?

>> * I don't like the idea of being able to unshare the ipc namespace and keep
>> some shared memory from the previous ipc namespace mapped in the process mm.
>> Should we forbid the unshare ?
>
> No. As long as the code handles that case properly we should be fine.

what is the proper way to handle that case ? the current patchset is not
protected : a process can be in one ipc namespace and use a shared segment
from a previous ipc namespace. This situation is not desirable in a
migration scenario. May be asking too much for the moment ... and I agree
this can be fixed by the way namespaces are created.

> As a general principle we should be able to keep things from other namespaces
> open if we get them. The chroot or equivalent binary is the one that needs
> to ensure these kinds of issues don't exist if we care.
>
> Speaking of we should put together a small test application probably similar
> to chroot so people can access these features at least for testing.

are you thinking about a command unshare()ing each namespace or some kind
of create_nsproxy ?

> Ack. For the unshare fix below. Could you resend this one separately with
> patch in the subject so Andrew sees it and picks up?

done.

thanks,

c.

Report message to a moderator

[Message index]

		[PATCH] IPC namespace By: Kirill Korotaev on Fri, 09 June 2006 14:55
		[PATCH 1/6] IPC namespace core By: Kirill Korotaev on Fri, 09 June 2006 15:01
		Re: [PATCH 1/6] IPC namespace core By: James Morris on Fri, 09 June 2006 15:26
		Re: [PATCH 1/6] IPC namespace core By: Cedric Le Goater on Fri, 09 June 2006 15:20
		Re: [PATCH 1/6] IPC namespace core By: Andrew Morton on Fri, 09 June 2006 18:38
		Re: [PATCH 1/6] IPC namespace core By: ebiederm on Sat, 10 June 2006 00:44
		Re: [PATCH 1/6] IPC namespace core By: Andrew Morton on Sat, 10 June 2006 03:22
		[PATCH 2/6] IPC namespace - utils By: Kirill Korotaev on Fri, 09 June 2006 15:05
		Re: [PATCH 2/6] IPC namespace - utils By: Cedric Le Goater on Mon, 12 June 2006 17:08
		Re: [PATCH 2/6] IPC namespace - utils By: ebiederm on Mon, 12 June 2006 18:01
		Re: [PATCH 2/6] IPC namespace - utils By: Cedric Le Goater on Mon, 12 June 2006 21:05
		Re: [PATCH 2/6] IPC namespace - utils By: ebiederm on Mon, 12 June 2006 21:49
		Re: [PATCH 2/6] IPC namespace - utils By: Cedric Le Goater on Tue, 13 June 2006 21:17
		Re: [PATCH 2/6] IPC namespace - utils By: dev on Wed, 14 June 2006 11:14
		[PATCH 3/6] IPC namespace - msg By: Kirill Korotaev on Fri, 09 June 2006 15:07
		[PATCH 4/6] IPC namespace - sem By: Kirill Korotaev on Fri, 09 June 2006 15:08
		[PATCH 5/6] IPC namespace - shm By: Kirill Korotaev on Fri, 09 June 2006 15:09
		[PATCH 6/6] IPC namespace - sysctls By: Kirill Korotaev on Fri, 09 June 2006 15:11
		Re: [PATCH] IPC namespace By: Dave Hansen on Mon, 12 June 2006 17:19
		Re: [PATCH] IPC namespace By: ebiederm on Tue, 13 June 2006 02:44
		Re: [PATCH] IPC namespace By: dev on Tue, 13 June 2006 16:41
		Re: [PATCH] IPC namespace By: ebiederm on Tue, 13 June 2006 17:01

Previous Topic:	[PATCH 2.6.17-rc6-mm2] ipc namespace : unshare fix
Next Topic:	Re: Linux-VServer and OpenVZ for Debian

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Sat Aug 23 14:01:45 GMT 2025

Total time taken to generate the page: 0.05851 seconds