Re: [PATCH v4 0/2] cgroup: allow management of subtrees by new cgroup namespaces

On Fri, May 20, 2016 at 9:25 AM, James Bottomley wrote: > > On Fri, 2016-05-20 at 09:17 -0700, Tejun Heo wrote: > > Hello, James. > > > > On Fri, May 20, 2016 at 12:09:10PM -0400, James Bottomley wrote: > > > I think it's just different definitions. If you

Re: [PATCH v4 0/2] cgroup: allow management of subtrees by new cgroup namespaces

On Fri, May 20, 2016 at 9:25 AM, James Bottomley wrote: > > On Fri, 2016-05-20 at 09:17 -0700, Tejun Heo wrote: > > Hello, James. > > > > On Fri, May 20, 2016 at 12:09:10PM -0400, James Bottomley wrote: > > > I think it's just different definitions. If you take on our > > > definition of being

Re: [PATCH] cgroup namespaces: add a 'nsroot=' mountinfo field

On Thu, Apr 14, 2016 at 8:27 AM, Serge E. Hallyn wrote: > Quoting Eric W. Biederman (ebied...@xmission.com): >> "Serge E. Hallyn" writes: >> >> > This is so that userspace can distinguish a mount made in a cgroup >> > namespace from a bind mount from a cgroup

Re: [PATCH] cgroup namespaces: add a 'nsroot=' mountinfo field

On Thu, Apr 14, 2016 at 8:27 AM, Serge E. Hallyn wrote: > Quoting Eric W. Biederman (ebied...@xmission.com): >> "Serge E. Hallyn" writes: >> >> > This is so that userspace can distinguish a mount made in a cgroup >> > namespace from a bind mount from a cgroup subdirectory. >> >> To do that do

Re: [RFC PATCH] cgroup namespaces: add a 'nsroot=' mountinfo field

On Wed, Apr 13, 2016 at 12:01 PM, Serge E. Hallyn wrote: > Quoting Tejun Heo (t...@kernel.org): >> Hello, Serge. >> >> On Wed, Apr 13, 2016 at 01:46:39PM -0500, Serge E. Hallyn wrote: >> > It's not a leak of any information we're trying to hide. I realize >> > something like 8

Re: [RFC PATCH] cgroup namespaces: add a 'nsroot=' mountinfo field

On Wed, Apr 13, 2016 at 12:01 PM, Serge E. Hallyn wrote: > Quoting Tejun Heo (t...@kernel.org): >> Hello, Serge. >> >> On Wed, Apr 13, 2016 at 01:46:39PM -0500, Serge E. Hallyn wrote: >> > It's not a leak of any information we're trying to hide. I realize >> > something like 8 years have passed,

Re: [PATCHv3 8/8] cgroup: Add documentation for cgroup namespaces

On Wed, Jan 7, 2015 at 1:28 AM, Richard Weinberger wrote: > Am 07.01.2015 um 00:20 schrieb Aditya Kali: >> I understand your point. But it will add some complexity to the code. >> >> Before trying to make it work for non-unified hierarchy cases, I would >> like to get

Re: [PATCHv3 8/8] cgroup: Add documentation for cgroup namespaces

On Wed, Jan 7, 2015 at 1:28 AM, Richard Weinberger rich...@nod.at wrote: Am 07.01.2015 um 00:20 schrieb Aditya Kali: I understand your point. But it will add some complexity to the code. Before trying to make it work for non-unified hierarchy cases, I would like to get a clearer idea. What

Re: [PATCHv3 8/8] cgroup: Add documentation for cgroup namespaces

, 2015 at 4:17 PM, Richard Weinberger wrote: > Am 06.01.2015 um 01:10 schrieb Aditya Kali: >> Since the old/default behavior is on its way out, I didn't invest time >> in fixing that. Also, some of the properties that make >> cgroup-namespace simpler are only provided

Re: [PATCHv3 8/8] cgroup: Add documentation for cgroup namespaces

, 2015 at 4:17 PM, Richard Weinberger rich...@nod.at wrote: Am 06.01.2015 um 01:10 schrieb Aditya Kali: Since the old/default behavior is on its way out, I didn't invest time in fixing that. Also, some of the properties that make cgroup-namespace simpler are only provided by unified hierarchy

Re: [PATCHv3 8/8] cgroup: Add documentation for cgroup namespaces

On Mon, Jan 5, 2015 at 3:53 PM, Eric W. Biederman wrote: > Richard Weinberger writes: > >> Am 05.01.2015 um 23:48 schrieb Aditya Kali: >>> On Sun, Dec 14, 2014 at 3:05 PM, Richard Weinberger wrote: >>>> Aditya, >>>> >>>> I gave your pa

Re: [PATCHv3 8/8] cgroup: Add documentation for cgroup namespaces

Thanks for the review. I have made the suggested fixes. Regarding relative path, please see inline. On Fri, Dec 12, 2014 at 12:54 AM, Zefan Li wrote: >> +In its current form, the cgroup namespaces patcheset provides following >> +behavior: >> + >> +(1) The 'cgroupns-root' for a cgroup namespace

Re: [PATCHv3 8/8] cgroup: Add documentation for cgroup namespaces

On Sun, Dec 14, 2014 at 3:05 PM, Richard Weinberger wrote: > Aditya, > > I gave your patch set a try but it does not work for me. > Maybe you can bring some light into the issues I'm facing. > Sadly I still had no time to dig into your code. > > Am 05.12.2014 um 02:5

Re: [PATCHv3 8/8] cgroup: Add documentation for cgroup namespaces

On Sun, Dec 14, 2014 at 3:05 PM, Richard Weinberger rich...@nod.at wrote: Aditya, I gave your patch set a try but it does not work for me. Maybe you can bring some light into the issues I'm facing. Sadly I still had no time to dig into your code. Am 05.12.2014 um 02:55 schrieb Aditya Kali

Re: [PATCHv3 8/8] cgroup: Add documentation for cgroup namespaces

Thanks for the review. I have made the suggested fixes. Regarding relative path, please see inline. On Fri, Dec 12, 2014 at 12:54 AM, Zefan Li lize...@huawei.com wrote: +In its current form, the cgroup namespaces patcheset provides following +behavior: + +(1) The 'cgroupns-root' for a cgroup

Re: [PATCHv3 8/8] cgroup: Add documentation for cgroup namespaces

On Mon, Jan 5, 2015 at 3:53 PM, Eric W. Biederman ebied...@xmission.com wrote: Richard Weinberger rich...@nod.at writes: Am 05.01.2015 um 23:48 schrieb Aditya Kali: On Sun, Dec 14, 2014 at 3:05 PM, Richard Weinberger rich...@nod.at wrote: Aditya, I gave your patch set a try but it does

Re: [PATCHv3 0/8] CGroup Namespaces

These patches are now also hosted on github at https://github.com/adityakali/linux/tree/cgroupns_v3. Thanks, On Thu, Dec 4, 2014 at 5:55 PM, Aditya Kali wrote: > Another spin for CGroup Namespaces feature. > > Changes from V2: > 1. Added documentation in Documentation/cgroups/names

[PATCHv3 3/8] cgroup: add function to get task's cgroup on default hierarchy

get_task_cgroup() returns the (reference counted) cgroup of the given task on the default hierarchy. Acked-by: Serge Hallyn Signed-off-by: Aditya Kali --- include/linux/cgroup.h | 1 + kernel/cgroup.c| 25 + 2 files changed, 26 insertions(+) diff --git

[PATCHv3 6/8] cgroup: cgroup namespace setns support

the target cgroupns-root. Signed-off-by: Aditya Kali --- kernel/cgroup_namespace.c | 17 +++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/kernel/cgroup_namespace.c b/kernel/cgroup_namespace.c index 0e0ef3a..ee0cc51 100644 --- a/kernel/cgroup_namespace.c +++ b/kernel

[PATCHv3 8/8] cgroup: Add documentation for cgroup namespaces

Signed-off-by: Aditya Kali --- Documentation/cgroups/namespace.txt | 147 1 file changed, 147 insertions(+) create mode 100644 Documentation/cgroups/namespace.txt diff --git a/Documentation/cgroups/namespace.txt b/Documentation/cgroups/namespace.txt new

[PATCHv3 5/8] cgroup: introduce cgroup namespaces

libcontainer, lxc, lmctfy, etc.) to create completely virtualized containers without leaking system level cgroup hierarchy to the task. This patch only implements the 'unshare' part of the cgroupns. Signed-off-by: Aditya Kali --- fs/proc/namespaces.c | 1 + include/linux/cgroup.h

[PATCHv3 4/8] cgroup: export cgroup_get() and cgroup_put()

move cgroup_get() and cgroup_put() into cgroup.h so that they can be called from other places. Acked-by: Serge Hallyn Signed-off-by: Aditya Kali --- include/linux/cgroup.h | 22 ++ kernel/cgroup.c| 22 -- 2 files changed, 22 insertions(+), 22

[PATCHv3 7/8] cgroup: mount cgroupns-root when inside non-init cgroupns

to run inside the containers without depending on any global state. In order to support this, a new kernfs api is added to lookup the dentry for the cgroupns-root. Signed-off-by: Aditya Kali --- fs/kernfs/mount.c | 48 include/linux/kernfs.h

[PATCHv3 2/8] sched: new clone flag CLONE_NEWCGROUP for cgroup namespace

CLONE_NEWCGROUP will be used to create new cgroup namespace. Acked-by: Serge Hallyn Signed-off-by: Aditya Kali --- include/uapi/linux/sched.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/include/uapi/linux/sched.h b/include/uapi/linux/sched.h index 34f9d73..2f90d00

[PATCHv3 1/8] kernfs: Add API to generate relative kernfs path

The new function kernfs_path_from_node() generates and returns kernfs path of a given kernfs_node relative to a given parent kernfs_node. Signed-off-by: Aditya Kali --- fs/kernfs/dir.c| 195 +++-- include/linux/kernfs.h | 3 + 2 files

[PATCHv3 0/8] CGroup Namespaces

Another spin for CGroup Namespaces feature. Changes from V2: 1. Added documentation in Documentation/cgroups/namespace.txt 2. Fixed a bug that caused crash 3. Incorporated some other suggestions from last patchset: - removed use of threadgroup_lock() while creating new cgroupns - use

[PATCHv3 0/8] CGroup Namespaces

Another spin for CGroup Namespaces feature. Changes from V2: 1. Added documentation in Documentation/cgroups/namespace.txt 2. Fixed a bug that caused crash 3. Incorporated some other suggestions from last patchset: - removed use of threadgroup_lock() while creating new cgroupns - use

[PATCHv3 1/8] kernfs: Add API to generate relative kernfs path

The new function kernfs_path_from_node() generates and returns kernfs path of a given kernfs_node relative to a given parent kernfs_node. Signed-off-by: Aditya Kali adityak...@google.com --- fs/kernfs/dir.c| 195 +++-- include/linux/kernfs.h

[PATCHv3 2/8] sched: new clone flag CLONE_NEWCGROUP for cgroup namespace

CLONE_NEWCGROUP will be used to create new cgroup namespace. Acked-by: Serge Hallyn serge.hal...@canonical.com Signed-off-by: Aditya Kali adityak...@google.com --- include/uapi/linux/sched.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/include/uapi/linux/sched.h b

[PATCHv3 7/8] cgroup: mount cgroupns-root when inside non-init cgroupns

to run inside the containers without depending on any global state. In order to support this, a new kernfs api is added to lookup the dentry for the cgroupns-root. Signed-off-by: Aditya Kali adityak...@google.com --- fs/kernfs/mount.c | 48

[PATCHv3 4/8] cgroup: export cgroup_get() and cgroup_put()

move cgroup_get() and cgroup_put() into cgroup.h so that they can be called from other places. Acked-by: Serge Hallyn serge.hal...@canonical.com Signed-off-by: Aditya Kali adityak...@google.com --- include/linux/cgroup.h | 22 ++ kernel/cgroup.c| 22

[PATCHv3 8/8] cgroup: Add documentation for cgroup namespaces

Signed-off-by: Aditya Kali adityak...@google.com --- Documentation/cgroups/namespace.txt | 147 1 file changed, 147 insertions(+) create mode 100644 Documentation/cgroups/namespace.txt diff --git a/Documentation/cgroups/namespace.txt b/Documentation/cgroups

[PATCHv3 5/8] cgroup: introduce cgroup namespaces

libcontainer, lxc, lmctfy, etc.) to create completely virtualized containers without leaking system level cgroup hierarchy to the task. This patch only implements the 'unshare' part of the cgroupns. Signed-off-by: Aditya Kali adityak...@google.com --- fs/proc/namespaces.c | 1 + include/linux

[PATCHv3 3/8] cgroup: add function to get task's cgroup on default hierarchy

get_task_cgroup() returns the (reference counted) cgroup of the given task on the default hierarchy. Acked-by: Serge Hallyn serge.hal...@canonical.com Signed-off-by: Aditya Kali adityak...@google.com --- include/linux/cgroup.h | 1 + kernel/cgroup.c| 25 + 2

[PATCHv3 6/8] cgroup: cgroup namespace setns support

the target cgroupns-root. Signed-off-by: Aditya Kali adityak...@google.com --- kernel/cgroup_namespace.c | 17 +++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/kernel/cgroup_namespace.c b/kernel/cgroup_namespace.c index 0e0ef3a..ee0cc51 100644 --- a/kernel

Re: [PATCHv3 0/8] CGroup Namespaces

These patches are now also hosted on github at https://github.com/adityakali/linux/tree/cgroupns_v3. Thanks, On Thu, Dec 4, 2014 at 5:55 PM, Aditya Kali adityak...@google.com wrote: Another spin for CGroup Namespaces feature. Changes from V2: 1. Added documentation in Documentation/cgroups

Re: [PATCHv2 0/7] CGroup Namespaces

On Wed, Nov 26, 2014 at 2:58 PM, Richard Weinberger wrote: > > On Thu, Nov 6, 2014 at 6:33 PM, Aditya Kali wrote: > > On Tue, Nov 4, 2014 at 5:10 AM, Vivek Goyal wrote: > >> On Fri, Oct 31, 2014 at 12:18:54PM -0700, Aditya Kali wrote: > >> [..] > >>&g

Re: [PATCHv2 0/7] CGroup Namespaces

On Wed, Nov 26, 2014 at 2:58 PM, Richard Weinberger richard.weinber...@gmail.com wrote: On Thu, Nov 6, 2014 at 6:33 PM, Aditya Kali adityak...@google.com wrote: On Tue, Nov 4, 2014 at 5:10 AM, Vivek Goyal vgo...@redhat.com wrote: On Fri, Oct 31, 2014 at 12:18:54PM -0700, Aditya Kali wrote

Re: [PATCHv2 7/7] cgroup: mount cgroupns-root when inside non-init cgroupns

feedback. On Tue, Nov 4, 2014 at 7:50 AM, Serge E. Hallyn wrote: > > Quoting Andy Lutomirski (l...@amacapital.net): > > On Tue, Nov 4, 2014 at 5:46 AM, Tejun Heo wrote: > > > Hello, Aditya. > > > > > > On Mon, Nov 03, 2014 at 02:43:47PM -

Re: [PATCHv2 7/7] cgroup: mount cgroupns-root when inside non-init cgroupns

feedback. On Tue, Nov 4, 2014 at 7:50 AM, Serge E. Hallyn se...@hallyn.com wrote: Quoting Andy Lutomirski (l...@amacapital.net): On Tue, Nov 4, 2014 at 5:46 AM, Tejun Heo t...@kernel.org wrote: Hello, Aditya. On Mon, Nov 03, 2014 at 02:43:47PM -0800, Aditya Kali wrote: I agree

Re: [PATCHv2 0/7] CGroup Namespaces

On Tue, Nov 4, 2014 at 5:10 AM, Vivek Goyal wrote: > On Fri, Oct 31, 2014 at 12:18:54PM -0700, Aditya Kali wrote: > [..] >> fs/kernfs/dir.c | 194 >> ++- >> fs/kernfs/mount.c| 48 ++

Re: [PATCHv2 7/7] cgroup: mount cgroupns-root when inside non-init cgroupns

On Tue, Nov 4, 2014 at 5:57 AM, Tejun Heo wrote: > Hello, Aditya. > > On Mon, Nov 03, 2014 at 03:12:28PM -0800, Aditya Kali wrote: >> I think the sane-behavior flag is only temporary and will be removed >> anyways, right? So I didn't bother asking user to supply it. But I c

Re: [PATCHv2 7/7] cgroup: mount cgroupns-root when inside non-init cgroupns

On Tue, Nov 4, 2014 at 5:57 AM, Tejun Heo t...@kernel.org wrote: Hello, Aditya. On Mon, Nov 03, 2014 at 03:12:28PM -0800, Aditya Kali wrote: I think the sane-behavior flag is only temporary and will be removed anyways, right? So I didn't bother asking user to supply it. But I can make

Re: [PATCHv2 0/7] CGroup Namespaces

On Tue, Nov 4, 2014 at 5:10 AM, Vivek Goyal vgo...@redhat.com wrote: On Fri, Oct 31, 2014 at 12:18:54PM -0700, Aditya Kali wrote: [..] fs/kernfs/dir.c | 194 ++- fs/kernfs/mount.c| 48 ++ fs/proc/namespaces.c

Re: [PATCHv2 7/7] cgroup: mount cgroupns-root when inside non-init cgroupns

to run inside the containers without depending on any global state. In order to support this, a new kernfs api is added to lookup the dentry for the cgroupns-root. Signed-off-by: Aditya Kali --- fs/kernfs/mount.c | 48 include/linux/kernfs.h

Re: [PATCHv2 5/7] cgroup: introduce cgroup namespaces

libcontainer, lxc, lmctfy, etc.) to create completely virtualized containers without leaking system level cgroup hierarchy to the task. This patch only implements the 'unshare' part of the cgroupns. Signed-off-by: Aditya Kali --- fs/proc/namespaces.c | 1 + include/linux/cgroup.h

Re: [PATCHv2 7/7] cgroup: mount cgroupns-root when inside non-init cgroupns

On Mon, Nov 3, 2014 at 4:17 PM, Andy Lutomirski wrote: > On Mon, Nov 3, 2014 at 4:12 PM, Aditya Kali wrote: >> On Mon, Nov 3, 2014 at 3:48 PM, Andy Lutomirski wrote: >>> On Mon, Nov 3, 2014 at 3:23 PM, Aditya Kali wrote: >>>> On Mon, Nov 3, 2014 at 3:15 PM

Re: [PATCHv2 7/7] cgroup: mount cgroupns-root when inside non-init cgroupns

On Mon, Nov 3, 2014 at 3:48 PM, Andy Lutomirski wrote: > On Mon, Nov 3, 2014 at 3:23 PM, Aditya Kali wrote: >> On Mon, Nov 3, 2014 at 3:15 PM, Andy Lutomirski wrote: >>> On Mon, Nov 3, 2014 at 3:12 PM, Aditya Kali wrote: >>>> On Fri, Oct 31, 2014 at 5:07 PM

Re: [PATCHv2 5/7] cgroup: introduce cgroup namespaces

On Fri, Oct 31, 2014 at 5:58 PM, Eric W. Biederman wrote: > Andy Lutomirski writes: > >> On Fri, Oct 31, 2014 at 12:18 PM, Aditya Kali wrote: > > > >>> +static void *cgroupns_get(struct task_struct *task) >>> +{ >>> + struct cgroup_

Re: [PATCHv2 5/7] cgroup: introduce cgroup namespaces

On Fri, Oct 31, 2014 at 5:02 PM, Andy Lutomirski wrote: > On Fri, Oct 31, 2014 at 12:18 PM, Aditya Kali wrote: >> Introduce the ability to create new cgroup namespace. The newly created >> cgroup namespace remembers the cgroup of the process at the point >> of creation of

Re: [PATCHv2 7/7] cgroup: mount cgroupns-root when inside non-init cgroupns

On Mon, Nov 3, 2014 at 3:15 PM, Andy Lutomirski wrote: > On Mon, Nov 3, 2014 at 3:12 PM, Aditya Kali wrote: >> On Fri, Oct 31, 2014 at 5:07 PM, Andy Lutomirski wrote: >>> On Fri, Oct 31, 2014 at 12:19 PM, Aditya Kali wrote: >>>> This patch enables cgroup mountin

Re: [PATCHv2 7/7] cgroup: mount cgroupns-root when inside non-init cgroupns

On Fri, Oct 31, 2014 at 5:07 PM, Andy Lutomirski wrote: > On Fri, Oct 31, 2014 at 12:19 PM, Aditya Kali wrote: >> This patch enables cgroup mounting inside userns when a process >> as appropriate privileges. The cgroup filesystem mounted is >> rooted at the cgroupns-root.

Re: [PATCHv2 7/7] cgroup: mount cgroupns-root when inside non-init cgroupns

(sorry for accidental non-plain-text response earlier). On Fri, Oct 31, 2014 at 6:09 PM, Eric W. Biederman wrote: > Aditya Kali writes: > >> This patch enables cgroup mounting inside userns when a process >> as appropriate privileges. The cgroup filesystem mounted is >>

Re: [PATCHv2 7/7] cgroup: mount cgroupns-root when inside non-init cgroupns

(sorry for accidental non-plain-text response earlier). On Fri, Oct 31, 2014 at 6:09 PM, Eric W. Biederman ebied...@xmission.com wrote: Aditya Kali adityak...@google.com writes: This patch enables cgroup mounting inside userns when a process as appropriate privileges. The cgroup filesystem

Re: [PATCHv2 7/7] cgroup: mount cgroupns-root when inside non-init cgroupns

On Fri, Oct 31, 2014 at 5:07 PM, Andy Lutomirski l...@amacapital.net wrote: On Fri, Oct 31, 2014 at 12:19 PM, Aditya Kali adityak...@google.com wrote: This patch enables cgroup mounting inside userns when a process as appropriate privileges. The cgroup filesystem mounted is rooted

Re: [PATCHv2 7/7] cgroup: mount cgroupns-root when inside non-init cgroupns

On Mon, Nov 3, 2014 at 3:15 PM, Andy Lutomirski l...@amacapital.net wrote: On Mon, Nov 3, 2014 at 3:12 PM, Aditya Kali adityak...@google.com wrote: On Fri, Oct 31, 2014 at 5:07 PM, Andy Lutomirski l...@amacapital.net wrote: On Fri, Oct 31, 2014 at 12:19 PM, Aditya Kali adityak...@google.com

Re: [PATCHv2 5/7] cgroup: introduce cgroup namespaces

On Fri, Oct 31, 2014 at 5:02 PM, Andy Lutomirski l...@amacapital.net wrote: On Fri, Oct 31, 2014 at 12:18 PM, Aditya Kali adityak...@google.com wrote: Introduce the ability to create new cgroup namespace. The newly created cgroup namespace remembers the cgroup of the process at the point

Re: [PATCHv2 5/7] cgroup: introduce cgroup namespaces

On Fri, Oct 31, 2014 at 5:58 PM, Eric W. Biederman ebied...@xmission.com wrote: Andy Lutomirski l...@amacapital.net writes: On Fri, Oct 31, 2014 at 12:18 PM, Aditya Kali adityak...@google.com wrote: snip +static void *cgroupns_get(struct task_struct *task) +{ + struct

Re: [PATCHv2 7/7] cgroup: mount cgroupns-root when inside non-init cgroupns

On Mon, Nov 3, 2014 at 3:48 PM, Andy Lutomirski l...@amacapital.net wrote: On Mon, Nov 3, 2014 at 3:23 PM, Aditya Kali adityak...@google.com wrote: On Mon, Nov 3, 2014 at 3:15 PM, Andy Lutomirski l...@amacapital.net wrote: On Mon, Nov 3, 2014 at 3:12 PM, Aditya Kali adityak...@google.com wrote

Re: [PATCHv2 7/7] cgroup: mount cgroupns-root when inside non-init cgroupns

On Mon, Nov 3, 2014 at 4:17 PM, Andy Lutomirski l...@amacapital.net wrote: On Mon, Nov 3, 2014 at 4:12 PM, Aditya Kali adityak...@google.com wrote: On Mon, Nov 3, 2014 at 3:48 PM, Andy Lutomirski l...@amacapital.net wrote: On Mon, Nov 3, 2014 at 3:23 PM, Aditya Kali adityak...@google.com wrote

Re: [PATCHv2 5/7] cgroup: introduce cgroup namespaces

libcontainer, lxc, lmctfy, etc.) to create completely virtualized containers without leaking system level cgroup hierarchy to the task. This patch only implements the 'unshare' part of the cgroupns. Signed-off-by: Aditya Kali adityak...@google.com --- fs/proc/namespaces.c | 1 + include

Re: [PATCHv2 7/7] cgroup: mount cgroupns-root when inside non-init cgroupns

to run inside the containers without depending on any global state. In order to support this, a new kernfs api is added to lookup the dentry for the cgroupns-root. Signed-off-by: Aditya Kali adityak...@google.com --- fs/kernfs/mount.c | 48

[PATCHv2 0/7] CGroup Namespaces

Another attempt at Cgroup Namespace patch-set. This incorporates suggestions on previous patch-set. Changes from V1: 1. No pinning of processes within cgroupns. Tasks can be freely moved across cgroups even outside of their cgroupns-root. Usual DAC/MAC policies apply as before. 2. Path in

[PATCHv2 4/7] cgroup: export cgroup_get() and cgroup_put()

move cgroup_get() and cgroup_put() into cgroup.h so that they can be called from other places. Signed-off-by: Aditya Kali --- include/linux/cgroup.h | 22 ++ kernel/cgroup.c| 22 -- 2 files changed, 22 insertions(+), 22 deletions(-) diff --git

[PATCHv2 3/7] cgroup: add function to get task's cgroup on default hierarchy

get_task_cgroup() returns the (reference counted) cgroup of the given task on the default hierarchy. Signed-off-by: Aditya Kali --- include/linux/cgroup.h | 1 + kernel/cgroup.c| 25 + 2 files changed, 26 insertions(+) diff --git a/include/linux/cgroup.h b

[PATCHv2 1/7] kernfs: Add API to generate relative kernfs path

The new function kernfs_path_from_node() generates and returns kernfs path of a given kernfs_node relative to a given parent kernfs_node. Signed-off-by: Aditya Kali --- fs/kernfs/dir.c| 194 +++-- include/linux/kernfs.h | 3 + 2 files

[PATCHv2 5/7] cgroup: introduce cgroup namespaces

libcontainer, lxc, lmctfy, etc.) to create completely virtualized containers without leaking system level cgroup hierarchy to the task. This patch only implements the 'unshare' part of the cgroupns. Signed-off-by: Aditya Kali --- fs/proc/namespaces.c | 1 + include/linux/cgroup.h

[PATCHv2 6/7] cgroup: cgroup namespace setns support

the target cgroupns-root. Signed-off-by: Aditya Kali --- kernel/cgroup_namespace.c | 18 -- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/kernel/cgroup_namespace.c b/kernel/cgroup_namespace.c index 7e9bda0..0803575 100644 --- a/kernel/cgroup_namespace.c +++ b/kernel

[PATCHv2 7/7] cgroup: mount cgroupns-root when inside non-init cgroupns

to run inside the containers without depending on any global state. In order to support this, a new kernfs api is added to lookup the dentry for the cgroupns-root. Signed-off-by: Aditya Kali --- fs/kernfs/mount.c | 48 include/linux/kernfs.h

[PATCHv2 2/7] sched: new clone flag CLONE_NEWCGROUP for cgroup namespace

CLONE_NEWCGROUP will be used to create new cgroup namespace. Signed-off-by: Aditya Kali --- include/uapi/linux/sched.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/include/uapi/linux/sched.h b/include/uapi/linux/sched.h index 34f9d73..2f90d00 100644 --- a/include/uapi

[PATCHv2 2/7] sched: new clone flag CLONE_NEWCGROUP for cgroup namespace

CLONE_NEWCGROUP will be used to create new cgroup namespace. Signed-off-by: Aditya Kali adityak...@google.com --- include/uapi/linux/sched.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/include/uapi/linux/sched.h b/include/uapi/linux/sched.h index 34f9d73..2f90d00 100644

[PATCHv2 6/7] cgroup: cgroup namespace setns support

the target cgroupns-root. Signed-off-by: Aditya Kali adityak...@google.com --- kernel/cgroup_namespace.c | 18 -- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/kernel/cgroup_namespace.c b/kernel/cgroup_namespace.c index 7e9bda0..0803575 100644 --- a/kernel

[PATCHv2 7/7] cgroup: mount cgroupns-root when inside non-init cgroupns

to run inside the containers without depending on any global state. In order to support this, a new kernfs api is added to lookup the dentry for the cgroupns-root. Signed-off-by: Aditya Kali adityak...@google.com --- fs/kernfs/mount.c | 48

[PATCHv2 1/7] kernfs: Add API to generate relative kernfs path

The new function kernfs_path_from_node() generates and returns kernfs path of a given kernfs_node relative to a given parent kernfs_node. Signed-off-by: Aditya Kali adityak...@google.com --- fs/kernfs/dir.c| 194 +++-- include/linux/kernfs.h

[PATCHv2 5/7] cgroup: introduce cgroup namespaces

libcontainer, lxc, lmctfy, etc.) to create completely virtualized containers without leaking system level cgroup hierarchy to the task. This patch only implements the 'unshare' part of the cgroupns. Signed-off-by: Aditya Kali adityak...@google.com --- fs/proc/namespaces.c | 1 + include/linux

[PATCHv2 3/7] cgroup: add function to get task's cgroup on default hierarchy

get_task_cgroup() returns the (reference counted) cgroup of the given task on the default hierarchy. Signed-off-by: Aditya Kali adityak...@google.com --- include/linux/cgroup.h | 1 + kernel/cgroup.c| 25 + 2 files changed, 26 insertions(+) diff --git a/include

[PATCHv2 4/7] cgroup: export cgroup_get() and cgroup_put()

move cgroup_get() and cgroup_put() into cgroup.h so that they can be called from other places. Signed-off-by: Aditya Kali adityak...@google.com --- include/linux/cgroup.h | 22 ++ kernel/cgroup.c| 22 -- 2 files changed, 22 insertions(+), 22

[PATCHv2 0/7] CGroup Namespaces

Another attempt at Cgroup Namespace patch-set. This incorporates suggestions on previous patch-set. Changes from V1: 1. No pinning of processes within cgroupns. Tasks can be freely moved across cgroups even outside of their cgroupns-root. Usual DAC/MAC policies apply as before. 2. Path in

Re: [PATCHv1 5/8] cgroup: introduce cgroup namespaces

I will include the suggested changes in the new patchset. Some comments inline. On Thu, Oct 16, 2014 at 9:37 AM, Serge E. Hallyn wrote: > Quoting Aditya Kali (adityak...@google.com): >> Introduce the ability to create new cgroup namespace. The newly created >> cgroup name

Re: [PATCHv1 5/8] cgroup: introduce cgroup namespaces

I will include the suggested changes in the new patchset. Some comments inline. On Thu, Oct 16, 2014 at 9:37 AM, Serge E. Hallyn se...@hallyn.com wrote: Quoting Aditya Kali (adityak...@google.com): Introduce the ability to create new cgroup namespace. The newly created cgroup namespace

Re: [PATCHv1 6/8] cgroup: restrict cgroup operations within task's cgroupns

On Fri, Oct 17, 2014 at 2:28 AM, Serge E. Hallyn wrote: > Quoting Aditya Kali (adityak...@google.com): >> Restrict following operations within the calling tasks: >> * cgroup_mkdir & cgroup_rmdir >> * cgroup_attach_task >> * writes to cgroup files outside of task's

Re: [PATCHv1 7/8] cgroup: cgroup namespace setns support

On Tue, Oct 21, 2014 at 5:58 PM, Andy Lutomirski wrote: > On Tue, Oct 21, 2014 at 5:46 PM, Aditya Kali wrote: >> On Tue, Oct 21, 2014 at 3:42 PM, Andy Lutomirski wrote: >>> On Tue, Oct 21, 2014 at 3:33 PM, Aditya Kali wrote: >>>> On Tue, Oct 21, 2014 at 12:02 PM

Re: [PATCHv1 7/8] cgroup: cgroup namespace setns support

On Tue, Oct 21, 2014 at 5:58 PM, Andy Lutomirski l...@amacapital.net wrote: On Tue, Oct 21, 2014 at 5:46 PM, Aditya Kali adityak...@google.com wrote: On Tue, Oct 21, 2014 at 3:42 PM, Andy Lutomirski l...@amacapital.net wrote: On Tue, Oct 21, 2014 at 3:33 PM, Aditya Kali adityak...@google.com

Re: [PATCHv1 6/8] cgroup: restrict cgroup operations within task's cgroupns

On Fri, Oct 17, 2014 at 2:28 AM, Serge E. Hallyn se...@hallyn.com wrote: Quoting Aditya Kali (adityak...@google.com): Restrict following operations within the calling tasks: * cgroup_mkdir cgroup_rmdir * cgroup_attach_task * writes to cgroup files outside of task's cgroupns-root Also, read

Re: [PATCHv1 7/8] cgroup: cgroup namespace setns support

On Tue, Oct 21, 2014 at 3:42 PM, Andy Lutomirski wrote: > On Tue, Oct 21, 2014 at 3:33 PM, Aditya Kali wrote: >> On Tue, Oct 21, 2014 at 12:02 PM, Andy Lutomirski >> wrote: >>> On Tue, Oct 21, 2014 at 11:49 AM, Aditya Kali wrote: >>>> On Mon, Oct 2

Re: [PATCHv1 7/8] cgroup: cgroup namespace setns support

On Tue, Oct 21, 2014 at 12:02 PM, Andy Lutomirski wrote: > On Tue, Oct 21, 2014 at 11:49 AM, Aditya Kali wrote: >> On Mon, Oct 20, 2014 at 10:49 PM, Andy Lutomirski >> wrote: >>> On Mon, Oct 20, 2014 at 10:42 PM, Eric W. Biederman >>> wrote:

Re: [PATCHv1 7/8] cgroup: cgroup namespace setns support

On Mon, Oct 20, 2014 at 10:49 PM, Andy Lutomirski wrote: > On Mon, Oct 20, 2014 at 10:42 PM, Eric W. Biederman > wrote: >> Andy Lutomirski writes: >> >>> On Mon, Oct 20, 2014 at 9:49 PM, Eric W. Biederman >>> wrote: Andy Lutomirski writes: > Possible solution: > > Ditch the

Re: [PATCHv1 7/8] cgroup: cgroup namespace setns support

On Mon, Oct 20, 2014 at 10:49 PM, Andy Lutomirski l...@amacapital.net wrote: On Mon, Oct 20, 2014 at 10:42 PM, Eric W. Biederman ebied...@xmission.com wrote: Andy Lutomirski l...@amacapital.net writes: On Mon, Oct 20, 2014 at 9:49 PM, Eric W. Biederman ebied...@xmission.com wrote: Andy

Re: [PATCHv1 7/8] cgroup: cgroup namespace setns support

On Tue, Oct 21, 2014 at 12:02 PM, Andy Lutomirski l...@amacapital.net wrote: On Tue, Oct 21, 2014 at 11:49 AM, Aditya Kali adityak...@google.com wrote: On Mon, Oct 20, 2014 at 10:49 PM, Andy Lutomirski l...@amacapital.net wrote: On Mon, Oct 20, 2014 at 10:42 PM, Eric W. Biederman ebied

Re: [PATCHv1 7/8] cgroup: cgroup namespace setns support

On Tue, Oct 21, 2014 at 3:42 PM, Andy Lutomirski l...@amacapital.net wrote: On Tue, Oct 21, 2014 at 3:33 PM, Aditya Kali adityak...@google.com wrote: On Tue, Oct 21, 2014 at 12:02 PM, Andy Lutomirski l...@amacapital.net wrote: On Tue, Oct 21, 2014 at 11:49 AM, Aditya Kali adityak

Re: [PATCHv1 7/8] cgroup: cgroup namespace setns support

On Thu, Oct 16, 2014 at 2:12 PM, Serge E. Hallyn wrote: > Quoting Aditya Kali (adityak...@google.com): >> setns on a cgroup namespace is allowed only if >> * task has CAP_SYS_ADMIN in its current user-namespace and >> over the user-namespace associated with target cgroupns

Re: [PATCHv1 7/8] cgroup: cgroup namespace setns support

On Thu, Oct 16, 2014 at 2:12 PM, Serge E. Hallyn se...@hallyn.com wrote: Quoting Aditya Kali (adityak...@google.com): setns on a cgroup namespace is allowed only if * task has CAP_SYS_ADMIN in its current user-namespace and over the user-namespace associated with target cgroupns. * task's

Re: [PATCHv1 0/8] CGroup Namespaces

On Tue, Oct 14, 2014 at 3:42 PM, Andy Lutomirski wrote: > On Mon, Oct 13, 2014 at 2:23 PM, Aditya Kali wrote: >> Second take at the Cgroup Namespace patch-set. >> >> Major changes form RFC (V0): >> 1. setns support for cgroupns >> 2. 'mount -t cgroup cg

Re: [PATCHv1 0/8] CGroup Namespaces

On Tue, Oct 14, 2014 at 3:42 PM, Andy Lutomirski l...@amacapital.net wrote: On Mon, Oct 13, 2014 at 2:23 PM, Aditya Kali adityak...@google.com wrote: Second take at the Cgroup Namespace patch-set. Major changes form RFC (V0): 1. setns support for cgroupns 2. 'mount -t cgroup cgroup mntpt

[PATCHv1 0/8] CGroup Namespaces

Second take at the Cgroup Namespace patch-set. Major changes form RFC (V0): 1. setns support for cgroupns 2. 'mount -t cgroup cgroup ' from inside a cgroupns now mounts the cgroup hierarcy with cgroupns-root as the filesystem root. 3. writes to cgroup files outside of cgroupns-root are not

[PATCHv1 6/8] cgroup: restrict cgroup operations within task's cgroupns

roup of another task outside of its cgroupns-root, then it won't be able to see anything for the default hierarchy. This is same as if the cgroups are not mounted. Signed-off-by: Aditya Kali --- kernel/cgroup.c | 34 +- 1 file changed, 33 insertions(+), 1 deletion(-)

[PATCHv1 4/8] cgroup: export cgroup_get() and cgroup_put()

move cgroup_get() and cgroup_put() into cgroup.h so that they can be called from other places. Signed-off-by: Aditya Kali --- include/linux/cgroup.h | 22 ++ kernel/cgroup.c| 22 -- 2 files changed, 22 insertions(+), 22 deletions(-) diff --git

[PATCHv1 2/8] sched: new clone flag CLONE_NEWCGROUP for cgroup namespace

CLONE_NEWCGROUP will be used to create new cgroup namespace. Signed-off-by: Aditya Kali --- include/uapi/linux/sched.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/include/uapi/linux/sched.h b/include/uapi/linux/sched.h index 34f9d73..2f90d00 100644 --- a/include/uapi

[PATCHv1 5/8] cgroup: introduce cgroup namespaces

completely virtualized containers without leaking system level cgroup hierarchy to the task. This patch only implements the 'unshare' part of the cgroupns. Signed-off-by: Aditya Kali --- fs/proc/namespaces.c | 3 + include/linux/cgroup.h | 18 +- include/linux

[PATCHv1 8/8] cgroup: mount cgroupns-root when inside non-init cgroupns

to run inside the containers without depending on any global state. In order to support this, a new kernfs api is added to lookup the dentry for the cgroupns-root. Signed-off-by: Aditya Kali --- fs/kernfs/mount.c | 48 include/linux/kernfs.h

  1   2   >