to the wrong git tree, please drop us a note to
> help improve the system]
These patches should be applied on top of overlayfs-next branch of
miklos's vfs tree.
git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs.git overlayfs-next
>
> url:
> https://github.com/0day-ci/li
to the wrong git tree, please drop us a note to
> help improve the system]
These patches should be applied on top of overlayfs-next branch of
miklos's vfs tree.
git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs.git overlayfs-next
>
> url:
> https://github.com/0day-ci/li
of creds appropriately. Caller makes use of these new
creds for file creation.
Signed-off-by: Vivek Goyal <vgo...@redhat.com>
---
fs/overlayfs/dir.c| 10 ++
include/linux/lsm_hooks.h | 15 +++
include/linux/security.h | 12
security/security.c
of creds appropriately. Caller makes use of these new
creds for file creation.
Signed-off-by: Vivek Goyal
---
fs/overlayfs/dir.c| 10 ++
include/linux/lsm_hooks.h | 15 +++
include/linux/security.h | 12
security/security.c | 11 +++
4
Calculate what would be the label of newly created file and set that secid
in the passed creds.
Context of the task which is actually creating file is retrieved from
set of creds passed in. (old->security).
Signed-off-by: Vivek Goyal <vgo...@redhat.com>
---
security/selinux/hoo
.
If 0 or -EOPNOTSUPP is returned, xattr will be copied up, if 1 is returned,
xattr will not be copied up and if negative error code is returned, copy up
will be aborted.
Signed-off-by: David Howells <dhowe...@redhat.com>
Signed-off-by: Vivek Goyal <vgo...@redhat.com>
---
fs/overlay
Calculate what would be the label of newly created file and set that secid
in the passed creds.
Context of the task which is actually creating file is retrieved from
set of creds passed in. (old->security).
Signed-off-by: Vivek Goyal
---
security/selinux/hooks.c | 22 ++
.
If 0 or -EOPNOTSUPP is returned, xattr will be copied up, if 1 is returned,
xattr will not be copied up and if negative error code is returned, copy up
will be aborted.
Signed-off-by: David Howells
Signed-off-by: Vivek Goyal
---
fs/overlayfs/copy_up.c| 7 +++
include/linux/lsm_hooks.h
.
Signed-off-by: Vivek Goyal <vgo...@redhat.com>
---
security/selinux/hooks.c | 16
1 file changed, 16 insertions(+)
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index c82ee54..4fda548 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/h
.
Signed-off-by: Vivek Goyal
---
security/selinux/hooks.c | 16
1 file changed, 16 insertions(+)
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index c82ee54..4fda548 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -3290,6 +3290,21
So this hooks helps avoiding all these issues.
When a new file is created in upper/, it gets its label based on transition
rules. For the case of context mount, it gets the label from context=
option.
Any feedback is welcome.
Thanks
Vivek
Vivek Goyal (7):
security, overlayfs: provide copy
Right now selinux_determine_inode_label() works on security pointer of
current task. Soon I need this to work on a security pointer retrieved
from a set of creds. So start passing in a pointer and caller can decide
where to fetch security pointer from.
Signed-off-by: Vivek Goyal <
So this hooks helps avoiding all these issues.
When a new file is created in upper/, it gets its label based on transition
rules. For the case of context mount, it gets the label from context=
option.
Any feedback is welcome.
Thanks
Vivek
Vivek Goyal (7):
security, overlayfs: provide copy
Right now selinux_determine_inode_label() works on security pointer of
current task. Soon I need this to work on a security pointer retrieved
from a set of creds. So start passing in a pointer and caller can decide
where to fetch security pointer from.
Signed-off-by: Vivek Goyal
---
security
the label
of lower file and in case of context mount, overlay inode will have
the label from context= mount option.
Signed-off-by: Vivek Goyal <vgo...@redhat.com>
---
security/selinux/hooks.c | 21 +
1 file changed, 21 insertions(+)
diff --git a/security/selinux/hooks.c b/se
the label
of lower file and in case of context mount, overlay inode will have
the label from context= mount option.
Signed-off-by: Vivek Goyal
---
security/selinux/hooks.c | 21 +
1 file changed, 21 insertions(+)
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
to old creds and release new creds.
Signed-off-by: Vivek Goyal <vgo...@redhat.com>
---
fs/overlayfs/copy_up.c| 18 ++
include/linux/lsm_hooks.h | 11 +++
include/linux/security.h | 6 ++
security/security.c | 8
4 files changed, 43 inse
to old creds and release new creds.
Signed-off-by: Vivek Goyal
---
fs/overlayfs/copy_up.c| 18 ++
include/linux/lsm_hooks.h | 11 +++
include/linux/security.h | 6 ++
security/security.c | 8
4 files changed, 43 insertions(+)
diff --git a/fs
On Fri, Jul 08, 2016 at 08:45:34AM -0400, Vivek Goyal wrote:
[..]
> > >>> I don't much care for the way part of the credential manipulation
> > >>> is done in the caller and part is done the the security module.
> > >>> If the caller is goin
On Fri, Jul 08, 2016 at 08:45:34AM -0400, Vivek Goyal wrote:
[..]
> > >>> I don't much care for the way part of the credential manipulation
> > >>> is done in the caller and part is done the the security module.
> > >>> If the caller is goin
On Fri, Jul 08, 2016 at 09:21:13AM +0200, Miklos Szeredi wrote:
> On Thu, Jul 7, 2016 at 11:44 PM, Casey Schaufler <ca...@schaufler-ca.com>
> wrote:
> > On 7/7/2016 1:33 PM, Vivek Goyal wrote:
> >> On Tue, Jul 05, 2016 at 12:36:17PM -0700, Casey Schaufler wrote:
>
On Fri, Jul 08, 2016 at 09:21:13AM +0200, Miklos Szeredi wrote:
> On Thu, Jul 7, 2016 at 11:44 PM, Casey Schaufler
> wrote:
> > On 7/7/2016 1:33 PM, Vivek Goyal wrote:
> >> On Tue, Jul 05, 2016 at 12:36:17PM -0700, Casey Schaufler wrote:
> >>> On 7/
On Tue, Jul 05, 2016 at 12:36:17PM -0700, Casey Schaufler wrote:
>
> On 7/5/2016 8:50 AM, Vivek Goyal wrote:
> > Provide a security hook to label new file correctly when a file is copied
> > up from lower layer to upper layer of a overlay/union mount.
> >
> > Th
On Tue, Jul 05, 2016 at 12:36:17PM -0700, Casey Schaufler wrote:
>
> On 7/5/2016 8:50 AM, Vivek Goyal wrote:
> > Provide a security hook to label new file correctly when a file is copied
> > up from lower layer to upper layer of a overlay/union mount.
> >
> > Th
On Wed, Jul 06, 2016 at 04:58:37PM +0200, Miklos Szeredi wrote:
> On Wed, Jul 6, 2016 at 12:54 PM, Vivek Goyal <vgo...@redhat.com> wrote:
> > On Wed, Jul 06, 2016 at 06:36:49AM +0200, Miklos Szeredi wrote:
> >> On Tue, Jul 5, 2016 at 11:16 PM, Vivek Goyal <vgo...@redha
On Wed, Jul 06, 2016 at 04:58:37PM +0200, Miklos Szeredi wrote:
> On Wed, Jul 6, 2016 at 12:54 PM, Vivek Goyal wrote:
> > On Wed, Jul 06, 2016 at 06:36:49AM +0200, Miklos Szeredi wrote:
> >> On Tue, Jul 5, 2016 at 11:16 PM, Vivek Goyal wrote:
> >> > On Tue, Ju
On Wed, Jul 06, 2016 at 01:09:00PM -0400, Vivek Goyal wrote:
[..]
> > >> The return should be -EOPNOTSUPP from security modules that don't
> > >> support the attribute "name". This will make it possible to support
> > >> multiple modules that p
On Wed, Jul 06, 2016 at 01:09:00PM -0400, Vivek Goyal wrote:
[..]
> > >> The return should be -EOPNOTSUPP from security modules that don't
> > >> support the attribute "name". This will make it possible to support
> > >> multiple modules that p
On Wed, Jul 06, 2016 at 01:09:00PM -0400, Vivek Goyal wrote:
> On Tue, Jul 05, 2016 at 02:34:43PM -0700, Casey Schaufler wrote:
> > On 7/5/2016 2:15 PM, Vivek Goyal wrote:
> > > On Tue, Jul 05, 2016 at 01:22:22PM -0700, Casey Schaufler wrote:
> > >> On 7/5/2
On Wed, Jul 06, 2016 at 01:09:00PM -0400, Vivek Goyal wrote:
> On Tue, Jul 05, 2016 at 02:34:43PM -0700, Casey Schaufler wrote:
> > On 7/5/2016 2:15 PM, Vivek Goyal wrote:
> > > On Tue, Jul 05, 2016 at 01:22:22PM -0700, Casey Schaufler wrote:
> > >> On 7/5/2
On Tue, Jul 05, 2016 at 02:34:43PM -0700, Casey Schaufler wrote:
> On 7/5/2016 2:15 PM, Vivek Goyal wrote:
> > On Tue, Jul 05, 2016 at 01:22:22PM -0700, Casey Schaufler wrote:
> >> On 7/5/2016 8:50 AM, Vivek Goyal wrote:
> >>> Provide a security hook which is called w
On Tue, Jul 05, 2016 at 02:34:43PM -0700, Casey Schaufler wrote:
> On 7/5/2016 2:15 PM, Vivek Goyal wrote:
> > On Tue, Jul 05, 2016 at 01:22:22PM -0700, Casey Schaufler wrote:
> >> On 7/5/2016 8:50 AM, Vivek Goyal wrote:
> >>> Provide a security hook which is called w
On Wed, Jul 06, 2016 at 06:36:49AM +0200, Miklos Szeredi wrote:
> On Tue, Jul 5, 2016 at 11:16 PM, Vivek Goyal <vgo...@redhat.com> wrote:
> > On Tue, Jul 05, 2016 at 01:29:39PM -0700, Casey Schaufler wrote:
> >> On 7/5/2016 8:50 AM, Vivek Goyal wrote:
> >>
On Wed, Jul 06, 2016 at 06:36:49AM +0200, Miklos Szeredi wrote:
> On Tue, Jul 5, 2016 at 11:16 PM, Vivek Goyal wrote:
> > On Tue, Jul 05, 2016 at 01:29:39PM -0700, Casey Schaufler wrote:
> >> On 7/5/2016 8:50 AM, Vivek Goyal wrote:
> >> > ovl_getxattr() currently us
On Tue, Jul 05, 2016 at 05:45:25PM -0400, Paul Moore wrote:
> On Tue, Jul 5, 2016 at 11:50 AM, Vivek Goyal <vgo...@redhat.com> wrote:
> > Provide a security hook which is called when xattrs of a file are being
> > copied up. This hook is called once for each xattr and one
On Tue, Jul 05, 2016 at 05:45:25PM -0400, Paul Moore wrote:
> On Tue, Jul 5, 2016 at 11:50 AM, Vivek Goyal wrote:
> > Provide a security hook which is called when xattrs of a file are being
> > copied up. This hook is called once for each xattr and one can either
> > accept
On Tue, Jul 05, 2016 at 05:35:22PM -0400, Paul Moore wrote:
> On Tue, Jul 5, 2016 at 11:50 AM, Vivek Goyal <vgo...@redhat.com> wrote:
> > Provide a security hook to label new file correctly when a file is copied
> > up from lower layer to upper layer of a overlay/union mount.
On Tue, Jul 05, 2016 at 05:35:22PM -0400, Paul Moore wrote:
> On Tue, Jul 5, 2016 at 11:50 AM, Vivek Goyal wrote:
> > Provide a security hook to label new file correctly when a file is copied
> > up from lower layer to upper layer of a overlay/union mount.
> >
> > This
On Tue, Jul 05, 2016 at 01:29:39PM -0700, Casey Schaufler wrote:
> On 7/5/2016 8:50 AM, Vivek Goyal wrote:
> > ovl_getxattr() currently uses vfs_getxattr() on realinode. This fails
> > if mounter does not have DAC/MAC permission to access getxattr.
> >
> > Specifically
On Tue, Jul 05, 2016 at 01:29:39PM -0700, Casey Schaufler wrote:
> On 7/5/2016 8:50 AM, Vivek Goyal wrote:
> > ovl_getxattr() currently uses vfs_getxattr() on realinode. This fails
> > if mounter does not have DAC/MAC permission to access getxattr.
> >
> > Specifically
On Tue, Jul 05, 2016 at 01:22:22PM -0700, Casey Schaufler wrote:
> On 7/5/2016 8:50 AM, Vivek Goyal wrote:
> > Provide a security hook which is called when xattrs of a file are being
> > copied up. This hook is called once for each xattr and one can either
> > accept
On Tue, Jul 05, 2016 at 01:22:22PM -0700, Casey Schaufler wrote:
> On 7/5/2016 8:50 AM, Vivek Goyal wrote:
> > Provide a security hook which is called when xattrs of a file are being
> > copied up. This hook is called once for each xattr and one can either
> > accept
On Tue, Jul 05, 2016 at 01:25:22PM -0700, Casey Schaufler wrote:
> On 7/5/2016 8:50 AM, Vivek Goyal wrote:
> > Right now selinux_determine_inode_label() works on security pointer of
> > current task. Soon I need this to work on a security pointer retrieved
> > from a set of cr
On Tue, Jul 05, 2016 at 01:25:22PM -0700, Casey Schaufler wrote:
> On 7/5/2016 8:50 AM, Vivek Goyal wrote:
> > Right now selinux_determine_inode_label() works on security pointer of
> > current task. Soon I need this to work on a security pointer retrieved
> > from a set of cr
On Tue, Jul 05, 2016 at 12:36:17PM -0700, Casey Schaufler wrote:
>
> On 7/5/2016 8:50 AM, Vivek Goyal wrote:
> > Provide a security hook to label new file correctly when a file is copied
> > up from lower layer to upper layer of a overlay/union mount.
> >
> > Th
On Tue, Jul 05, 2016 at 12:36:17PM -0700, Casey Schaufler wrote:
>
> On 7/5/2016 8:50 AM, Vivek Goyal wrote:
> > Provide a security hook to label new file correctly when a file is copied
> > up from lower layer to upper layer of a overlay/union mount.
> >
> > Th
e system]
>
> url:
> https://github.com/0day-ci/linux/commits/Vivek-Goyal/Overlayfs-SELinux-Support/20160706-37
> base: https://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs.git
> overlayfs-next
> config: i386-randconfig-s0-201627 (attached as .config)
> compiler
e system]
>
> url:
> https://github.com/0day-ci/linux/commits/Vivek-Goyal/Overlayfs-SELinux-Support/20160706-37
> base: https://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs.git
> overlayfs-next
> config: i386-randconfig-s0-201627 (attached as .config)
> compiler
, copy up will be aborted.
In SELinux, label of lower file is not copied up. File already has been
set with right label at the time of creation and we don't want to overwrite
that label.
Signed-off-by: David Howells <dhowe...@redhat.com>
Signed-off-by: Vivek Goyal <vgo...@redhat.com>
---
Right now selinux_determine_inode_label() works on security pointer of
current task. Soon I need this to work on a security pointer retrieved
from a set of creds. So start passing in a pointer and caller can decide
where to fetch security pointer from.
Signed-off-by: Vivek Goyal <
, copy up will be aborted.
In SELinux, label of lower file is not copied up. File already has been
set with right label at the time of creation and we don't want to overwrite
that label.
Signed-off-by: David Howells
Signed-off-by: Vivek Goyal
---
fs/overlayfs/copy_up.c| 8
include
Right now selinux_determine_inode_label() works on security pointer of
current task. Soon I need this to work on a security pointer retrieved
from a set of creds. So start passing in a pointer and caller can decide
where to fetch security pointer from.
Signed-off-by: Vivek Goyal
---
security
tr_noperm().
Signed-off-by: Vivek Goyal <vgo...@redhat.com>
---
fs/overlayfs/inode.c | 7 +--
fs/xattr.c| 28 +++-
include/linux/xattr.h | 1 +
3 files changed, 21 insertions(+), 15 deletions(-)
diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.
tr_noperm().
Signed-off-by: Vivek Goyal
---
fs/overlayfs/inode.c | 7 +--
fs/xattr.c| 28 +++-
include/linux/xattr.h | 1 +
3 files changed, 21 insertions(+), 15 deletions(-)
diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c
index 36dfd86..a5d33
creation.
In SELinux, newly copied up file gets same label as lower file for
non-context mounts. But it gets label specified in mount option context=
for context mounts.
Signed-off-by: Vivek Goyal <vgo...@redhat.com>
---
fs/overlayfs/copy_up.c| 8
include/linux/lsm_hooks.
creation.
In SELinux, newly copied up file gets same label as lower file for
non-context mounts. But it gets label specified in mount option context=
for context mounts.
Signed-off-by: Vivek Goyal
---
fs/overlayfs/copy_up.c| 8
include/linux/lsm_hooks.h | 13 +
include/linux
ome.
Thanks
Vivek
Vivek Goyal (5):
security, overlayfs: provide copy up security hook for unioned files
security,overlayfs: Provide security hook for copy up of xattrs for
overlay file
selinux: Pass security pointer to determine_inode_label()
overlayfs: Correctly label newly created file o
be such that as if task had created file
in upper/.
This patch introduces a new hook which determines the label dentry will
get if it had been created by task in upper and sets the secid of label
in passed set of creds. Caller makes use of these new creds for file
creation.
Signed-off-by: Vivek Goyal
ome.
Thanks
Vivek
Vivek Goyal (5):
security, overlayfs: provide copy up security hook for unioned files
security,overlayfs: Provide security hook for copy up of xattrs for
overlay file
selinux: Pass security pointer to determine_inode_label()
overlayfs: Correctly label newly created file o
be such that as if task had created file
in upper/.
This patch introduces a new hook which determines the label dentry will
get if it had been created by task in upper and sets the secid of label
in passed set of creds. Caller makes use of these new creds for file
creation.
Signed-off-by: Vivek Goyal
it. This should allow existing docker setups to continue
working after kernel upgrade.
Signed-off-by: Vivek Goyal <vgo...@redhat.com>
---
fs/overlayfs/super.c | 12 +++-
1 file changed, 7 insertions(+), 5 deletions(-)
Index: rhvgoyal-linux/fs/overlayfs/s
it. This should allow existing docker setups to continue
working after kernel upgrade.
Signed-off-by: Vivek Goyal
---
fs/overlayfs/super.c | 12 +++-
1 file changed, 7 insertions(+), 5 deletions(-)
Index: rhvgoyal-linux/fs/overlayfs/super.c
On Wed, Jun 15, 2016 at 04:09:47PM +0200, Miklos Szeredi wrote:
> On Wed, Jun 15, 2016 at 4:01 PM, Vivek Goyal <vgo...@redhat.com> wrote:
> > On Wed, Jun 15, 2016 at 03:30:02PM +0200, Miklos Szeredi wrote:
>
> >> --- a/fs/overlayfs/dir.c
> >> +++ b/fs/ove
On Wed, Jun 15, 2016 at 04:09:47PM +0200, Miklos Szeredi wrote:
> On Wed, Jun 15, 2016 at 4:01 PM, Vivek Goyal wrote:
> > On Wed, Jun 15, 2016 at 03:30:02PM +0200, Miklos Szeredi wrote:
>
> >> --- a/fs/overlayfs/dir.c
> >> +++ b/fs/overlayfs/dir.c
> &g
On Wed, Jun 15, 2016 at 03:30:02PM +0200, Miklos Szeredi wrote:
> Hi Vivek,
>
> I've tested this to fix the regresion that Stephen reported. I think this
> also is a good base for the selinux fix.
>
> Pushed to overlayfs-linus and overlayfs-next branches of
>
>
On Wed, Jun 15, 2016 at 03:30:02PM +0200, Miklos Szeredi wrote:
> Hi Vivek,
>
> I've tested this to fix the regresion that Stephen reported. I think this
> also is a good base for the selinux fix.
>
> Pushed to overlayfs-linus and overlayfs-next branches of
>
>
t;
> For listxattrs it might be measurable in pathological cases, but I very
> much hope nobody cares. If they do, we'll fix it then.
>
> Reported-by: Vivek Goyal <vgo...@redhat.com>
> Signed-off-by: Miklos Szeredi <mszer...@redhat.com>
> Fixes: b96809173e94 ("security_d_insta
t;
> For listxattrs it might be measurable in pathological cases, but I very
> much hope nobody cares. If they do, we'll fix it then.
>
> Reported-by: Vivek Goyal
> Signed-off-by: Miklos Szeredi
> Fixes: b96809173e94 ("security_d_instantiate(): move to the point prior to
> attac
On Wed, May 25, 2016 at 06:24:10AM -0700, Joe Perches wrote:
> On Wed, 2016-05-25 at 09:16 -0400, Vivek Goyal wrote:
> > I am proposing following updates to kdump maintainership. I have got
> > busy in other things and not getting time to spend on kdump.
> >
> > Rem
On Wed, May 25, 2016 at 06:24:10AM -0700, Joe Perches wrote:
> On Wed, 2016-05-25 at 09:16 -0400, Vivek Goyal wrote:
> > I am proposing following updates to kdump maintainership. I have got
> > busy in other things and not getting time to spend on kdump.
> >
> > Rem
as
they have been contributing to kdump for a long time now and they are in
a much better position to spend time on this than me.
Signed-off-by: Vivek Goyal <vgo...@redhat.com>
---
MAINTAINERS | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/MAINTAINERS b/MAINTAINERS
as
they have been contributing to kdump for a long time now and they are in
a much better position to spend time on this than me.
Signed-off-by: Vivek Goyal
---
MAINTAINERS | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/MAINTAINERS b/MAINTAINERS
index 9c567a4..c030267 100644
failed in previous step.
Signed-off-by: Vivek Goyal <vgo...@redhat.com>
---
fs/overlayfs/super.c | 19 +++
1 file changed, 11 insertions(+), 8 deletions(-)
diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c
index 791235e..48234425 100644
--- a/fs/overlayfs/super.c
++
failed in previous step.
Signed-off-by: Vivek Goyal
---
fs/overlayfs/super.c | 19 +++
1 file changed, 11 insertions(+), 8 deletions(-)
diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c
index 791235e..48234425 100644
--- a/fs/overlayfs/super.c
+++ b/fs/overlayfs/super.c
On Fri, May 13, 2016 at 03:59:50PM -0700, Shaohua Li wrote:
> On Fri, May 13, 2016 at 03:12:45PM -0400, Vivek Goyal wrote:
> > On Tue, May 10, 2016 at 05:16:30PM -0700, Shaohua Li wrote:
> > > Hi,
> > >
> > > This patch set adds low/high limit fo
On Fri, May 13, 2016 at 03:59:50PM -0700, Shaohua Li wrote:
> On Fri, May 13, 2016 at 03:12:45PM -0400, Vivek Goyal wrote:
> > On Tue, May 10, 2016 at 05:16:30PM -0700, Shaohua Li wrote:
> > > Hi,
> > >
> > > This patch set adds low/high limit fo
On Tue, May 17, 2016 at 10:15:21AM +0200, Miklos Szeredi wrote:
> On Tue, May 17, 2016 at 8:28 AM, Al Viro <v...@zeniv.linux.org.uk> wrote:
> > On Mon, May 16, 2016 at 09:07:27AM -0400, Vivek Goyal wrote:
> >> So it became clear that we need a check at mount time
On Tue, May 17, 2016 at 10:15:21AM +0200, Miklos Szeredi wrote:
> On Tue, May 17, 2016 at 8:28 AM, Al Viro wrote:
> > On Mon, May 16, 2016 at 09:07:27AM -0400, Vivek Goyal wrote:
> >> So it became clear that we need a check at mount time to make sure
> >> d_type is su
On Mon, May 16, 2016 at 04:45:09PM +1000, Daniel Axtens wrote:
> Hi,
>
> I installed a fresh 4.6.0 kernel on my ppc64le system, and tried to run
> a docker container. It failed.
>
> Docker gave me errors like this:
>
> docker: Error response from daemon: error creating overlay mount to
>
On Mon, May 16, 2016 at 04:45:09PM +1000, Daniel Axtens wrote:
> Hi,
>
> I installed a fresh 4.6.0 kernel on my ppc64le system, and tried to run
> a docker container. It failed.
>
> Docker gave me errors like this:
>
> docker: Error response from daemon: error creating overlay mount to
>
On Tue, May 10, 2016 at 05:16:30PM -0700, Shaohua Li wrote:
> Hi,
>
> This patch set adds low/high limit for blk-throttle cgroup. The interface is
> io.low and io.high.
>
> low limit implements best effort bandwidth/iops protection. If one cgroup
> doesn't reach its low limit, no other cgroups
On Tue, May 10, 2016 at 05:16:30PM -0700, Shaohua Li wrote:
> Hi,
>
> This patch set adds low/high limit for blk-throttle cgroup. The interface is
> io.low and io.high.
>
> low limit implements best effort bandwidth/iops protection. If one cgroup
> doesn't reach its low limit, no other cgroups
On Sat, Feb 27, 2016 at 01:40:02PM +0300, Nazarov Sergey wrote:
> 26.02.2016, 22:41, "Vivek Goyal" <vgo...@redhat.com>:
> >
> > So what's the problem we are trying to solve. Why should we able to
> > override the DAC checks of lower layer if same director
On Sat, Feb 27, 2016 at 01:40:02PM +0300, Nazarov Sergey wrote:
> 26.02.2016, 22:41, "Vivek Goyal" :
> >
> > So what's the problem we are trying to solve. Why should we able to
> > override the DAC checks of lower layer if same directory in upper
> > is searcha
On Sun, Feb 28, 2016 at 12:09:42PM +0100, Ignacy Gawędzki wrote:
> On Fri, Feb 26, 2016 at 02:41:43PM -0500, thus spake Vivek Goyal:
> > CCing linux-fsdevel as it is a wider issue.
> >
> >
> > On Wed, Feb 24, 2016 at 02:55:52PM +0100, Ignacy Gawędzki
On Sun, Feb 28, 2016 at 12:09:42PM +0100, Ignacy Gawędzki wrote:
> On Fri, Feb 26, 2016 at 02:41:43PM -0500, thus spake Vivek Goyal:
> > CCing linux-fsdevel as it is a wider issue.
> >
> >
> > On Wed, Feb 24, 2016 at 02:55:52PM +0100, Ignacy Gawędzki
CCing linux-fsdevel as it is a wider issue.
On Wed, Feb 24, 2016 at 02:55:52PM +0100, Ignacy Gawędzki wrote:
> Add alternate lookup_one_len_check function to fs/namei.c which does
> what lookup_one_len did until now with a boolean argument telling
> whether to check that the base directory is
CCing linux-fsdevel as it is a wider issue.
On Wed, Feb 24, 2016 at 02:55:52PM +0100, Ignacy Gawędzki wrote:
> Add alternate lookup_one_len_check function to fs/namei.c which does
> what lookup_one_len did until now with a boolean argument telling
> whether to check that the base directory is
On Mon, Feb 01, 2016 at 06:43:19PM +0300, Konstantin Khlebnikov wrote:
[..]
> > Hi Konstantin,
> >
> > Thanks for the patch. This patch works for me also does not break
> > unionmount-testsuite.
>
> Interesting. I haven't heard about this testsuite. Never read Documentation.
> =)
>
> I've send
On Mon, Feb 01, 2016 at 06:43:19PM +0300, Konstantin Khlebnikov wrote:
[..]
> > Hi Konstantin,
> >
> > Thanks for the patch. This patch works for me also does not break
> > unionmount-testsuite.
>
> Interesting. I haven't heard about this testsuite. Never read Documentation.
> =)
>
> I've send
per hence whiteout is left.
>
> So why file was not PURE_UPPER in this case? I think because dentry is
> still carrying some leftover state which was valid before rename. For example,
> od->numlower was set to 1 as it was a lower file. After rename, this state
> is not valid anymore
anymore as there is no such file in lower.
>
> Signed-off-by: Konstantin Khlebnikov <koc...@gmail.com>
> Reported-by: Viktor Stanchev <m...@viktorstanchev.com>
> Diagnosed-by: Vivek Goyal <vgo...@redhat.com>
> Link: https://bugzilla.kernel.org/show_bug.cgi?id=109611
Hi
On Fri, Jan 22, 2016 at 11:45:51AM -0800, Shaohua Li wrote:
> On Fri, Jan 22, 2016 at 02:09:10PM -0500, Vivek Goyal wrote:
> > On Fri, Jan 22, 2016 at 10:00:19AM -0800, Shaohua Li wrote:
> > > On Fri, Jan 22, 2016 at 10:52:36AM -0500, Vivek Goyal wrote:
> > > > On F
On Fri, Jan 22, 2016 at 10:00:19AM -0800, Shaohua Li wrote:
> On Fri, Jan 22, 2016 at 10:52:36AM -0500, Vivek Goyal wrote:
> > On Fri, Jan 22, 2016 at 09:48:22AM -0500, Tejun Heo wrote:
> > > Hello, Shaohua.
> > >
> > > On Thu, Jan 21, 2016 a
On Fri, Jan 22, 2016 at 09:48:22AM -0500, Tejun Heo wrote:
> Hello, Shaohua.
>
> On Thu, Jan 21, 2016 at 04:00:16PM -0800, Shaohua Li wrote:
> > > The thing is that most of the possible contentions can be removed by
> > > implementing per-cpu cache which shouldn't be too difficult. 10%
> > >
On Thu, Jan 21, 2016 at 05:41:57PM -0500, Tejun Heo wrote:
[..]
> A simple approximation of IO cost such as fixed cost
> per IO + cost proportional to IO size would do a far better job than
> just depending on bandwidth or iops and that requires approximating
> two variables over time. I'm not
On Fri, Jan 22, 2016 at 11:45:51AM -0800, Shaohua Li wrote:
> On Fri, Jan 22, 2016 at 02:09:10PM -0500, Vivek Goyal wrote:
> > On Fri, Jan 22, 2016 at 10:00:19AM -0800, Shaohua Li wrote:
> > > On Fri, Jan 22, 2016 at 10:52:36AM -0500, Vivek Goyal wrote:
> > > > On F
On Fri, Jan 22, 2016 at 10:00:19AM -0800, Shaohua Li wrote:
> On Fri, Jan 22, 2016 at 10:52:36AM -0500, Vivek Goyal wrote:
> > On Fri, Jan 22, 2016 at 09:48:22AM -0500, Tejun Heo wrote:
> > > Hello, Shaohua.
> > >
> > > On Thu, Jan 21, 2016 a
On Fri, Jan 22, 2016 at 09:48:22AM -0500, Tejun Heo wrote:
> Hello, Shaohua.
>
> On Thu, Jan 21, 2016 at 04:00:16PM -0800, Shaohua Li wrote:
> > > The thing is that most of the possible contentions can be removed by
> > > implementing per-cpu cache which shouldn't be too difficult. 10%
> > >
On Thu, Jan 21, 2016 at 05:41:57PM -0500, Tejun Heo wrote:
[..]
> A simple approximation of IO cost such as fixed cost
> per IO + cost proportional to IO size would do a far better job than
> just depending on bandwidth or iops and that requires approximating
> two variables over time. I'm not
601 - 700 of 3703 matches
Mail list logo