The namespace's proc_mnt must be kern_mount-ed to make this
pointer always valid, independently of whether the user space
mounted the proc or not. This solves raced in proc_flush_task,
etc. with the proc_mnt switching from NULL to not-NULL.
The initialization is done after the init's pid is create
When clone() is invoked with CLONE_NEWPID, create a new pid namespace
and then create a new struct pid for the new process. Allocate pid_t's
for the new process in the new pid namespace and all ancestor pid
namespaces. Make the newly cloned process the session and process group
leader.
Since the a
The first part is trivial - we just make the proc_flush_task() to
operate on arbitrary vfsmount with arbitrary ids and pass the pid and
global proc_mnt to it.
The other change is more tricky: I moved the proc_flush_task() call in
release_task() higher to address the following problem.
When flushi
From: Sukadev Bhattiprolu <[EMAIL PROTECTED]>
This will help fixing memory leaks due to bad reference counting.
Signed-off-by: Sukadev Bhattiprolu <[EMAIL PROTECTED]>
Cc: Oleg Nesterov <[EMAIL PROTECTED]>
---
pid.c |9 ++---
1 files changed, 6 insertions(+), 3 deletions(-)
--- ./kerne
When showing pid to user or getting the pid numerical id for in-kernel
use the value of this id may differ depending on the namespace.
This set of helpers is used to get the global pid nr, the virtual (i.e.
seen by task in its namespace) nr and the nr as it is seen from the
specified namespace.
S
This means that proc_flush_task_mnt() is to be called for many proc
mounts and with different ids, depending on the namespace this pid
is to be flushed from.
Signed-off-by: Pavel Emelyanov <[EMAIL PROTECTED]>
Cc: Oleg Nesterov <[EMAIL PROTECTED]>
---
base.c | 18 --
1 files ch
This flag tells the .get_sb callback that this is a kern_mount() call
so that it can trust *data pointer to be valid in-kernel one. If this
flag is passed from the user process, it is cleared since the *data
pointer is not a valid kernel object.
Running a few steps forward - this will be needed fo
* remove pid.h from pid_namespaces.h;
* rework is_(container|global)_init;
* optimize (get|put)_pid_ns for init_pid_ns;
* declare task_child_reaper to return actual reaper.
Signed-off-by: Pavel Emelyanov <[EMAIL PROTECTED]>
Cc: Oleg Nesterov <[EMAIL PROTECTED]>
---
include/linux/pid_namespace.h
From: Sukadev Bhattiprolu <[EMAIL PROTECTED]>
Terminate all processes in a namespace when the reaper of the namespace
is exiting. We do this by walking the pidmap of the namespace and sending
SIGKILL to all processes.
Signed-off-by: Sukadev Bhattiprolu <[EMAIL PROTECTED]>
Acked-by: Pavel Emelyano
From: Sukadev Bhattiprolu <[EMAIL PROTECTED]>
Only the global-init process must be special - any other container-init
process must be killable to prevent run-away processes in the system.
TODO: Ideally we should allow killing the container-init only from parent
container and prevent it
From: Oleg Nesterov <[EMAIL PROTECTED]>
We have to call exit_task_namespaces() only after the exiting task has
reparented all his children and is sure that no other threads will
reparent theirs for it. Why this is needed is explained in appropriate
patch. This one only reworks the forget_original_
This is the largest patch in the set. Make all (I hope) the places where
the pid is shown to or get from user operate on the virtual pids.
The idea is:
- all in-kernel data structures must store either struct pid itself
or the pid's global nr, obtained with pid_nr() call;
- when seeking the t
Since we've switched from using pid->nr to pid->upids->nr some
fields on struct pid are no longer needed
Signed-off-by: Pavel Emelyanov <[EMAIL PROTECTED]>
Cc: Oleg Nesterov <[EMAIL PROTECTED]>
---
include/linux/init_task.h |3 ---
include/linux/pid.h |3 ---
kernel/pid.c
When searching the task by numerical id on may need to find it using global
pid (as it is done now in kernel) or by its virtual id, e.g. when sending
a signal to a task from one namespace the sender will specify the task's
virtual id and we should find the task by this value.
Signed-off-by: Pavel
Each struct upid element of struct pid has to be initialized properly,
i.e. its nr mst be allocated from appropriate pidmap and ns set to
appropriate namespace.
When allocating a new pid, we need to know the namespace this pid will
live in, so the additional argument is added to alloc_pid().
On t
When we create new namespace we will need to allocate the struct pid,
that will have one extra struct upid in array, comparing to the parent.
Thus we need to know the new namespace (if any) in alloc_pid() to init
this struct upid properly, so move the alloc_pid() call lower in
copy_process().
Sig
Each namespace has a parent and is characterized by its "level".
Level is the number of the namespace generation. E.g. init namespace
has level 0, after cloning new one it will have level 1, the next
one - 2 and so on and so forth. This level is not explicitly limited.
True hierarchy must have som
Each pid namespace have to be visible through its own proc mount. Thus
we need to have per-namespace proc trees with their own superblocks.
We cannot easily show different pid namespace via one global proc tree,
since each pid refers to different tasks in different namespaces. E.g.
pid 1 refers to
Makve task release its namespaces after it has reparented all his children
to child_reaper, but before it notifies its parent about its death.
The reason to release namespaces after reparenting is that when task exits
it may send a signal to its parent (SIGCHLD), but if the parent has already
exit
From: Sukadev Bhattiprolu <[EMAIL PROTECTED]>
Since task will be visible from different pid namespaces each of them have to
be addressed by multiple pids. struct upid is to store the information about
which id refers to which namespace.
The constuciton looks like this. Each struct pid carried the
20 matches
Mail list logo
