RE: [PATCH v2 1/2] Limit dump_pipe program's permission to init for container

2016-08-11 Thread Zhao Lei
ts.linux-foundation.org>; 'Eric W. Biederman' > <ebied...@xmission.com> > Subject: Re: [PATCH v2 1/2] Limit dump_pipe program's permission to init for > container > > On Fri, Aug 05, 2016 at 03:52:25PM +0800, Zhao Lei wrote: > > Hi, Andrei Vagin > > > > Than

RE: [PATCH v2 1/2] Limit dump_pipe program's permission to init for container

2016-08-11 Thread Zhao Lei
.@gmail.com] > > > Sent: Friday, August 05, 2016 2:32 PM > > > To: Zhao Lei > > > Cc: LKML ; Linux Containers > > > ; Eric W. Biederman > > > > > > Subject: Re: [PATCH v2 1/2] Limit dump_pipe program's permission to init > for > > >

Re: [PATCH v2 1/2] Limit dump_pipe program's permission to init for container

2016-08-05 Thread 'Andrei Vagin'
To: Zhao Lei <zhao...@cn.fujitsu.com> > > Cc: LKML <linux-kernel@vger.kernel.org>; Linux Containers > > <contain...@lists.linux-foundation.org>; Eric W. Biederman > > <ebied...@xmission.com> > > Subject: Re: [PATCH v2 1/2] Limit dump_pipe program's pe

Re: [PATCH v2 1/2] Limit dump_pipe program's permission to init for container

2016-08-05 Thread 'Andrei Vagin'
; To: Zhao Lei > > Cc: LKML ; Linux Containers > > ; Eric W. Biederman > > > > Subject: Re: [PATCH v2 1/2] Limit dump_pipe program's permission to init for > > container > > > > On Tue, Aug 2, 2016 at 2:08 AM, Zhao Lei wrote: > > > Currently

RE: [PATCH v2 1/2] Limit dump_pipe program's permission to init for container

2016-08-05 Thread Zhao Lei
Linux Containers > <contain...@lists.linux-foundation.org>; Eric W. Biederman > <ebied...@xmission.com> > Subject: Re: [PATCH v2 1/2] Limit dump_pipe program's permission to init for > container > > On Tue, Aug 2, 2016 at 2:08 AM, Zhao Lei <zhao...@cn.fujitsu.com> wr

RE: [PATCH v2 1/2] Limit dump_pipe program's permission to init for container

2016-08-05 Thread Zhao Lei
Hi, Andrei Vagin Thanks for your detailed review and suggestion. > -Original Message- > From: Andrei Vagin [mailto:ava...@gmail.com] > Sent: Friday, August 05, 2016 2:32 PM > To: Zhao Lei > Cc: LKML ; Linux Containers > ; Eric W. Biederman > > Subject:

Re: [PATCH v2 1/2] Limit dump_pipe program's permission to init for container

2016-08-05 Thread Andrei Vagin
On Tue, Aug 2, 2016 at 2:08 AM, Zhao Lei wrote: > Currently when we set core_pattern to a pipe, the pipe program is > forked by kthread running with root's permission, and write dumpfile > into host's filesystem. > Same thing happened for container, the dumper and dumpfile

Re: [PATCH v2 1/2] Limit dump_pipe program's permission to init for container

2016-08-05 Thread Andrei Vagin
On Tue, Aug 2, 2016 at 2:08 AM, Zhao Lei wrote: > Currently when we set core_pattern to a pipe, the pipe program is > forked by kthread running with root's permission, and write dumpfile > into host's filesystem. > Same thing happened for container, the dumper and dumpfile are also > in host(not

[PATCH v2 1/2] Limit dump_pipe program's permission to init for container

2016-08-02 Thread Zhao Lei
Currently when we set core_pattern to a pipe, the pipe program is forked by kthread running with root's permission, and write dumpfile into host's filesystem. Same thing happened for container, the dumper and dumpfile are also in host(not in container). It have following program: 1: Not

[PATCH v2 1/2] Limit dump_pipe program's permission to init for container

2016-08-02 Thread Zhao Lei
Currently when we set core_pattern to a pipe, the pipe program is forked by kthread running with root's permission, and write dumpfile into host's filesystem. Same thing happened for container, the dumper and dumpfile are also in host(not in container). It have following program: 1: Not