Hello,
On Wed, Oct 22, 2014 at 11:37:55AM -0700, Aditya Kali wrote:
...
> Actually, there is no right answer here. Our options are:
> * show relative path
> -- this will break userspace as /proc//cgroup does not show
> relative paths today. This is also very ambiguous (is it relative to
>
On Wed, Oct 22, 2014 at 11:37 AM, Aditya Kali wrote:
> On Tue, Oct 21, 2014 at 5:58 PM, Andy Lutomirski wrote:
>> On Tue, Oct 21, 2014 at 5:46 PM, Aditya Kali wrote:
>>> On Tue, Oct 21, 2014 at 3:42 PM, Andy Lutomirski
>>> wrote:
On Tue, Oct 21, 2014 at 3:33 PM, Aditya Kali wrote:
On Tue, Oct 21, 2014 at 5:58 PM, Andy Lutomirski wrote:
> On Tue, Oct 21, 2014 at 5:46 PM, Aditya Kali wrote:
>> On Tue, Oct 21, 2014 at 3:42 PM, Andy Lutomirski wrote:
>>> On Tue, Oct 21, 2014 at 3:33 PM, Aditya Kali wrote:
On Tue, Oct 21, 2014 at 12:02 PM, Andy Lutomirski
wrote:
On Tue, Oct 21, 2014 at 5:58 PM, Andy Lutomirski l...@amacapital.net wrote:
On Tue, Oct 21, 2014 at 5:46 PM, Aditya Kali adityak...@google.com wrote:
On Tue, Oct 21, 2014 at 3:42 PM, Andy Lutomirski l...@amacapital.net wrote:
On Tue, Oct 21, 2014 at 3:33 PM, Aditya Kali adityak...@google.com
On Wed, Oct 22, 2014 at 11:37 AM, Aditya Kali adityak...@google.com wrote:
On Tue, Oct 21, 2014 at 5:58 PM, Andy Lutomirski l...@amacapital.net wrote:
On Tue, Oct 21, 2014 at 5:46 PM, Aditya Kali adityak...@google.com wrote:
On Tue, Oct 21, 2014 at 3:42 PM, Andy Lutomirski l...@amacapital.net
Hello,
On Wed, Oct 22, 2014 at 11:37:55AM -0700, Aditya Kali wrote:
...
Actually, there is no right answer here. Our options are:
* show relative path
-- this will break userspace as /proc/pid/cgroup does not show
relative paths today. This is also very ambiguous (is it relative to
On Tue, Oct 21, 2014 at 5:46 PM, Aditya Kali wrote:
> On Tue, Oct 21, 2014 at 3:42 PM, Andy Lutomirski wrote:
>> On Tue, Oct 21, 2014 at 3:33 PM, Aditya Kali wrote:
>>> On Tue, Oct 21, 2014 at 12:02 PM, Andy Lutomirski
>>> wrote:
On Tue, Oct 21, 2014 at 11:49 AM, Aditya Kali
On Tue, Oct 21, 2014 at 3:42 PM, Andy Lutomirski wrote:
> On Tue, Oct 21, 2014 at 3:33 PM, Aditya Kali wrote:
>> On Tue, Oct 21, 2014 at 12:02 PM, Andy Lutomirski
>> wrote:
>>> On Tue, Oct 21, 2014 at 11:49 AM, Aditya Kali wrote:
On Mon, Oct 20, 2014 at 10:49 PM, Andy Lutomirski
On Tue, Oct 21, 2014 at 3:33 PM, Aditya Kali wrote:
> On Tue, Oct 21, 2014 at 12:02 PM, Andy Lutomirski wrote:
>> On Tue, Oct 21, 2014 at 11:49 AM, Aditya Kali wrote:
>>> On Mon, Oct 20, 2014 at 10:49 PM, Andy Lutomirski
>>> wrote:
On Mon, Oct 20, 2014 at 10:42 PM, Eric W. Biederman
On Tue, Oct 21, 2014 at 12:02 PM, Andy Lutomirski wrote:
> On Tue, Oct 21, 2014 at 11:49 AM, Aditya Kali wrote:
>> On Mon, Oct 20, 2014 at 10:49 PM, Andy Lutomirski
>> wrote:
>>> On Mon, Oct 20, 2014 at 10:42 PM, Eric W. Biederman
>>> wrote:
I do wonder if we think of this as
On Tue, Oct 21, 2014 at 11:49 AM, Aditya Kali wrote:
> On Mon, Oct 20, 2014 at 10:49 PM, Andy Lutomirski wrote:
>> On Mon, Oct 20, 2014 at 10:42 PM, Eric W. Biederman
>> wrote:
>>>
>>> I do wonder if we think of this as chcgrouproot if there is a simpler
>>> implementation.
>>
>> Could be.
On Mon, Oct 20, 2014 at 10:49 PM, Andy Lutomirski wrote:
> On Mon, Oct 20, 2014 at 10:42 PM, Eric W. Biederman
> wrote:
>> Andy Lutomirski writes:
>>
>>> On Mon, Oct 20, 2014 at 9:49 PM, Eric W. Biederman
>>> wrote:
Andy Lutomirski writes:
> Possible solution:
>
> Ditch the
On Mon, Oct 20, 2014 at 10:49 PM, Andy Lutomirski l...@amacapital.net wrote:
On Mon, Oct 20, 2014 at 10:42 PM, Eric W. Biederman
ebied...@xmission.com wrote:
Andy Lutomirski l...@amacapital.net writes:
On Mon, Oct 20, 2014 at 9:49 PM, Eric W. Biederman
ebied...@xmission.com wrote:
Andy
On Tue, Oct 21, 2014 at 11:49 AM, Aditya Kali adityak...@google.com wrote:
On Mon, Oct 20, 2014 at 10:49 PM, Andy Lutomirski l...@amacapital.net wrote:
On Mon, Oct 20, 2014 at 10:42 PM, Eric W. Biederman
ebied...@xmission.com wrote:
I do wonder if we think of this as chcgrouproot if there is
On Tue, Oct 21, 2014 at 12:02 PM, Andy Lutomirski l...@amacapital.net wrote:
On Tue, Oct 21, 2014 at 11:49 AM, Aditya Kali adityak...@google.com wrote:
On Mon, Oct 20, 2014 at 10:49 PM, Andy Lutomirski l...@amacapital.net
wrote:
On Mon, Oct 20, 2014 at 10:42 PM, Eric W. Biederman
On Tue, Oct 21, 2014 at 3:33 PM, Aditya Kali adityak...@google.com wrote:
On Tue, Oct 21, 2014 at 12:02 PM, Andy Lutomirski l...@amacapital.net wrote:
On Tue, Oct 21, 2014 at 11:49 AM, Aditya Kali adityak...@google.com wrote:
On Mon, Oct 20, 2014 at 10:49 PM, Andy Lutomirski l...@amacapital.net
On Tue, Oct 21, 2014 at 3:42 PM, Andy Lutomirski l...@amacapital.net wrote:
On Tue, Oct 21, 2014 at 3:33 PM, Aditya Kali adityak...@google.com wrote:
On Tue, Oct 21, 2014 at 12:02 PM, Andy Lutomirski l...@amacapital.net
wrote:
On Tue, Oct 21, 2014 at 11:49 AM, Aditya Kali
On Tue, Oct 21, 2014 at 5:46 PM, Aditya Kali adityak...@google.com wrote:
On Tue, Oct 21, 2014 at 3:42 PM, Andy Lutomirski l...@amacapital.net wrote:
On Tue, Oct 21, 2014 at 3:33 PM, Aditya Kali adityak...@google.com wrote:
On Tue, Oct 21, 2014 at 12:02 PM, Andy Lutomirski l...@amacapital.net
On Mon, Oct 20, 2014 at 10:42 PM, Eric W. Biederman
wrote:
> Andy Lutomirski writes:
>
>> On Mon, Oct 20, 2014 at 9:49 PM, Eric W. Biederman
>> wrote:
>>> Andy Lutomirski writes:
Possible solution:
Ditch the pinning. That is, if you're outside a cgroupns (or you have
a
Andy Lutomirski writes:
> On Mon, Oct 20, 2014 at 9:49 PM, Eric W. Biederman
> wrote:
>> Andy Lutomirski writes:
>>
>>> On Sun, Oct 19, 2014 at 9:55 PM, Eric W.Biederman
>>> wrote:
On October 19, 2014 1:26:29 PM CDT, Andy Lutomirski
wrote:
>>
> Is the idea
>that
On Mon, Oct 20, 2014 at 9:49 PM, Eric W. Biederman
wrote:
> Andy Lutomirski writes:
>
>> On Sun, Oct 19, 2014 at 9:55 PM, Eric W.Biederman
>> wrote:
>>>
>>>
>>> On October 19, 2014 1:26:29 PM CDT, Andy Lutomirski
>>> wrote:
>
Is the idea
that you want a privileged user wrt a
Andy Lutomirski writes:
> On Sun, Oct 19, 2014 at 9:55 PM, Eric W.Biederman
> wrote:
>>
>>
>> On October 19, 2014 1:26:29 PM CDT, Andy Lutomirski
>> wrote:
>>> Is the idea
>>>that you want a privileged user wrt a cgroupns's userns to be able to
>>>use this? If so:
>>>
>>>Yes, that
On Sun, Oct 19, 2014 at 9:55 PM, Eric W.Biederman wrote:
>
>
> On October 19, 2014 1:26:29 PM CDT, Andy Lutomirski
> wrote:
>>On Sat, Oct 18, 2014 at 10:23 PM, Eric W. Biederman
>> wrote:
>>> "Serge E. Hallyn" writes:
>>>
Quoting Aditya Kali (adityak...@google.com):
> On Thu, Oct 16,
On Sun, Oct 19, 2014 at 9:55 PM, Eric W.Biederman ebied...@xmission.com wrote:
On October 19, 2014 1:26:29 PM CDT, Andy Lutomirski l...@amacapital.net
wrote:
On Sat, Oct 18, 2014 at 10:23 PM, Eric W. Biederman
ebied...@xmission.com wrote:
Serge E. Hallyn se...@hallyn.com writes:
Quoting
Andy Lutomirski l...@amacapital.net writes:
On Sun, Oct 19, 2014 at 9:55 PM, Eric W.Biederman ebied...@xmission.com
wrote:
On October 19, 2014 1:26:29 PM CDT, Andy Lutomirski l...@amacapital.net
wrote:
Is the idea
that you want a privileged user wrt a cgroupns's userns to be able to
use
On Mon, Oct 20, 2014 at 9:49 PM, Eric W. Biederman
ebied...@xmission.com wrote:
Andy Lutomirski l...@amacapital.net writes:
On Sun, Oct 19, 2014 at 9:55 PM, Eric W.Biederman ebied...@xmission.com
wrote:
On October 19, 2014 1:26:29 PM CDT, Andy Lutomirski l...@amacapital.net
wrote:
Is
Andy Lutomirski l...@amacapital.net writes:
On Mon, Oct 20, 2014 at 9:49 PM, Eric W. Biederman
ebied...@xmission.com wrote:
Andy Lutomirski l...@amacapital.net writes:
On Sun, Oct 19, 2014 at 9:55 PM, Eric W.Biederman ebied...@xmission.com
wrote:
On October 19, 2014 1:26:29 PM CDT, Andy
On Mon, Oct 20, 2014 at 10:42 PM, Eric W. Biederman
ebied...@xmission.com wrote:
Andy Lutomirski l...@amacapital.net writes:
On Mon, Oct 20, 2014 at 9:49 PM, Eric W. Biederman
ebied...@xmission.com wrote:
Andy Lutomirski l...@amacapital.net writes:
Possible solution:
Ditch the pinning.
On October 19, 2014 1:26:29 PM CDT, Andy Lutomirski wrote:
>On Sat, Oct 18, 2014 at 10:23 PM, Eric W. Biederman
> wrote:
>> "Serge E. Hallyn" writes:
>>
>>> Quoting Aditya Kali (adityak...@google.com):
On Thu, Oct 16, 2014 at 2:12 PM, Serge E. Hallyn
>wrote:
> Quoting Aditya Kali
On Sat, Oct 18, 2014 at 10:23 PM, Eric W. Biederman
wrote:
> "Serge E. Hallyn" writes:
>
>> Quoting Aditya Kali (adityak...@google.com):
>>> On Thu, Oct 16, 2014 at 2:12 PM, Serge E. Hallyn wrote:
>>> > Quoting Aditya Kali (adityak...@google.com):
>>> >> setns on a cgroup namespace is allowed
On Sat, Oct 18, 2014 at 10:23 PM, Eric W. Biederman
ebied...@xmission.com wrote:
Serge E. Hallyn se...@hallyn.com writes:
Quoting Aditya Kali (adityak...@google.com):
On Thu, Oct 16, 2014 at 2:12 PM, Serge E. Hallyn se...@hallyn.com wrote:
Quoting Aditya Kali (adityak...@google.com):
setns
On October 19, 2014 1:26:29 PM CDT, Andy Lutomirski l...@amacapital.net wrote:
On Sat, Oct 18, 2014 at 10:23 PM, Eric W. Biederman
ebied...@xmission.com wrote:
Serge E. Hallyn se...@hallyn.com writes:
Quoting Aditya Kali (adityak...@google.com):
On Thu, Oct 16, 2014 at 2:12 PM, Serge E.
"Serge E. Hallyn" writes:
> Quoting Aditya Kali (adityak...@google.com):
>> On Thu, Oct 16, 2014 at 2:12 PM, Serge E. Hallyn wrote:
>> > Quoting Aditya Kali (adityak...@google.com):
>> >> setns on a cgroup namespace is allowed only if
>> >> * task has CAP_SYS_ADMIN in its current user-namespace
Serge E. Hallyn se...@hallyn.com writes:
Quoting Aditya Kali (adityak...@google.com):
On Thu, Oct 16, 2014 at 2:12 PM, Serge E. Hallyn se...@hallyn.com wrote:
Quoting Aditya Kali (adityak...@google.com):
setns on a cgroup namespace is allowed only if
* task has CAP_SYS_ADMIN in its
Quoting Aditya Kali (adityak...@google.com):
> setns on a cgroup namespace is allowed only if
> * task has CAP_SYS_ADMIN in its current user-namespace and
> over the user-namespace associated with target cgroupns.
> * task's current cgroup is descendent of the target cgroupns-root
> cgroup.
>
Quoting Aditya Kali (adityak...@google.com):
setns on a cgroup namespace is allowed only if
* task has CAP_SYS_ADMIN in its current user-namespace and
over the user-namespace associated with target cgroupns.
* task's current cgroup is descendent of the target cgroupns-root
cgroup.
*
Quoting Aditya Kali (adityak...@google.com):
> On Thu, Oct 16, 2014 at 2:12 PM, Serge E. Hallyn wrote:
> > Quoting Aditya Kali (adityak...@google.com):
> >> setns on a cgroup namespace is allowed only if
> >> * task has CAP_SYS_ADMIN in its current user-namespace and
> >> over the
On Thu, Oct 16, 2014 at 2:12 PM, Serge E. Hallyn wrote:
> Quoting Aditya Kali (adityak...@google.com):
>> setns on a cgroup namespace is allowed only if
>> * task has CAP_SYS_ADMIN in its current user-namespace and
>> over the user-namespace associated with target cgroupns.
>> * task's current
On Thu, Oct 16, 2014 at 2:12 PM, Serge E. Hallyn wrote:
> Quoting Aditya Kali (adityak...@google.com):
>> setns on a cgroup namespace is allowed only if
>> * task has CAP_SYS_ADMIN in its current user-namespace and
>> over the user-namespace associated with target cgroupns.
>> * task's current
Quoting Aditya Kali (adityak...@google.com):
> setns on a cgroup namespace is allowed only if
> * task has CAP_SYS_ADMIN in its current user-namespace and
> over the user-namespace associated with target cgroupns.
> * task's current cgroup is descendent of the target cgroupns-root
> cgroup.
Quoting Aditya Kali (adityak...@google.com):
setns on a cgroup namespace is allowed only if
* task has CAP_SYS_ADMIN in its current user-namespace and
over the user-namespace associated with target cgroupns.
* task's current cgroup is descendent of the target cgroupns-root
cgroup.
What
On Thu, Oct 16, 2014 at 2:12 PM, Serge E. Hallyn se...@hallyn.com wrote:
Quoting Aditya Kali (adityak...@google.com):
setns on a cgroup namespace is allowed only if
* task has CAP_SYS_ADMIN in its current user-namespace and
over the user-namespace associated with target cgroupns.
* task's
On Thu, Oct 16, 2014 at 2:12 PM, Serge E. Hallyn se...@hallyn.com wrote:
Quoting Aditya Kali (adityak...@google.com):
setns on a cgroup namespace is allowed only if
* task has CAP_SYS_ADMIN in its current user-namespace and
over the user-namespace associated with target cgroupns.
* task's
Quoting Aditya Kali (adityak...@google.com):
On Thu, Oct 16, 2014 at 2:12 PM, Serge E. Hallyn se...@hallyn.com wrote:
Quoting Aditya Kali (adityak...@google.com):
setns on a cgroup namespace is allowed only if
* task has CAP_SYS_ADMIN in its current user-namespace and
over the
setns on a cgroup namespace is allowed only if
* task has CAP_SYS_ADMIN in its current user-namespace and
over the user-namespace associated with target cgroupns.
* task's current cgroup is descendent of the target cgroupns-root
cgroup.
* target cgroupns-root is same as or deeper than task's
setns on a cgroup namespace is allowed only if
* task has CAP_SYS_ADMIN in its current user-namespace and
over the user-namespace associated with target cgroupns.
* task's current cgroup is descendent of the target cgroupns-root
cgroup.
* target cgroupns-root is same as or deeper than task's
46 matches
Mail list logo
