I agree with what Andy and Serge has to say. The ability to mount
cgroupfs inside userns also seems consistent with other kernel
interfaces like sysfs, procfs, etc.
Though it would be great if we can atleast merge the rest of the
patches first while we address the mounting part.
Thanks for your
I agree with what Andy and Serge has to say. The ability to mount
cgroupfs inside userns also seems consistent with other kernel
interfaces like sysfs, procfs, etc.
Though it would be great if we can atleast merge the rest of the
patches first while we address the mounting part.
Thanks for your
On Tue, Nov 4, 2014 at 5:57 AM, Tejun Heo wrote:
> Hello, Aditya.
>
> On Mon, Nov 03, 2014 at 03:12:28PM -0800, Aditya Kali wrote:
>> I think the sane-behavior flag is only temporary and will be removed
>> anyways, right? So I didn't bother asking user to supply it. But I can
>> make the change
On Tue, Nov 4, 2014 at 5:57 AM, Tejun Heo t...@kernel.org wrote:
Hello, Aditya.
On Mon, Nov 03, 2014 at 03:12:28PM -0800, Aditya Kali wrote:
I think the sane-behavior flag is only temporary and will be removed
anyways, right? So I didn't bother asking user to supply it. But I can
make the
Quoting Andy Lutomirski (l...@amacapital.net):
> On Tue, Nov 4, 2014 at 5:46 AM, Tejun Heo wrote:
> > Hello, Aditya.
> >
> > On Mon, Nov 03, 2014 at 02:43:47PM -0800, Aditya Kali wrote:
> >> I agree that this is effectively bind-mounting, but doing this in kernel
> >> makes it really convenient
On Tue, Nov 4, 2014 at 5:46 AM, Tejun Heo wrote:
> Hello, Aditya.
>
> On Mon, Nov 03, 2014 at 02:43:47PM -0800, Aditya Kali wrote:
>> I agree that this is effectively bind-mounting, but doing this in kernel
>> makes it really convenient for the userspace. The process that sets up the
>> container
Hello, Aditya.
On Mon, Nov 03, 2014 at 03:12:28PM -0800, Aditya Kali wrote:
> I think the sane-behavior flag is only temporary and will be removed
> anyways, right? So I didn't bother asking user to supply it. But I can
> make the change as you suggested. We just have to make sure that tasks
>
Hello, Aditya.
On Mon, Nov 03, 2014 at 02:43:47PM -0800, Aditya Kali wrote:
> I agree that this is effectively bind-mounting, but doing this in kernel
> makes it really convenient for the userspace. The process that sets up the
> container doesn't need to care whether it should bind-mount
Hello, Aditya.
On Mon, Nov 03, 2014 at 02:43:47PM -0800, Aditya Kali wrote:
I agree that this is effectively bind-mounting, but doing this in kernel
makes it really convenient for the userspace. The process that sets up the
container doesn't need to care whether it should bind-mount cgroupfs
Hello, Aditya.
On Mon, Nov 03, 2014 at 03:12:28PM -0800, Aditya Kali wrote:
I think the sane-behavior flag is only temporary and will be removed
anyways, right? So I didn't bother asking user to supply it. But I can
make the change as you suggested. We just have to make sure that tasks
inside
On Tue, Nov 4, 2014 at 5:46 AM, Tejun Heo t...@kernel.org wrote:
Hello, Aditya.
On Mon, Nov 03, 2014 at 02:43:47PM -0800, Aditya Kali wrote:
I agree that this is effectively bind-mounting, but doing this in kernel
makes it really convenient for the userspace. The process that sets up the
Quoting Andy Lutomirski (l...@amacapital.net):
On Tue, Nov 4, 2014 at 5:46 AM, Tejun Heo t...@kernel.org wrote:
Hello, Aditya.
On Mon, Nov 03, 2014 at 02:43:47PM -0800, Aditya Kali wrote:
I agree that this is effectively bind-mounting, but doing this in kernel
makes it really convenient
This patch enables cgroup mounting inside userns when a process
as appropriate privileges. The cgroup filesystem mounted is
rooted at the cgroupns-root. Thus, in a container-setup, only
the hierarchy under the cgroupns-root is exposed inside the container.
This allows container management tools
On Mon, Nov 3, 2014 at 4:17 PM, Andy Lutomirski wrote:
> On Mon, Nov 3, 2014 at 4:12 PM, Aditya Kali wrote:
>> On Mon, Nov 3, 2014 at 3:48 PM, Andy Lutomirski wrote:
>>> On Mon, Nov 3, 2014 at 3:23 PM, Aditya Kali wrote:
On Mon, Nov 3, 2014 at 3:15 PM, Andy Lutomirski
wrote:
>
On Mon, Nov 3, 2014 at 4:12 PM, Aditya Kali wrote:
> On Mon, Nov 3, 2014 at 3:48 PM, Andy Lutomirski wrote:
>> On Mon, Nov 3, 2014 at 3:23 PM, Aditya Kali wrote:
>>> On Mon, Nov 3, 2014 at 3:15 PM, Andy Lutomirski wrote:
On Mon, Nov 3, 2014 at 3:12 PM, Aditya Kali wrote:
> On Fri,
On Mon, Nov 3, 2014 at 3:48 PM, Andy Lutomirski wrote:
> On Mon, Nov 3, 2014 at 3:23 PM, Aditya Kali wrote:
>> On Mon, Nov 3, 2014 at 3:15 PM, Andy Lutomirski wrote:
>>> On Mon, Nov 3, 2014 at 3:12 PM, Aditya Kali wrote:
On Fri, Oct 31, 2014 at 5:07 PM, Andy Lutomirski
wrote:
>
On Mon, Nov 3, 2014 at 3:23 PM, Aditya Kali wrote:
> On Mon, Nov 3, 2014 at 3:15 PM, Andy Lutomirski wrote:
>> On Mon, Nov 3, 2014 at 3:12 PM, Aditya Kali wrote:
>>> On Fri, Oct 31, 2014 at 5:07 PM, Andy Lutomirski
>>> wrote:
On Fri, Oct 31, 2014 at 12:19 PM, Aditya Kali
wrote:
On Mon, Nov 3, 2014 at 3:15 PM, Andy Lutomirski wrote:
> On Mon, Nov 3, 2014 at 3:12 PM, Aditya Kali wrote:
>> On Fri, Oct 31, 2014 at 5:07 PM, Andy Lutomirski wrote:
>>> On Fri, Oct 31, 2014 at 12:19 PM, Aditya Kali wrote:
This patch enables cgroup mounting inside userns when a process
On Mon, Nov 3, 2014 at 3:12 PM, Aditya Kali wrote:
> On Fri, Oct 31, 2014 at 5:07 PM, Andy Lutomirski wrote:
>> On Fri, Oct 31, 2014 at 12:19 PM, Aditya Kali wrote:
>>> This patch enables cgroup mounting inside userns when a process
>>> as appropriate privileges. The cgroup filesystem mounted
On Fri, Oct 31, 2014 at 5:07 PM, Andy Lutomirski wrote:
> On Fri, Oct 31, 2014 at 12:19 PM, Aditya Kali wrote:
>> This patch enables cgroup mounting inside userns when a process
>> as appropriate privileges. The cgroup filesystem mounted is
>> rooted at the cgroupns-root. Thus, in a
On Mon, Nov 3, 2014 at 2:43 PM, Aditya Kali wrote:
>
>
> On Fri, Oct 31, 2014 at 6:09 PM, Eric W. Biederman
> wrote:
>>
>> Aditya Kali writes:
>>
>> > This patch enables cgroup mounting inside userns when a process
>> > as appropriate privileges. The cgroup filesystem mounted is
>> > rooted at
(sorry for accidental non-plain-text response earlier).
On Fri, Oct 31, 2014 at 6:09 PM, Eric W. Biederman
wrote:
> Aditya Kali writes:
>
>> This patch enables cgroup mounting inside userns when a process
>> as appropriate privileges. The cgroup filesystem mounted is
>> rooted at the
(sorry for accidental non-plain-text response earlier).
On Fri, Oct 31, 2014 at 6:09 PM, Eric W. Biederman
ebied...@xmission.com wrote:
Aditya Kali adityak...@google.com writes:
This patch enables cgroup mounting inside userns when a process
as appropriate privileges. The cgroup filesystem
On Mon, Nov 3, 2014 at 2:43 PM, Aditya Kali adityak...@google.com wrote:
On Fri, Oct 31, 2014 at 6:09 PM, Eric W. Biederman ebied...@xmission.com
wrote:
Aditya Kali adityak...@google.com writes:
This patch enables cgroup mounting inside userns when a process
as appropriate privileges.
On Fri, Oct 31, 2014 at 5:07 PM, Andy Lutomirski l...@amacapital.net wrote:
On Fri, Oct 31, 2014 at 12:19 PM, Aditya Kali adityak...@google.com wrote:
This patch enables cgroup mounting inside userns when a process
as appropriate privileges. The cgroup filesystem mounted is
rooted at the
On Mon, Nov 3, 2014 at 3:12 PM, Aditya Kali adityak...@google.com wrote:
On Fri, Oct 31, 2014 at 5:07 PM, Andy Lutomirski l...@amacapital.net wrote:
On Fri, Oct 31, 2014 at 12:19 PM, Aditya Kali adityak...@google.com wrote:
This patch enables cgroup mounting inside userns when a process
as
On Mon, Nov 3, 2014 at 3:15 PM, Andy Lutomirski l...@amacapital.net wrote:
On Mon, Nov 3, 2014 at 3:12 PM, Aditya Kali adityak...@google.com wrote:
On Fri, Oct 31, 2014 at 5:07 PM, Andy Lutomirski l...@amacapital.net wrote:
On Fri, Oct 31, 2014 at 12:19 PM, Aditya Kali adityak...@google.com
On Mon, Nov 3, 2014 at 3:23 PM, Aditya Kali adityak...@google.com wrote:
On Mon, Nov 3, 2014 at 3:15 PM, Andy Lutomirski l...@amacapital.net wrote:
On Mon, Nov 3, 2014 at 3:12 PM, Aditya Kali adityak...@google.com wrote:
On Fri, Oct 31, 2014 at 5:07 PM, Andy Lutomirski l...@amacapital.net
On Mon, Nov 3, 2014 at 3:48 PM, Andy Lutomirski l...@amacapital.net wrote:
On Mon, Nov 3, 2014 at 3:23 PM, Aditya Kali adityak...@google.com wrote:
On Mon, Nov 3, 2014 at 3:15 PM, Andy Lutomirski l...@amacapital.net wrote:
On Mon, Nov 3, 2014 at 3:12 PM, Aditya Kali adityak...@google.com wrote:
On Mon, Nov 3, 2014 at 4:12 PM, Aditya Kali adityak...@google.com wrote:
On Mon, Nov 3, 2014 at 3:48 PM, Andy Lutomirski l...@amacapital.net wrote:
On Mon, Nov 3, 2014 at 3:23 PM, Aditya Kali adityak...@google.com wrote:
On Mon, Nov 3, 2014 at 3:15 PM, Andy Lutomirski l...@amacapital.net wrote:
On Mon, Nov 3, 2014 at 4:17 PM, Andy Lutomirski l...@amacapital.net wrote:
On Mon, Nov 3, 2014 at 4:12 PM, Aditya Kali adityak...@google.com wrote:
On Mon, Nov 3, 2014 at 3:48 PM, Andy Lutomirski l...@amacapital.net wrote:
On Mon, Nov 3, 2014 at 3:23 PM, Aditya Kali adityak...@google.com wrote:
This patch enables cgroup mounting inside userns when a process
as appropriate privileges. The cgroup filesystem mounted is
rooted at the cgroupns-root. Thus, in a container-setup, only
the hierarchy under the cgroupns-root is exposed inside the container.
This allows container management tools
On Fri, Oct 31, 2014 at 7:59 PM, Eric W. Biederman
wrote:
> Andy Lutomirski writes:
>>> @@ -1862,6 +1904,7 @@ static struct file_system_type cgroup_fs_type = {
>>> .name = "cgroup",
>>> .mount = cgroup_mount,
>>> .kill_sb = cgroup_kill_sb,
>>> + .fs_flags =
Andy Lutomirski writes:
>> @@ -1862,6 +1904,7 @@ static struct file_system_type cgroup_fs_type = {
>> .name = "cgroup",
>> .mount = cgroup_mount,
>> .kill_sb = cgroup_kill_sb,
>> + .fs_flags = FS_USERNS_MOUNT,
>
> Aargh, another one! Eric, can you either ack or nack
Aditya Kali writes:
> This patch enables cgroup mounting inside userns when a process
> as appropriate privileges. The cgroup filesystem mounted is
> rooted at the cgroupns-root. Thus, in a container-setup, only
> the hierarchy under the cgroupns-root is exposed inside the container.
> This
On Fri, Oct 31, 2014 at 12:19 PM, Aditya Kali wrote:
> This patch enables cgroup mounting inside userns when a process
> as appropriate privileges. The cgroup filesystem mounted is
> rooted at the cgroupns-root. Thus, in a container-setup, only
> the hierarchy under the cgroupns-root is exposed
This patch enables cgroup mounting inside userns when a process
as appropriate privileges. The cgroup filesystem mounted is
rooted at the cgroupns-root. Thus, in a container-setup, only
the hierarchy under the cgroupns-root is exposed inside the container.
This allows container management tools to
This patch enables cgroup mounting inside userns when a process
as appropriate privileges. The cgroup filesystem mounted is
rooted at the cgroupns-root. Thus, in a container-setup, only
the hierarchy under the cgroupns-root is exposed inside the container.
This allows container management tools to
On Fri, Oct 31, 2014 at 12:19 PM, Aditya Kali adityak...@google.com wrote:
This patch enables cgroup mounting inside userns when a process
as appropriate privileges. The cgroup filesystem mounted is
rooted at the cgroupns-root. Thus, in a container-setup, only
the hierarchy under the
Aditya Kali adityak...@google.com writes:
This patch enables cgroup mounting inside userns when a process
as appropriate privileges. The cgroup filesystem mounted is
rooted at the cgroupns-root. Thus, in a container-setup, only
the hierarchy under the cgroupns-root is exposed inside the
Andy Lutomirski l...@amacapital.net writes:
@@ -1862,6 +1904,7 @@ static struct file_system_type cgroup_fs_type = {
.name = cgroup,
.mount = cgroup_mount,
.kill_sb = cgroup_kill_sb,
+ .fs_flags = FS_USERNS_MOUNT,
Aargh, another one! Eric, can you either ack or
On Fri, Oct 31, 2014 at 7:59 PM, Eric W. Biederman
ebied...@xmission.com wrote:
Andy Lutomirski l...@amacapital.net writes:
@@ -1862,6 +1904,7 @@ static struct file_system_type cgroup_fs_type = {
.name = cgroup,
.mount = cgroup_mount,
.kill_sb = cgroup_kill_sb,
+
42 matches
Mail list logo