Re: [lxc-devel] CGroup Namespaces (v10)

2016-02-26 Thread Serge Hallyn
Quoting Alban Crequy (alban.cre...@gmail.com): > Hi, > > On 29 January 2016 at 09:54, wrote: > > Hi, > > > > following is a revised set of the CGroup Namespace patchset which Aditya > > Kali has previously sent. The code can also be found in the cgroupns.v10 > > branch of > > > > https://git.ke

Re: [lxc-devel] CGroup Namespaces (v10)

2016-02-26 Thread Alban Crequy
Hi, On 29 January 2016 at 09:54, wrote: > Hi, > > following is a revised set of the CGroup Namespace patchset which Aditya > Kali has previously sent. The code can also be found in the cgroupns.v10 > branch of > > https://git.kernel.org/cgit/linux/kernel/git/sergeh/linux-security.git/ > > To su

Re: [lxc-devel] CGroup Namespaces (v10)

2016-02-15 Thread Tejun Heo
On Mon, Feb 15, 2016 at 04:17:05PM -0500, Tejun Heo wrote: > I'm getting the following on top of the current for-4.6. Can you > please look into it? > > [kernel/cgroup.c:219:13: error: ‘cgroupns_operations’ undeclared here (not in > a function) > .ns.ops = &cgroupns_operations, >

Re: [lxc-devel] CGroup Namespaces (v10)

2016-02-15 Thread Tejun Heo
On Fri, Feb 12, 2016 at 05:22:21PM -0600, Serge E. Hallyn wrote: > On Fri, Feb 12, 2016 at 11:09:06AM -0500, Tejun Heo wrote: > > Hello, > > > > On Fri, Feb 12, 2016 at 12:18:28AM +0100, Alban Crequy wrote: > > > I just noticed commit c38c4597e4bf ("netfilter: implement xt_cgroup > > > cgroup2 pat

Re: [lxc-devel] CGroup Namespaces (v10)

2016-02-12 Thread Serge E. Hallyn
On Fri, Feb 12, 2016 at 11:09:06AM -0500, Tejun Heo wrote: > Hello, > > On Fri, Feb 12, 2016 at 12:18:28AM +0100, Alban Crequy wrote: > > I just noticed commit c38c4597e4bf ("netfilter: implement xt_cgroup > > cgroup2 path match") which, as far as I understand, introduces a new > > userland facing

Re: [lxc-devel] CGroup Namespaces (v10)

2016-02-12 Thread Tejun Heo
Hello, On Fri, Feb 12, 2016 at 12:18:28AM +0100, Alban Crequy wrote: > I just noticed commit c38c4597e4bf ("netfilter: implement xt_cgroup > cgroup2 path match") which, as far as I understand, introduces a new > userland facing API containing the full cgroup path. Does it mean that > the cgroupns

Re: [lxc-devel] CGroup Namespaces (v10)

2016-02-11 Thread Alban Crequy
On 29 January 2016 at 09:54, wrote: > Hi, > > following is a revised set of the CGroup Namespace patchset which Aditya > Kali has previously sent. The code can also be found in the cgroupns.v10 > branch of > > https://git.kernel.org/cgit/linux/kernel/git/sergeh/linux-security.git/ > > To summari

CGroup Namespaces (v10)

2016-01-29 Thread serge . hallyn
Hi, following is a revised set of the CGroup Namespace patchset which Aditya Kali has previously sent. The code can also be found in the cgroupns.v10 branch of https://git.kernel.org/cgit/linux/kernel/git/sergeh/linux-security.git/ To summarize the semantics: 1. CLONE_NEWCGROUP re-uses 0x02000