On Fri, 2016-03-25 at 02:28 +0100, Oleg Nesterov wrote:
> Hi Ian,
>
> I can't really recall this old discussion, so I can be easily wrong...
>
> On 03/24, Ian Kent wrote:
> >
> > On Mon, 2013-11-18 at 18:28 +0100, Oleg Nesterov wrote:
> > >
> > > IOW. Please the the "patch" below. It is obvious
Hi Ian,
I can't really recall this old discussion, so I can be easily wrong...
On 03/24, Ian Kent wrote:
>
> On Mon, 2013-11-18 at 18:28 +0100, Oleg Nesterov wrote:
> >
> > IOW. Please the the "patch" below. It is obviously incomplete and
> > wrong,
> > and it can be more clear/clean. And probabl
On Mon, 2013-11-18 at 18:28 +0100, Oleg Nesterov wrote:
> On 11/15, Eric W. Biederman wrote:
> >
> > I don't understand that one. Having a preforked thread with the
> > proper
> > environment that can act like kthreadd in terms of spawning user
> > mode
> > helpers works and is simple.
>
> Can't
On Tue, 2016-02-23 at 09:36 -0500, J. Bruce Fields wrote:
> On Tue, Feb 23, 2016 at 10:55:30AM +0800, Ian Kent wrote:
> > You know, wrt. the mechanism Oleg suggested, I've been wondering if
> > it's
> > even necessary to capture process template information for
> > execution.
> >
> > Isn't the mai
On Tue, Feb 23, 2016 at 10:55:30AM +0800, Ian Kent wrote:
> You know, wrt. the mechanism Oleg suggested, I've been wondering if it's
> even necessary to capture process template information for execution.
>
> Isn't the main issue the execution of unknown arbitrary objects getting
> access to a pri
On Fri, 2016-02-19 at 13:14 +0800, Ian Kent wrote:
> On Thu, 2016-02-18 at 14:45 -0600, Eric W. Biederman wrote:
> > Ian Kent writes:
> >
> > > On Thu, 2016-02-18 at 14:36 +0800, Ian Kent wrote:
> > > > On Thu, 2016-02-18 at 12:43 +0900, Kamezawa Hiroyuki wrote:
> > > > > On 2016/02/18 11:57, Eri
On Fri, 2016-02-19 at 18:30 +0900, Kamezawa Hiroyuki wrote:
> On 2016/02/19 14:37, Ian Kent wrote:
> > On Fri, 2016-02-19 at 12:08 +0900, Kamezawa Hiroyuki wrote:
> > > On 2016/02/19 5:45, Eric W. Biederman wrote:
> > > > Personally I am a fan of the don't be clever and capture a
> > > > kernel
> >
On 2016/02/19 14:37, Ian Kent wrote:
On Fri, 2016-02-19 at 12:08 +0900, Kamezawa Hiroyuki wrote:
On 2016/02/19 5:45, Eric W. Biederman wrote:
Personally I am a fan of the don't be clever and capture a kernel
thread
approach as it is very easy to see you what if any exploitation
opportunities th
On Fri, 2016-02-19 at 12:08 +0900, Kamezawa Hiroyuki wrote:
> On 2016/02/19 5:45, Eric W. Biederman wrote:
> > Personally I am a fan of the don't be clever and capture a kernel
> > thread
> > approach as it is very easy to see you what if any exploitation
> > opportunities there are. The justific
On Thu, 2016-02-18 at 14:45 -0600, Eric W. Biederman wrote:
> Ian Kent writes:
>
> > On Thu, 2016-02-18 at 14:36 +0800, Ian Kent wrote:
> > > On Thu, 2016-02-18 at 12:43 +0900, Kamezawa Hiroyuki wrote:
> > > > On 2016/02/18 11:57, Eric W. Biederman wrote:
> > > > >
> > > > > Ccing The containers
On 2016/02/19 5:45, Eric W. Biederman wrote:
> Personally I am a fan of the don't be clever and capture a kernel thread
> approach as it is very easy to see you what if any exploitation
> opportunities there are. The justifications for something more clever
> is trickier. Of course we do somethi
Ian Kent writes:
> On Thu, 2016-02-18 at 14:36 +0800, Ian Kent wrote:
>> On Thu, 2016-02-18 at 12:43 +0900, Kamezawa Hiroyuki wrote:
>> > On 2016/02/18 11:57, Eric W. Biederman wrote:
>> > >
>> > > Ccing The containers list because a related discussion is
>> > > happening
>> > > there
>> > > and
On Thu, 2016-02-18 at 14:36 +0800, Ian Kent wrote:
> On Thu, 2016-02-18 at 12:43 +0900, Kamezawa Hiroyuki wrote:
> > On 2016/02/18 11:57, Eric W. Biederman wrote:
> > >
> > > Ccing The containers list because a related discussion is
> > > happening
> > > there
> > > and somehow this thread has nev
On Thu, 2016-02-18 at 12:43 +0900, Kamezawa Hiroyuki wrote:
> On 2016/02/18 11:57, Eric W. Biederman wrote:
> >
> > Ccing The containers list because a related discussion is happening
> > there
> > and somehow this thread has never made it there.
> >
> > Ian Kent writes:
> >
> > > On Mon, 2013-
On 2016/02/18 11:57, Eric W. Biederman wrote:
>
> Ccing The containers list because a related discussion is happening there
> and somehow this thread has never made it there.
>
> Ian Kent writes:
>
>> On Mon, 2013-11-18 at 18:28 +0100, Oleg Nesterov wrote:
>>> On 11/15, Eric W. Biederman wrote:
Ian Kent writes:
> AFAICS kernel/kmod.c used to use create_singlethread_workqueue() and
> queue_work() to perform umh calls, now it uses only queue_work() and
> the system_unbound_wq workqueue.
>
> Looking at the workqueue sub system there doesn't appear to be a way to
> create a workqueue with
Ccing The containers list because a related discussion is happening there
and somehow this thread has never made it there.
Ian Kent writes:
> On Mon, 2013-11-18 at 18:28 +0100, Oleg Nesterov wrote:
>> On 11/15, Eric W. Biederman wrote:
>> >
>> > I don't understand that one. Having a preforked
On Sat, 2016-02-13 at 17:08 +0100, Stanislav Kinsburskiy wrote:
>
> 13.02.2016 00:39, Ian Kent пишет:
> > On Fri, 2013-11-15 at 15:54 +0400, Stanislav Kinsbursky wrote:
> > > 15.11.2013 15:03, Eric W. Biederman пишет:
> > > > Stanislav Kinsbursky writes:
> > > >
> > > > > 12.11.2013 17:30, Jeff
13.02.2016 00:39, Ian Kent пишет:
On Fri, 2013-11-15 at 15:54 +0400, Stanislav Kinsbursky wrote:
15.11.2013 15:03, Eric W. Biederman пишет:
Stanislav Kinsbursky writes:
12.11.2013 17:30, Jeff Layton пишет:
On Tue, 12 Nov 2013 17:02:36 +0400
Stanislav Kinsbursky wrote:
12.11.2013 15:12,
On Fri, 2013-11-15 at 15:54 +0400, Stanislav Kinsbursky wrote:
> 15.11.2013 15:03, Eric W. Biederman пишет:
> > Stanislav Kinsbursky writes:
> >
> > > 12.11.2013 17:30, Jeff Layton пишет:
> > > > On Tue, 12 Nov 2013 17:02:36 +0400
> > > > Stanislav Kinsbursky wrote:
> > > >
> > > > > 12.11.2013
On Mon, 2013-11-18 at 18:28 +0100, Oleg Nesterov wrote:
> On 11/15, Eric W. Biederman wrote:
> >
> > I don't understand that one. Having a preforked thread with the
> > proper
> > environment that can act like kthreadd in terms of spawning user
> > mode
> > helpers works and is simple.
Forgive m
On Mon, 18 Nov 2013 19:02:59 +0100
Oleg Nesterov wrote:
> On 11/18, Oleg Nesterov wrote:
> >
> > On 11/15, Eric W. Biederman wrote:
> > >
> > > I don't understand that one. Having a preforked thread with the proper
> > > environment that can act like kthreadd in terms of spawning user mode
> > >
On 11/18, Oleg Nesterov wrote:
>
> On 11/15, Eric W. Biederman wrote:
> >
> > I don't understand that one. Having a preforked thread with the proper
> > environment that can act like kthreadd in terms of spawning user mode
> > helpers works and is simple.
>
> Can't we ask ->child_reaper to create
On 11/15, Eric W. Biederman wrote:
>
> I don't understand that one. Having a preforked thread with the proper
> environment that can act like kthreadd in terms of spawning user mode
> helpers works and is simple.
Can't we ask ->child_reaper to create the non-daemonized kernel thread
with the "rig
15.11.2013 15:03, Eric W. Biederman пишет:
Stanislav Kinsbursky writes:
12.11.2013 17:30, Jeff Layton пишет:
On Tue, 12 Nov 2013 17:02:36 +0400
Stanislav Kinsbursky wrote:
12.11.2013 15:12, Jeff Layton пишет:
On Mon, 11 Nov 2013 16:47:03 -0800
Greg KH wrote:
On Mon, Nov 11, 2013 at 07:
Stanislav Kinsbursky writes:
> 12.11.2013 17:30, Jeff Layton пишет:
>> On Tue, 12 Nov 2013 17:02:36 +0400
>> Stanislav Kinsbursky wrote:
>>
>>> 12.11.2013 15:12, Jeff Layton пишет:
On Mon, 11 Nov 2013 16:47:03 -0800
Greg KH wrote:
> On Mon, Nov 11, 2013 at 07:18:25AM -0500, J
12.11.2013 17:30, Jeff Layton пишет:
On Tue, 12 Nov 2013 17:02:36 +0400
Stanislav Kinsbursky wrote:
12.11.2013 15:12, Jeff Layton пишет:
On Mon, 11 Nov 2013 16:47:03 -0800
Greg KH wrote:
On Mon, Nov 11, 2013 at 07:18:25AM -0500, Jeff Layton wrote:
We have a bit of a problem wrt to upcalls
Jeff Layton writes:
> On Tue, 12 Nov 2013 17:02:36 +0400
> Stanislav Kinsbursky wrote:
>
>> 12.11.2013 15:12, Jeff Layton пишет:
>> > On Mon, 11 Nov 2013 16:47:03 -0800
>> > Greg KH wrote:
>> >
>> >> On Mon, Nov 11, 2013 at 07:18:25AM -0500, Jeff Layton wrote:
>> >>> We have a bit of a problem
On Tue, 12 Nov 2013 17:02:36 +0400
Stanislav Kinsbursky wrote:
> 12.11.2013 15:12, Jeff Layton пишет:
> > On Mon, 11 Nov 2013 16:47:03 -0800
> > Greg KH wrote:
> >
> >> On Mon, Nov 11, 2013 at 07:18:25AM -0500, Jeff Layton wrote:
> >>> We have a bit of a problem wrt to upcalls that use call_user
12.11.2013 15:12, Jeff Layton пишет:
On Mon, 11 Nov 2013 16:47:03 -0800
Greg KH wrote:
On Mon, Nov 11, 2013 at 07:18:25AM -0500, Jeff Layton wrote:
We have a bit of a problem wrt to upcalls that use call_usermodehelper
with containers and I'd like to bring this to some sort of resolution...
On Mon, 11 Nov 2013 16:47:03 -0800
Greg KH wrote:
> On Mon, Nov 11, 2013 at 07:18:25AM -0500, Jeff Layton wrote:
> > We have a bit of a problem wrt to upcalls that use call_usermodehelper
> > with containers and I'd like to bring this to some sort of resolution...
> >
> > A particularly problema
On Mon, Nov 11, 2013 at 07:18:25AM -0500, Jeff Layton wrote:
> We have a bit of a problem wrt to upcalls that use call_usermodehelper
> with containers and I'd like to bring this to some sort of resolution...
>
> A particularly problematic case (though there are others) is the
> nfsdcltrack upcall
On Mon, 11 Nov 2013 16:43:21 +0400
Vasily Kulikov wrote:
> Hi Jeff,
>
> On Mon, Nov 11, 2013 at 07:18 -0500, Jeff Layton wrote:
> > What's the correct approach to fix this? One possibility would be to
> > keep a kernel thread around that sits in the correct namespace(s) and
> > has the right pri
Hi Jeff,
On Mon, Nov 11, 2013 at 07:18 -0500, Jeff Layton wrote:
> What's the correct approach to fix this? One possibility would be to
> keep a kernel thread around that sits in the correct namespace(s) and
> has the right privileges, and then use that to launch UMH programs.
> That thread could
We have a bit of a problem wrt to upcalls that use call_usermodehelper
with containers and I'd like to bring this to some sort of resolution...
A particularly problematic case (though there are others) is the
nfsdcltrack upcall. It basically uses call_usermodehelper to run a
program in userland to
35 matches
Mail list logo
