[lxc-devel] crio-lxc

Hi, I've looked around (see https://discuss.linuxcontainers.org/t/cri-o-plugin-for-lxc/4324) and found no existing open source wrapper for plugging lxc into cri-o. So I've created github.com/lxc/crio-lxc. It's an empty repo right now. I have an idea how I would like to go about it, but if

[lxc-devel] [JOB OPENING] Cisco: software engineer

Hi everyone, I'm currently with Cisco, working on a fun project involving, among other things, nomad, lxc, and the usual sets of languages - go, python, some c, some kernel stuff, some packaging. We're looking for several people with varying skillsets - go programmers, containers and cluster

Re: [lxc-devel] Getting complex data (structs) from a container (net ns) in API

Quoting Rafał Miłecki (ra...@milecki.pl): > Hi, > > currently lxccontainer's API has two functions for getting net info: > char** (*get_interfaces)(struct lxc_container *c); > char** (*get_ips)(struct lxc_container *c, const char* interface, > const char* family, int scope); > > I'd like to get

Re: [lxc-devel] lxc-stop: umount issue?

Quoting Harald Dunkel (ha...@afaics.de): > On 12/07/17 22:30, Serge E. Hallyn wrote: > > > > What filesystem are you using? > > ext4 on a drbd block device: > > /dev/drbd1 /data1 ext4 rw,noatime,stripe=256,data=ordered 0 0 I have to think drbd would be the problem

Re: [lxc-devel] lxc-stop: umount issue?

Quoting Harald Dunkel (harald.dun...@aixigo.de): > Hi folks, > > If a LXC server ran for several weeks and if I try to stop a > container, then the server gets stuck for a few minutes (see > attachment). > > Please note the > > : > [8541088.226013] Task dump for CPU 31: > [8541088.226015] mount

Re: [lxc-devel] [lxc-users] Suggestions regarding (ultimately) LXC 2.1.0 lxc-update-config

agreed to both, lxc-update-config should delete it, and it should be (initially the only) member of a (new) group of keys to ignore, bc it cannot possibly hurt. Do you happen to have time to write one or both patches? thanks, -serge On Wed, Oct 04, 2017 at 03:35:08PM -0400, Adrian Pepper wrote:

Re: [lxc-devel] [lxc-users] Container startup hook arguments

Quoting Kees Bos (cornelis@gmail.com): > I'm not using it, but do expect the extra args: > > while [ {{ '${#@}' }} -gt 3 ] ; do >    ... >    shift > done > > It might be that some users will need the last extra argument (stage: > pre-start|start|post-stop). This is currently not available

Re: [lxc-devel] [lxc-users] lxc rootfs permission 700 vs 755

Quoting T.C 吳天健 (tcwu2...@gmail.com): > I found some service in container's OS failed to start. The error message > is "execve permission denied". > Finally I chmod 755 to all directories from '/' to rootfs and problem > solved. For example, my container's rootfs is at /data/maru/con1, then >

Re: [lxc-devel] lxc-create: file-based capabilities are lost

On Thu, Jul 27, 2017 at 02:48:28PM +0200, Harald Dunkel wrote: > Hi Serge, > > apparently all these fixes have been lost on the 2.0 branch: Hm. are you sure? When I get diff lxc-2.0.0.. templates/lxc-altlinux.in, rsync does not show up. It looks like these were done by commit

Re: [lxc-devel] [lxc/master] caps: skip file capability checks on android

Wouldn't it be better to have configure.ac check for the presence of the function and store that as a separate HAVE_CAP_GET_FILE ? Quoting brauner on Github (lxc-...@linuxcontainers.org): > The following pull request was submitted through Github. > It can be accessed and reviewed at:

Re: [lxc-devel] Patch for cgroups-lite

On Mon, Feb 27, 2017 at 11:42:49PM -0800, Cam Cope wrote: > I need to run nested Ubuntu 12.04 and 14.04 containers on 16.04 hosts, and > have noticed that the cgroups-lite script for mounting the cgroups inside > the containers has stopped working. This is because systemd now comounts > multiple

Re: [lxc-devel] please open lxc-cgroup for unprivileged monitoring

On Tue, Nov 08, 2016 at 06:43:17AM +0100, Harald Dunkel wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Hi Serge, > > On 10/21/16 16:56, Serge E. Hallyn wrote: > > Quoting Harald Dunkel (harald.dun...@aixigo.de): > >> On 10/20/2016 03:39 PM, Se

Re: [lxc-devel] please open lxc-cgroup for unprivileged monitoring

Quoting Harald Dunkel (harald.dun...@aixigo.de): > On 10/20/2016 03:39 PM, Serge E. Hallyn wrote: > > On Wed, Oct 19, 2016 at 02:10:59PM +0200, Harald Dunkel wrote: > >> > >> Following the api I am forced to use root permission or some > >> hard-to-conf

Re: [lxc-devel] please open lxc-cgroup for unprivileged monitoring

On Wed, Oct 19, 2016 at 02:10:59PM +0200, Harald Dunkel wrote: > Hi folks, > > using an unprivileged account for monitoring lxc-cgroup > returns a "permission denied" messages for something that > is world readable in the /cgroup directory. Sample: > > % lxc-cgroup -P /data1/lxc -n jerry1

Re: [lxc-devel] [lxc/master] lxc-alpine: do not drop setfcap

Quoting jirutka on Github (lxc-...@linuxcontainers.org): > The following pull request was submitted through Github. > It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/1241 > > This e-mail was sent by the LXC bot, direct replies will not reach the author > unless they happen to

Re: [lxc-devel] error when trying to mount proc into lxc privileged container

On Fri, Aug 12, 2016 at 04:16:52PM +, Yinon wrote: > Hey, > I have an ununtu 4.2.0-16-generic wily 15.10.I had a privileged container, > and now I want to add proc mount to it.I added this:lxc.mount.auto = proc > > But I keep getting this error: >       lxc-start 1471017966.046 ERROR    

Re: [lxc-devel] [lxc/master] tree-wide: replace readdir_r() with readdir()

Why? readdir is not thread-safe... ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel

[lxc-devel] removing cgmanager

Hi everyone, I'm intending to remove cgmanager from Debian. Upstream and distro maintainers all agree this is the right thing to do, but I don't want this to come as a surprise to anyone - so wanted to send out one last email warning and asking if anyone is depending on it. I've said I'll act

Re: [lxc-devel] [lxc-users] Fuse fails inside container from last week

Quoting Saint Michael (vene...@gmail.com): > When I try to use fuse in a container, I get > fuse: failed to open /dev/fuse: Operation not permitted > In my config file I have > lxc.mount.entry = /dev/fuse dev/fuse none bind,create=file > > How can I get back to be able to use fuse inside a

Re: [lxc-devel] [PATCH 0/3] lxc-debian: some improvements

Quoting Laurent Vivier (laur...@vivier.eu): > > > Le 17/06/2016 à 03:19, Laurent Vivier a écrit : > > The first patch defines a default password for root. > > The two following ones are copied from lxc-ubuntu to > > allow to flush cache and to support btrfs snapshot > > of the cache. > > > >

Re: [lxc-devel] lxc-create: file-based capabilities are lost

Quoting Harald Dunkel (ha...@afaics.de): > Hi Serge, > > On 06/15/16 19:00, Serge E. Hallyn wrote: > > Quoting Harald Dunkel (harald.dun...@aixigo.de): > >> > >> Using "rsync -SHaAX" in lxc-debian it works (on Jessie). > >> Attach

Re: [lxc-devel] [PATCH 3/3] lxc-debian: add btrfs support

Quoting Laurent Vivier (laur...@vivier.eu): > copied from lxc-ubuntu.in > > Signed-off-by: Laurent Vivier Acked-by: Serge Hallyn although note that the rsync at bottom will conflict with Harald's patch to make rsync respect xattrs (no big deal). > --- >

Re: [lxc-devel] [PATCH 2/3] lxc-debian: add --flush-cache

Quoting Laurent Vivier (laur...@vivier.eu): > copied from lxc-ubuntu.in > > Signed-off-by: Laurent Vivier Acked-by: Serge Hallyn > --- > templates/lxc-debian.in | 14 -- > 1 file changed, 12 insertions(+), 2 deletions(-) > > diff --git

Re: [lxc-devel] [PATCH 1/3] lxc-debian: define a password for root

Quoting Laurent Vivier (laur...@vivier.eu): > Signed-off-by: Laurent Vivier Sorry but isn't this a regression? How about making this subject to a --default-password argument or something? I think Michael said he might be around right now, and at one point he was trying to

Re: [lxc-devel] lxc-create: file-based capabilities are lost

Quoting Harald Dunkel (harald.dun...@aixigo.de): > Hi Serge, > > On 06/14/16 17:10, Serge E. Hallyn wrote: > > > > Well I notice that copy_debian() rsyncs without -X. Does > > adding -X fix it for you? > > Using "rsync -SHaAX" in lxc-debian it

Re: [lxc-devel] lxc-create: file-based capabilities are lost

On Tue, Jun 14, 2016 at 10:59:51AM +0200, Harald Dunkel wrote: > Hi folks, > > Problem: A container setup with "lxc-create -t debian" has > lost its file-based capabilities (used by systemd, ping, > iputils, ...). I didn't check other template scripts, but > since the major suspect is tar (used

Re: [lxc-devel] pylxd sprint

Quoting James Pic (james...@gmail.com): > Hi all \o/ > > There's been a lot of discussion around pylxd since a PR has been > opened on Ansible to include an lxd_container module. It's really long > so I'll try to brief you about it in this email, but FTR here it is: >

Re: [lxc-devel] [PATCH RFC] Introduce new security.nscapability xattr

On Mon, Feb 29, 2016 at 03:38:20PM -0600, Serge E. Hallyn wrote: > On Fri, Jan 29, 2016 at 01:31:51AM -0600, Serge E. Hallyn wrote: > > On Wed, Jan 27, 2016 at 04:36:02PM -0800, Andy Lutomirski wrote: > > > On Wed, Jan 27, 2016 at 9:22 AM, Jann Horn <j...@thejh.net>

Re: [lxc-devel] CGroup Namespaces (v10)

On Fri, Feb 12, 2016 at 11:09:06AM -0500, Tejun Heo wrote: > Hello, > > On Fri, Feb 12, 2016 at 12:18:28AM +0100, Alban Crequy wrote: > > I just noticed commit c38c4597e4bf ("netfilter: implement xt_cgroup > > cgroup2 path match") which, as far as I understand, introduces a new > > userland

Re: [lxc-devel] [PATCH] selftests/cgroupns: new test for cgroup namespaces

namespace and does not mount any > new cgroup2 filesystem. Therefore this does not test that the cgroup2 > mount is correctly rooted to the cgroupns root at mount time. > > Signed-off-by: Alban Crequy <al...@kinvolk.io> Thanks, Alban! > Acked-by: Serge E. Hallyn <serge.hal...@ubuntu

Re: [lxc-devel] [PATCH RFC] Introduce new security.nscapability xattr

On Wed, Jan 27, 2016 at 04:36:02PM -0800, Andy Lutomirski wrote: > On Wed, Jan 27, 2016 at 9:22 AM, Jann Horn wrote: > > I think it sounds good from a security perspective. > > I'm a bit late to the game, but I have a question: why should this be > keyed to the *root* uid of the

Re: [lxc-devel] [PATCH RFC] Introduce new security.nscapability xattr

On Wed, Jan 20, 2016 at 01:48:16PM +0100, Jann Horn wrote: > On Fri, Dec 04, 2015 at 02:21:16PM -0600, Serge E. Hallyn wrote: > > Quoting Eric W. Biederman (ebied...@xmission.com): > > > "Serge E. Hallyn" <serge.hal...@ubuntu.com> writes: > > > > >

Re: [lxc-devel] [PATCH RFC] Introduce new security.nscapability xattr

On Fri, Dec 04, 2015 at 02:21:16PM -0600, Serge E. Hallyn wrote: > Quoting Eric W. Biederman (ebied...@xmission.com): > > "Serge E. Hallyn" <serge.hal...@ubuntu.com> writes: > > > > > A common way for daemons to run with minimal privilege is to start a

Re: [lxc-devel] CGroup Namespaces (v9)

On Mon, Jan 04, 2016 at 06:53:08PM -0600, Serge E. Hallyn wrote: > Ok, please hold off on this, there is another locking question i need to look > into :( With my v2 of patch 3 this is resolved, thanks. ___ lxc-devel mailing list lxc

[lxc-devel] [PATCH 3/8 v3] cgroup: introduce cgroup namespaces

Introduce the ability to create new cgroup namespace. The newly created cgroup namespace remembers the cgroup of the process at the point of creation of the cgroup namespace (referred as cgroupns-root). The main purpose of cgroup namespace is to virtualize the contents of /proc/self/cgroup file.

Re: [lxc-devel] [PATCH 3/8] cgroup: introduce cgroup namespaces

On Mon, Jan 04, 2016 at 01:54:48PM -0600, serge.hal...@ubuntu.com wrote: > From: Aditya Kali > > Introduce the ability to create new cgroup namespace. The newly created > cgroup namespace remembers the cgroup of the process at the point > of creation of the cgroup

Re: [lxc-devel] CGroup Namespaces (v9)

Ok, please hold off on this, there is another locking question i need to look into :( ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel

[lxc-devel] [PATCH 3/8 v2] cgroup: introduce cgroup namespaces

Introduce the ability to create new cgroup namespace. The newly created cgroup namespace remembers the cgroup of the process at the point of creation of the cgroup namespace (referred as cgroupns-root). The main purpose of cgroup namespace is to virtualize the contents of /proc/self/cgroup file.

Re: [lxc-devel] CGroup Namespaces (v8)

On Fri, Jan 01, 2016 at 12:19:44AM -0800, Dan Williams wrote: > On Tue, Dec 22, 2015 at 8:23 PM, wrote: > > Hi, > > > > following is a revised set of the CGroup Namespace patchset which Aditya > > Kali has previously sent. The code can also be found in the cgroupns.v8 >

Re: [lxc-devel] CGroup Namespaces (v8)

On Fri, Jan 01, 2016 at 01:42:57AM -0800, Dan Williams wrote: > On Fri, Jan 1, 2016 at 12:59 AM, Serge E. Hallyn > <serge.hal...@ubuntu.com> wrote: > > On Fri, Jan 01, 2016 at 12:19:44AM -0800, Dan Williams wrote: > >> On Tue, Dec 22, 2015 at 8:23 PM, <serge.hal..

Re: [lxc-devel] [PATCH 6/8] cgroup: mount cgroupns-root when inside non-init cgroupns

On Thu, Dec 31, 2015 at 10:38:22PM +0900, Sergey Senozhatsky wrote: > On (12/22/15 22:23), serge.hal...@ubuntu.com wrote: > [..] > > root = kzalloc(sizeof(*root), GFP_KERNEL); > > if (!root) { > > ret = -ENOMEM; > > @@ -2124,12 +2143,30 @@ out_free: > >

Re: [lxc-devel] [PATCH 3/8 v8.2] cgroup: introduce cgroup namespaces

Introduce the ability to create new cgroup namespace. The newly created cgroup namespace remembers the cgroup of the process at the point of creation of the cgroup namespace (referred as cgroupns-root). The main purpose of cgroup namespace is to virtualize the contents of /proc/self/cgroup file.

Re: [lxc-devel] [PATCH] Fix seccomp profile on attach of undefined container

On Thu, Dec 10, 2015 at 06:58:58PM -0500, Stéphane Graber wrote: > Signed-off-by: Stéphane Graber Thanks, that's what I thought would have to happen when the problem came up earlier. Only thing is you have to free the path when done. After that, Acked-by: Serge Hallyn

Re: [lxc-devel] [PATCH 1/8] kernfs: Add API to generate relative kernfs path

On Wed, Dec 09, 2015 at 05:36:51PM -0500, Tejun Heo wrote: > Hey, > > On Wed, Dec 09, 2015 at 10:13:27PM +, Serge Hallyn wrote: > > we can rename kn_root to from here if you think that's clearer (and > > change the order here as well). > > I think it'd be better for them to be consistent and

Re: [lxc-devel] [PATCH 1/8] kernfs: Add API to generate relative kernfs path

On Wed, Dec 09, 2015 at 05:36:51PM -0500, Tejun Heo wrote: > Hey, > > On Wed, Dec 09, 2015 at 10:13:27PM +, Serge Hallyn wrote: > > we can rename kn_root to from here if you think that's clearer (and > > change the order here as well). > > I think it'd be better for them to be consistent and

Re: [lxc-devel] CGroup Namespaces (v6)

On Tue, Dec 08, 2015 at 11:10:03AM +0100, Alban Crequy wrote: > Hi, > > Thanks for the patches! > > On 8 December 2015 at 00:06, wrote: > > Hi, > > > > following is a revised set of the CGroup Namespace patchset which Aditya > > Kali has previously sent. The code can

Re: [lxc-devel] [PATCH 5/7] cgroup: mount cgroupns-root when inside non-init cgroupns

On Tue, Dec 08, 2015 at 11:20:40AM -0500, Tejun Heo wrote: > Hello, > > On Mon, Dec 07, 2015 at 05:06:20PM -0600, serge.hal...@ubuntu.com wrote: > > fs/kernfs/mount.c | 74 > > > > include/linux/kernfs.h |2 ++ > > kernel/cgroup.c

Re: [lxc-devel] [PATCH 1/7] kernfs: Add API to generate relative kernfs path

On Tue, Dec 08, 2015 at 10:52:51AM -0500, Tejun Heo wrote: > Hello, Serge. > > On Mon, Dec 07, 2015 at 05:06:16PM -0600, serge.hal...@ubuntu.com wrote: > > +/* kernfs_node_depth - compute depth from @from to @to */ > > +static size_t kernfs_node_distance(struct kernfs_node *from, struct > >

Re: [lxc-devel] [PATCH 1/7] kernfs: Add API to generate relative kernfs path

On Tue, Dec 08, 2015 at 10:52:51AM -0500, Tejun Heo wrote: > Hello, Serge. > > On Mon, Dec 07, 2015 at 05:06:16PM -0600, serge.hal...@ubuntu.com wrote: > > +/* kernfs_node_depth - compute depth from @from to @to */ > > +static size_t kernfs_node_distance(struct kernfs_node *from, struct > >

Re: [lxc-devel] [PATCH 3/7] cgroup: introduce cgroup namespaces

On Tue, Dec 08, 2015 at 02:46:00PM -0500, Tejun Heo wrote: > Hello, Serge. > > On Tue, Dec 08, 2015 at 01:34:31PM -0600, Serge E. Hallyn wrote: > > > I'd prefer collecting all ns related declarations in a single place. > > > > I can group some of

Re: [lxc-devel] [PATCH 3/7] cgroup: introduce cgroup namespaces

On Tue, Dec 08, 2015 at 11:04:53AM -0500, Tejun Heo wrote: > On Mon, Dec 07, 2015 at 05:06:18PM -0600, serge.hal...@ubuntu.com wrote: > > static const char *proc_ns_follow_link(struct dentry *dentry, void > > **cookie) > > diff --git a/include/linux/cgroup.h b/include/linux/cgroup.h > > index

Re: [lxc-devel] [PATCH 5/7] cgroup: mount cgroupns-root when inside non-init cgroupns

On Tue, Dec 08, 2015 at 11:20:40AM -0500, Tejun Heo wrote: > Hello, > > On Mon, Dec 07, 2015 at 05:06:20PM -0600, serge.hal...@ubuntu.com wrote: > > fs/kernfs/mount.c | 74 > > > > include/linux/kernfs.h |2 ++ > > kernel/cgroup.c

Re: [lxc-devel] [PATCH 1/7] kernfs: Add API to generate relative kernfs path

On Tue, Dec 08, 2015 at 06:51:20AM -0500, Greg KH wrote: > On Mon, Dec 07, 2015 at 05:06:16PM -0600, serge.hal...@ubuntu.com wrote: > > From: Aditya Kali > > > > The new function kernfs_path_from_node() generates and returns kernfs > > path of a given kernfs_node relative

Re: [lxc-devel] [PATCH RFC] Introduce new security.nscapability xattr

Quoting Eric W. Biederman (ebied...@xmission.com): > "Serge E. Hallyn" <serge.hal...@ubuntu.com> writes: > > > A common way for daemons to run with minimal privilege is to start as root, > > perhaps setuid-root, choose a desired capability set, set PR_SET_KEEPCAP

Re: [lxc-devel] [PATCH 7/8] cgroup: mount cgroupns-root when inside non-init cgroupns

On Wed, Dec 02, 2015 at 11:53:12AM -0500, Tejun Heo wrote: > Hello, Serge. > > On Tue, Dec 01, 2015 at 03:58:53PM -0600, Serge E. Hallyn wrote: > > I mispoke before though - it's not the hierarchy's root dentry, > > but rather a dentry for a descendent cgroup which will becom

Re: [lxc-devel] [PATCH 7/8] cgroup: mount cgroupns-root when inside non-init cgroupns

On Wed, Dec 02, 2015 at 11:58:39AM -0500, Tejun Heo wrote: > On Wed, Dec 02, 2015 at 10:56:37AM -0600, Serge E. Hallyn wrote: > > Can it be flushed when we know that the cgroup is being pinned by > > a css_set? (There's either a task or a cgroup_namespace pinning it > > or

Re: [lxc-devel] [PATCH 7/8] cgroup: mount cgroupns-root when inside non-init cgroupns

On Tue, Dec 01, 2015 at 11:46:49AM -0500, Tejun Heo wrote: > Hey, Serge. > > On Mon, Nov 30, 2015 at 10:07:04PM -0600, Serge E. Hallyn wrote: > > So actually the way the code is now, the first mount cannot > > be done from a non-init user namespace; and kernfs_obtain_root

Re: [lxc-devel] [PATCH 1/8] kernfs: Add API to generate relative kernfs path

On Mon, Nov 30, 2015 at 10:11:47AM -0500, Tejun Heo wrote: > Hello, > > On Thu, Nov 26, 2015 at 11:25:11PM -0600, Serge E. Hallyn wrote: > > > > + /* Short-circuit the easy case - kn_to is the root node. */ > > > > + if ((kn_from == kn_t

[lxc-devel] [PATCH RFC] Introduce new security.nscapability xattr

A common way for daemons to run with minimal privilege is to start as root, perhaps setuid-root, choose a desired capability set, set PR_SET_KEEPCAPS, then change uid to non-root. A simpler way to achieve this is to set file capabilities on a not-setuid-root binary. However, when installing a

Re: [lxc-devel] [PATCH RFC] Introduce new security.nscapability xattr

On Mon, Nov 30, 2015 at 05:08:34PM -0600, Eric W. Biederman wrote: > "Serge E. Hallyn" <serge.hal...@ubuntu.com> writes: > > > A common way for daemons to run with minimal privilege is to start as root, > > perhaps setuid-root, choose a desired capability set, se

Re: [lxc-devel] [PATCH 7/8] cgroup: mount cgroupns-root when inside non-init cgroupns

On Mon, Nov 30, 2015 at 10:09:38AM -0500, Tejun Heo wrote: > Hello, Serge. > > On Thu, Nov 26, 2015 at 11:17:45PM -0600, Serge E. Hallyn wrote: > > > Wouldn't it be simpler to walk dentry from kernfs root than > > > duplicating dentry instantiation? > > >

Re: [lxc-devel] [PATCH 7/8] cgroup: mount cgroupns-root when inside non-init cgroupns

On Tue, Nov 24, 2015 at 12:16:10PM -0500, Tejun Heo wrote: > Hello, > > On Mon, Nov 16, 2015 at 01:51:44PM -0600, se...@hallyn.com wrote: > > +struct dentry *kernfs_obtain_root(struct super_block *sb, > > + struct kernfs_node *kn) > > +{ > > + struct dentry *dentry;

Re: [lxc-devel] [PATCH 1/8] kernfs: Add API to generate relative kernfs path

On Tue, Nov 24, 2015 at 11:16:30AM -0500, Tejun Heo wrote: > Hello, > > On Mon, Nov 16, 2015 at 01:51:38PM -0600, se...@hallyn.com wrote: > > +static char * __must_check kernfs_path_from_node_locked( (Note I've rewritten this to find a common ancestor and walk back to and from that, as you

Re: [lxc-devel] [PATCH 7/8] cgroup: mount cgroupns-root when inside non-init cgroupns

On Tue, Nov 24, 2015 at 12:16:10PM -0500, Tejun Heo wrote: ... > > + if (ns != _cgroup_ns) { > > + struct dentry *nsdentry; > > + struct cgroup *cgrp; > > + > > + cgrp = cset_cgroup_from_root(ns->root_cgrps, root); > > +

Re: [lxc-devel] [PATCH 1/8] kernfs: Add API to generate relative kernfs path

On Tue, Nov 24, 2015 at 11:17:09AM -0500, Tejun Heo wrote: > Oops, also please cc Greg Kroah-Hartman > on kernfs changes. Will do. Thank you for all the feedback. I'll send out a new set when I get it all addressed. ___

Re: [lxc-devel] CGroup Namespaces (v4)

On Wed, Nov 18, 2015 at 03:18:44AM -0600, Eric W. Biederman wrote: > "Serge E. Hallyn" <se...@hallyn.com> writes: > > > On Mon, Nov 16, 2015 at 04:24:27PM -0600, Eric W. Biederman wrote: > >> Similary have you considered what it required to be able to safel

Re: [lxc-devel] CGroup Namespaces (v4)

On Mon, Nov 16, 2015 at 04:24:27PM -0600, Eric W. Biederman wrote: > Similary have you considered what it required to be able to safely set > FS_USERNS_MOUNT? I pushed the one patch which I feel is needed to my branch (it's also included in another reply). Aditya had already added

Re: [lxc-devel] CGroup Namespaces (v4)

On Mon, Nov 16, 2015 at 09:41:15PM +0100, Richard Weinberger wrote: > Serge, > > On Mon, Nov 16, 2015 at 8:51 PM, wrote: > > To summarize the semantics: > > > > 1. CLONE_NEWCGROUP re-uses 0x0200, which was previously CLONE_STOPPED > > > > 2. unsharing a cgroup namespace

Re: [lxc-devel] CGroup Namespaces (v4)

On Mon, Nov 16, 2015 at 09:50:55PM +0100, Richard Weinberger wrote: > Am 16.11.2015 um 21:46 schrieb Serge E. Hallyn: > > On Mon, Nov 16, 2015 at 09:41:15PM +0100, Richard Weinberger wrote: > >> Serge, > >> > >> On Mon, Nov 16, 2015 at 8:51 PM, <se..

Re: [lxc-devel] CGroup Namespaces (v4)

On Mon, Nov 16, 2015 at 07:40:26PM -0600, Serge E. Hallyn wrote: > On Mon, Nov 16, 2015 at 07:13:49PM -0600, Serge E. Hallyn wrote: > > On Mon, Nov 16, 2015 at 04:24:27PM -0600, Eric W. Biederman wrote: ... > > > Similary have you considered what it required to be

Re: [lxc-devel] CGroup Namespaces (v4)

On Mon, Nov 16, 2015 at 04:24:27PM -0600, Eric W. Biederman wrote: > "Serge E. Hallyn" <se...@hallyn.com> writes: > > > On Mon, Nov 16, 2015 at 09:50:55PM +0100, Richard Weinberger wrote: > >> Am 16.11.2015 um 21:46 schrieb Serge E. Hallyn: > >> >

Re: [lxc-devel] CGroup Namespaces (v4)

On Mon, Nov 16, 2015 at 07:13:49PM -0600, Serge E. Hallyn wrote: > On Mon, Nov 16, 2015 at 04:24:27PM -0600, Eric W. Biederman wrote: > > "Serge E. Hallyn" <se...@hallyn.com> writes: > > > > > On Mon, Nov 16, 2015 at 09:50:55PM +0100, Richard Weinber

Re: [lxc-devel] [RFC] Per-user namespace process accounting

Quoting Marian Marinov (m...@1h.com): -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 06/03/2014 08:54 PM, Eric W. Biederman wrote: Serge Hallyn serge.hal...@ubuntu.com writes: Quoting Pavel Emelyanov (xe...@parallels.com): On 05/29/2014 07:32 PM, Serge Hallyn wrote: Quoting

Re: [lxc-devel] [RFC PATCH 00/11] Add support for devtmpfs in user namespaces

Quoting Seth Forshee (seth.fors...@canonical.com): On Fri, May 23, 2014 at 03:23:50PM -0700, Eric W. Biederman wrote: Serge Hallyn serge.hal...@ubuntu.com writes: Quoting Eric W. Biederman (ebied...@xmission.com): Ultimately the technical challenge is how do we create a block

Re: [lxc-devel] [RFC PATCH 00/11] Add support for devtmpfs in user namespaces

: Quoting Andy Lutomirski (l...@amacapital.net): On May 15, 2014 1:26 PM, Serge E. Hallyn se...@hallyn.com wrote: Quoting Richard Weinberger (rich...@nod.at): Am 15.05.2014 21:50, schrieb Serge Hallyn: Quoting Richard Weinberger (richard.weinber...@gmail.com): On Thu

Re: [lxc-devel] [RFC PATCH 00/11] Add support for devtmpfs in user namespaces

Quoting James Bottomley (james.bottom...@hansenpartnership.com): On Fri, 2014-05-16 at 11:57 -0700, Greg Kroah-Hartman wrote: On Fri, May 16, 2014 at 09:06:07AM -0500, Seth Forshee wrote: On Thu, May 15, 2014 at 09:35:32PM -0700, Greg Kroah-Hartman wrote: On Fri, May 16, 2014 at

Re: [lxc-devel] [RFC PATCH 00/11] Add support for devtmpfs in user namespaces

Quoting Richard Weinberger (rich...@nod.at): Am 15.05.2014 21:50, schrieb Serge Hallyn: Quoting Richard Weinberger (richard.weinber...@gmail.com): On Thu, May 15, 2014 at 4:08 PM, Greg Kroah-Hartman gre...@linuxfoundation.org wrote: Then don't use a container to build such a thing, or fix