On Fri, Jan 29, 2016 at 02:54:11AM -0600, serge.hal...@ubuntu.com wrote:
> From: Serge Hallyn
>
> allowing root in a non-init user namespace to mount it. This should
> now be safe, because
>
> 1. non-init-root cannot mount a previously unbound subsystem
> 2. the task
On Mon, Feb 15, 2016 at 04:17:05PM -0500, Tejun Heo wrote:
> I'm getting the following on top of the current for-4.6. Can you
> please look into it?
>
> [kernel/cgroup.c:219:13: error: ‘cgroupns_operations’ undeclared here (not in
> a function)
> .ns.
On Fri, Feb 12, 2016 at 05:22:21PM -0600, Serge E. Hallyn wrote:
> On Fri, Feb 12, 2016 at 11:09:06AM -0500, Tejun Heo wrote:
> > Hello,
> >
> > On Fri, Feb 12, 2016 at 12:18:28AM +0100, Alban Crequy wrote:
> > > I just noticed commit c38c4597e4bf ("netfilter
Hello,
On Fri, Feb 12, 2016 at 12:18:28AM +0100, Alban Crequy wrote:
> I just noticed commit c38c4597e4bf ("netfilter: implement xt_cgroup
> cgroup2 path match") which, as far as I understand, introduces a new
> userland facing API containing the full cgroup path. Does it mean that
> the cgroupns
On Fri, Jan 01, 2016 at 11:14:14AM -0800, Dan Williams wrote:
> On Fri, Jan 1, 2016 at 10:06 AM, Serge E. Hallyn
> wrote:
> > On Fri, Jan 01, 2016 at 01:42:57AM -0800, Dan Williams wrote:
> >> Commit 54b39d263704 "cgroup: cgroup namespace setns support" not
> >> booting
-0600
tj: Reorganized to better fit the documentation.
Signed-off-by: Aditya Kali <adityak...@google.com>
Signed-off-by: Serge Hallyn <serge.hal...@canonical.com>
Signed-off-by: Tejun Heo <t...@kernel.org>
---
Documentation/cgroup.txt | 147
Hello,
I did some heavy editing of the documentation. How does this look?
Did I miss anything?
Thanks.
---
Documentation/cgroup.txt | 146 +++
1 file changed, 146 insertions(+)
--- a/Documentation/cgroup.txt
+++ b/Documentation/cgroup.txt
@@ -47,6
Applied 1-6 and 8 to cgroup/for-4.5.
Thanks.
--
tejun
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
Hello, Serge.
On Tue, Dec 22, 2015 at 10:23:22PM -0600, serge.hal...@ubuntu.com wrote:
> @@ -164,18 +286,39 @@ void pr_cont_kernfs_name(struct kernfs_node *kn)
> void pr_cont_kernfs_path(struct kernfs_node *kn)
> {
> unsigned long flags;
> - char *p;
> + char *p = NULL;
> +
Hello,
On Tue, Dec 22, 2015 at 10:23:24PM -0600, serge.hal...@ubuntu.com wrote:
...
> +char *cgroup_path(struct cgroup *cgrp, char *buf, size_t buflen)
> +{
> + int ret;
> +
> + ret = cgroup_path_ns(cgrp, buf, buflen, current->nsproxy->cgroup_ns);
> + if (ret < 0 || ret >=
Hello, Serge.
On Tue, Dec 08, 2015 at 05:21:24PM -0600, Serge E. Hallyn wrote:
> > Heh, is kernfs_obtain_root() the right name? Maybe
> > kernfs_node_to_inode()?
>
> kernfs_node_to_dentry?
>
> This would presumably make the question of whether to pass in a namespace
> moot?
Sounds good.
Hey,
On Wed, Dec 09, 2015 at 10:13:27PM +, Serge Hallyn wrote:
> we can rename kn_root to from here if you think that's clearer (and
> change the order here as well).
I think it'd be better for them to be consistent and in the same order
- the target and then the optional base.
> > Was
Hello, Serge.
On Wed, Dec 09, 2015 at 01:28:54PM -0600, serge.hal...@ubuntu.com wrote:
> +/* kernfs_node_depth - compute depth from @from to @to */
> +static size_t kernfs_depth(struct kernfs_node *from, struct kernfs_node *to)
...
> +char *kernfs_path(struct kernfs_node *kn, char *buf, size_t
On Mon, Dec 07, 2015 at 05:06:21PM -0600, serge.hal...@ubuntu.com wrote:
> From: Aditya Kali
>
> Signed-off-by: Aditya Kali
> Signed-off-by: Serge Hallyn
> ---
> Documentation/cgroups/namespace.txt | 142
>
On Mon, Dec 07, 2015 at 05:06:18PM -0600, serge.hal...@ubuntu.com wrote:
> static const char *proc_ns_follow_link(struct dentry *dentry, void **cookie)
> diff --git a/include/linux/cgroup.h b/include/linux/cgroup.h
> index 2b3e2314..906f240 100644
> --- a/include/linux/cgroup.h
> +++
Hello,
On Mon, Dec 07, 2015 at 05:06:20PM -0600, serge.hal...@ubuntu.com wrote:
> fs/kernfs/mount.c | 74
>
> include/linux/kernfs.h |2 ++
> kernel/cgroup.c| 39 -
> 3 files changed, 114
Hello, Serge.
On Tue, Dec 08, 2015 at 01:34:31PM -0600, Serge E. Hallyn wrote:
> > I'd prefer collecting all ns related declarations in a single place.
>
> I can group some of them, but free_cgroup_ns needs the
> cgroup_namespace definition, put_cgroup_ns() needs free_cgroup_ns(),
> and
Hello, Serge.
On Thu, Dec 03, 2015 at 04:47:06PM -0600, Serge E. Hallyn wrote:
...
> + dentry = dget(sb->s_root);
> + if (!kn->parent) // this is the root
> + return dentry;
> +
> + knparent = find_kn_ancestor_below(kn, NULL);
> + BUG_ON(!knparent);
Doing WARN_ON()
On Wed, Dec 02, 2015 at 10:56:37AM -0600, Serge E. Hallyn wrote:
> Can it be flushed when we know that the cgroup is being pinned by
> a css_set? (There's either a task or a cgroup_namespace pinning it
> or we wouldn't get here)
Yeap, it can be flushed. There's no ref coming out of cgroup to
On Wed, Dec 02, 2015 at 11:02:39AM -0600, Serge E. Hallyn wrote:
> On Wed, Dec 02, 2015 at 11:58:39AM -0500, Tejun Heo wrote:
> > On Wed, Dec 02, 2015 at 10:56:37AM -0600, Serge E. Hallyn wrote:
> > > Can it be flushed when we know that the cgroup is being pinned by
> >
Hello, Serge.
On Tue, Dec 01, 2015 at 03:58:53PM -0600, Serge E. Hallyn wrote:
> I mispoke before though - it's not the hierarchy's root dentry,
> but rather a dentry for a descendent cgroup which will become the
> root dentry for the new superblock. We do know that there must be
> a css_set
Hey, Serge.
On Mon, Nov 30, 2015 at 10:07:04PM -0600, Serge E. Hallyn wrote:
> So actually the way the code is now, the first mount cannot
> be done from a non-init user namespace; and kernfs_obtain_root()
> is only called from non-init user namespace. So can we assume
> that the root dentry
Hello,
On Thu, Nov 26, 2015 at 11:25:11PM -0600, Serge E. Hallyn wrote:
> > > + /* Short-circuit the easy case - kn_to is the root node. */
> > > + if ((kn_from == kn_to) || (!kn_from && !kn_to->parent)) {
> > > + *p = '/';
> > > + *(p + 1) = '\0';
> >
> > Hmm... so if kn_from ==
Hello, Serge.
On Thu, Nov 26, 2015 at 11:17:45PM -0600, Serge E. Hallyn wrote:
> > Wouldn't it be simpler to walk dentry from kernfs root than
> > duplicating dentry instantiation?
>
> Sorry I don't think I'm following. Are you suggesting walking the
> kn->parent chain backward and doing
Hello, Serge.
On Mon, Nov 30, 2015 at 12:37:58PM -0600, Serge E. Hallyn wrote:
> > Yeah, I agree but the name is kinda misleading tho. The output isn't
> > really a relative path but rather absolute path against the specified
> > root. Maybe updating the function and parameter names would be
>
Hello, Serge.
On Wed, Nov 25, 2015 at 12:01:56AM -0600, Serge E. Hallyn wrote:
> that was my goal with
> https://git.kernel.org/cgit/linux/kernel/git/sergeh/linux-security.git/commit/?h=cgroupns.v4=8eb75d2bb24df59e262f050dce567d2332adc5f3
> (which was sent inline earlier in this thread in
On Wed, Nov 25, 2015 at 07:55:53PM +, Serge Hallyn wrote:
> Quoting Tejun Heo (t...@kernel.org):
> > Hello, Serge.
> >
> > On Wed, Nov 25, 2015 at 12:01:56AM -0600, Serge E. Hallyn wrote:
> > > that was my goal with
> > > https://git.kernel.org/cgit/lin
Hello,
On Mon, Nov 16, 2015 at 01:51:40PM -0600, se...@hallyn.com wrote:
> diff --git a/include/linux/cgroup.h b/include/linux/cgroup.h
> index 22e3754..29f0b02 100644
> --- a/include/linux/cgroup.h
> +++ b/include/linux/cgroup.h
> @@ -326,6 +326,7 @@ static inline bool css_tryget_online(struct
Oops, also please cc Greg Kroah-Hartman
on kernfs changes.
Thanks.
--
tejun
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
Hello,
On Mon, Nov 16, 2015 at 01:51:38PM -0600, se...@hallyn.com wrote:
> +static char * __must_check kernfs_path_from_node_locked(
> + struct kernfs_node *kn_from,
> + struct kernfs_node *kn_to,
> + char *buf,
> + size_t buflen)
> +{
> + char *p = buf;
> + struct
Hello,
On Mon, Nov 16, 2015 at 01:51:41PM -0600, se...@hallyn.com wrote:
> From: Aditya Kali
>
> move cgroup_get() and cgroup_put() into cgroup.h so that
> they can be called from other places.
>
> Signed-off-by: Aditya Kali
> Acked-by: Serge
Hello,
On Mon, Nov 16, 2015 at 01:51:44PM -0600, se...@hallyn.com wrote:
> +struct dentry *kernfs_obtain_root(struct super_block *sb,
> + struct kernfs_node *kn)
> +{
> + struct dentry *dentry;
> + struct inode *inode;
> +
> + BUG_ON(sb->s_op != _sops);
>
Hello,
On Mon, Nov 16, 2015 at 01:51:42PM -0600, se...@hallyn.com wrote:
> diff --git a/include/linux/cgroup.h b/include/linux/cgroup.h
> index 99096be..b3ce9d9 100644
> --- a/include/linux/cgroup.h
> +++ b/include/linux/cgroup.h
> @@ -17,6 +17,9 @@
> #include
> #include
> #include
>
On Tue, Nov 24, 2015 at 11:27:28AM -0500, Tejun Heo wrote:
> > +struct cgroup *get_task_cgroup(struct task_struct *task)
Umm... is this function even used?
--
tejun
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.or
On Mon, Nov 16, 2015 at 01:51:45PM -0600, se...@hallyn.com wrote:
> From: Aditya Kali
>
> Signed-off-by: Aditya Kali
> Signed-off-by: Serge Hallyn
> ---
> Documentation/cgroups/namespace.txt | 142
>
Hello, Eric.
On Mon, Nov 16, 2015 at 04:24:27PM -0600, Eric W. Biederman wrote:
> Does this allow mixing of cgroupfs and cgroupfs2? That is can I: "mount
> -t cgroupfs" inside a container and "mount -t cgroupfs2" outside a
> container? and still have reasonable things happen? I suspect the
>
36 matches
Mail list logo