From: Christian Brauner <christian.brauner@ubuntu.com>
To: Christian Kellner <ckellner@redhat.com>
Cc: linux-kernel@vger.kernel.org,
Christian Kellner <christian@kellner.me>,
Andrew Morton <akpm@linux-foundation.org>,
"Peter Zijlstra (Intel)" <peterz@infradead.org>,
Ingo Molnar <mingo@kernel.org>, Michal Hocko <mhocko@suse.com>,
Elena Reshetova <elena.reshetova@intel.com>,
Thomas Gleixner <tglx@linutronix.de>,
Roman Gushchin <guro@fb.com>,
Andrea Arcangeli <aarcange@redhat.com>,
"Joel Fernandes (Google)" <joel@joelfernandes.org>,
Al Viro <viro@zeniv.linux.org.uk>,
"Dmitry V. Levin" <ldv@altlinux.org>
Subject: Re: [PATCH] pidfd: show pids for nested pid namespaces in fdinfo
Date: Tue, 8 Oct 2019 15:52:59 +0200 [thread overview]
Message-ID: <20191008135258.mzc7o2djiq5yydko@wittgenstein> (raw)
In-Reply-To: <20191008133641.23019-1-ckellner@redhat.com>
On Tue, Oct 08, 2019 at 03:36:37PM +0200, Christian Kellner wrote:
> From: Christian Kellner <christian@kellner.me>
>
> The fdinfo file for a process file descriptor already contains the
> pid of the process in the callers namespaces. Additionally, if pid
> namespaces are configured, show the process ids of the process in
> all nested namespaces in the same format as in the procfs status
> file, i.e. "NSPid:\t%d\%d...". This allows the easy identification
> of the processes in nested namespaces.
>
> Signed-off-by: Christian Kellner <christian@kellner.me>
Yeah, makes sense to me.
Note that if you send the pidfd to a sibling pid namespace NSpid won't
show you anything useful. But that's what I'd expect security wise. You
should only be able to snoop on descendant pid namespaces.
Please add a test for this to verify that this all works correctly and
then resend. The tests live in tools/testing/selftests/pidfd/ and should
already have most of the infrastructure there. The fdinfo parsing code
should be in samples/pidfd/ which
For the patch itself:
Reviewed-by: Christian Brauner <christian.brauner@ubuntu.com>
You can resend with my Reviewed-by retained if you don't change
anything. Before I see tests I'll hold off on merging this. ;)
Thanks!
Christian
next prev parent reply other threads:[~2019-10-08 13:53 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-08 13:36 [PATCH] pidfd: show pids for nested pid namespaces in fdinfo Christian Kellner
2019-10-08 13:52 ` Christian Brauner [this message]
2019-10-08 14:00 ` Michal Hocko
2019-10-09 16:05 ` [PATCH v2 1/2] " Christian Kellner
2019-10-09 16:05 ` [PATCH v2 2/2] pidfd: add tests for NSpid info " Christian Kellner
2019-10-11 15:09 ` Jann Horn
2019-10-11 15:09 ` Jann Horn
2019-10-11 17:08 ` Christian Brauner
2019-10-11 17:08 ` Christian Brauner
2019-10-09 17:29 ` [PATCH v2 1/2] pidfd: show pids for nested pid namespaces " Christian Brauner
2019-10-11 12:23 ` [PATCH v3 " Christian Kellner
2019-10-11 12:23 ` [PATCH v3 2/2] pidfd: add tests for NSpid info " Christian Kellner
2019-10-11 13:18 ` Christian Brauner
2019-10-11 13:18 ` Christian Brauner
2019-10-11 13:17 ` [PATCH v3 1/2] pidfd: show pids for nested pid namespaces " Christian Brauner
2019-10-11 14:55 ` Jann Horn
2019-10-11 15:17 ` Christian Brauner
2019-10-11 15:30 ` Jann Horn
2019-10-11 16:58 ` Christian Brauner
2019-10-11 18:20 ` Jann Horn
2019-10-12 10:19 ` [PATCH] pidfd: add NSpid entries to fdinfo Christian Brauner
2019-10-12 10:21 ` Christian Brauner
2019-10-14 9:43 ` Christian Kellner
2019-10-14 10:31 ` Christian Brauner
2019-10-14 15:10 ` Jann Horn
2019-10-14 15:20 ` Christian Kellner
2019-10-14 15:09 ` Jann Horn
2019-10-14 17:06 ` Christian Brauner
2019-10-14 16:20 ` [PATCH v4 1/2] " Christian Kellner
2019-10-14 16:20 ` [PATCH v4 2/2] pidfd: add tests for NSpid info in fdinfo Christian Kellner
2019-10-15 10:07 ` Christian Brauner
2019-11-13 11:52 ` Naresh Kamboju
2019-11-13 11:52 ` Naresh Kamboju
2019-11-13 12:20 ` Christian Brauner
2019-11-13 12:20 ` Christian Brauner
2019-10-15 9:40 ` [PATCH v4 1/2] pidfd: add NSpid entries to fdinfo Christian Brauner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191008135258.mzc7o2djiq5yydko@wittgenstein \
--to=christian.brauner@ubuntu.com \
--cc=aarcange@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=christian@kellner.me \
--cc=ckellner@redhat.com \
--cc=elena.reshetova@intel.com \
--cc=guro@fb.com \
--cc=joel@joelfernandes.org \
--cc=ldv@altlinux.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mhocko@suse.com \
--cc=mingo@kernel.org \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.