From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andrew Vagin Subject: Re: [PATCH 0/5 RFC] Add an interface to discover relationships between namespaces Date: Mon, 25 Jul 2016 19:07:36 -0700 Message-ID: <20160726020735.GB23617@outlook.office365.com> References: <1468520419-28220-1-git-send-email-avagin@openvz.org> <87poq3liyq.fsf@x220.int.ebiederm.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: Content-Disposition: inline In-Reply-To: <87poq3liyq.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org Errors-To: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org To: "Eric W. Biederman" Cc: Serge Hallyn , Andrey Vagin , "criu-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org" , Linux API , Linux Containers , LKML , James Bottomley , Alexander Viro , linux-fsdevel , "Michael Kerrisk (man-pages)" List-Id: containers.vger.kernel.org On Sun, Jul 24, 2016 at 12:10:21AM -0500, Eric W. Biederman wrote: > Andrey Vagin writes: > > > Hello, > > > > I forgot to add --cc-cover for git send-email, so everyone who is in > > Cc got only a cover letter. All messages were sent in mail lists. > > > > Sorry for inconvenience. > > Mostly the code looked sensible. But I had a couple of issues. > Resend this in September (when the merge window is closed and I am back > from vacation) and I will give this a thorough review and get this > merged. Or possibly next week if Linus releases another -rc Eric, thank you for the detailed comments. I will rework this series and send it after the merge window. > > > On Thu, Jul 14, 2016 at 11:20 AM, Andrey Vagin wrote: > >> Each namespace has an owning user namespace and now there is not way > >> to discover these relationships. > >> > >> Pid and user namepaces are hierarchical. There is no way to discover > >> parent-child relationships too. > >> > >> Why we may want to know relationships between namespaces? > >> > >> One use would be visualization, in order to understand the running system. > >> Another would be to answer the question: what capability does process X have to > >> perform operations on a resource governed by namespace Y? > >> > >> One more use-case (which usually called abnormal) is checkpoint/restart. > >> In CRIU we age going to dump and restore nested namespaces. > >> > >> There [1] was a discussion about which interface to choose to determing > >> relationships between namespaces. > >> > >> Eric suggested to add two ioctl-s [2]: > >>> Grumble, Grumble. I think this may actually a case for creating ioctls > >>> for these two cases. Now that random nsfs file descriptors are bind > >>> mountable the original reason for using proc files is not as pressing. > >>> > >>> One ioctl for the user namespace that owns a file descriptor. > >>> One ioctl for the parent namespace of a namespace file descriptor. > >> > >> Here is an implementaions of these ioctl-s. > >> > >> [1] https://lkml.org/lkml/2016/7/6/158 > >> [2] https://lkml.org/lkml/2016/7/9/101 > >> > >> Cc: "Eric W. Biederman" > >> Cc: James Bottomley > >> Cc: "Michael Kerrisk (man-pages)" > >> Cc: "W. Trevor King" > >> Cc: Alexander Viro > >> Cc: Serge Hallyn > > > Eric From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755255AbcGZCH6 (ORCPT ); Mon, 25 Jul 2016 22:07:58 -0400 Received: from mail-ve1eur01on0116.outbound.protection.outlook.com ([104.47.1.116]:45712 "EHLO EUR01-VE1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1754068AbcGZCH4 (ORCPT ); Mon, 25 Jul 2016 22:07:56 -0400 X-Greylist: delayed 153802 seconds by postgrey-1.27 at vger.kernel.org; Mon, 25 Jul 2016 22:07:55 EDT Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=avagin@virtuozzo.com; Date: Mon, 25 Jul 2016 19:07:36 -0700 From: Andrew Vagin To: "Eric W. Biederman" CC: Andrey Vagin , LKML , James Bottomley , Serge Hallyn , Linux API , Linux Containers , Alexander Viro , "criu@openvz.org" , linux-fsdevel , "Michael Kerrisk (man-pages)" Subject: Re: [PATCH 0/5 RFC] Add an interface to discover relationships between namespaces Message-ID: <20160726020735.GB23617@outlook.office365.com> References: <1468520419-28220-1-git-send-email-avagin@openvz.org> <87poq3liyq.fsf@x220.int.ebiederm.org> MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-r" Content-Disposition: inline In-Reply-To: <87poq3liyq.fsf@x220.int.ebiederm.org> User-Agent: Mutt/1.6.2 (2016-07-01) X-Originating-IP: [67.183.159.197] X-ClientProxiedBy: CY1PR21CA0041.namprd21.prod.outlook.com (10.161.247.51) To VI1PR0801MB1981.eurprd08.prod.outlook.com (10.173.74.14) X-MS-Office365-Filtering-Correlation-Id: e44aa41d-161e-415e-8a65-08d3b4f9a608 X-Microsoft-Exchange-Diagnostics: 1;VI1PR0801MB1981;2:pH6lQ19ssomwqXS/97iysx0YM8IGSybg9MxzrfJxwGD3ufnICxR+jj0JY1arAkLLE8GDFQiqKyJU022t96DEvAmOoAdpxw3UabHDytZUeGKD1ZbPURe6c5LpCvFUnCWWhvvMNhDL1bmmjbfR4Se2BQwEzDgbXwFUni6gHqvv3VH5PgMMR4FKd4KmNZKchIes;3:H33I5X5K8N57lSwrjiBxdj7HdzKrR5/1Hc2HW1lYUZe4w+io6lVtsVmmMlhRSphvdoqiCf2vNGG9OgqqyyVsvMVBsFzB0lzGuwdmh1nSRMToJWj2wk8X02w+F1ntnRZk;25:9C/ez8wArpCQXDOPQ0LXEmmN6vHjM/LRWJp7mnf4CnqY5dcLcmWrJGvytdlNXBAyptQyKZGaxg2bTMmSU8e+RDnB4uhGtNaGtWd3D4Q0kb3cLVCACwMkB3VtQkodhbEheoV2aV2IRDcNW8rYS4Q3C/IoULsqUBAIy6JVVWNkG8PqPvTft3uiXp3orT1fy/Yrk4Yv1J7/f4FP3HWR0cTButfBkCcywTVPMbM6Njz3R8pVKHpnY571CICpAYhGKD0kXW5WYMwmTEY0XmAhiebzzlLWB7UMxGvcc0KJzy4JbvZ6I9Eb2aLp+of2pZ7j00Y4j2aMPk6JYcH2/VSwBAih/4mWro5TNY4z7XOn6es2+qjSlWNgYJuXyN2wiz3tFn9Ppsjov6aH4K1Hykw2XrKAI6J5Jg1YgOpOQaC1h8x88Cs= X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:VI1PR0801MB1981; X-Microsoft-Exchange-Diagnostics: 1;VI1PR0801MB1981;31:c+X+qfqLIEaBT7XqDUWtXNy4k8NHz9gzuqi+XAlaedsMV2q4eqUXV+3Ce9eRq0bemUJ3f6G4Yc+HmD9npX/DP4lJO4Q8EFyO2zpZojyKN3QHvGgk9x5wqO35BADTKfwNZ8qnAZ9jgc+kK9z4YBBQ6UBZcb9CLNZSqT5r6bE/Q6kvjVMLnfUKUrU/kKTOKFNoxz4RfY35EupGjgqR3VzwaQ==;4:HMeaBGEHeHfogdpwn2sBN6NMVb6+fJTHCZpPTDncEZpgoChV/fG5hCfbel4Sp24h5aGm2m5UiKIrwu8s8FTFd+1tSeb6aO6VY8FP3LvyPq6gjxoDQ3+Pl2VmiePORMcJZ0lMElB21pWgiW2Ls0NaXSYGxxMwoHoWaxGBTIfSj7TvX5kLrV+VvOTAg9PtUJikPxUPcEZEUsNRiXlwiBsrcxFYT9I0X84tl+uyDy6G7c3aq881480z/o7tQPOD91nExMsSQy1TC2/42dlnC012HVCsREN6n8bpBzV+CXwr7C/xblGNrqZspzzu9ncDvEmbhuAFpPc6xKvns4yBfgXKVsa8+2oKx4wEklSHdz2QZmmS/ggrEbU/bz4xZF66xfTFt+Tt1FC7ZqNC2sMnFceSqivbckx/jd78meFWdRcEp90QKwMq/Z34Nv+yOd/2wsO3jJXqO6imD+qQ/GJdMrcVrA== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(198206253151910); X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040130)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(6041072)(6043046);SRVR:VI1PR0801MB1981;BCL:0;PCL:0;RULEID:;SRVR:VI1PR0801MB1981; X-Forefront-PRVS: 00159D1518 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10019020)(4630300001)(6009001)(7916002)(199003)(24454002)(377454003)(189002)(8676002)(23686003)(42186005)(9686002)(2906002)(1076002)(81156014)(81166006)(189998001)(50466002)(68736007)(7736002)(7846002)(53416004)(305945005)(101416001)(106356001)(4326007)(76176999)(54356999)(586003)(3846002)(6116002)(50986999)(19580405001)(105586002)(92566002)(66066001)(86362001)(69596002)(110136002)(4001350100001)(97736004)(15975445007)(83506001)(77096005)(33656002)(47776003)(19580395003)(345774005)(2950100001)(18370500001)(26326002);DIR:OUT;SFP:1102;SCL:1;SRVR:VI1PR0801MB1981;H:outlook.office365.com;FPR:;SPF:None;PTR:InfoNoRecords;A:1;MX:1;LANG:en; X-Microsoft-Exchange-Diagnostics: =?koi8-r?Q?1;VI1PR0801MB1981;23:F7Xp6yxeNbH9l+NgJVv6wK/xjbikKWHkxiRV6W9RE?= =?koi8-r?Q?JROF/+lT+BSuGDxZq6T1IvnaVAQzsUSGRP7dqtnod7yavOe/xsDfsrHJcncGzC?= =?koi8-r?Q?rn/SfUbzOuyFlEK2pB2enbXZl0lOLAyGLFq7IcYH+lk8lXY6UrlW3KpnSZg3eK?= =?koi8-r?Q?o22VKld2jOG7fp3z1vEcLXXbSPtWBZDUlntRYjg9PeScYQkduYy1mSHVTnFyVO?= =?koi8-r?Q?ORdgocM/gTmAbGYr8RhJR/UNshBukW68H9CPvGCwfxtGghUtrPfyI5oH6W637F?= =?koi8-r?Q?q780Uez5uPK3+X8SFJ9pyRo9Rl/ZaZOETQQW4FWrPBozZ1NEg7SRuR/XRSiA3Y?= =?koi8-r?Q?MDK/21rY/XLmn//xwfhFUIAjbJjL8u5EXEahQ0vDAu1RxBWjtIcLOHKBsk3wtv?= =?koi8-r?Q?RQNJpKnO+di0wXOI7DCdLalreO6lxaW9OY1gT6xoHiDts9VA2eyrQ+prnfjKuL?= =?koi8-r?Q?k4Rrb/7PiXB1sV8DvyRvjIWpuLU5I0BSkAz6p0sjkITDw5xF28w8FeHWK0Z6ip?= =?koi8-r?Q?XlhPZWPDTIjrxckn7cu0VnExF0WKkaXe2sLKr7dqWn/XCGBN6VwpzOzxv0bW5K?= =?koi8-r?Q?CakoO9ExEQfkWDDt6G1Gm4cL1B4tzouCGXB+IuMIeHnm/pHyXFo7hjujb0k+og?= =?koi8-r?Q?LIZaz9jG+6rZR52b0Oifnq0EZL6Wg8wf5l5JUGA899IlUYjLQFAasi6ewA6jxX?= =?koi8-r?Q?ffzLWQ9Gt857Tny5w65q1OifaisVFpIAmTUqIbbzAa10TcVkTeHj/8nA/V9BF7?= =?koi8-r?Q?IFWrGSZPnJ3h9wo6w1IDXTUM4IP2/D8F80Acp8YPN8xAJBQ2B9XC4dBttJUYWb?= =?koi8-r?Q?zbLaOgsPt216WPI+TRa9nGzEdLpzWppLPLOA6IalefWad9OTS5Ljq7g5yjQa3o?= =?koi8-r?Q?ybfZWPFyqztlruBIvG919H1UmTgmgz2s0x/C1KzX3y09VNKr0ELrsy6k0az2Kl?= =?koi8-r?Q?s9MPX5TV2jssXeunaD3nYXVtbFfeo+ZM894DxdiOCuJiqWzG63QraTRnmukBfx?= =?koi8-r?Q?HGWW1NEV/iX5xXLaf1MvJiH5kcPtbbkC8wpuM1RM0xmY4mVsXwGupgG6f8+ZKs?= =?koi8-r?Q?MAvQ13Ns6QQYQgNga/ckKzgt8vyaBzm1d5+uzHQCx3Q0s8hymKpA2C/R38rug5?= =?koi8-r?Q?D/ItZl97JxI4KnefNbljxl/lEmcmg5K6ilA/dNor8Qz3xgR0sTBCeJUWynMT++?= =?koi8-r?Q?RSzPZN1C3MlDXWMp0W/4qt7kFewyNliagiCCTRlk=3D?= X-Microsoft-Exchange-Diagnostics: 1;VI1PR0801MB1981;6:fsvciyiNt/inZoj3Z4PBmVkcjme3F5WMsOD0pFB9tQZEkTXBanH39tF9c1uExcb6Z/Q12Qbkf9mrK1zfwfRWlWI1q9Mp3KFHyiSnzf2nEt9yLlNncjLFrIhw1HrmDVruogLeaqXWYjTgPTQ9tjCEVZ98xrgdVILFjQqONBWv2BWXIIKrA6qO/chvMfL/mFm8bRz+tyM5baAna5ACCXxX1pFXR1OqY9rk/yuVbNmZOkP3ZwB3+KHkc2ruaLbHuI5PmgpyR3RZo1IqOHsN/ZrzIJf6GOeXhhQvdVzp3rmC9BVvxDPEFmSw8ztFiTVJOHMk;5:IiAK0yI1ZzwcIgGUzXlxmHJnM/zBaXHPLGfGf8SXuyXH3zNTtleFQ5z0mz3rvfe7WgRNpzR8aREkKU3Kbgri3EdkIovJSlzgIWI+PrIwvoQFciqVwMeUXniDz33Kom52mxtfRyNXI+a5jAGKZgvLyQ==;24:YNyyoK7TGedQDmv+6zEKwxctK6NLRn4h++gDxcp/5pDZkrrApW2FJ8Ei3KkvWACQgX2SuIAK0w59pGiQBtgxn+CWPgYdR7ULOQxmp/3l7/U=;7:8xS46r9z9/5R2pGEpvTEPo6J8gh5k5QZ+EluPnCTlQiHF9V2WwsSWqMeG/iS2w9iRY27KOO0wORWRve6FGsFfqXq7Rwb0CjoXAMr6ZxQEf4dD1FA6s3ATMp2D+6PxkHcj3hk9y2+d/VYcqD5uiuy/tGfZ93n+PI0iLE4oQ/bQAq8gVtqemb86bxkog575vPLtJUVl1uNHdjSog9+6XrvXturZorKx2Gv6W6vFgaRSahcy6GmtgNx8BVVeJIFomQw SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;VI1PR0801MB1981;20:zYCSgEGTaw6YyvQqB/Alr5aRcJt2k0FQO3nPDTVzwWoGiRql8iI1IvrniYcnumdsFUhbfbsCdxWSOwGNVic5uteHnv93iUUfMf9VD+0F9Zl4dpFRbOqoZ7d3GixCgC6oEkA7hJPx6ty9NDtTsWLNAcwR+vNubjclE4IiQS8LLcg= X-OriginatorOrg: virtuozzo.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jul 2016 02:07:49.0245 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0801MB1981 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Jul 24, 2016 at 12:10:21AM -0500, Eric W. Biederman wrote: > Andrey Vagin writes: > > > Hello, > > > > I forgot to add --cc-cover for git send-email, so everyone who is in > > Cc got only a cover letter. All messages were sent in mail lists. > > > > Sorry for inconvenience. > > Mostly the code looked sensible. But I had a couple of issues. > Resend this in September (when the merge window is closed and I am back > from vacation) and I will give this a thorough review and get this > merged. Or possibly next week if Linus releases another -rc Eric, thank you for the detailed comments. I will rework this series and send it after the merge window. > > > On Thu, Jul 14, 2016 at 11:20 AM, Andrey Vagin wrote: > >> Each namespace has an owning user namespace and now there is not way > >> to discover these relationships. > >> > >> Pid and user namepaces are hierarchical. There is no way to discover > >> parent-child relationships too. > >> > >> Why we may want to know relationships between namespaces? > >> > >> One use would be visualization, in order to understand the running system. > >> Another would be to answer the question: what capability does process X have to > >> perform operations on a resource governed by namespace Y? > >> > >> One more use-case (which usually called abnormal) is checkpoint/restart. > >> In CRIU we age going to dump and restore nested namespaces. > >> > >> There [1] was a discussion about which interface to choose to determing > >> relationships between namespaces. > >> > >> Eric suggested to add two ioctl-s [2]: > >>> Grumble, Grumble. I think this may actually a case for creating ioctls > >>> for these two cases. Now that random nsfs file descriptors are bind > >>> mountable the original reason for using proc files is not as pressing. > >>> > >>> One ioctl for the user namespace that owns a file descriptor. > >>> One ioctl for the parent namespace of a namespace file descriptor. > >> > >> Here is an implementaions of these ioctl-s. > >> > >> [1] https://lkml.org/lkml/2016/7/6/158 > >> [2] https://lkml.org/lkml/2016/7/9/101 > >> > >> Cc: "Eric W. Biederman" > >> Cc: James Bottomley > >> Cc: "Michael Kerrisk (man-pages)" > >> Cc: "W. Trevor King" > >> Cc: Alexander Viro > >> Cc: Serge Hallyn > > > Eric