From: Alexey Gladkov <gladkov.alexey@gmail.com>
To: Djalal Harouni <tixxdz@gmail.com>
Cc: Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Andy Lutomirski <luto@kernel.org>,
Al Viro <viro@zeniv.linux.org.uk>,
ebiederm@xmission.com, Andrew Morton <akpm@linux-foundation.org>,
Linux API <linux-api@vger.kernel.org>,
kirill@shutemov.name, Oleg Nesterov <oleg@redhat.com>,
Pavel Emelyanov <xemul@parallels.com>,
James Bottomley <James.Bottomley@hansenpartnership.com>,
Kees Cook <keescook@chromium.org>, Dongsu Park <dpark@posteo.net>,
Ingo Molnar <mingo@kernel.org>, Michal Hocko <mhocko@suse.com>,
Alexey Dobriyan <adobriyan@gmail.com>,
kernel-hardening@lists.openwall.com,
linux-security-module@vger.kernel.org
Subject: Re: [PATCH RFC 0/4] proc: support multiple separate proc instances per pidnamespace
Date: Fri, 31 Mar 2017 00:16:49 +0200 [thread overview]
Message-ID: <20170330221649.GB13761@comp-core-i7-2640m-0182e6> (raw)
In-Reply-To: <1490887379-25880-1-git-send-email-tixxdz@gmail.com>
On Thu, Mar 30, 2017 at 05:22:55PM +0200, Djalal Harouni wrote:
> Hi,
>
> This RFC can be applied on top of Linus' tree 89970a04d7
>
> This RFC implements support for multiple separate proc instances inside
> the same pid namespace. This allows to solve lot of problems that
> today's use case face.
>
> Historically procfs was tied to pid namespaces, and mount options were
> propagated to all other procfs instances in the same pid namespace. This
> solved several use cases in that time. However today we face new
> problems, there are mutliple container implementations there, some of
> them want to hide pid entries, others want to hide non-pid entries,
> others want to have sysctlfs, others want to share pid namespace with
> private procfs mounts. All these with current implementation won't work
> since all options will be propagated to all procfs mounts.
>
> This series allow to have new instances of procfs per pid namespace where
> each instance can have its own mount option inside the same pid namespace.
> This was also suggested by Andy Lutomirski.
>
>
> Now:
> $ sudo mount -t proc -o unshare,hidepid=2 none /test
>
> The option 'unshare' will allow to mount a new instance of procfs inside
> the same pid namespace.
>
> Before:
> $ stat /proc/slabinfo
>
> File: ‘/proc/slabinfo’
> Size: 0 Blocks: 0 IO Block: 1024 regular empty file
> Device: 4h/4d Inode: 4026532046 Links: 1
>
> $ stat /test3/slabinfo
>
> File: ‘/test3/slabinfo’
> Size: 0 Blocks: 0 IO Block: 1024 regular empty file
> Device: 4h/4d Inode: 4026532046 Links: 1
>
>
> After:
> $ stat /proc/slabinfo
>
> File: ‘/proc/slabinfo’
> Size: 0 Blocks: 0 IO Block: 1024 regular empty file
> Device: 4h/4d Inode: 4026532046 Links: 1
>
> $ stat /test3/slabinfo
>
> File: ‘/test3/slabinfo’
> Size: 0 Blocks: 0 IO Block: 1024 regular empty file
> Device: 31h/49d Inode: 4026532046 Links: 1
>
>
> Any better name for the option 'unshare' ? suggestions ?
>
> I was going to use 'version=2' but then this may sound more like a
> proc2 fs which currently impossible to implement since it will share
> locks with the old proc.
>
>
> Al, Eric any comments please ?
Multiple mnt_root's lead us to significant memory costs for storing dentry
of tasks. I mean what we will get as many copies of the tasks dentry as many
times we have mounted the procfs with 'unshare' flag. No?
--
Rgrds, legion
WARNING: multiple messages have this Message-ID (diff)
From: gladkov.alexey@gmail.com (Alexey Gladkov)
To: linux-security-module@vger.kernel.org
Subject: [PATCH RFC 0/4] proc: support multiple separate proc instances per pidnamespace
Date: Fri, 31 Mar 2017 00:16:49 +0200 [thread overview]
Message-ID: <20170330221649.GB13761@comp-core-i7-2640m-0182e6> (raw)
In-Reply-To: <1490887379-25880-1-git-send-email-tixxdz@gmail.com>
On Thu, Mar 30, 2017 at 05:22:55PM +0200, Djalal Harouni wrote:
> Hi,
>
> This RFC can be applied on top of Linus' tree 89970a04d7
>
> This RFC implements support for multiple separate proc instances inside
> the same pid namespace. This allows to solve lot of problems that
> today's use case face.
>
> Historically procfs was tied to pid namespaces, and mount options were
> propagated to all other procfs instances in the same pid namespace. This
> solved several use cases in that time. However today we face new
> problems, there are mutliple container implementations there, some of
> them want to hide pid entries, others want to hide non-pid entries,
> others want to have sysctlfs, others want to share pid namespace with
> private procfs mounts. All these with current implementation won't work
> since all options will be propagated to all procfs mounts.
>
> This series allow to have new instances of procfs per pid namespace where
> each instance can have its own mount option inside the same pid namespace.
> This was also suggested by Andy Lutomirski.
>
>
> Now:
> $ sudo mount -t proc -o unshare,hidepid=2 none /test
>
> The option 'unshare' will allow to mount a new instance of procfs inside
> the same pid namespace.
>
> Before:
> $ stat /proc/slabinfo
>
> File: ?/proc/slabinfo?
> Size: 0 Blocks: 0 IO Block: 1024 regular empty file
> Device: 4h/4d Inode: 4026532046 Links: 1
>
> $ stat /test3/slabinfo
>
> File: ?/test3/slabinfo?
> Size: 0 Blocks: 0 IO Block: 1024 regular empty file
> Device: 4h/4d Inode: 4026532046 Links: 1
>
>
> After:
> $ stat /proc/slabinfo
>
> File: ?/proc/slabinfo?
> Size: 0 Blocks: 0 IO Block: 1024 regular empty file
> Device: 4h/4d Inode: 4026532046 Links: 1
>
> $ stat /test3/slabinfo
>
> File: ?/test3/slabinfo?
> Size: 0 Blocks: 0 IO Block: 1024 regular empty file
> Device: 31h/49d Inode: 4026532046 Links: 1
>
>
> Any better name for the option 'unshare' ? suggestions ?
>
> I was going to use 'version=2' but then this may sound more like a
> proc2 fs which currently impossible to implement since it will share
> locks with the old proc.
>
>
> Al, Eric any comments please ?
Multiple mnt_root's lead us to significant memory costs for storing dentry
of tasks. I mean what we will get as many copies of the tasks dentry as many
times we have mounted the procfs with 'unshare' flag. No?
--
Rgrds, legion
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
WARNING: multiple messages have this Message-ID (diff)
From: Alexey Gladkov <gladkov.alexey@gmail.com>
To: Djalal Harouni <tixxdz@gmail.com>
Cc: Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Andy Lutomirski <luto@kernel.org>,
Al Viro <viro@zeniv.linux.org.uk>,
ebiederm@xmission.com, Andrew Morton <akpm@linux-foundation.org>,
Linux API <linux-api@vger.kernel.org>,
kirill@shutemov.name, Oleg Nesterov <oleg@redhat.com>,
Pavel Emelyanov <xemul@parallels.com>,
James Bottomley <James.Bottomley@hansenpartnership.com>,
Kees Cook <keescook@chromium.org>, Dongsu Park <dpark@posteo.net>,
Ingo Molnar <mingo@kernel.org>, Michal Hocko <mhocko@suse.com>,
Alexey Dobriyan <adobriyan@gmail.com>,
kernel-hardening@lists.openwall.com,
linux-security-module@vger.kernel.org
Subject: [kernel-hardening] Re: [PATCH RFC 0/4] proc: support multiple separate proc instances per pidnamespace
Date: Fri, 31 Mar 2017 00:16:49 +0200 [thread overview]
Message-ID: <20170330221649.GB13761@comp-core-i7-2640m-0182e6> (raw)
In-Reply-To: <1490887379-25880-1-git-send-email-tixxdz@gmail.com>
On Thu, Mar 30, 2017 at 05:22:55PM +0200, Djalal Harouni wrote:
> Hi,
>
> This RFC can be applied on top of Linus' tree 89970a04d7
>
> This RFC implements support for multiple separate proc instances inside
> the same pid namespace. This allows to solve lot of problems that
> today's use case face.
>
> Historically procfs was tied to pid namespaces, and mount options were
> propagated to all other procfs instances in the same pid namespace. This
> solved several use cases in that time. However today we face new
> problems, there are mutliple container implementations there, some of
> them want to hide pid entries, others want to hide non-pid entries,
> others want to have sysctlfs, others want to share pid namespace with
> private procfs mounts. All these with current implementation won't work
> since all options will be propagated to all procfs mounts.
>
> This series allow to have new instances of procfs per pid namespace where
> each instance can have its own mount option inside the same pid namespace.
> This was also suggested by Andy Lutomirski.
>
>
> Now:
> $ sudo mount -t proc -o unshare,hidepid=2 none /test
>
> The option 'unshare' will allow to mount a new instance of procfs inside
> the same pid namespace.
>
> Before:
> $ stat /proc/slabinfo
>
> File: ‘/proc/slabinfo’
> Size: 0 Blocks: 0 IO Block: 1024 regular empty file
> Device: 4h/4d Inode: 4026532046 Links: 1
>
> $ stat /test3/slabinfo
>
> File: ‘/test3/slabinfo’
> Size: 0 Blocks: 0 IO Block: 1024 regular empty file
> Device: 4h/4d Inode: 4026532046 Links: 1
>
>
> After:
> $ stat /proc/slabinfo
>
> File: ‘/proc/slabinfo’
> Size: 0 Blocks: 0 IO Block: 1024 regular empty file
> Device: 4h/4d Inode: 4026532046 Links: 1
>
> $ stat /test3/slabinfo
>
> File: ‘/test3/slabinfo’
> Size: 0 Blocks: 0 IO Block: 1024 regular empty file
> Device: 31h/49d Inode: 4026532046 Links: 1
>
>
> Any better name for the option 'unshare' ? suggestions ?
>
> I was going to use 'version=2' but then this may sound more like a
> proc2 fs which currently impossible to implement since it will share
> locks with the old proc.
>
>
> Al, Eric any comments please ?
Multiple mnt_root's lead us to significant memory costs for storing dentry
of tasks. I mean what we will get as many copies of the tasks dentry as many
times we have mounted the procfs with 'unshare' flag. No?
--
Rgrds, legion
next prev parent reply other threads:[~2017-03-30 22:07 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-30 15:22 [PATCH RFC 0/4] proc: support multiple separate proc instances per pidnamespace Djalal Harouni
2017-03-30 15:22 ` [kernel-hardening] " Djalal Harouni
2017-03-30 15:22 ` Djalal Harouni
2017-03-30 15:22 ` Djalal Harouni
2017-03-30 15:22 ` [PATCH RFC 1/4] proc: add proc_fs_info struct to store proc options Djalal Harouni
2017-03-30 15:22 ` [kernel-hardening] " Djalal Harouni
2017-03-30 15:22 ` Djalal Harouni
2017-03-30 15:22 ` Djalal Harouni
2017-03-30 19:10 ` Andy Lutomirski
2017-03-30 19:10 ` [kernel-hardening] " Andy Lutomirski
2017-03-30 19:10 ` Andy Lutomirski
2017-03-30 19:10 ` Andy Lutomirski
2017-03-31 10:49 ` Djalal Harouni
2017-03-31 10:49 ` [kernel-hardening] " Djalal Harouni
2017-03-31 10:49 ` Djalal Harouni
2017-03-31 10:49 ` Djalal Harouni
2017-03-30 15:22 ` [PATCH RFC 2/4] proc: add helpers to set/get hidepid and gid mount options Djalal Harouni
2017-03-30 15:22 ` [kernel-hardening] " Djalal Harouni
2017-03-30 15:22 ` Djalal Harouni
2017-03-30 15:22 ` Djalal Harouni
2017-03-30 15:22 ` [PATCH RFC 3/4] proc: support mounting new procfs instances inside same pid namespace Djalal Harouni
2017-03-30 15:22 ` [kernel-hardening] " Djalal Harouni
2017-03-30 15:22 ` Djalal Harouni
2017-03-30 15:22 ` Djalal Harouni
2017-03-30 19:10 ` Andy Lutomirski
2017-03-30 19:10 ` [kernel-hardening] " Andy Lutomirski
2017-03-30 19:10 ` Andy Lutomirski
2017-03-30 19:10 ` Andy Lutomirski
2017-03-30 15:22 ` [PATCH RFC 4/4] proc: support flushing dcache entries of a task on multiple procfs mounts Djalal Harouni
2017-03-30 15:22 ` [kernel-hardening] " Djalal Harouni
2017-03-30 15:22 ` Djalal Harouni
2017-03-30 15:22 ` Djalal Harouni
2017-03-30 19:12 ` [PATCH RFC 0/4] proc: support multiple separate proc instances per pidnamespace Andy Lutomirski
2017-03-30 19:12 ` [kernel-hardening] " Andy Lutomirski
2017-03-30 19:12 ` Andy Lutomirski
2017-03-30 19:12 ` Andy Lutomirski
2017-03-31 11:45 ` Djalal Harouni
2017-03-31 11:45 ` [kernel-hardening] " Djalal Harouni
2017-03-31 11:45 ` Djalal Harouni
2017-03-31 11:45 ` Djalal Harouni
2017-03-30 22:16 ` Alexey Gladkov [this message]
2017-03-30 22:16 ` [kernel-hardening] " Alexey Gladkov
2017-03-30 22:16 ` Alexey Gladkov
2017-03-31 11:26 ` Djalal Harouni
2017-03-31 11:26 ` [kernel-hardening] " Djalal Harouni
2017-03-31 11:26 ` Djalal Harouni
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170330221649.GB13761@comp-core-i7-2640m-0182e6 \
--to=gladkov.alexey@gmail.com \
--cc=James.Bottomley@hansenpartnership.com \
--cc=adobriyan@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=dpark@posteo.net \
--cc=ebiederm@xmission.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=kirill@shutemov.name \
--cc=linux-api@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mhocko@suse.com \
--cc=mingo@kernel.org \
--cc=oleg@redhat.com \
--cc=tixxdz@gmail.com \
--cc=viro@zeniv.linux.org.uk \
--cc=xemul@parallels.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.