[PATCH -mm 0/9] unshare system call (take 3)

[PATCH -mm 0/9] unshare system call (take 3)

[JANAK DESAI]

The following patches represent the updated version of the proposed
new system call unshare. They were forward ported 2.6.15-rc5-mm2 and
reorganized as per Al Viro's suggestion to allow incremental unsharing
of process context without requiring ABI changes.

unshare allows a process to disassociate part of the process context (vm
and/or namespace) that was being shared with a parent.  Unshare is
needed
to implement polyinstantiated directories (such as per-user and/or
per-security context /tmp directory) using the kernel's per-process
namespace mechanism. For a more detailed description of the
justification
and approach, please refer to lkml threads from 8/8/05, 10/13/05 &
12/08/05.
                                                                                
Unshare system call, along with shared tree patches, have been in use
in our department for over month and half. We have been using them to
maintain per-user and per-context /tmp directory. The latest port to
2.6.15-rc5-mm2 has been tested on a uni-processor i386 machine.

Patches are organized as follows:

1. Patch implementing system call handler sys_unshare. System call
   accepts all clone(2) flags but returns -EINVAL when attempt is
   made to unshare any shared context.
2. Patch registering system call for i386 architecture
3. Patch registering system call for powerpc architecture
4. Patch registering system call for ppc architecture
5. Patch registering system call for x86_64 architecture
6. Patch implementing unsharing of filesystem information
7. Patch implementing unsharing of namespace
8. Patch implementing unsharing of vm
9. Patch implementing unsharing of files

Unsharing of singnal handlers is still not implemented. As far as I can
tell, issues raised by Chris Wright regarding possible problems stemming
from interaction of timers with unsharing of signal handlers, has been
resolved by a 2.6.14 patch that fixed race in send_sigqueue with thread
exit. However, I do want to understand the code better and experiment
with it some more before implementing signal handler unsharing. If 
deemed ok, it would be easy to add that functionality.

 

Re: [PATCH -mm 0/9] unshare system call (take 3)

[Ingo Molnar]

* JANAK DESAI <janak@us.ibm.com> wrote:

> Patches are organized as follows:
> 
> 1. Patch implementing system call handler sys_unshare. System call
>    accepts all clone(2) flags but returns -EINVAL when attempt is
>    made to unshare any shared context.
> 2. Patch registering system call for i386 architecture
> 3. Patch registering system call for powerpc architecture
> 4. Patch registering system call for ppc architecture
> 5. Patch registering system call for x86_64 architecture
> 6. Patch implementing unsharing of filesystem information
> 7. Patch implementing unsharing of namespace
> 8. Patch implementing unsharing of vm
> 9. Patch implementing unsharing of files
> 
> Unsharing of singnal handlers is still not implemented. As far as I 
> can tell, issues raised by Chris Wright regarding possible problems 
> stemming from interaction of timers with unsharing of signal handlers, 
> has been resolved by a 2.6.14 patch that fixed race in send_sigqueue 
> with thread exit. However, I do want to understand the code better and 
> experiment with it some more before implementing signal handler 
> unsharing. If deemed ok, it would be easy to add that functionality.

yes, it would be preferrable to have them all at once, once it hits 
upstream. Also, would unsharing the thread group make sense?

	Ingo

Re: [PATCH -mm 0/9] unshare system call (take 3)

[JANAK DESAI]

Ingo Molnar wrote:

>* JANAK DESAI <janak@us.ibm.com> wrote:
>
>  
>
>>Patches are organized as follows:
>>
>>1. Patch implementing system call handler sys_unshare. System call
>>   accepts all clone(2) flags but returns -EINVAL when attempt is
>>   made to unshare any shared context.
>>2. Patch registering system call for i386 architecture
>>3. Patch registering system call for powerpc architecture
>>4. Patch registering system call for ppc architecture
>>5. Patch registering system call for x86_64 architecture
>>6. Patch implementing unsharing of filesystem information
>>7. Patch implementing unsharing of namespace
>>8. Patch implementing unsharing of vm
>>9. Patch implementing unsharing of files
>>
>>Unsharing of singnal handlers is still not implemented. As far as I 
>>can tell, issues raised by Chris Wright regarding possible problems 
>>stemming from interaction of timers with unsharing of signal handlers, 
>>has been resolved by a 2.6.14 patch that fixed race in send_sigqueue 
>>with thread exit. However, I do want to understand the code better and 
>>experiment with it some more before implementing signal handler 
>>unsharing. If deemed ok, it would be easy to add that functionality.
>>    
>>
>
>yes, it would be preferrable to have them all at once, once it hits 
>upstream. Also, would unsharing the thread group make sense?
>
>	Ingo
>
>  
>
Hope you mean all flags when you say "have them all at once" because I
hoping to get unsharing of namespace, fs. files and vm in now then
implementing other primitives in an incremental manner. Since the
reorg, these incremental addition of functionality will not require ABI
changes. Namespace and fs unsharing (in addition to shared tree)
is needed for polyinstantiation, critical component for common criteria
lspp evaluation.

As far as unsharing of thread group, IMO implications of signal
unsharing are even messier than signal handler unsharing. I can
investigate it further if folks see usefulness of doing that. However,
I was hoping to get namespace, fs, files and vm unsharing
upstream first.

-Janak