From: Dave Hansen <haveblue@us.ibm.com>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: "Serge E. Hallyn" <serue@us.ibm.com>, Kirill Korotaev <dev@sw.ru>,
linux-kernel@vger.kernel.org, herbert@13thfloor.at,
devel@openvz.org, sam@vilain.net, xemul@sw.ru,
James Morris <jmorris@namei.org>
Subject: Re: [RFC][PATCH 4/5] utsname namespaces: sysctl hack
Date: Wed, 19 Apr 2006 09:23:34 -0700 [thread overview]
Message-ID: <1145463814.31812.13.camel@localhost.localdomain> (raw)
In-Reply-To: <m1bquxmuk5.fsf@ebiederm.dsl.xmission.com>
[-- Attachment #1: Type: text/plain, Size: 662 bytes --]
Besides ipc and utsnames, can anybody think of some other things in
sysctl that we really need to virtualize?
It seems to me that most of the other stuff is kernel-global and we
simply won't allow anything in a container to touch it.
That said, there may be things in the future that need to get added as
we separate out different subsystems. Things like min_free_kbytes could
have a container-centric meaning (although I think that is probably a
really bad one to mess with).
I have a slightly revamped way of doing the sysv namespace sysctl code.
I've attached a couple of (still pretty raw) patches. Do these still
fall in the "hacks" category?
-- Dave
[-- Attachment #2: sysv-do-sysctl-strategies2.patch --]
[-- Type: text/x-patch, Size: 2473 bytes --]
---
work-dave/ipc/sysctl.c | 2 --
work-dave/kernel/sysctl.c | 7 -------
2 files changed, 9 deletions(-)
diff -puN kernel/sysctl.c~sysv-do-sysctl-strategies2 kernel/sysctl.c
--- work/kernel/sysctl.c~sysv-do-sysctl-strategies2 2006-04-19 09:13:52.000000000 -0700
+++ work-dave/kernel/sysctl.c 2006-04-19 09:13:52.000000000 -0700
@@ -439,7 +439,6 @@ static ctl_table kern_table[] = {
{
.ctl_name = KERN_SHMMAX,
.procname = "shmmax",
- .data = &shm_ctlmax,
.maxlen = sizeof (size_t),
.mode = 0644,
.proc_handler = &proc_doulongvec_minmax,
@@ -448,7 +447,6 @@ static ctl_table kern_table[] = {
{
.ctl_name = KERN_SHMALL,
.procname = "shmall",
- .data = &shm_ctlall,
.maxlen = sizeof (size_t),
.mode = 0644,
.proc_handler = &proc_doulongvec_minmax,
@@ -457,7 +455,6 @@ static ctl_table kern_table[] = {
{
.ctl_name = KERN_SHMMNI,
.procname = "shmmni",
- .data = &shm_ctlmni,
.maxlen = sizeof (int),
.mode = 0644,
.proc_handler = &proc_dointvec,
@@ -466,7 +463,6 @@ static ctl_table kern_table[] = {
{
.ctl_name = KERN_MSGMAX,
.procname = "msgmax",
- .data = &msg_ctlmax,
.maxlen = sizeof (int),
.mode = 0644,
.proc_handler = &proc_dointvec,
@@ -475,7 +471,6 @@ static ctl_table kern_table[] = {
{
.ctl_name = KERN_MSGMNI,
.procname = "msgmni",
- .data = &msg_ctlmni,
.maxlen = sizeof (int),
.mode = 0644,
.proc_handler = &proc_dointvec,
@@ -484,7 +479,6 @@ static ctl_table kern_table[] = {
{
.ctl_name = KERN_MSGMNB,
.procname = "msgmnb",
- .data = &msg_ctlmnb,
.maxlen = sizeof (int),
.mode = 0644,
.proc_handler = &proc_dointvec,
@@ -493,7 +487,6 @@ static ctl_table kern_table[] = {
{
.ctl_name = KERN_SEM,
.procname = "sem",
- .data = &sem_ctls,
.maxlen = 4*sizeof (int),
.mode = 0644,
.proc_handler = &proc_dointvec,
diff -L pushpa -puN /dev/null /dev/null
diff -L strategies-fix0 -puN /dev/null /dev/null
diff -puN ipc/sysctl.c~sysv-do-sysctl-strategies2 ipc/sysctl.c
--- work/ipc/sysctl.c~sysv-do-sysctl-strategies2 2006-04-19 09:14:03.000000000 -0700
+++ work-dave/ipc/sysctl.c 2006-04-19 09:14:13.000000000 -0700
@@ -39,8 +39,6 @@ int sysctl_ipc_strategy (ctl_table *tabl
default:
WARN_ON(1);
}
- /* an excellent check to make sure everything is going as expected */
- WARN_ON(data != table->data);
return default_sysctl_strategy(table, data, oldval, oldlenp,
newval, newlen);
}
_
[-- Attachment #3: sysv-do-sysctl-strategies1.patch --]
[-- Type: text/x-patch, Size: 5145 bytes --]
DESC
strategies-fix0
EDESC
---
work-dave/include/linux/ipc.h | 5 ++++
work-dave/ipc/Makefile | 2 -
work-dave/ipc/sysctl.c | 48 ++++++++++++++++++++++++++++++++++++++++++
work-dave/ipc/util.c | 1
work-dave/kernel/sysctl.c | 8 +++++++
5 files changed, 63 insertions(+), 1 deletion(-)
diff -puN kernel/sysctl.c~sysv-do-sysctl-strategies1 kernel/sysctl.c
--- work/kernel/sysctl.c~sysv-do-sysctl-strategies1 2006-04-18 17:16:10.000000000 -0700
+++ work-dave/kernel/sysctl.c 2006-04-18 17:16:10.000000000 -0700
@@ -47,6 +47,7 @@
#include <linux/syscalls.h>
#include <linux/nfs_fs.h>
#include <linux/acpi.h>
+#include <linux/ipc.h>
#include <asm/uaccess.h>
#include <asm/processor.h>
@@ -442,6 +443,7 @@ static ctl_table kern_table[] = {
.maxlen = sizeof (size_t),
.mode = 0644,
.proc_handler = &proc_doulongvec_minmax,
+ .strategy = &sysctl_ipc_strategy,
},
{
.ctl_name = KERN_SHMALL,
@@ -450,6 +452,7 @@ static ctl_table kern_table[] = {
.maxlen = sizeof (size_t),
.mode = 0644,
.proc_handler = &proc_doulongvec_minmax,
+ .strategy = &sysctl_ipc_strategy,
},
{
.ctl_name = KERN_SHMMNI,
@@ -458,6 +461,7 @@ static ctl_table kern_table[] = {
.maxlen = sizeof (int),
.mode = 0644,
.proc_handler = &proc_dointvec,
+ .strategy = &sysctl_ipc_strategy,
},
{
.ctl_name = KERN_MSGMAX,
@@ -466,6 +470,7 @@ static ctl_table kern_table[] = {
.maxlen = sizeof (int),
.mode = 0644,
.proc_handler = &proc_dointvec,
+ .strategy = &sysctl_ipc_strategy,
},
{
.ctl_name = KERN_MSGMNI,
@@ -474,6 +479,7 @@ static ctl_table kern_table[] = {
.maxlen = sizeof (int),
.mode = 0644,
.proc_handler = &proc_dointvec,
+ .strategy = &sysctl_ipc_strategy,
},
{
.ctl_name = KERN_MSGMNB,
@@ -482,6 +488,7 @@ static ctl_table kern_table[] = {
.maxlen = sizeof (int),
.mode = 0644,
.proc_handler = &proc_dointvec,
+ .strategy = &sysctl_ipc_strategy,
},
{
.ctl_name = KERN_SEM,
@@ -490,6 +497,7 @@ static ctl_table kern_table[] = {
.maxlen = 4*sizeof (int),
.mode = 0644,
.proc_handler = &proc_dointvec,
+ .strategy = &sysctl_ipc_strategy,
},
#endif
#ifdef CONFIG_MAGIC_SYSRQ
diff -puN include/linux/ipc.h~sysv-do-sysctl-strategies1 include/linux/ipc.h
--- work/include/linux/ipc.h~sysv-do-sysctl-strategies1 2006-04-18 17:16:10.000000000 -0700
+++ work-dave/include/linux/ipc.h 2006-04-18 17:18:03.000000000 -0700
@@ -2,6 +2,7 @@
#define _LINUX_IPC_H
#include <linux/types.h>
+#include <linux/sysctl.h>
#define IPC_PRIVATE ((__kernel_key_t) 0)
@@ -53,6 +54,10 @@ struct ipc_perm
#define IPCMNI 32768 /* <= MAX_INT limit for ipc arrays (including sysctl changes) */
+int sysctl_ipc_strategy (/*ctl_table *table,*/ int __user *name, int nlen,
+ void __user *oldval, size_t __user *oldlenp,
+ void __user *newval, size_t newlen, void **context);
+
/* used by in-kernel data structures */
struct kern_ipc_perm
{
diff -puN ipc/util.c~sysv-do-sysctl-strategies1 ipc/util.c
--- work/ipc/util.c~sysv-do-sysctl-strategies1 2006-04-18 17:16:10.000000000 -0700
+++ work-dave/ipc/util.c 2006-04-19 09:01:53.000000000 -0700
@@ -27,6 +27,7 @@
#include <linux/workqueue.h>
#include <linux/seq_file.h>
#include <linux/proc_fs.h>
+#include <linux/sysctl.h>
#include <asm/unistd.h>
diff -puN /dev/null ipc/sysctl.c
--- /dev/null 2005-03-30 22:36:15.000000000 -0800
+++ work-dave/ipc/sysctl.c 2006-04-19 09:04:23.000000000 -0700
@@ -0,0 +1,48 @@
+#include <linux/sysctl.h>
+#include <asm/bug.h>
+
+extern size_t shm_ctlmax;
+extern size_t shm_ctlall;
+extern int shm_ctlmni;
+extern int msg_ctlmax;
+extern int msg_ctlmnb;
+extern int msg_ctlmni;
+extern int sem_ctls[];
+
+int sysctl_ipc_strategy (ctl_table *table, int __user *name, int nlen,
+ void __user *oldval, size_t __user *oldlenp,
+ void __user *newval, size_t newlen, void **context)
+{
+ void *data = NULL;
+ switch (table->ctl_name) {
+ case KERN_SHMMAX:
+ data = &shm_ctlmax;
+ break;
+ case KERN_SHMALL:
+ data = &shm_ctlall;
+ break;
+ case KERN_SHMMNI:
+ data = &shm_ctlmni;
+ break;
+ case KERN_MSGMAX:
+ data = &msg_ctlmax;
+ break;
+ case KERN_MSGMNI:
+ data = &msg_ctlmni;
+ break;
+ case KERN_MSGMNB:
+ data = &msg_ctlmnb;
+ break;
+ case KERN_SEM:
+ data = &sem_ctls;
+ break;
+ default:
+ WARN_ON(1);
+ }
+ /* an excellent check to make sure everything is going as expected */
+ WARN_ON(data != table->data);
+ return default_sysctl_strategy(table, data, oldval, oldlenp,
+ newval, newlen);
+}
+
+
diff -puN ipc/Makefile~sysv-do-sysctl-strategies1 ipc/Makefile
--- work/ipc/Makefile~sysv-do-sysctl-strategies1 2006-04-19 09:02:50.000000000 -0700
+++ work-dave/ipc/Makefile 2006-04-19 09:02:58.000000000 -0700
@@ -3,7 +3,7 @@
#
obj-$(CONFIG_SYSVIPC_COMPAT) += compat.o
-obj-$(CONFIG_SYSVIPC) += util.o msgutil.o msg.o sem.o shm.o
+obj-$(CONFIG_SYSVIPC) += util.o msgutil.o msg.o sem.o shm.o sysctl.c
obj_mq-$(CONFIG_COMPAT) += compat_mq.o
obj-$(CONFIG_POSIX_MQUEUE) += mqueue.o msgutil.o $(obj_mq-y)
_
[-- Attachment #4: sysv-do-sysctl-strategies0.patch --]
[-- Type: text/x-patch, Size: 3577 bytes --]
---
work-dave/include/linux/sysctl.h | 4 ++
work-dave/kernel/sysctl.c | 55 +++++++++++++++++++++------------------
2 files changed, 35 insertions(+), 24 deletions(-)
diff -puN ipc/compat.c~sysv-do-sysctl-strategies0 ipc/compat.c
diff -puN ipc/compat_mq.c~sysv-do-sysctl-strategies0 ipc/compat_mq.c
diff -puN ipc/mqueue.c~sysv-do-sysctl-strategies0 ipc/mqueue.c
diff -puN ipc/msg.c~sysv-do-sysctl-strategies0 ipc/msg.c
diff -puN ipc/msgutil.c~sysv-do-sysctl-strategies0 ipc/msgutil.c
diff -puN ipc/sem.c~sysv-do-sysctl-strategies0 ipc/sem.c
diff -puN ipc/shm.c~sysv-do-sysctl-strategies0 ipc/shm.c
diff -puN ipc/util.c~sysv-do-sysctl-strategies0 ipc/util.c
diff -puN kernel/sysctl.c~sysv-do-sysctl-strategies0 kernel/sysctl.c
--- work/kernel/sysctl.c~sysv-do-sysctl-strategies0 2006-04-18 17:06:49.000000000 -0700
+++ work-dave/kernel/sysctl.c 2006-04-18 17:13:06.000000000 -0700
@@ -1251,6 +1251,35 @@ repeat:
return -ENOTDIR;
}
+int default_sysctl_strategy(ctl_table *table, void *data,
+ void __user *oldval, size_t __user *oldlenp,
+ void __user *newval, size_t newlen)
+{
+ size_t len;
+ if (data && table->maxlen) {
+ if (oldval && oldlenp) {
+ if (get_user(len, oldlenp))
+ return -EFAULT;
+ if (len) {
+ if (len > table->maxlen)
+ len = table->maxlen;
+ if(copy_to_user(oldval, data, len))
+ return -EFAULT;
+ if(put_user(len, oldlenp))
+ return -EFAULT;
+ }
+ }
+ if (newval && newlen) {
+ len = newlen;
+ if (len > table->maxlen)
+ len = table->maxlen;
+ if(copy_from_user(data, newval, len))
+ return -EFAULT;
+ }
+ }
+ return 0;
+}
+
/* Perform the actual read/write of a sysctl table entry. */
int do_sysctl_strategy (ctl_table *table,
int __user *name, int nlen,
@@ -1258,7 +1287,6 @@ int do_sysctl_strategy (ctl_table *table
void __user *newval, size_t newlen, void **context)
{
int op = 0, rc;
- size_t len;
if (oldval)
op |= 004;
@@ -1275,31 +1303,10 @@ int do_sysctl_strategy (ctl_table *table
if (rc > 0)
return 0;
}
-
/* If there is no strategy routine, or if the strategy returns
* zero, proceed with automatic r/w */
- if (table->data && table->maxlen) {
- if (oldval && oldlenp) {
- if (get_user(len, oldlenp))
- return -EFAULT;
- if (len) {
- if (len > table->maxlen)
- len = table->maxlen;
- if(copy_to_user(oldval, table->data, len))
- return -EFAULT;
- if(put_user(len, oldlenp))
- return -EFAULT;
- }
- }
- if (newval && newlen) {
- len = newlen;
- if (len > table->maxlen)
- len = table->maxlen;
- if(copy_from_user(table->data, newval, len))
- return -EFAULT;
- }
- }
- return 0;
+ return default_sysctl_strategy(table, table->data, oldval,oldlenp,
+ newval, newlen);
}
/**
diff -puN drivers/char/random.c~sysv-do-sysctl-strategies0 drivers/char/random.c
diff -puN include/linux/sysctl.h~sysv-do-sysctl-strategies0 include/linux/sysctl.h
--- work/include/linux/sysctl.h~sysv-do-sysctl-strategies0 2006-04-18 17:13:37.000000000 -0700
+++ work-dave/include/linux/sysctl.h 2006-04-18 17:14:40.000000000 -0700
@@ -945,6 +945,10 @@ extern int do_sysctl_strategy (ctl_table
void __user *oldval, size_t __user *oldlenp,
void __user *newval, size_t newlen, void ** context);
+extern int default_sysctl_strategy(ctl_table *table, void *data,
+ void __user *oldval, size_t __user *oldlenp,
+ void __user *newval, size_t newlen);
+
extern ctl_handler sysctl_string;
extern ctl_handler sysctl_intvec;
extern ctl_handler sysctl_jiffies;
_
next prev parent reply other threads:[~2006-04-19 16:23 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-04-07 18:36 [RFC][PATCH 0/5] uts namespaces: Introduction Serge E. Hallyn
2006-04-07 18:36 ` [RFC][PATCH 5/5] uts namespaces: Enable UTS namespaces debugging Serge E. Hallyn
2006-04-07 18:36 ` [RFC][PATCH 2/5] uts namespaces: Switch to using uts namespaces Serge E. Hallyn
2006-04-07 19:17 ` Sam Ravnborg
2006-04-07 19:25 ` Serge E. Hallyn
2006-04-11 12:26 ` Kirill Korotaev
2006-04-11 21:04 ` Sam Vilain
2006-04-12 5:01 ` Serge E. Hallyn
2006-04-12 6:00 ` Eric W. Biederman
2006-04-19 15:00 ` Serge E. Hallyn
2006-04-07 18:36 ` [RFC][PATCH 3/5] uts namespaces: Use init uts_namespace when appropriate Serge E. Hallyn
2006-04-07 18:36 ` [RFC][PATCH 4/5] utsname namespaces: sysctl hack Serge E. Hallyn
2006-04-19 15:17 ` Kirill Korotaev
2006-04-19 15:21 ` Serge E. Hallyn
2006-04-19 15:50 ` Kirill Korotaev
2006-04-19 16:54 ` Cedric Le Goater
2006-04-19 17:10 ` Eric W. Biederman
2006-04-19 17:10 ` Serge E. Hallyn
2006-04-19 15:52 ` Eric W. Biederman
2006-04-19 16:23 ` Dave Hansen [this message]
2006-04-19 16:52 ` Eric W. Biederman
2006-04-19 17:19 ` Dave Hansen
2006-04-19 17:37 ` Eric W. Biederman
2006-04-19 17:48 ` Eric W. Biederman
2006-04-19 15:29 ` Eric W. Biederman
2006-04-19 17:51 ` Serge E. Hallyn
2006-04-19 18:27 ` Eric W. Biederman
2006-04-19 20:24 ` Serge E. Hallyn
2006-04-19 21:44 ` Sam Vilain
2006-04-20 17:05 ` Serge E. Hallyn
2006-04-25 22:00 ` Serge E. Hallyn
2006-04-26 4:09 ` Sam Vilain
2006-04-26 10:28 ` Christoph Hellwig
2006-04-27 12:32 ` Eric W. Biederman
2006-04-07 18:36 ` [RFC][PATCH 1/5] uts namespaces: Implement utsname namespaces Serge E. Hallyn
2006-04-07 19:13 ` Sam Ravnborg
2006-04-07 19:20 ` Serge E. Hallyn
2006-04-07 19:39 ` Serge E. Hallyn
2006-04-07 20:47 ` James Morris
2006-04-07 22:13 ` Serge E. Hallyn
2006-04-08 13:44 ` Andi Kleen
2006-04-08 13:45 ` Andi Kleen
2006-04-08 20:28 ` Serge E. Hallyn
2006-04-09 6:00 ` Andi Kleen
2006-04-09 19:08 ` Eric W. Biederman
2006-04-07 19:06 ` [RFC][PATCH 0/5] uts namespaces: Introduction Eric W. Biederman
2006-04-07 19:28 ` Serge E. Hallyn
2006-04-07 19:39 ` Eric W. Biederman
2006-04-11 12:32 ` Kirill Korotaev
2006-04-11 14:01 ` Serge E. Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1145463814.31812.13.camel@localhost.localdomain \
--to=haveblue@us.ibm.com \
--cc=dev@sw.ru \
--cc=devel@openvz.org \
--cc=ebiederm@xmission.com \
--cc=herbert@13thfloor.at \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=sam@vilain.net \
--cc=serue@us.ibm.com \
--cc=xemul@sw.ru \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).