From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756284AbcGHUvH (ORCPT ); Fri, 8 Jul 2016 16:51:07 -0400 Received: from resqmta-ch2-03v.sys.comcast.net ([69.252.207.35]:55148 "EHLO resqmta-ch2-03v.sys.comcast.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753686AbcGHUu4 (ORCPT ); Fri, 8 Jul 2016 16:50:56 -0400 Date: Fri, 8 Jul 2016 13:50:52 -0700 From: "W. Trevor King" To: Andrew Vagin Cc: James Bottomley , "Eric W. Biederman" , Linux API , Containers , lkml , criu@openvz.org, "Michael Kerrisk (man-pages)" Subject: Re: [CRIU] Introspecting userns relationships to other namespaces? Message-ID: <20160708205052.GA4916@odin.tremily.us> References: <87r3b7pxja.fsf@x220.int.ebiederm.org> <20160706141348.GB20728@mail.hallyn.com> <871t36kbvq.fsf@x220.int.ebiederm.org> <20160708015758.GA10512@outlook.office365.com> <87vb0gy3nr.fsf@x220.int.ebiederm.org> <1467988533.2322.118.camel@HansenPartnership.com> <20160708203818.GA2602@outlook.office365.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="/biO8xG9SRhq5SLW" Content-Disposition: inline In-Reply-To: <20160708203818.GA2602@outlook.office365.com> OpenPGP: id=39A2F3FA2AB17E5D8764F388FC29BDCDF15F5BE8; url=http://tremily.us/pubkey.txt User-Agent: Mutt/1.5.23 (2014-03-12) X-CMAE-Envelope: MS4wfAr6NQGH1XR9mUoPS+me+uH6XrOzqSZ88w/UQ3DJPhvZ8EfeNaddryZu8pq6WpYyJ34Cdtc25JQ8E51WxCnzzDOiaRfKVg5bdmGKzK4E6ALCWHrqMIal rndbKf+TZRM+ra5btM1JH0Oemd7Em1mS8Yto77O7AWdZJEwKPInDy+tGEZn6JyLMxa9hJ9ACGRYrTp2xnQUmO9S7/UIx/FcN1LRm0pFztgaHimWH6I+DCGE0 ydE6BLj5eHjKjksNO5nPdoNRTRzMXCrLZvhXwrgZYgYKGDrOmEWxcHErkoyW9jSVdblCQN457ZiFXdas7wLAIuWI5aVqcx06i5x48bYb7SdNL+SzEDP1fTtC Mlem6hh1HU5/3UyisNabxjV9wr02vqjWmozsG+yhvlqaV3qLTyLeJQIILCozjuwxmqToLR7BIbK42qyWCVLuxKZvIpUjotGus8KBvVzE5CZNMGB1N0o= Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --/biO8xG9SRhq5SLW Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jul 08, 2016 at 01:38:19PM -0700, Andrew Vagin wrote: > What do you think about the idea to mount nsfs and be able to look up > any alive namespace by inum: > > $ tree . > . > =E2=94=9C=E2=94=80=E2=94=80 mnt{inum} > =E2=94=82 =E2=94=94=E2=94=80=E2=94=80 user -> ../user{inum} > =E2=94=9C=E2=94=80=E2=94=80 pid{inum} > =E2=94=82 =E2=94=9C=E2=94=80=E2=94=80 pid{inum} > =E2=94=82 =E2=94=82 =E2=94=94=E2=94=80=E2=94=80 user -> ../../user{= inum}/user{inum} > =E2=94=82 =E2=94=94=E2=94=80=E2=94=80 user -> ../user{inum} > =E2=94=94=E2=94=80=E2=94=80 user{inum} > =E2=94=94=E2=94=80=E2=94=80 user{inum} > > https://lkml.org/lkml/2016/7/8/59 > > I think it solves all requirements which were mentioned in this thread. It may need an additional entry per directory for the bit you setns. Maybe =E2=80=98handle=E2=80=99? $ tree . . =E2=94=9C=E2=94=80=E2=94=80 mnt{inum} =E2=94=82=C2=A0=C2=A0 =E2=94=9C=E2=94=80=E2=94=80 handle -> mnt:[{inum}] =E2=94=82=C2=A0=C2=A0 =E2=94=94=E2=94=80=E2=94=80 user -> ../user{inum} =E2=80=A6 but that's not a major revision. > On Fri, Jul 08, 2016 at 07:35:33AM -0700, James Bottomley wrote: > > On Fri, 2016-07-08 at 02:44 -0500, Eric W. Biederman wrote: > > > Starting with 4.8 we are also going to need to be able to > > > retrieve the user namespace owner of filesystems. That will be > > > an interesting mix. > > > > This is per mount point, isn't it? so it can't be in /proc/fs/ and > > it would have to be per local mount tree. Yes, that is a bit > > nasty. Sounds like we might need to unfold mount or mountinfo > > into something that has one directory per entry? > > If we will be able to look up namespaces in nsfs by inum, we can > print an userns inum in mountinfo. With the tree view you can find a namespace by inum (if it's one of your descendants), but it's not going to be particularly efficient (you'll have to walk the tree). Folks that need to do that quickly can index the tree (which would be fairly straightforward if the nsfs mount supports inotify), but it would be nice to have a more elegant solution for this use-case. Cheers, Trevor --=20 This email may be signed or encrypted with GnuPG (http://www.gnupg.org). For more information, see http://en.wikipedia.org/wiki/Pretty_Good_Privacy --/biO8xG9SRhq5SLW Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBAgAGBQJXgBIqAAoJEBBpoQVgXJg11ooQAMSEKjOgRrdyW/5mWQX9oi9h L+esjLhougJEI5g0AAT3LeTKbW70tDoMPqLN3uz0JyAJmRG89o8tGku6IDAGlz9t zTM3cHzeQo3fPwTeFMsbQ82lSL340KyFoJHA3nz+e4juFlNNeMQjDK6CkJXClvI0 VM+ZYI19tgQ8uiMTgg1kbM3o/TdwojwbrRFvRAfOOiYJ9JrTSf6Lnf09ErIcjI+6 tOAAza2iSzWlWDaxjO71YEyoaIp3Bk47fjcu5oyxgeO/Tnr2XkRrRd98a+5tTfYE Cv4IqjaiyUQK0+FRH4cPvKHbbNaLSAZiZgmdMzK6piU14VdYcC1xaVOY8/7T8QZJ 6o90HdYpG6h8+RZY86opP6HCIrO0poLtG4lygUeaB6qMgCMkTKnro98LyXN1Vvzp ME7DOmUe5/9T4AAFKbwUsJRaAufLdxMWw0k7bFAI8yOpo/wqsVuuOucriAd+KERx LMaBi2q2YgAj3eTSmekAkrUhwaWDIDf3rWgkgGADLJutf1Kyj6GUcEv/Br+J6ax9 jU8D8cy7l6njNmkrjJcDGSVP8NMD8cCgxI+0M2hXhFTrJA7Vk772GCO8gM+lzkJ9 CBkbnEe1jGN6PubtcJ8ZWbEf73swpK7xgowIFqH5+ydxBdFWxyQ+XxTUvw42pUT2 IqgHWW1PraLhC8AZKTYb =tz7X -----END PGP SIGNATURE----- --/biO8xG9SRhq5SLW--