From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932378AbdBVNIz (ORCPT ); Wed, 22 Feb 2017 08:08:55 -0500 Received: from mail-eopbgr50130.outbound.protection.outlook.com ([40.107.5.130]:52303 "EHLO EUR03-VE1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1754433AbdBVNIq (ORCPT ); Wed, 22 Feb 2017 08:08:46 -0500 Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=xemul@virtuozzo.com; Subject: Re: [PATCH] Add pidfs filesystem To: Alexey Gladkov References: <20170218225307.GA10345@comp-core-i7-2640m-0182e6.fortress> <20170221145746.GA31914@redhat.com> <58AD4081.9050609@virtuozzo.com> <20170222120430.GF3279@comp-core-i7-2640m-0182e6.fortress> CC: Oleg Nesterov , Linux Kernel Mailing List , "Kirill A. Shutemov" , Vasiliy Kulikov , Al Viro , "Eric W. Biederman" , "Dmitry V. Levin" From: Pavel Emelyanov Message-ID: <58AD8D55.5030802@virtuozzo.com> Date: Wed, 22 Feb 2017 16:08:37 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Icedove/38.8.0 MIME-Version: 1.0 In-Reply-To: <20170222120430.GF3279@comp-core-i7-2640m-0182e6.fortress> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Originating-IP: [83.220.239.76] X-ClientProxiedBy: AM4PR01CA0003.eurprd01.prod.exchangelabs.com (10.164.74.141) To AM4PR0802MB2132.eurprd08.prod.outlook.com (10.172.216.151) X-MS-Office365-Filtering-Correlation-Id: 1467027d-41b7-45f4-fd1a-08d45b23ec7d X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001);SRVR:AM4PR0802MB2132; X-Microsoft-Exchange-Diagnostics: 1;AM4PR0802MB2132;3:Vn/vJC8TOc/YdvRYIJtll4t28bIIMIsBrvzKuHi2CEVzHI3rQAn44ZbppYu1rK4kFIP71oXXS3YIZbGYkcylzyyqb9Es0eu9LasxuFreDxgB63hxBjQABQeHVYjUEabtWNIERHRg8PZs02LeIfrZYI0yQTwFsVlR4OGIbBfzmvYHp38qxi/BJeConr04/Phdetz0jxp7s2SYNrNQNbGNF7/DLCDnas3Fp0JAd6G2EYDykBnyfnpjnEoYOfhDlxZYT3fe6/MNYrW1VcUJ12GQhw==;25:Pv8Kxj2pEF21g45ClGRI2bnT5PxczODaDOir43e9BlDYTPjoxr/bokFDpzTUljm1StK40OXzXT8imJQTZiidWdnHEKP9sw+PQwsSuvqZE6LfYPJZppON/Y3polYHoywgWJR5hIErtwaROGrsLyk5lN+0KptuUYNQZTZ1899kB3qRtcSquFPZJuBPAwgqQgGYVLtwYFKCp1MHG8HoVeKWQybBrodvzdkd4Qqd/6Az8ENQU9tFfz662SCfyIDNCJ8XoMWXtw4c7sP3/lA3d4pqFlq6Di7TDvtqLpIBIDZe5WAcEf+Q/7u3PQ9sEmtFfg3cgB6EFMTvI4VyOzn+qfEKRIm/EQmYwb/f4Gx6pukfqU6qLEDG7MZCqbDSbIgovW2useK8ppyPBJE5tqQ7HF4pisbKUMlQIM5WKNwkMXjOI6iVA6NfjoeVx/sLHoOUcRaWO4hvB85bpFJLVtY+2ci/5w== X-Microsoft-Exchange-Diagnostics: 1;AM4PR0802MB2132;31:HFV+ryF7Yn0jjXjOJIXHxrwkV+d4IqaRgni82y5/kfwwxn/TSyb0qmDJbcSpQYAtpkExM/kbEp5N9z/OhrCyD8NH444OFpGk0Y8BvelcqmekQboyrXDxqwG3+JQ6bGuaW28t4fB/eLaM4uiwmPtAvGAe08ehmIo+RHul1kpxHairUVQk2xgTTfJh0bU+bhTl5Eks2D1FRVEuyH71kbOf60ncmP387ofim9aJ9TEeGglULjeSPkIzCqOGDiEiWJo8nYMU74TkLUyVBHTY3Up+dQ==;20:FmU/1CZeP14/9tPKSteC3DQ25U6kwSPL3JaWL7GS7OeIzvDhARlRZHmz13iRrJgQIorGFPjNcveTCkwxa7E17Rt7e0x1TAO86DRhc/9C11DnGP159n6YcrKShHjkoZMFMZSAUeILkGTktIfHrMv8B8aCMrRSbAKPwjeFCkWIPvM/y886wA0YikNZNiLRPOtTgvdZr+Xn6I3gionBzvyKhrhniDNXmu02YuZhIxFxZ4yMl7vF3XsrvuhkQkhb+CUvTW14f/3wA1hPr776L2qA2OnB6P8W1v+EjqqRakEp8QJSlKtSEoLQ05S5W3+BDzmqhnvVN9l21e4LxlevpB1J80FhL8NNaQSIcfaKuo3mEGmzT4mfmphEemMxqesID7Af/2rTsreiG7Tq7LLRYjs2rA5O0ShVjb80IzZDlyeLEeU= X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(278428928389397)(17755550239193); X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040375)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(6041248)(20161123555025)(20161123562025)(20161123564025)(20161123560025)(20161123558025)(6072148);SRVR:AM4PR0802MB2132;BCL:0;PCL:0;RULEID:;SRVR:AM4PR0802MB2132; X-Microsoft-Exchange-Diagnostics: 1;AM4PR0802MB2132;4:8WdyE4RhPezQujSSLIgwiTJHjYfnSmT+GODJigqeToMHUcsOkzwn9larBPI0HqFfz2l3aTGwhkOGmt5hLIXQLxEDg1YMD44UGXT9g3uMwtDv5yYPop+S3sdiXimpTdHXSN3mELVBc37mudbPLKKnMGv1JaL+WKt+u+1AYttAyyiV0SS1399lxdtdz8XyHosRGujDoTq+IZxUBRKalLvBd6QoVJbvsYWoUiDxw2/wn932/87LkAEErVdaJB3QD6axBPjeQwA7tG3M6ANZwkobrYmVPCbms8167PKEHB5Q2LxjspBrYdm7mTTfm8KyIWLEo6oYrvzvbIDvG7IaK5gz020Ph33HaKKATLOZganZc6BqmYw4xJFnZOBf36PS2t+5T2rUpoEB5uOecQQlxAnTgOljCm6fp4kGwscoCPZwULOYHQRS33M4qS/ktcOfBB+/g9e2ej4xQMUGa5lzb9uXGZXt7bYvLBHVA9OpjavsxhwOpriVErnlbjzC9gV5Lwuocu5WKznMDS9beND8LxtrWhFdJeK1cFwLtPXOryg8oP+KX07InT7qUuEZkkr/d5CJgcoWCPGM1TwdvcTjLUGnuh5WQyRTLVfrEC4XR4jNQLhcbfxG9CA9yPGHFUrStBqr/BOiVpQk0Az8STCLITjmZlPE70RRi5NyROYI2Ofaled7C0lHMaZ4+M7SiGfzkY8I X-Forefront-PRVS: 022649CC2C X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10019020)(4630300001)(6009001)(6049001)(7916002)(39830400002)(39450400003)(39410400002)(199003)(24454002)(377454003)(189002)(81156014)(117156001)(23676002)(25786008)(50986999)(50466002)(101416001)(36756003)(93886004)(53936002)(97736004)(33656002)(87266999)(54356999)(8676002)(4001350100001)(189998001)(76176999)(83506001)(7736002)(65816999)(106356001)(54906002)(81166006)(47776003)(6116002)(305945005)(105586002)(68736007)(59896002)(4326007)(42186005)(5660300001)(66066001)(90366009)(38730400002)(64126003)(92566002)(77096006)(86362001)(110136004)(6246003)(6916009)(53546006)(229853002)(3846002)(6666003)(80316001)(2950100002)(6486002)(2906002)(230700001)(42262002);DIR:OUT;SFP:1102;SCL:1;SRVR:AM4PR0802MB2132;H:[192.168.43.229];FPR:;SPF:None;PTR:InfoNoRecords;A:1;MX:1;LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtBTTRQUjA4MDJNQjIxMzI7MjM6aFc1TFR2SDh3UlFSOUJSVzlWM0pYNEMy?= =?utf-8?B?V2NkcW9yN3BVQWtuK2ZHOWN0R09wc0F6ck9DUlcvNmkyRU1td3ljUmtDMTV4?= =?utf-8?B?dDY3aEZGdzlGN1F4YjJ3Sk93R2dlZDQ1djRyWG5Pc1JhOXZ6TGx3b0RjTzVx?= =?utf-8?B?UmNPcGFyNmhrMjdBM1JNVjJoQmJJYlQwSHpVVDRZYTRsR3hYVHM1aEp5SWhV?= =?utf-8?B?dmtmakYzSGhXVzNJZHRqYmF6MmhJcldhYTBTcE9MUk1nQ0doMXQ4Z0ZZcUxh?= =?utf-8?B?YVd0NVRnVGY5UDN3K3FYaWRxaEttZ1hLeVhOR1JmK096ZHNOeitHcmxDMTZy?= =?utf-8?B?bitZU1gxemNiODJtNTVhblhCbWp0QlVxNXpvQzVUeFBlQjQvcUMyRjhSMDE1?= =?utf-8?B?WDM1aWZoT2U0U0g3QWs5UUczbjZ6S3NRcGNUbkx2MUE1RHFiUWtrVGszU2Jo?= =?utf-8?B?OE9kbW1aMlRHdkdITDQ0cjdOTlE0UHNrUi9qeGdTYzVhZWdhbUpkTTdBMTZB?= =?utf-8?B?Nk5zWkMwN3VrM2xSSjlIYlBSMFZTdUl2S3VrZWhsZ29mYVBmY0oxSWhVek1S?= =?utf-8?B?MHZBbGxXR2pmWG1ReSs1eWxXYXFBNlAwN2NxczFuK2hTZWovRlgzdENGNHhw?= =?utf-8?B?Ym9ETjJmQ1ZPeTBRNGJqRlVTTVhrL2Y0MmgvUXhWU3FkZmdBaDlyKzR3ZGQ2?= =?utf-8?B?bzc4Z3l6Zk1NbGt0SjEyZUNsbHVMdU1kclkzZ2hWRHNUeHd0WXZjUVFicUVP?= =?utf-8?B?d0IrNVRMQlE2bVUrOWFKektiS0VCSVNhck42akpocy9ENEZqc2kvU0hTVmlQ?= =?utf-8?B?OCtobUg5d3JXS1orK1VJbW9hNks2cWRRdndsbVlXc2ZHc1BSUC80bFNhSGFC?= =?utf-8?B?NXVhcENxRzhVRTVxdTh2Z2ttRXowRnMycmFIRGN3bTRiMi8zOWRlTkNsMWh3?= =?utf-8?B?YVhPbDR6SFJjaW9TZm9LNU94dUQ2RmEzWGYrODBva2k3RkdyZjNCYnFrL1Ix?= =?utf-8?B?dzlKcEp5NkdLbzJaZndBSm1tN2JuZEQ0K3M4TjhtdGpPNzRiYmp5VFRkZ0F5?= =?utf-8?B?QkhDT1NzV3J0L2tISGwxcXU1anlod2Q4dTE5dTJ0Y01ueXlWY3hGS2U5dDdF?= =?utf-8?B?cXRtdFZDalNhUXVkdlRTN1UrdlBTUVZBSGpGQm5yM2UvcVhEbVB4K2R6TE84?= =?utf-8?B?WTZQSWx5UGxSTlk4MnVUbUNJdE1jd1pBVW1zQ3RXcGxpaGxZZFVmN1JOdU1O?= =?utf-8?B?TStqNWowOHp1THZZVjRwMXh5L2RleUFMNWF3ZTRKNC9Ham9rT3Y0NlE5YytD?= =?utf-8?B?NmMvVUEvcnNLcnBRR0NNNjdsaVd4dUFTcHdzOGpGdlZJejZldFdFcGNaVXA3?= =?utf-8?B?NnlGNXRHbGVxTjYyalBlc2w1ZGZWVnBvK2ZZbmo0WFljb1h4TG9td2I1cm94?= =?utf-8?B?ZjEwZHkzb2dQVkMxTmhORmhtOFB6dk5GSTBheWpmQ25tc3djT0g0M242SzhF?= =?utf-8?B?cTZ4akQ5MlpobitWaEJQa1F1ZzRVbGFsbGxqVWYzOTZ0aW5EL1Y5Y1FGNFlu?= =?utf-8?B?R2ExN2Njb2JkdEtOSlQyTkpuNVE0MkZkZ2IxOU1VaU1qa0ZVNU9qaHl3SjBF?= =?utf-8?B?cFVWSFZGcTQ5Ny9TY1JXT1JWTUlJY2R5bnRrR3BFTTgrL2Fhc2o1eEczaTJB?= =?utf-8?B?QjBOTWJTWmR1QisyVitjOE90cXRYMjJVaHFhd2NrR1dHVUVVa3N0d1BGZVVL?= =?utf-8?B?ZVAwSkpRSTJsdWs1N1dKSkI2SnpTOGNVK3kyQzNzYis4YmRBU2Q5RjRpVmRI?= =?utf-8?B?NjlBOEU2WFZMa2lnUGQrcjZOMjZrRWs0bER0Mnk5QzY4S1hJSWRFeW1tRGtj?= =?utf-8?B?WkNXT1FxTmlKYnVaempOVU1yUTdiL3lkbVl5VDNXWVVxcEdMMml6VVcxUnk5?= =?utf-8?B?eFV3bjBreGgvb1BKamt4cHJWU01aR2hhUXVGa0xqRkVUQWc5aTY3QzNaZVVJ?= =?utf-8?B?c21OZ3FTVjY1b1RwZ0VyZTdaNDlOSG9rUURJcHhDVnhYVThoYjMzcFNiUytt?= =?utf-8?Q?a8S/wWvuGS8kMzBG5rJh1yTInGj?= X-Microsoft-Exchange-Diagnostics: 1;AM4PR0802MB2132;6:mDmU9wbtbbidEWuFYXKeYP/l4DnfY65qXG+P9VH9Y2U2ZHZGEbs6Ag4DhkK+zwBDkUuiaTdj8dNnucEv4ePJetIzfcbRfG8pa05RDHT2OiNh96vJObFOLKj9OHH+HCSM2xIJjzWpoic7SgGUkY3dI5xZ4vXaqWPoiQ7vSWhoTE9lpYpPgssKEE4XtJdUnpuFFFEEF43oAss31ITCYbwmIpnTv/GN+xSZlkH70MN2QhbFwULyludGoVNjnlYoYVq311N6ibJBzPv47M2+YnO+SoTjpIs/z7TPjpjf+YycPCR8amQW99m3WH7KHP6W2W3NhjZ6Dzy767TkKXxvuLwSj8/1+v3NxFQMiGizg1iT6TtCMVnoHyX9uB8BSvycPT4F8B9AaPdX99PRComFrW9K2A==;5:JfhxUPZPWeFXUX3RREvRND3Sr0O36ewVwHLl8bT3cYNEI+vCiZr8PI8z/7YOugoOHJNhW4wLI/U5+D75f7Zs835iQJdjo/9w4Cevt4n/PwpP+xDTI3MfsU95gi7bEP7h3RGhXOSRyMtl65kJAMd0FA==;24:EHovwNdolzp3lg348SwQE76z6OZNdk1iae2TDOtWLb/XEmFYXWE7V2D0GUnifp7obZ0rw1d7NDd6y7CU+R4hFxvBc0TakeUyIgKDIlq7b04= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;AM4PR0802MB2132;7:UwAsYtNGQ6ed79EkjSB1cpblPOiws5ILcnj0DsDww0PzD6HmWR4Rb1HXLumpBltaWjo2ryCq4oLVLiJndJdxEW4ElS/KnfJeW8SfH4tJ6gbbTuRSerDh0QjWCOPbUeN8++Xa+DUCxOhb/0X2javDdsA92WWU4jfWEyTZRHn9XXXyPPzzVdulbLsYdPHKlHkXFXYmY0F/DADMppQTAk5Yyx+Ytsm/f5gvUUmidsLERsFm1OjoKlqJ6ynrymvddclEhWRrLOgQIud0HIUBgtgikJdkPLm6kVqT+26/Hq8wIGNOL/wkC3cw6VoZTEZlnr8NyXJzMdId7fYSLiq5m1MEJw==;20:a9WDkl12wjLtaqrZNgb3YakKrGjo+dICW/4nzMpQVLmznaY4VdJySIdd5NziyvFQKDa//FjgDczh0Sy9kv60TE8bT3lsVnO0vNS9WrQSIM2RVi9zbfDaujr2Ag7pRwzMFg4O8RSn8KAgh+NkJZSQSjHOyfbENszkquZ+fhFsg2Y= X-OriginatorOrg: virtuozzo.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Feb 2017 13:08:40.7718 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0802MB2132 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 02/22/2017 03:04 PM, Alexey Gladkov wrote: > On Wed, Feb 22, 2017 at 10:40:49AM +0300, Pavel Emelyanov wrote: >> On 02/21/2017 05:57 PM, Oleg Nesterov wrote: >>> On 02/18, Alexey Gladkov wrote: >>>> >>>> This patch allows to mount only the part of /proc related to pids >>>> without rest objects. Since this is an addon to /proc, flags applied to >>>> /proc have an effect on this pidfs filesystem. >>> >>> I leave this to you and Eric, but imo it would be nice to avoid another >>> filesystem. >>> >>>> Why not implement it as another flag to /proc ? >>>> >>>> The /proc flags is stored in the pid_namespace and are global for >>>> namespace. It means that if you add a flag to hide all except the pids, >>>> then it will act on all mounted instances of /proc. >>> >>> But perhaps we can use mnt_flags? For example, lets abuse MNT_NODEV, see >>> the simple patch below. Not sure it is correct/complete, just to illustrate >>> the idea. >>> >>> With this patch you can mount proc with -onodev and it will only show >>> pids/self/thread_self: >>> >>> # mkdir /tmp/D >>> # mount -t proc -o nodev none /tmp/D >>> # ls /tmp/D >>> 1 11 13 15 17 19 20 22 24 28 3 31 33 4 56 7 9 thread-self >>> 10 12 14 16 18 2 21 23 27 29 30 32 34 5 6 8 self >>> # cat /tmp/D/meminfo >>> cat: /tmp/D/meminfo: No such file or directory >>> # ls /tmp/D/irq >>> ls: cannot open directory /tmp/D/irq: No such file or directory >>> >>> No? >> >> Yes!!! If this whole effort with pidfs and overlayfs will move forward, I would >> prefer seeing the nodev procfs version, rather than another fs. > > But this is not procfs anymore. If someone will wait for procfs here it will > be disappointed :) Well, it depends on what files he's looking for in there. This is what overlay part should come for. >> As far as the overlayfs part is concerned, having an overlayfs mounted on /proc >> inside container may result in problems as applications sometimes check for /proc >> containing procfs (by checking statfs.f_type == PROC_SUPER_MAGIC or by reading >> the /proc/mounts). > > It is not a replacement for procfs. It's a subset of procfs. If someone wants > the procfs in the code we should not deceive him. > > No? But this is what we actually do -- Docker does with bind-mounts, LXC does with lxcfs, OpenVZ does with kernel patches. Every time a container starts the regular /proc is mutated not to show some information. -- Pavel