From: ebiederm@xmission.com (Eric W. Biederman)
To: Neil Horman <nhorman@tuxdriver.com>
Cc: linux-kernel@vger.kernel.org,
containers@lists.linux-foundation.org,
Alexander Viro <viro@zeniv.linux.org.uk>,
Andrew Morton <akpm@linux-foundation.org>
Subject: Re: [PATCH v2] core_pattern: set core helpers root and namespace to crashing process
Date: Fri, 14 Dec 2012 15:10:30 -0800 [thread overview]
Message-ID: <87d2ycut5l.fsf@xmission.com> (raw)
In-Reply-To: <1355519048-28473-1-git-send-email-nhorman@tuxdriver.com> (Neil Horman's message of "Fri, 14 Dec 2012 16:04:08 -0500")
Neil Horman <nhorman@tuxdriver.com> writes:
> As its currently implemented, redirection of core dumps to a pipe reader should
> be executed such that the reader runs in the namespace of the crashing process,
> and it currently does not. This is the only sane way to deal with namespaces
> properly it seems to me, and this patch implements that functionality.
I actually rather strongly disagree.
While we have a global core dump pattern core dumps to a a pipe reader
should be executed such that the reader runs in the namespace of the
process that set the pattern. We can easily restrict that to the
initial namespaces to make the implementation simpler.
If you want to play namespace games you can implement all of those in
user space once my tree merges for v3.8.
I am really not a fan of the trigger process being able to control the
environment of a privileged process. It makes writing the privileged
process much trickier.
Eric
next prev parent reply other threads:[~2012-12-14 23:10 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-12-11 19:59 [PATCH] core_pattern: set core helpers root and namespace to crashing process Neil Horman
2012-12-13 12:20 ` Serge Hallyn
2012-12-13 18:12 ` Neil Horman
2012-12-13 22:25 ` Andrew Morton
2012-12-14 2:49 ` Neil Horman
2012-12-14 9:04 ` Daniel P. Berrange
2012-12-14 21:04 ` [PATCH v2] " Neil Horman
2012-12-14 21:49 ` Andrew Morton
2012-12-14 23:10 ` Eric W. Biederman [this message]
2012-12-15 0:50 ` Neil Horman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87d2ycut5l.fsf@xmission.com \
--to=ebiederm@xmission.com \
--cc=akpm@linux-foundation.org \
--cc=containers@lists.linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=nhorman@tuxdriver.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).