From: Nikolay Borisov <kernel@kyup.com>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Jan Kara <jack@suse.cz>, Nikolay Borisov <kernel@kyup.com>,
John McCutchan <john@johnmccutchan.com>,
Eric Paris <eparis@parisplace.org>,
Alexander Viro <viro@zeniv.linux.org.uk>,
"Serge E. Hallyn" <serge@hallyn.com>,
Andrey Vagin <avagin@openvz.org>,
LKML <linux-kernel@vger.kernel.org>,
Linux Containers <containers@lists.linux-foundation.org>
Subject: Re: [PATCH] inotify: Convert to using per-namespace limits
Date: Tue, 11 Oct 2016 00:54:04 +0300 [thread overview]
Message-ID: <CAJFSNy7q39M_=fZ2nOzPEhLcQ3o6B6ELFE-jsbkRuxsst1G1JQ@mail.gmail.com> (raw)
In-Reply-To: <87eg3o3p6l.fsf@x220.int.ebiederm.org>
On Mon, Oct 10, 2016 at 11:49 PM, Eric W. Biederman
<ebiederm@xmission.com> wrote:
> Jan Kara <jack@suse.cz> writes:
>
>> On Mon 10-10-16 09:44:19, Nikolay Borisov wrote:
>>> On 10/07/2016 09:14 PM, Eric W. Biederman wrote:
>>> > Nikolay Borisov <kernel@kyup.com> writes:
>>> >
>>> >> This patchset converts inotify to using the newly introduced
>>> >> per-userns sysctl infrastructure.
>>> >>
>>> >> Currently the inotify instances/watches are being accounted in the
>>> >> user_struct structure. This means that in setups where multiple
>>> >> users in unprivileged containers map to the same underlying
>>> >> real user (i.e. pointing to the same user_struct) the inotify limits
>>> >> are going to be shared as well, allowing one user(or application) to exhaust
>>> >> all others limits.
>>> >>
>>> >> Fix this by switching the inotify sysctls to using the
>>> >> per-namespace/per-user limits. This will allow the server admin to
>>> >> set sensible global limits, which can further be tuned inside every
>>> >> individual user namespace.
>>> >>
>>> >> Signed-off-by: Nikolay Borisov <kernel@kyup.com>
>>> >> ---
>>> >> Hello Eric,
>>> >>
>>> >> I saw you've finally sent your pull request for 4.9 and it
>>> >> includes your implementatino of the ucount infrastructure. So
>>> >> here is my respin of the inotify patches using that.
>>> >
>>> > Thanks. I will take a good hard look at this after -rc1 when things are
>>> > stable enough that I can start a new development branch.
>>> >
>>> > I am a little concerned that the old sysctls have gone away. If no one
>>> > cares it is fine, but if someone depends on them existing that may count
>>> > as an unnecessary userspace regression. But otherwise skimming through
>>> > this code it looks good.
>>>
>>> So this indeed this is real issue and I meant to write something about
>>> it. Anyway, in order to preserve those sysctl what can be done is to
>>> hook them up with a custom sysctl handler taking the ns from the proc
>>> mount and the euid of current? I think this is a good approach, but
>>> let's wait and see if anyone will have objections to completely
>>> eliminating those sysctls.
>>
>> Well, I believe just discarding those sysctls is not an option - I'm pretty
>> sure there are scripts out there which tune these sysctls and those would
>> stop working. IMO not acceptable regression.
>
> Nikolay there is your objection.
>
> So since it should be straight forward let's preserve the existing
> sysctls. Then this change doesn't need to prove there are no scripts
> that tweak those sysctls.
>
> We are just talking changing the values in the initial user namespace so
> it should be completely compatible and straight forward to implement
> unless I am missing something.
Well I'm not so sure about this. Let's say those sysctls are going to
modify the ucount values in the init_user_ns. That's fine, however for
which particular user should they do this ? Should it be hardcoded for
kuid 0? or current_euid? I personally think they should be changing
the values for the current_euid.
>
> Eric
next prev parent reply other threads:[~2016-10-10 21:54 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-10-07 10:46 [PATCH] inotify: Convert to using per-namespace limits Nikolay Borisov
2016-10-07 18:14 ` Eric W. Biederman
2016-10-10 6:44 ` Nikolay Borisov
2016-10-10 16:40 ` Jan Kara
2016-10-10 20:49 ` Eric W. Biederman
2016-10-10 21:54 ` Nikolay Borisov [this message]
2016-10-10 22:39 ` Eric W. Biederman
2016-10-11 7:36 ` [PATCH v2] " Nikolay Borisov
2016-10-14 2:31 ` [lkp] [inotify] 464e1236c3: BUG kmalloc-512 (Not tainted): Freepointer corrupt kernel test robot
2016-10-24 6:47 ` [PATCH v2] inotify: Convert to using per-namespace limits Nikolay Borisov
2016-10-27 15:46 ` Eric W. Biederman
2016-12-08 1:40 ` Eric W. Biederman
2016-12-08 6:58 ` Nikolay Borisov
2016-12-08 8:14 ` Nikolay Borisov
2016-12-09 5:38 ` Eric W. Biederman
2016-12-09 2:50 ` Eric W. Biederman
2016-10-24 7:48 ` Jan Kara
2016-11-14 6:04 ` Serge E. Hallyn
2016-10-09 5:55 ` [lkp] [inotify] 1109954e99: BUG kmalloc-512 (Not tainted): Freepointer corrupt kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAJFSNy7q39M_=fZ2nOzPEhLcQ3o6B6ELFE-jsbkRuxsst1G1JQ@mail.gmail.com' \
--to=kernel@kyup.com \
--cc=avagin@openvz.org \
--cc=containers@lists.linux-foundation.org \
--cc=ebiederm@xmission.com \
--cc=eparis@parisplace.org \
--cc=jack@suse.cz \
--cc=john@johnmccutchan.com \
--cc=linux-kernel@vger.kernel.org \
--cc=serge@hallyn.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).