linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: ebiederm@xmission.com (Eric W. Biederman)
To: Janak Desai <janak@us.ibm.com>
Cc: Linus Torvalds <torvalds@osdl.org>,
	Michael Kerrisk <mtk-manpages@gmx.net>,
	akpm@osdl.org, linux-kernel@vger.kernel.org,
	viro@ftp.linux.org.uk, hch@lst.de, ak@muc.de, paulus@samba.org
Subject: Re: [PATCH] unshare: Cleanup up the sys_unshare interface before we are committed.
Date: Sun, 19 Mar 2006 06:58:37 -0700	[thread overview]
Message-ID: <m1irqazgc2.fsf@ebiederm.dsl.xmission.com> (raw)
In-Reply-To: <441C6570.7040502@us.ibm.com> (Janak Desai's message of "Sat, 18 Mar 2006 14:54:24 -0500")

Janak Desai <janak@us.ibm.com> writes:

> Eric W. Biederman wrote:
>
>>Was there ever a good reason why we decided to flip the sense of
>>the bits?
>>
>>I put a together a patch to see what the code would look like:
>>
>>- We actually can reuse between clone and unshare.
>>- We don't need the confusing case of when to add additional resources
>>  to unshare.
>>- There is less total code.
>>- We don't confuse users and developers about the inverted values of
>>  the clone bits.
>>
>>
> I guess confusion is subjective. With this patch if I want to unshare files and
> leave the rest as is, I would have to call
>
> unshare(CLONE_VM | CLONE_FS | CLONE_SIGHAND | ...)

Yes. In my patch unshare(0) unshares all resources that a fork won't
share.

Does anyone use unshare on threads?

My corresponding objection with the current interface is that it
appears to be an implementation of "Do what I mean".  Whenever
you do more than is asked for you run into trouble.

> That is, to unshare one type of context, I have to remember and use flags
> corresponding to all other contexts. If I forget to include one of them, I
> might unwittingly unshare it. Unless I am reading the patch incorrectly,
> this to me is more confusing than the current scheme.

Not exactly.  unshare(CLONE_NEWNS) does not need any additional flags
and I believe it is the primary case of interest.

Beyond that for any version of unshare to be predictable you need
to know what you have shared and what you don't.  Which means
either another syscall or a /proc file that will give you that
information.

Personally I think being unthreaded is easier to work with
than the existing rule of everything necessary to unshare the
specified resources.  Especially since I can be explicit and
tell it to leaves things the way they are.

With a query interface mine becomes unshare(get_shared() & ~CLONE_FILES).
Which is the normal paradigm for modifying something expressed as
flags.

With the current kernel implementation I can't see how calling
unshare(CLONE_NEWNS) is any less surprising when called in a user
space thread.  Without a deep understanding of the kernel I don't
see how you can predict that will unshare your current filesystem
root and cwd pointers.   

My rule that you stop being a thread I think is a little easier
to remember if not understand.  Who would suspect that in the current
kernel unshare(CLONE_THREAD) does not completely unshare all of the
resources that a thread shares?

Anyway I think unshare needs to carry a big fat:
WARNING dangerous when used with threads be very very careful!

Unfortunately that isn't something I can think of a general
test for right now.  Which makes using unshare in a library fairly
dangerous.

Eric

  reply	other threads:[~2006-03-19 14:01 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <1359.1142546753@www064.gmx.net>
2006-03-16 23:34 ` [PATCH] unshare: Cleanup up the sys_unshare interface before we are committed Michael Kerrisk
2006-03-16 23:57   ` Linus Torvalds
2006-03-17  1:11     ` Michael Kerrisk
2006-03-17  5:42       ` Linus Torvalds
2006-03-17 16:04         ` Eric W. Biederman
2006-03-17 16:49           ` Janak Desai
2006-03-17 20:27         ` Michael Kerrisk
2006-03-18 18:41         ` Eric W. Biederman
2006-03-18 19:54           ` Janak Desai
2006-03-19 13:58             ` Eric W. Biederman [this message]
2006-03-18 23:41           ` Paul Mackerras
2006-03-20  4:45 Albert Cahalan
2006-03-20 16:52 ` Eric W. Biederman
  -- strict thread matches above, loose matches on Subject: below --
2006-03-16 16:49 Eric W. Biederman
2006-03-16 19:40 ` Michael Kerrisk
2006-03-16 20:33 ` Andrew Morton
2006-03-16 20:41   ` Linus Torvalds
2006-03-16 21:58     ` Eric W. Biederman
2006-03-16 22:19       ` Andrew Morton
2006-03-16 21:36   ` Janak Desai

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=m1irqazgc2.fsf@ebiederm.dsl.xmission.com \
    --to=ebiederm@xmission.com \
    --cc=ak@muc.de \
    --cc=akpm@osdl.org \
    --cc=hch@lst.de \
    --cc=janak@us.ibm.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mtk-manpages@gmx.net \
    --cc=paulus@samba.org \
    --cc=torvalds@osdl.org \
    --cc=viro@ftp.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).