From: ebiederm@xmission.com (Eric W. Biederman)
To: Kirill Korotaev <dev@sw.ru>
Cc: Linus Torvalds <torvalds@osdl.org>,
Hubertus Franke <frankeh@watson.ibm.com>,
Dave Hansen <haveblue@us.ibm.com>, Greg KH <greg@kroah.com>,
Alan Cox <alan@lxorguk.ukuu.org.uk>,
"Serge E. Hallyn" <serue@us.ibm.com>,
Arjan van de Ven <arjan@infradead.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Cedric Le Goater <clg@fr.ibm.com>
Subject: Re: RFC [patch 13/34] PID Virtualization Define new task_pid api
Date: Thu, 02 Feb 2006 09:27:05 -0700 [thread overview]
Message-ID: <m1lkwtu3om.fsf@ebiederm.dsl.xmission.com> (raw)
In-Reply-To: <43E22DCA.3070004@sw.ru> (Kirill Korotaev's message of "Thu, 02 Feb 2006 19:05:30 +0300")
Kirill Korotaev <dev@sw.ru> writes:
>> There areas.
>> 1) Checkpointing.
>> 2) Isolation for security purposes.
>> There may be secrets that the sysadmin should not have access to.
> I hope you understand, that such things do not make anything
> secure. Administrator of the node will always have access to /proc/kcore,
> devices, KERNEL CODE(!) etc. No security from this point of view.
Only if they have CAP_SYS_RAWIO. I admit it takes a lot more
to get there than just that. But having a mechanism that has the
potential to be secured and is much simpler to understand
and to setup for minimal privileges than any of the other unix
addons I have seen is very interesting.
>> 3) Nesting of containers, (so they are general purpose and not special hacks).
> Why are you interested in nesting? Any applications for this?
> Until everything is virtualized in nesting way (including TCP/IP stack, routing
> etc.) I see no much use of it.
For everything except the PID namespace I am just interested in having multiple
separate namespaces. For the PID namespace to keep the traditional unix
model you need a parent process so it is actually nesting.
I am interested because, it is easy, because if it is possible than
the range of applications you can apply a containers to is much
larger. At the far end of that spectrum is migrating a server running
on real hardware and bringing it up as a guest on a newer much more
powerful machine. With the appearance that it had only been
unreachable for a few seconds.
>> The vserver way of solving some of these problems is to provide a way
>> to enter the guest. I would rather have some explicit operation that puts
>> you into the guest context so there is a single point where we can tackle
>> the nested security issues, than to have hundreds of places we have to
>> look at individually.
> Huh, it sounds too easy. Just imagine that VPS owner has deleted ps, top, kill,
> bash and other tools. You won't be able to enter.
Entering is different from execing a process on the inside.
Implementation wise it is changing the context pointer on your task.
> Another example when VPS owner
> is near its resource limits - you won't be able to do anything after VPS
> entering.
For debugging this is a good reason for being inside. What if the
problem is that you are out of resources?
I have no intention of requiring monitoring to work from the inside though.
> Do you need other examples?
No I need to post patches.
Eric
next prev parent reply other threads:[~2006-02-02 16:29 UTC|newest]
Thread overview: 136+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-01-17 14:32 RFC [patch 00/34] PID Virtualization Overview Serge Hallyn
2006-01-17 14:32 ` RFC [patch 01/34] PID Virtualization Change pid accesses: drivers Serge Hallyn
2006-01-17 14:33 ` RFC [patch 02/34] PID Virtualization Change pid accesses: most archs Serge Hallyn
2006-01-17 14:33 ` RFC [patch 03/34] PID Virtualization Change pid accesses: filesystems Serge Hallyn
2006-01-17 14:33 ` RFC [patch 04/34] PID Virtualization Change pid accesses: include/ Serge Hallyn
2006-01-17 14:33 ` RFC [patch 05/34] PID Virtualization Change pid accesses: ipc Serge Hallyn
2006-01-17 14:33 ` RFC [patch 06/34] PID Virtualization Change pid accesses: kernel/ Serge Hallyn
2006-01-17 14:33 ` RFC [patch 07/34] PID Virtualization Change pid accesses: lib/ Serge Hallyn
2006-01-17 14:33 ` RFC [patch 08/34] PID Virtualization Change pid accesses: mm/ Serge Hallyn
2006-01-17 14:33 ` RFC [patch 09/34] PID Virtualization Change pid accesses: net/ Serge Hallyn
2006-01-17 14:33 ` RFC [patch 10/34] PID Virtualization Change pid accesses: security/ Serge Hallyn
2006-01-17 14:33 ` RFC [patch 11/34] PID Virtualization Change pid accesses: sound/ Serge Hallyn
2006-01-17 14:33 ` RFC [patch 12/34] PID Virtualization Change pid accesses: ia64 and mips Serge Hallyn
2006-01-17 14:33 ` RFC [patch 13/34] PID Virtualization Define new task_pid api Serge Hallyn
2006-01-17 15:32 ` Arjan van de Ven
2006-01-17 15:56 ` Serge E. Hallyn
2006-01-17 16:02 ` Arjan van de Ven
2006-01-17 16:03 ` Alan Cox
2006-01-17 17:16 ` Kyle Moffett
2006-01-17 17:25 ` Dave Hansen
2006-01-18 4:54 ` Greg KH
2006-01-18 4:55 ` Greg KH
2006-01-18 16:23 ` Dave Hansen
2006-01-20 17:00 ` Eric W. Biederman
2006-01-20 20:18 ` Hubertus Franke
2006-01-21 10:25 ` Eric W. Biederman
2006-01-23 18:38 ` Hubertus Franke
2006-01-23 18:48 ` Eric W. Biederman
2006-01-21 14:42 ` Eric W. Biederman
2006-01-22 6:43 ` Kyle Moffett
2006-01-22 15:48 ` Eric W. Biederman
2006-01-22 15:55 ` Arjan van de Ven
2006-01-22 16:24 ` Eric W. Biederman
2006-01-26 20:01 ` Herbert Poetzl
2006-01-27 9:04 ` Eric W. Biederman
2006-01-27 12:27 ` Kyle Moffett
2006-01-27 13:15 ` Eric W. Biederman
2006-01-23 18:50 ` Hubertus Franke
2006-01-23 19:28 ` Eric W. Biederman
2006-01-23 21:11 ` Alan Cox
2006-01-23 21:30 ` Eric W. Biederman
2006-01-23 22:15 ` Hubertus Franke
2006-01-24 6:56 ` Arjan van de Ven
2006-01-24 19:34 ` Eric W. Biederman
2006-01-24 21:09 ` Hubertus Franke
2006-01-24 0:22 ` Alan Cox
2006-01-24 19:26 ` Eric W. Biederman
2006-01-24 21:11 ` Alan Cox
2006-01-24 21:15 ` Arjan van de Ven
2006-01-25 9:58 ` Eric W. Biederman
2006-01-25 15:10 ` Trond Myklebust
2006-01-25 18:01 ` Eric W. Biederman
2006-01-25 19:30 ` Trond Myklebust
2006-01-25 21:59 ` Eric W. Biederman
2006-01-25 9:13 ` Eric W. Biederman
2006-01-25 9:51 ` Eric W. Biederman
2006-01-26 20:23 ` Herbert Poetzl
2006-01-27 8:28 ` Eric W. Biederman
[not found] ` <m1k6cqlmfe.fsf_-_@ebiederm.dsl.xmission.com>
2006-01-23 21:57 ` RFC: [PATCH] pids as weak references Dave Hansen
2006-01-31 21:02 ` RFC [patch 13/34] PID Virtualization Define new task_pid api Linus Torvalds
2006-02-01 0:01 ` Hubertus Franke
2006-02-01 4:18 ` Eric W. Biederman
2006-02-01 4:39 ` Linus Torvalds
2006-02-01 7:14 ` Eric W. Biederman
2006-02-01 16:41 ` Dave Hansen
2006-02-02 5:14 ` Herbert Poetzl
2006-02-01 16:29 ` Greg
2006-02-01 16:44 ` Eric W. Biederman
2006-02-02 13:50 ` Greg
2006-02-02 14:09 ` Eric W. Biederman
2006-02-02 14:48 ` Kirill Korotaev
2006-02-02 15:13 ` Eric W. Biederman
2006-02-02 15:26 ` Kirill Korotaev
2006-02-02 15:51 ` Eric W. Biederman
2006-02-02 16:05 ` Kirill Korotaev
2006-02-02 16:27 ` Eric W. Biederman [this message]
2006-02-02 21:32 ` Cedric Le Goater
2006-02-02 21:43 ` Hubertus Franke
2006-02-02 21:46 ` Eric W. Biederman
2006-02-03 10:07 ` Kirill Korotaev
2006-02-03 10:52 ` Kirill Korotaev
2006-02-03 11:09 ` Eric W. Biederman
2006-02-03 15:45 ` Dave Hansen
2006-02-03 16:35 ` Kirill Korotaev
2006-02-02 21:10 ` Cedric Le Goater
2006-02-02 21:24 ` Eric W. Biederman
2006-02-06 20:15 ` Pavel Machek
2006-02-06 20:34 ` Eric W. Biederman
2006-02-06 20:36 ` Kirill Korotaev
2006-02-06 20:40 ` Eric W. Biederman
2006-02-02 14:49 ` Kirill Korotaev
2006-01-17 14:33 ` RFC [patch 14/34] PID Virtualization const parameter for process group Serge Hallyn
2006-01-17 14:33 ` RFC [patch 15/34] PID Virtualization task virtual pid access functions Serge Hallyn
2006-01-17 14:33 ` RFC [patch 16/34] PID Virtualization return virtual pids where required Serge Hallyn
2006-01-17 14:33 ` RFC [patch 17/34] PID Virtualization return virtual process group ids Serge Hallyn
2006-01-17 14:33 ` RFC [patch 18/34] PID Virtualization code enhancements for virtual pids in /proc Serge Hallyn
2006-01-17 14:33 ` RFC [patch 19/34] PID Virtualization Define pid_to_vpid functions Serge Hallyn
2006-01-17 14:33 ` RFC [patch 20/34] PID Virtualization Use pid_to_vpid conversion functions Serge Hallyn
2006-01-17 14:33 ` RFC [patch 21/34] PID Virtualization file owner pid virtualization Serge Hallyn
2006-01-17 14:33 ` RFC [patch 22/34] PID Virtualization define vpid_to_pid functions Serge Hallyn
2006-01-17 14:33 ` RFC [patch 23/34] PID Virtualization Use " Serge Hallyn
2006-01-17 14:33 ` RFC [patch 24/34] PID Virtualization use vpgid_to_pgid function Serge Hallyn
2006-01-17 14:33 ` RFC [patch 25/34] PID Virtualization Context for pid_to_vpid conversition functions Serge Hallyn
2006-01-17 14:33 ` RFC [patch 26/34] PID Virtualization Documentation Serge Hallyn
2006-01-17 14:33 ` RFC [patch 27/34] PID Virtualization pidspace Serge Hallyn
2006-01-17 14:33 ` RFC [patch 28/34] PID Virtualization container object and functions Serge Hallyn
2006-01-17 14:33 ` RFC [patch 29/34] PID Virtualization container attach/detach calls Serge Hallyn
2006-01-17 14:33 ` RFC [patch 30/34] PID Virtualization /proc/container filesystem Serge Hallyn
2006-01-17 14:33 ` RFC [patch 31/34] PID Virtualization Implementation of low level virtualization functions Serge Hallyn
2006-01-17 14:33 ` RFC [patch 32/34] PID Virtualization Handle special case vpid return cases Serge Hallyn
2006-01-17 14:33 ` RFC [patch 33/34] PID Virtualization per container /proc filesystem Serge Hallyn
2006-01-17 14:33 ` RFC [patch 34/34] PID Virtualization pidspace parent : signal behavior Serge Hallyn
2006-01-17 16:19 ` RFC [patch 00/34] PID Virtualization Overview Suleiman Souhlal
2006-01-17 17:08 ` Dave Hansen
2006-01-17 18:09 ` Suleiman Souhlal
2006-01-17 18:12 ` Dave Hansen
2006-01-17 18:29 ` Alan Cox
2006-01-18 19:01 ` Dave Hansen
2006-01-18 19:28 ` Arjan van de Ven
2006-01-18 19:38 ` Dave Hansen
2006-01-18 19:50 ` Arjan van de Ven
2006-01-18 22:54 ` Alan Cox
2006-01-19 7:15 ` Arjan van de Ven
2006-01-20 5:11 ` Eric W. Biederman
2006-01-20 20:23 ` Serge E. Hallyn
2006-01-20 20:33 ` Hubertus Franke
2006-01-21 10:34 ` Eric W. Biederman
2006-01-20 19:53 ` RFC: Multiple instances of kernel namespaces Eric W. Biederman
2006-01-20 20:13 ` Serge E. Hallyn
2006-01-20 20:22 ` Hubertus Franke
[not found] ` <20060120203555.GC13265@sergelap.austin.ibm.com>
2006-01-20 21:47 ` Hubertus Franke
2006-01-21 10:04 ` Eric W. Biederman
2006-01-26 19:47 ` Herbert Poetzl
2006-01-26 20:13 ` Eric W. Biederman
2006-01-26 20:27 ` Herbert Poetzl
2006-01-21 10:31 ` RFC [patch 00/34] PID Virtualization Overview Pavel Machek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m1lkwtu3om.fsf@ebiederm.dsl.xmission.com \
--to=ebiederm@xmission.com \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=arjan@infradead.org \
--cc=clg@fr.ibm.com \
--cc=dev@sw.ru \
--cc=frankeh@watson.ibm.com \
--cc=greg@kroah.com \
--cc=haveblue@us.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=serue@us.ibm.com \
--cc=torvalds@osdl.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).