Re: [RFC][PATCH 01/20] pid: Intoduce the concept of a wid (wait id)

Kirill Korotaev <[email protected]> writes:

> Eric,
>
> 1. I would rename wid to wpid :)
:)

> 2. Maybe I'm missing something in the discussions, but why is it required? if
> you provide fully isolated pid spaces, why do you care for wid?
> And how ptrace can work at all if cldstop reports some pid, but child is not
> accessiable via ptrace()? and if it doesn't work, what are your changes for?

A good question.

My pid spaces while isolated from each other are connected together in
something that resembles the mount relationship when mounting a filesystem.

The init process of a child pspace is visible in the parent pspace,
by it's wid.  So you should be able to ptrace pid == 1.  The other
children remain inaccessible directly.

The idea was to do my very best to preserve the unix process tree when
constructing a separate pid space.

I have to admit I have not yet tested the ptrace corner case, or
digested all of it's ramifications.  Unless I have messed up somewhere
it should just work.

This visibility of the child tree by a single pid inside the parent
tree is why I think my approach doesn't suffer from most of the
problems a completely isolated pid space has.

In fact I would even be willing to look at it as a global but
hierarchical pid space if that proved an interesting case.
So you could have something like pkill(int sig, int which, char *pid_path).
Where pid_path is something like "1537/3/58", and which specified
what kind of pid you are talking about (thread, pid, process group...)

>From a security stand point I want the option of a fully isolated
group of processes, so there is a possibility of keeping secrets from
the system administrator, but there is no reason that needs to be tied
to a pid space.

Eric
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• Follow-Ups:
  • Re: [RFC][PATCH 01/20] pid: Intoduce the concept of a wid (wait id)
    • From: Kirill Korotaev <[email protected]>

• References:
  • [RFC][PATCH 0/20] Multiple instances of the process id namespace
    • From: [email protected] (Eric W. Biederman)
  • [RFC][PATCH 01/20] pid: Intoduce the concept of a wid (wait id)
    • From: [email protected] (Eric W. Biederman)
  • Re: [RFC][PATCH 01/20] pid: Intoduce the concept of a wid (wait id)
    • From: Kirill Korotaev <[email protected]>

• Prev by Date: Re: 2.6.16-rc2-mm1 -- BUG: warning at drivers/ieee1394/ohci1394.c:235/get_phy_reg()
• Next by Date: Packet writing issue on 2.6.15.1
• Previous by thread: Re: [RFC][PATCH 01/20] pid: Intoduce the concept of a wid (wait id)
• Next by thread: Re: [RFC][PATCH 01/20] pid: Intoduce the concept of a wid (wait id)
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]