Re: [PATCH 2/6] IPC namespace - utils

Cedric Le Goater <[email protected]> writes:

> I've used the ipc namespace patchset in rc6-mm2. Thanks for putting this
> together, it works pretty well ! A few questions when we clone :
>
> * We should do something close to what exit_sem() already does to clear the
> sem_undo list from the task doing the clone() or unshare().

Possibly which case are you trying to prevent?

> * I don't like the idea of being able to unshare the ipc namespace and keep
> some shared memory from the previous ipc namespace mapped in the process mm.
> Should we forbid the unshare ?

No.  As long as the code handles that case properly we should be fine.
As a general principle we should be able to keep things from other namespaces
open if we get them.  The chroot or equivalent binary is the one that needs
to ensure these kinds of issues don't exist if we care.

Speaking of we should put together a small test application probably similar
to chroot so people can access these features at least for testing.

> Small fix follows,
>
> thanks,
>
> C.

Ack.  For the unshare fix below.  Could you resend this one separately with
patch in the subject so Andrew sees it and picks  up?

> From: Cedric Le Goater <[email protected]>
> Subject: ipc namespace : unshare fix
>
> Signed-off-by: Cedric Le Goater <[email protected]>
>
> ---
>  kernel/fork.c |    3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
>
> Index: 2.6.17-rc6-mm2/kernel/fork.c
> ===================================================================
> --- 2.6.17-rc6-mm2.orig/kernel/fork.c
> +++ 2.6.17-rc6-mm2/kernel/fork.c
> @@ -1599,7 +1599,8 @@ asmlinkage long sys_unshare(unsigned lon
>  	/* Return -EINVAL for all unsupported flags */
>  	err = -EINVAL;
>  	if (unshare_flags & ~(CLONE_THREAD|CLONE_FS|CLONE_NEWNS|CLONE_SIGHAND|
> -				CLONE_VM|CLONE_FILES|CLONE_SYSVSEM|CLONE_NEWUTS))
> +				CLONE_VM|CLONE_FILES|CLONE_SYSVSEM|
> +				CLONE_NEWUTS|CLONE_NEWIPC))
>  		goto bad_unshare_out;
>  
>  	if ((err = unshare_thread(unshare_flags)))
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• Follow-Ups:
  • Re: [PATCH 2/6] IPC namespace - utils
    • From: Cedric Le Goater <[email protected]>

• References:
  • [PATCH] IPC namespace
    • From: Kirill Korotaev <[email protected]>
  • [PATCH 2/6] IPC namespace - utils
    • From: Kirill Korotaev <[email protected]>
  • Re: [PATCH 2/6] IPC namespace - utils
    • From: Cedric Le Goater <[email protected]>

• Prev by Date: Re: PC card RS-232 freezes the computer
• Next by Date: Re: Can't Mount CF-Card on boot of 2.6.15 Kernel on EPIA - VFS: Cannot open root device
• Previous by thread: Re: [PATCH 2/6] IPC namespace - utils
• Next by thread: Re: [PATCH 2/6] IPC namespace - utils
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]