Re: [RFC][v8][PATCH 3/10]: Make pid_max a pid_ns property

From: Pavel Emelyanov
Date: Tue Oct 13 2009 - 12:16:32 EST

Next message: Paul Fulghum: "Re: [Bug #14388] keyboard under X with 2.6.31"
Previous message: Mel Gorman: "Re: [this_cpu_xx V6 0/7] Introduce per cpu atomic operations andavoid per cpu address arithmetic"
In reply to: Serge E. Hallyn: "Re: [RFC][v8][PATCH 3/10]: Make pid_max a pid_ns property"
Next in thread: Serge E. Hallyn: "Re: [RFC][v8][PATCH 3/10]: Make pid_max a pid_ns property"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> This patch isn't a core part of the clone_with_pid functionality,
> just something Eric has asked for. So I don't object to dropping
> it. But I disagree with Alexey's claim that this isn't a namespace
> property. It should be.

OK

>> frankly I don't see the reason for doing so. Why should we?
>> Especially taking into account, that we essentially cannot
>> change thin in the namespace level 3 and deeper?
>
> What do you mean by that? With this patchset we're not, it's
> true, but we trivially can - even now, userspace can simply not
> give the container CAP_SYS_ADMIN or write access to the sysctl
> so they can't do any more CLONE_NEWPIDS or change the sysctl.

It's a misprint - I meant "level 2 and deeper". Sysctl is
only pointing at the init_pid_ns variable.

> -serge
>

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Paul Fulghum: "Re: [Bug #14388] keyboard under X with 2.6.31"
Previous message: Mel Gorman: "Re: [this_cpu_xx V6 0/7] Introduce per cpu atomic operations andavoid per cpu address arithmetic"
In reply to: Serge E. Hallyn: "Re: [RFC][v8][PATCH 3/10]: Make pid_max a pid_ns property"
Next in thread: Serge E. Hallyn: "Re: [RFC][v8][PATCH 3/10]: Make pid_max a pid_ns property"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]