Re: [RFC][v8][PATCH 0/10] Implement clone3() system call

From: Sukadev Bhattiprolu
Date: Fri Oct 23 2009 - 16:47:16 EST

Next message: Joe Perches: "Re: [PATCH] get_maintainer: fix usage comment"
Previous message: Marcin Slusarz: "Re: SECURITY PROBLEM: filesystem permiossion bypass on FD alreadyopened"
In reply to: Sukadev Bhattiprolu: "Re: [RFC][v8][PATCH 0/10] Implement clone3() system call"
Next in thread: Eric W. Biederman: "Re: [RFC][v8][PATCH 0/10] Implement clone3() system call"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Sukadev Bhattiprolu [sukadev@xxxxxxxxxxxxxxxxxx] wrote:
| Eric W. Biederman [ebiederm@xxxxxxxxxxxx] wrote:
| | > Anyway, is RESERVED_PIDS meant for initial kernel-threads/daemons - if so
| | > would it be ok enforce it only in init_pid_ns ?
| |
| | It is mean for initial user space daemons, things that start on boot.
| |
| | I don't know how much the protection matters at this date, but we have it.
|
| Well, since it is not security or other critical restriction, can we allow
| set_pidmap() a free hand - even in init-pid-ns ? It could prevent a simple
| subtree C/R of one of the early daemons for debug for instance.

So here is how I have it at present. I would like to remove the RESERVED_PIDS
check in set_pidmap() if its ok to do so.

alloc_pid() does this:

if (target_pids)
set_pidmap(tmp, target_pids[i])
else
alloc_pidmap(tmp);

Sukadev
---

Next message: Joe Perches: "Re: [PATCH] get_maintainer: fix usage comment"
Previous message: Marcin Slusarz: "Re: SECURITY PROBLEM: filesystem permiossion bypass on FD alreadyopened"
In reply to: Sukadev Bhattiprolu: "Re: [RFC][v8][PATCH 0/10] Implement clone3() system call"
Next in thread: Eric W. Biederman: "Re: [RFC][v8][PATCH 0/10] Implement clone3() system call"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]