Re: call_usermodehelper in containers

From: Oleg Nesterov
Date: Thu Mar 24 2016 - 21:30:25 EST

Hi Ian,

I can't really recall this old discussion, so I can be easily wrong...

On 03/24, Ian Kent wrote:
> On Mon, 2013-11-18 at 18:28 +0100, Oleg Nesterov wrote:
> >
> > IOW. Please the the "patch" below. It is obviously incomplete and
> > wrong,
> > and it can be more clear/clean. And probably we need another API. Just
> > to explain what I mean.

I hope you didn't miss this part ;)

In particular, we want to turn task_work_add(..., bool notify) into
task_work_add(..., how_to_notify mask) and this "mask" should allow

> > With this patch call_usermodehelper(..., UMH_IN_MY_NS) should do exec
> > from the caller's namespace.
> Umm ... I don't think this can work.
> I don't think it can be assumed that the init process of a container
> will behave like an init process.
> If you try and do this with a Docker container that has /bin/bash as the
> init process signals never arrive and work doesn't start until some
> other signal arrives

only if it blocks/ignores SIGCHLD? But this doesn't matter, see above and
note the "until we have task_work_add_interruptibel()" in the pseudo-code
I showed.

> I probably don't understand what's actually going on, this is just my
> impression of what I'm seeing.

Or perhaps it is me who misunderstands your concerns.