Re: [PATCH_v4.1_3/3] Make core_pattern support namespace
From: Aleksa Sarai
Date: Wed Aug 02 2017 - 03:07:29 EST
Currently, each container shared one copy of coredump setting
with the host system, if host system changed the setting, each
running containers will be affected.
Same story happened when container changed core_pattern, both
host and other container will be affected.
For container based on namespace design, it is good to allow
each container keeping their own coredump setting.
From what I can see, this is basically setting a per-pidns core_pattern
(which is hierarchically applied). I'm not sure this actually solves the
more general problem (that usermode helper settings aren't generally
namespace-aware) -- and what happens if you have processes in the same
pidns that have different mount namespaces?
If we _had_ to do it like this I would think it makes more sense to pin
it to mountns, but I was under the impression that someone was working
on making usermode helpers play nicer with namespaces.
Just my $0.02.
--
Aleksa Sarai
Software Engineer (Containers)
SUSE Linux GmbH
https://www.cyphar.com/