[CRIU] How can I get "real pid" in pid namespace?
Qiang Huang
h.huangqiang at huawei.com
Mon Jul 1 02:14:01 EDT 2013
On 2013/7/1 13:54, Chanho Park wrote:
>>> However, many legacy application exports its pid and send it to other
>>> processes to identify the process.
>>> Other processes can identify the process from real pid not vpid.
>>
>> Other processes can identify the process from vpid and pidns, so you
>> should exports its pid namespace besides its pid.
>
> Hmm. Other processes can't recognize the vpid in the pid namespace.
> My question is how can we convert vpid to pid without any kernel hack.
I think your need is "Other processes can identify the process from pid",
and "convert vpid to pid" is one solution you figured out, right?
So here I offer another solution to satisfy the needs, since we have
this function in kernel:
struct task_struct *find_task_by_vpid(pid_t vnr)
{
return find_task_by_pid_ns(vnr, current->nsproxy->pid_ns);
}
struct task_struct *find_task_by_pid_ns(pid_t nr, struct pid_namespace *ns)
{
rcu_lockdep_assert(rcu_read_lock_held(),
"find_task_by_pid_ns() needs rcu_read_lock()"
" protection");
return pid_task(find_pid_ns(nr, ns), PIDTYPE_PID);
}
In your condition, you can't get pid_ns through current, so I suggest you
export pid_ns *and* vpid, so you can get that task_struct.
>
>>
>>>
>>> I know the behavior is not suitable for the purpose of container.
>>> I think if the virtual pid is exported to out of namespace, it should
>>> be converted to the real pid.
>>>
>>> How can the process get "real pid" in the pid namespace?
>>
>> It can't, the process in the pid namespace can't know they are in a sub
>> pidns or not, the mechanism decide this.
>
> Do we need new API like export_pid() to get the real pid in the pid
> namespace?
I don't think so, like I said, get the real pid in the pid namespace will
break the design.
>
> Thanks,
>
> Best regards,
> Chanho Park
>
>
>
More information about the CRIU
mailing list