[Devel] Re: [PATCH 5/5] pid: use namespaced iteration on processes while managing priority
Serge E. Hallyn
serue at us.ibm.com
Thu Dec 18 10:13:17 PST 2008
Quoting Eric W. Biederman (ebiederm at xmission.com):
> Gowrishankar M <gowrishankar.m at linux.vnet.ibm.com> writes:
>
> > From: Gowrishankar M <gomuthuk at linux.vnet.ibm.com>
> >
> > At present we scan all processes in init namespace, while getting or setting
> > process priorities for a user. Incase of PID namespace, it leads to leak
> > priority to processes in other namespace.
> >
> > Below patch proposes to use new macro controller to fix the boundary of
> > processes list in current namespace.
>
> Nacked-by: "Eric W. Biederman" <ebiederm at xmission.com>
>
> This has nothing to do with pids. The command is to set the
> iopriority for a given user. This is a problem of the user namespace
> not the pid namespace.
The uid check needs to be fixed for user namespaces, agreed. I could
go either way though on whether we should also restrict to the same
pidns.
(note to fix the userns part of this added to my userns queue - first
I want to finish with keys; then maybe this should be done before
handling capabilities)
So if you want to nack this, I'll go along with that, but I think it's
useful.
thanks,
-serge
_______________________________________________
Containers mailing list
Containers at lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers
More information about the Devel
mailing list