[Devel] Re: [PATCH 5/5] pid: use namespaced iteration on processes while managing priority

Serge E. Hallyn serue at us.ibm.com
Thu Dec 18 10:13:17 PST 2008


Quoting Eric W. Biederman (ebiederm at xmission.com):
> Gowrishankar M <gowrishankar.m at linux.vnet.ibm.com> writes:
> 
> > From: Gowrishankar M <gomuthuk at linux.vnet.ibm.com>
> >
> > At present we scan all processes in init namespace, while getting or setting
> > process priorities for a user. Incase of PID namespace, it leads to leak
> > priority to processes in other namespace.
> >
> > Below patch proposes to use new macro controller to fix the boundary of
> > processes list in current namespace.
> 
> Nacked-by: "Eric W. Biederman" <ebiederm at xmission.com>
> 
> This has nothing to do with pids.  The command is to set the
> iopriority for a given user.  This is a problem of the user namespace
> not the pid namespace.

The uid check needs to be fixed for user namespaces, agreed.  I could
go either way though on whether we should also restrict to the same
pidns.

(note to fix the userns part of this added to my userns queue - first
I want to finish with keys; then maybe this should be done before
handling capabilities)

So if you want to nack this, I'll go along with that, but I think it's
useful.

thanks,
-serge
_______________________________________________
Containers mailing list
Containers at lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers




More information about the Devel mailing list