<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=utf-8">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7652.24">
<TITLE>Re: [Devel] [PATCH] pidns: Place under CONFIG_EXPERIMENTAL (take 2)</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/plain format -->
<P><FONT SIZE=2>Eric,<BR>
<BR>
Could you please hold off the horses a bit and wait till Pavel Emelyanov returns? It means next Monday; he's currently at a conference whose organisers don't provide internet access.<BR>
<BR>
I feel it makes great sense to review/discuss patches first on containers@ first before submitting directly to lkml/Linus.<BR>
<BR>
Speaking of this particular patch -- I don't understand how you fix "innumerable little bugs" by providing stubs instead of real functions.<BR>
Sent from my BlackBerry; please reply to kir@openvz.org<BR>
<BR>
-----Original Message-----<BR>
From: devel-bounces@openvz.org <devel-bounces@openvz.org><BR>
To: Linus Torvalds <torvalds@linux-foundation.org><BR>
CC: Linux Containers <containers@lists.osdl.org>; Andrew Morton <akpm@linux-foundation.org>; linux-kernel@vger.kernel.org <linux-kernel@vger.kernel.org><BR>
Sent: Fri Oct 26 15:35:43 2007<BR>
Subject: [Devel] [PATCH] pidns: Place under CONFIG_EXPERIMENTAL (take 2)<BR>
<BR>
<BR>
This is my trivial patch to swat innumerable little bugs<BR>
with a single blow.<BR>
<BR>
After some intensive review (my apologies for not having<BR>
gotten to this sooner) what we have looks like a good<BR>
base to build on with the current pid namespace code but<BR>
it is not complete, and it is still much to simple to find<BR>
issues where the kernel does the wrong thing outside of<BR>
the initial pid namespace.<BR>
<BR>
Until the dust settles and we are certain we have the ABI and<BR>
the implementation is as correct as humanly possible let's keep<BR>
process ID namespaces behind CONFIG_EXPERIMENTAL.<BR>
<BR>
Allowing us the option of fixing any ABI or other bugs<BR>
we find as long as they are minor.<BR>
<BR>
Allowing users of the kernel to avoid those bugs simply<BR>
by ensuring their kernel does not have support for multiple<BR>
pid namespaces.<BR>
<BR>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com><BR>
---<BR>
include/linux/pid_namespace.h | 22 ++++++++++++++++++++++<BR>
init/Kconfig | 12 ++++++++++++<BR>
kernel/pid.c | 2 ++<BR>
3 files changed, 36 insertions(+), 0 deletions(-)<BR>
<BR>
diff --git a/include/linux/pid_namespace.h b/include/linux/pid_namespace.h<BR>
index 0135c76..0227e68 100644<BR>
--- a/include/linux/pid_namespace.h<BR>
+++ b/include/linux/pid_namespace.h<BR>
@@ -29,6 +29,7 @@ struct pid_namespace {<BR>
<BR>
extern struct pid_namespace init_pid_ns;<BR>
<BR>
+#ifdef CONFIG_PID_NS<BR>
static inline struct pid_namespace *get_pid_ns(struct pid_namespace *ns)<BR>
{<BR>
if (ns != &init_pid_ns)<BR>
@@ -45,6 +46,27 @@ static inline void put_pid_ns(struct pid_namespace *ns)<BR>
kref_put(&ns->kref, free_pid_ns);<BR>
}<BR>
<BR>
+#else /* !CONFIG_PID_NS */<BR>
+#include <linux/err.h><BR>
+<BR>
+static inline struct pid_namespace *get_pid_ns(struct pid_namespace *ns)<BR>
+{<BR>
+ return ns;<BR>
+}<BR>
+<BR>
+static inline struct pid_namespace *copy_pid_ns(unsigned long flags, struct pid_namespace *ns)<BR>
+{<BR>
+ if (flags & CLONE_NEWPID)<BR>
+ ns = ERR_PTR(-EINVAL);<BR>
+ return ns;<BR>
+}<BR>
+<BR>
+static inline void put_pid_ns(struct pid_namespace *ns)<BR>
+{<BR>
+}<BR>
+<BR>
+#endif /* CONFIG_PID_NS */<BR>
+<BR>
static inline struct pid_namespace *task_active_pid_ns(struct task_struct *tsk)<BR>
{<BR>
return tsk->nsproxy->pid_ns;<BR>
diff --git a/init/Kconfig b/init/Kconfig<BR>
index 8b88d0b..72e37c0 100644<BR>
--- a/init/Kconfig<BR>
+++ b/init/Kconfig<BR>
@@ -215,6 +215,18 @@ config USER_NS<BR>
vservers, to use user namespaces to provide different<BR>
user info for different servers. If unsure, say N.<BR>
<BR>
+config PID_NS<BR>
+ bool "PID Namespaces (EXPERIMENTAL)"<BR>
+ default n<BR>
+ depends on EXPERIMENTAL<BR>
+ help<BR>
+ Suport process id namespaces. This allows having multiple<BR>
+ process with the same pid as long as they are in different<BR>
+ pid namespaces. This is a building block of containers.<BR>
+<BR>
+ Unless you want to work with an experimental feature<BR>
+ say N here.<BR>
+<BR>
config AUDIT<BR>
bool "Auditing support"<BR>
depends on NET<BR>
diff --git a/kernel/pid.c b/kernel/pid.c<BR>
index d1db36b..f815455 100644<BR>
--- a/kernel/pid.c<BR>
+++ b/kernel/pid.c<BR>
@@ -537,6 +537,7 @@ err_alloc:<BR>
return NULL;<BR>
}<BR>
<BR>
+#ifdef CONFIG_PID_NS<BR>
static struct pid_namespace *create_pid_namespace(int level)<BR>
{<BR>
struct pid_namespace *ns;<BR>
@@ -621,6 +622,7 @@ void free_pid_ns(struct kref *kref)<BR>
if (parent != NULL)<BR>
put_pid_ns(parent);<BR>
}<BR>
+#endif /* CONFIG_PID_NS */<BR>
<BR>
void zap_pid_ns_processes(struct pid_namespace *pid_ns)<BR>
{<BR>
--<BR>
1.5.3.rc6.17.g1911<BR>
<BR>
_______________________________________________<BR>
Containers mailing list<BR>
Containers@lists.linux-foundation.org<BR>
<A HREF="https://lists.linux-foundation.org/mailman/listinfo/containers">https://lists.linux-foundation.org/mailman/listinfo/containers</A><BR>
<BR>
_______________________________________________<BR>
Devel mailing list<BR>
Devel@openvz.org<BR>
<A HREF="https://openvz.org/mailman/listinfo/devel">https://openvz.org/mailman/listinfo/devel</A><BR>
</FONT>
</P>
</BODY>
</HTML>