|
|
Subscribe / Log in / New account

v3 contained usermode helper execution

From:  Ian Kent <ikent@redhat.com>
To:  Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject:  [RFC PATCH 0/8] v3 contained usermode helper execution
Date:  Thu, 05 Feb 2015 10:33:51 +0800
Message-ID:  <20150205021553.8382.16297.stgit@pluto.fritz.box>
Cc:  David Howells <dhowells@redhat.com>, Oleg Nesterov <onestero@redhat.com>, Trond Myklebust <trond.myklebust@primarydata.com>, "J. Bruce Fields" <bfields@fieldses.org>, Benjamin Coddington <bcodding@redhat.com>, Al Viro <viro@ZenIV.linux.org.uk>, Jeff Layton <jeff.layton@primarydata.com>, "Eric W. Biederman" <ebiederm@xmission.com>
Archive‑link:  Article

There haven't been any comments about the previous series not being
an acceptable approach. Perhaps people were away, didn't notice or
didn't have time.

So here's another chance to speak up.

In summary it's assumed that, since the usermode helper uses the
root init namespace for process creation, using the init namespace
of a container is eqivalent and sufficient when execution within a
container is needed.

Thinking further about callers I believe there are cases that won't
be handled properly so I've tried to work out what the current use
cases are and added patches that demonstrate simple minded usage.
I'm not sure at all that this is sufficient so I need feedback.

I've changed the execution to pin the calling task for the duration
of the call as recommended by Jeff Layton but other than that not a
lot has changed in the call back code.

It's also not clear if the request key infrastructure will continue
to use a usermode callback so we'll need to wait on that.

---

Ian Kent (8):
      nsproxy - refactor setns()
      kmod - rename call_usermodehelper() flags parameter
      kmod - teach call_usermodehelper() to use a namespace
      KEYS - rename call_usermodehelper_keys() flags parameter
      KEYS: exec request-key within the requesting task's init namespace
      nfsd - use namespace if not executing in init namespace
      nfs - cache_lib use namespace if not executing in init namespace
      nfs - objlayout use namespace if not executing in init namespace


 fs/nfs/cache_lib.c           |    6 ++
 fs/nfs/objlayout/objlayout.c |    7 ++
 fs/nfsd/netns.h              |    2 +
 fs/nfsd/nfs4recover.c        |   48 ++++++++++-----
 include/linux/kmod.h         |   20 ++++++
 include/linux/nsproxy.h      |    1 
 kernel/kmod.c                |  131 ++++++++++++++++++++++++++++++++++++++----
 kernel/nsproxy.c             |   21 ++++---
 security/keys/request_key.c  |   64 +++++++++++++++++----
 9 files changed, 252 insertions(+), 48 deletions(-)

--
Ian
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Copyright © 2015, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds