Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1161545AbbBECeI (ORCPT <rfc822;w@1wt.eu>);
	Wed, 4 Feb 2015 21:34:08 -0500
Received: from mx1.redhat.com ([209.132.183.28]:52184 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1161422AbbBECeH (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Wed, 4 Feb 2015 21:34:07 -0500
Subject: [RFC PATCH 0/8] v3 contained usermode helper execution
From: Ian Kent <ikent@redhat.com>
To: Kernel Mailing List <linux-kernel@vger.kernel.org>
Cc: David Howells <dhowells@redhat.com>, Oleg Nesterov <onestero@redhat.com>,
        Trond Myklebust <trond.myklebust@primarydata.com>,
        "J. Bruce Fields" <bfields@fieldses.org>,
        Benjamin Coddington <bcodding@redhat.com>,
        Al Viro <viro@ZenIV.linux.org.uk>,
        Jeff Layton <jeff.layton@primarydata.com>,
        "Eric W. Biederman" <ebiederm@xmission.com>
Date: Thu, 05 Feb 2015 10:33:51 +0800
Message-ID: <20150205021553.8382.16297.stgit@pluto.fritz.box>
User-Agent: StGit/0.17-dirty
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 2239
Lines: 54

There haven't been any comments about the previous series not being
an acceptable approach. Perhaps people were away, didn't notice or
didn't have time.

So here's another chance to speak up.

In summary it's assumed that, since the usermode helper uses the
root init namespace for process creation, using the init namespace
of a container is eqivalent and sufficient when execution within a
container is needed.

Thinking further about callers I believe there are cases that won't
be handled properly so I've tried to work out what the current use
cases are and added patches that demonstrate simple minded usage.
I'm not sure at all that this is sufficient so I need feedback.

I've changed the execution to pin the calling task for the duration
of the call as recommended by Jeff Layton but other than that not a
lot has changed in the call back code.

It's also not clear if the request key infrastructure will continue
to use a usermode callback so we'll need to wait on that.

---

Ian Kent (8):
      nsproxy - refactor setns()
      kmod - rename call_usermodehelper() flags parameter
      kmod - teach call_usermodehelper() to use a namespace
      KEYS - rename call_usermodehelper_keys() flags parameter
      KEYS: exec request-key within the requesting task's init namespace
      nfsd - use namespace if not executing in init namespace
      nfs - cache_lib use namespace if not executing in init namespace
      nfs - objlayout use namespace if not executing in init namespace


 fs/nfs/cache_lib.c           |    6 ++
 fs/nfs/objlayout/objlayout.c |    7 ++
 fs/nfsd/netns.h              |    2 +
 fs/nfsd/nfs4recover.c        |   48 ++++++++++-----
 include/linux/kmod.h         |   20 ++++++
 include/linux/nsproxy.h      |    1 
 kernel/kmod.c                |  131 ++++++++++++++++++++++++++++++++++++++----
 kernel/nsproxy.c             |   21 ++++---
 security/keys/request_key.c  |   64 +++++++++++++++++----
 9 files changed, 252 insertions(+), 48 deletions(-)

--
Ian
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/