Received: by 10.192.165.148 with SMTP id m20csp642350imm; Fri, 27 Apr 2018 05:16:24 -0700 (PDT) X-Google-Smtp-Source: AB8JxZq5cEdMFKumbpMwdexeB+QM+gKZ7K0nxqXlO4DP+MF180L87qwNMCaHdHG+pkgalsrPSjnF X-Received: by 10.98.27.13 with SMTP id b13mr2054235pfb.254.1524831384515; Fri, 27 Apr 2018 05:16:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1524831384; cv=none; d=google.com; s=arc-20160816; b=gxS+am1RT8mq++63s4QcrjW31+6kJFDZE1cV0zAd27QQvpVI2zbSd9FBjH8UHQSmlV m726WucAKpiJOw9Jdapg/Q3Dv7lULWhxhfIRlQvqc2bx3BG7qFqG1IlBTLxQ8KaTrGOM gL9DXyT7Vzo2mCLDbL0O2GJciaHj1qMfBwkwmOKxW/psEv6+HYTaL7sr09sZKF8Vrbxm kGUgTsckU41DXouyG1oRYX5/1nh2lDbpH3sr5awueyvxsMh7iLF4toiHaFyYDaktQ5lZ bkszJFgqrZMbs7JCKQOxcPa2ozFldHOVVDDKSZ2lwulHViJ3TDoaS8Uz54PJXqmfMnT6 00XQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:to:subject:cc:dkim-signature :arc-authentication-results; bh=g7Sx8aBpTQrCDuYolyo+1czj/D44Jx+Cc9gx9x5uvPo=; b=xYjNEdP9qOQHBdiD1INWQ/2AJCnflUZAYz3ThLEC38F472ZN2nlBljGpL+QBqJ9tIo fYGnzPuQjZ/Zh+0KW6xkob122ehaiLIUNNyVcb2t6zPyvi/LBiCks/enwiJ+upRI/zrY dohMtLtk+e9kwDIwR92XHIyKpUM1eZSoOwdI7JQmt3Wqp0lSFPbQTSHJ9F8SOoFeS/Ee jyHtpAcLrGFRh4q7dpnKpSqOFncQykcoo4cMJuC2oHUDeDkm/jKdBsg59sYA3aS1cL4W fNwHqWHNKh7S7a3wW6YBMtSGtCGwhCWOHzkqDWwezl1Vvy5aJXhQWGzJkPqa9Hur9ayA XEvw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=vBKep7uU; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t4-v6si1086877pgv.507.2018.04.27.05.16.10; Fri, 27 Apr 2018 05:16:24 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=vBKep7uU; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1758104AbeD0MPI (ORCPT + 99 others); Fri, 27 Apr 2018 08:15:08 -0400 Received: from mail-wm0-f68.google.com ([74.125.82.68]:33857 "EHLO mail-wm0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1757545AbeD0MPE (ORCPT ); Fri, 27 Apr 2018 08:15:04 -0400 Received: by mail-wm0-f68.google.com with SMTP id a137so1737688wme.1; Fri, 27 Apr 2018 05:15:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=cc:subject:to:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=g7Sx8aBpTQrCDuYolyo+1czj/D44Jx+Cc9gx9x5uvPo=; b=vBKep7uUXX8Hsv1iJEQoIaM+8Cs0EbgtB1Y7CzdiWrmpNSoq73FujByIHKcvZQo49B eb/ZaY1DHH+ekNoEUPaoHHIU2laMXqoCCBpEUVFWWcHqhZJ18ehqXGM/5sYKEE8bwI4q o5N3homEEhhLF6ueppZ3IDKFD+EXw0K09B7A+dpc4+ovowJmnYJHZ0aHAPQNDec6m31H 8OIqAJmnllGZh2K9zHPg6l1FfPfhOhmQljLNTxg5pp+RmJwTQBTod3F1IRhNAlPzVfdh gr2rEsT+KEOXeLCzHS+e/V/fpxRxx+ZfeLhJRNLjlSmE1eZHOWxPGeuQx2sqWLN+CNZ/ 3Q1Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:cc:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=g7Sx8aBpTQrCDuYolyo+1czj/D44Jx+Cc9gx9x5uvPo=; b=jIpzEu+RpcicNqz7TbJ8pLh0ErHCOyUwVGdCGrYU7yjRoHefS/alvuC0msaCoZJVVm P6k5xtQr8c6dc1pGCQHHWc9YaSCBnKc43QTgs4XKFKT2z5NP1Q8hUBJtRGEKlGvzQabU YdwmkcepQ/S6/wHjfrMQZd88AA9Df32m0ZK+tEiVVH2m2HlUpuHdwpXkdtHHo9+6+0r2 tMTrArGBXOTcQ5SDJFTRgf94yDm06Vzm+lPqyUv5T9pVv36GFllGHT8ZbbzuxMn8kNM9 okH97GR8t+xTGlDvsNf8Cyw/nwPpbKCYnoLrqbr2L1z/5ZsS9qHYHtSMqY9zurwCOzM8 rEmQ== X-Gm-Message-State: ALQs6tBKsfvdOxYfinIwv+3SSbMUOcdySNeB1vltnwHNHUAi0cgngdir w3RIGWDgPgODW4kmaCVhFX0= X-Received: by 10.28.245.9 with SMTP id t9mr1414195wmh.13.1524831303043; Fri, 27 Apr 2018 05:15:03 -0700 (PDT) Received: from [192.168.234.154] (mail2.jambit.com. [213.131.239.194]) by smtp.gmail.com with ESMTPSA id k23-v6sm1679397wrc.59.2018.04.27.05.15.01 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 27 Apr 2018 05:15:02 -0700 (PDT) Cc: mtk.manpages@gmail.com, linux-api@vger.kernel.org, linux-kernel@vger.kernel.org, Jann Horn , Serge Hallyn , Oleg Nesterov , Andy Lutomirski , Prakash Sangappa , Andrew Morton Subject: Re: [PATCH RFC v5] pidns: introduce syscall translate_pid To: Konstantin Khlebnikov , "Eric W. Biederman" , Nagarathnam Muthusamy References: <152286911105.615669.14053871624892399807.stgit@buzz> <87h8oqhagl.fsf@xmission.com> <112c7cac-1982-3a2e-ffc0-878bc5ae4bb6@yandex-team.ru> From: "Michael Kerrisk (man-pages)" Message-ID: <71d8d32b-0f59-d418-0ee4-fcc7782646ae@gmail.com> Date: Fri, 27 Apr 2018 14:15:01 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <112c7cac-1982-3a2e-ffc0-878bc5ae4bb6@yandex-team.ru> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 04/05/2018 09:02 AM, Konstantin Khlebnikov wrote: > On 05.04.2018 01:29, Eric W. Biederman wrote: >> Nagarathnam Muthusamy writes: >> >>> On 04/04/2018 12:11 PM, Konstantin Khlebnikov wrote: >>>> Each process have different pids, one for each pid namespace it belongs. >>>> When interaction happens within single pid-ns translation isn't required. >>>> More complicated scenarios needs special handling. >>>> >>>> For example: >>>> - reading pid-files or logs written inside container with pid namespace >>>> - attaching with ptrace to tasks from different pid namespace >>>> - passing pids across pid namespaces in any kind of API >>>> >>>> Currently there are several interfaces that could be used here: >>>> >>>> Pid namespaces are identified by inode number of /proc/[pid]/ns/pid. >> >> Using the inode number in interfaces is not an option. Especially not >> withou referencing the device number for the filesystem as well. > > This is supposed to be single-instance fs, > not part of proc but referenced but its magic "symlinks". > > Device numbers are not mentioned in "man namespaces". Thanks for the heads-up! That was a bug in the man-page. ioctl_ns(2) already says the right thing. Now I patches namespaces(7), as below. Cheers, Michael diff --git a/man7/namespaces.7 b/man7/namespaces.7 index 725ebaff6..3c155de7e 100644 --- a/man7/namespaces.7 +++ b/man7/namespaces.7 @@ -154,11 +154,14 @@ In Linux 3.7 and earlier, these files were visible as hard links. Since Linux 3.8, .\" commit bf056bfa80596a5d14b26b17276a56a0dcb080e5 they appear as symbolic links. -If two processes are in the same namespace, then the inode numbers of their +If two processes are in the same namespace, +then the device IDs and inode numbers of their .IR /proc/[pid]/ns/xxx symbolic links will be the same; an application can check this using the +.I stat.st_dev +and .I stat.st_ino -field returned by +fields returned by .BR stat (2). The content of this symbolic link is a string containing the namespace type and inode number as in the following example: -- Michael Kerrisk Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/ Linux/UNIX System Programming Training: http://man7.org/training/