Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp5149363pxj;
        Wed, 9 Jun 2021 10:13:51 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJwPCRwrPZc4+RxPls6ALLtF1t7mkRk3c6ZNZc9AWx6CLqn02rP6X/zophgn63NTZgysoV2j
X-Received: by 2002:a05:6402:1705:: with SMTP id y5mr488254edu.232.1623258831146;
        Wed, 09 Jun 2021 10:13:51 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1623258831; cv=none;
        d=google.com; s=arc-20160816;
        b=psxI4n6Tx55uucAuGDOJOKyP79WLkGNlyG/w28fi4MbFEpnR346I2jQuJZ7PujeXPi
         6EzyLAU20Yzk1rgWcmKvixjX5fbEKLETu4jglKT8LpPWjtMxbg1otQDUwG4Cw1vza5Fe
         8qCnOqJg5MwaGts2tp3SW7o9gja0F2DfNs9uhcqBngh04Kuz0yX6kmA0T1NrNlRxipwT
         0b3MDknG/enSC59xLvDbZ/mlE59376gdabFRn+VbRjkfKW5v3/5Y5qaFn789DAOcyB64
         ISzGFI9C/h4/1sxoR7zgVaqRb0wedrl0zYEJjr1W1LN/ozDyEUvYkxCqi6nk33ntTLm5
         JjPg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date;
        bh=8B5M8ilUou7etMm3B480buUsrHc0v21UN+g46nJvGsc=;
        b=aVQO1xY+wdbeY5Exsy8sPbK4jykTDiaPrlSRcxhF5zRDeo0uMg6jb87zwj46OWQ9pS
         duigyNiBN6OUmDz7Z7VN3eoovAlwngIrlLNqyXwj4krzEd4cfZtmPE8EbDlnJhfEhbT1
         IaAFR9XIGSYXDePcJ4P9c7jV/ogm9e0ZsTDvtt2V9AlyJFpwIcwWhPEczYZbdO2ctCb0
         rC66TAJwDEH/gRiEBovuwPkf9iPMCW1QI6hDGWRZHLbze0madlQmyitsnKUdIEOM8Nx1
         nWoE7wnZmLzYlQ6WCEXEQYWUGhUaYatIdagC2ujomwLnuHQnIqNPPiMLxfkiaErh1T9r
         zPeQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id z71si226554ede.151.2021.06.09.10.13.26;
        Wed, 09 Jun 2021 10:13:51 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S236909AbhFIILS (ORCPT <rfc822;luscent@gmail.com> + 99 others);
        Wed, 9 Jun 2021 04:11:18 -0400
Received: from mail.kernel.org ([198.145.29.99]:57812 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S236372AbhFIILR (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 9 Jun 2021 04:11:17 -0400
Received: by mail.kernel.org (Postfix) with ESMTPSA id 257BE61361;
        Wed,  9 Jun 2021 08:09:20 +0000 (UTC)
Date:   Wed, 9 Jun 2021 10:09:18 +0200
From:   Christian Brauner <christian.brauner@ubuntu.com>
To:     Hannes Reinecke <hare@suse.de>
Cc:     "Eric W. Biederman" <ebiederm@xmission.com>,
        gregkh@linuxfoundation.org, containers@lists.linux.dev,
        linux-kernel@vger.kernel.org, lkml@metux.net
Subject: Re: device namespaces
Message-ID: <20210609080918.ma2klvxkjad4pjrn@wittgenstein>
References: <YL9liW99Ytf6uBlu@kroah.com>
 <9157affa-b27a-c0f4-f6ee-def4a991fd4e@suse.de>
 <20210608142911.ievp2rpuquxjuyus@wittgenstein>
 <d956398e-7ee6-ba36-43cc-4cdcea34b5b9@suse.de>
 <877dj4ff9g.fsf@disp2133>
 <20210609063818.xnod4rzvti3ujkvn@wittgenstein>
 <b9ea9116-7120-b0a7-b739-dd8513e12c5e@suse.de>
 <20210609072108.ldhsxfnfql4pacqx@wittgenstein>
 <85a0d777-dea6-9574-8946-9fc8f912c1af@suse.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <85a0d777-dea6-9574-8946-9fc8f912c1af@suse.de>
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, Jun 09, 2021 at 09:54:05AM +0200, Hannes Reinecke wrote:
> On 6/9/21 9:21 AM, Christian Brauner wrote:
> > On Wed, Jun 09, 2021 at 09:02:36AM +0200, Hannes Reinecke wrote:
> >> On 6/9/21 8:38 AM, Christian Brauner wrote:
> >>> On Tue, Jun 08, 2021 at 12:16:43PM -0500, Eric W. Biederman wrote:
> >>>> Hannes Reinecke <hare@suse.de> writes:
> >>>>
> >>>>> On 6/8/21 4:29 PM, Christian Brauner wrote:
> >>>>>> On Tue, Jun 08, 2021 at 04:10:08PM +0200, Hannes Reinecke wrote:
> >> [ .. ]
> >>>>> Granted, modifying sysfs layout is not something for the faint-hearted,
> >>>>> and one really has to look closely to ensure you end up with a
> >>>>> consistent layout afterwards.
> >>>>>
> >>>>> But let's see how things go; might well be that it turns out to be too
> >>>>> complex to consider. Can't tell yet.
> >>>>
> >>>> I would suggest aiming for something like devptsfs without the
> >>>> complication of /dev/ptmx.
> >>>>
> >>>> That is a pseudo filesystem that has a control node and virtual block
> >>>> devices that were created using that control node.
> >>>
> >>> Also see android/binder/binderfs.c
> >>>
> >> Ah. Will have a look.
> > 
> > I implemented this a few years back and I think it should've made it
> > onto Android by default now. So that approach does indeed work well, it
> > seems:
> > https://chromium.googlesource.com/aosp/platform/system/core/+/master/rootdir/init.rc#257
> > 
> > This should be easier to follow than the devpts case because you don't
> > need to wade through the {t,p}ty layer.
> > 
> >>
> >>>>
> >>>> That is the cleanest solution I know and is not strictly limited to use
> >>>> with containers so it can also gain greater traction.  The interaction
> >>>> with devtmpfs should be simply having devtmpfs create a mount point for
> >>>> that filesystem.
> >>>>
> >>>> This could be a new cleaner api for things like loopback devices.
> >>>
> >>> I sent a patchset that implemented this last year.
> >>>
> >> Do you have a pointer/commit hash for this?
> > 
> > Yes, sure:
> > https://lore.kernel.org/linux-block/20200424162052.441452-1-christian.brauner@ubuntu.com/
> > 
> > You can also just pull my branch. I think it's still based on v5.7 or sm:
> > https://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux.git/log/?h=loopfs
> > 
> > I'm happy to collaborate on this too.
> >
> How _very_ curious. 'kernfs: handle multiple namespace tags' and 'loop:
> preserve sysfs backwards compability' are essentially the same patches I
> did for my block namespaces prototyp; I named it 'KOBJ_NS_TYPE_BLK', not
> 'KOBJ_NS_TYPE_USER', though :-)
> 
> Guess we really should cooperate.
> 
> Speaking of which: why did you name it 'user' namespace?
> There already is a generic 'user_namespace' in
> include/linux/user_namespace.h, serving as a container for all
> namespaces; as such it probably should include this 'user' namespace,
> leading to quite some confusion.
> 
> Or did I misunderstood something here?

Ah yes, you misunderstand. The KOBJ_NS_TYPE_* tags are namespace tags.
So KOBJ_NS_TYPE_NET is a network namespace tag. So KOBJ_NS_TYPE_USER is
a user namespace tag not a completely new namespace. The idea very
roughly being that devices such as loop devices are ultimately filtered
by user namespace which is taken from the s_user_ns the loopfs instance
is mounted in. We should compare notes.

Christian