Re: [PATCH 1/1] introduce user_ns inheritance in user-sched

From: "Serge E. Hallyn" <serge@xxxxxxxxxx>
Date: Fri, 20 Mar 2009 21:46:39 -0500

Quoting Peter Zijlstra (peterz@xxxxxxxxxxxxx):

On Thu, 2009-03-19 at 16:16 -0500, Serge E. Hallyn wrote:

In a kernel compiled with CONFIG_USER_SCHED=y, cpu shares are
allocated according to uid. Shares are specifiable under
/sys/kernel/uids/<uid>/

In a kernel compiled with CONFIG_USER_NS=y, clone(2) with the
CLONE_NEWUSER flag creates a new user namespace, and the newly
cloned task will belong to uid 0 in the new user namespace.

We seem to be adding more and more stuff for USER_SCHED, is anybody
actually using that cruft?

How far along with cgroups are we to fully simulate that behaviour?

I think if we have a capable cgroup based replacement for USER_SCHED we
should axe it from the kernel, would save lots of code...

I didn't realize that was the plan. Using PAM to move users
around cgroups? If so, then yeah that would simplify quite a bit
of code. Won't catch all setuid()s of course - I don't know
who uses USER_SCHED and if that would matter.

-serge
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Follow-Ups:
- Re: [PATCH 1/1] introduce user_ns inheritance in user-sched
  - From: Peter Zijlstra

References:
- [PATCH 1/1] introduce user_ns inheritance in user-sched
  - From: Serge E. Hallyn
- Re: [PATCH 1/1] introduce user_ns inheritance in user-sched
  - From: Peter Zijlstra

Prev by Date: Re: [RFC][PATCH -tip 1/5 V2] tracing: kprobe-tracer plugin core
Next by Date: Re: [RFC][PATCH -tip 3/5 V2] tracing: kprobe-tracer plugin supports arguments
Previous by thread: Re: [PATCH 1/1] introduce user_ns inheritance in user-sched
Next by thread: Re: [PATCH 1/1] introduce user_ns inheritance in user-sched
Index(es):
- Date
- Thread

Relevant Pages

Re: [PATCH 1/1] introduce user_ns inheritance in user-sched
... CLONE_NEWUSER flag creates a new user namespace, ... cloned task will belong to uid 0 in the new user namespace. ... How far along with cgroups are we to fully simulate that behaviour? ... should axe it from the kernel, ...
(Linux-Kernel)
Re: [PATCH 1/1] introduce user_ns inheritance in user-sched
... CLONE_NEWUSER flag creates a new user namespace, ... cloned task will belong to uid 0 in the new user namespace. ... How far along with cgroups are we to fully simulate that behaviour? ... should axe it from the kernel, ...
(Linux-Kernel)
Re: [PATCH 1/1] introduce user_ns inheritance in user-sched
... CLONE_NEWUSER flag creates a new user namespace, ... cloned task will belong to uid 0 in the new user namespace. ... I think if we have a capable cgroup based replacement for USER_SCHED we ...
(Linux-Kernel)
Re: [PATCH] Send quota messages via netlink
... In principle the uid that corresponds to a struct user depends ... belongs to exactly one user namespace. ... that file still be billed to alice's quota? ... can just always return uids in the filesystems uid namespace. ...
(Linux-Kernel)
Re: [PATCH -mm 5/7] add user namespace
... the root_user is added to the new user namespace ... It is important for uid 0 in other ... because IMHO the capability system is the ...
(Linux-Kernel)