Re: [RFC][PATCH 01/20] pid: Intoduce the concept of a wid (wait id)

From: Eric W. Biederman
Date: Sat Feb 11 2006 - 04:30:09 EST

Next message: iSteve: "Packet writing issue on 2.6.15.1"
Previous message: Andrew Morton: "Re: 2.6.16-rc2-mm1 -- BUG: warning atdrivers/ieee1394/ohci1394.c:235/get_phy_reg()"
In reply to: Kirill Korotaev: "Re: [RFC][PATCH 01/20] pid: Intoduce the concept of a wid (wait id)"
Next in thread: Kirill Korotaev: "Re: [RFC][PATCH 01/20] pid: Intoduce the concept of a wid (wait id)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Kirill Korotaev <dev@xxxxx> writes:

> Eric,
>
> 1. I would rename wid to wpid :)
:)

> 2. Maybe I'm missing something in the discussions, but why is it required? if
> you provide fully isolated pid spaces, why do you care for wid?
> And how ptrace can work at all if cldstop reports some pid, but child is not
> accessiable via ptrace()? and if it doesn't work, what are your changes for?

A good question.

My pid spaces while isolated from each other are connected together in
something that resembles the mount relationship when mounting a filesystem.

The init process of a child pspace is visible in the parent pspace,
by it's wid. So you should be able to ptrace pid == 1. The other
children remain inaccessible directly.

The idea was to do my very best to preserve the unix process tree when
constructing a separate pid space.

I have to admit I have not yet tested the ptrace corner case, or
digested all of it's ramifications. Unless I have messed up somewhere
it should just work.

This visibility of the child tree by a single pid inside the parent
tree is why I think my approach doesn't suffer from most of the
problems a completely isolated pid space has.

In fact I would even be willing to look at it as a global but
hierarchical pid space if that proved an interesting case.
So you could have something like pkill(int sig, int which, char *pid_path).
Where pid_path is something like "1537/3/58", and which specified
what kind of pid you are talking about (thread, pid, process group...)

>From a security stand point I want the option of a fully isolated
group of processes, so there is a possibility of keeping secrets from
the system administrator, but there is no reason that needs to be tied
to a pid space.

Eric
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: iSteve: "Packet writing issue on 2.6.15.1"
Previous message: Andrew Morton: "Re: 2.6.16-rc2-mm1 -- BUG: warning atdrivers/ieee1394/ohci1394.c:235/get_phy_reg()"
In reply to: Kirill Korotaev: "Re: [RFC][PATCH 01/20] pid: Intoduce the concept of a wid (wait id)"
Next in thread: Kirill Korotaev: "Re: [RFC][PATCH 01/20] pid: Intoduce the concept of a wid (wait id)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]