Re: [PATCH 2/2] net: Implement SO_PEERCGROUP

From: Vivek Goyal
Date: Thu Mar 13 2014 - 15:54:02 EST

Next message: Andi Kleen: "[PATCH] perf, tools: Add script to easily decode addresses"
Previous message: Tejun Heo: "[PATCH 04/11] cgroup: use cgroup_setup_root() to initialize cgroup_dummy_root"
In reply to: Tim Hockin: "Re: [PATCH 2/2] net: Implement SO_PEERCGROUP"
Next in thread: Andy Lutomirski: "Re: [PATCH 2/2] net: Implement SO_PEERCGROUP"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Mar 13, 2014 at 10:55:16AM -0700, Andy Lutomirski wrote:

[..]
> >> 2. Docker is a container system, so use the "container" (aka
> >> namespace) APIs. There are probably several clever things that could
> >> be done with /proc/<pid>/ns.
> >
> > pid is racy, if it weren't I would simply go straight
> > to /proc/<pid>/cgroups ...
>
> How about:
>
> open("/proc/self/ns/ipc", O_RDONLY);
> send the result over SCM_RIGHTS?

As I don't know I will ask. So what will server now do with this file
descriptor of client's ipc namespace.

IOW, what information/identifier does it contain which can be
used to map to pre-configrued per container/per namespace policies.

Thanks
Vivek
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andi Kleen: "[PATCH] perf, tools: Add script to easily decode addresses"
Previous message: Tejun Heo: "[PATCH 04/11] cgroup: use cgroup_setup_root() to initialize cgroup_dummy_root"
In reply to: Tim Hockin: "Re: [PATCH 2/2] net: Implement SO_PEERCGROUP"
Next in thread: Andy Lutomirski: "Re: [PATCH 2/2] net: Implement SO_PEERCGROUP"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]