On Thu, 23 May 2013 14:32:51 -0700
ebied...@xmission.com (Eric W. Biederman) wrote:
> "J. Bruce Fields" writes:
>
> > On Thu, May 23, 2013 at 03:55:47PM -0400, J. Bruce Fields wrote:
> >> On Thu, May 23, 2013 at 09:05:26AM -0400, Jeff Layton wrote:
> >> > What might help most here is to lay out
24.05.2013 01:32, Eric W. Biederman пишет:
"J. Bruce Fields" writes:
On Thu, May 23, 2013 at 03:55:47PM -0400, J. Bruce Fields wrote:
On Thu, May 23, 2013 at 09:05:26AM -0400, Jeff Layton wrote:
What might help most here is to lay out a particular scenario for how
you envision setting up knf
23.05.2013 23:55, J. Bruce Fields пишет:
On Thu, May 23, 2013 at 09:05:26AM -0400, Jeff Layton wrote:
On Thu, 23 May 2013 15:25:20 +0300
I'm not familiar with nfsdcltrack but I would imagine it receives it's
information from
Kernel as a command line parameters.
Would it not be the simplest ap
"J. Bruce Fields" writes:
> On Thu, May 23, 2013 at 03:55:47PM -0400, J. Bruce Fields wrote:
>> On Thu, May 23, 2013 at 09:05:26AM -0400, Jeff Layton wrote:
>> > What might help most here is to lay out a particular scenario for how
>> > you envision setting up knfsd in a container so we can ensur
On Thu, May 23, 2013 at 03:55:47PM -0400, J. Bruce Fields wrote:
> On Thu, May 23, 2013 at 09:05:26AM -0400, Jeff Layton wrote:
> > What might help most here is to lay out a particular scenario for how
> > you envision setting up knfsd in a container so we can ensure that it's
> > addressed properl
On Thu, May 23, 2013 at 09:05:26AM -0400, Jeff Layton wrote:
> On Thu, 23 May 2013 15:25:20 +0300
> > I'm not familiar with nfsdcltrack but I would imagine it receives it's
> > information from
> > Kernel as a command line parameters.
> >
> > Would it not be the simplest approach to add a --chroo
On Wed, May 22, 2013 at 08:37:23PM -0700, Eric W. Biederman wrote:
> "J. Bruce Fields" writes:
>
> > On Wed, May 22, 2013 at 11:35:56AM -0700, Eric W. Biederman wrote:
> >> ebied...@xmission.com (Eric W. Biederman) writes:
> >>
> >> > I am missing a lot of context here and capturing the context
On Thu, 23 May 2013 15:25:20 +0300
Boaz Harrosh wrote:
> On 23/05/13 14:58, Stanislav Kinsbursky wrote:
> > 23.05.2013 15:56, Jeff Layton пишет:
> >> On Thu, 23 May 2013 15:38:17 +0400
> >> Stanislav Kinsbursky wrote:
> >>
> >>> 23.05.2013 15:31, Jeff Layton пишет:
> On Thu, 23 May 2013 14:
On 23/05/13 14:58, Stanislav Kinsbursky wrote:
> 23.05.2013 15:56, Jeff Layton пишет:
>> On Thu, 23 May 2013 15:38:17 +0400
>> Stanislav Kinsbursky wrote:
>>
>>> 23.05.2013 15:31, Jeff Layton пишет:
On Thu, 23 May 2013 14:35:53 +0400
Stanislav Kinsbursky wrote:
> 23.05.2013 14:
23.05.2013 15:56, Jeff Layton пишет:
On Thu, 23 May 2013 15:38:17 +0400
Stanislav Kinsbursky wrote:
23.05.2013 15:31, Jeff Layton пишет:
On Thu, 23 May 2013 14:35:53 +0400
Stanislav Kinsbursky wrote:
23.05.2013 14:00, Eric W. Biederman пишет:
Stanislav Kinsbursky writes:
22.05.2013 21:
On Thu, 23 May 2013 15:38:17 +0400
Stanislav Kinsbursky wrote:
> 23.05.2013 15:31, Jeff Layton пишет:
> > On Thu, 23 May 2013 14:35:53 +0400
> > Stanislav Kinsbursky wrote:
> >
> >> 23.05.2013 14:00, Eric W. Biederman пишет:
> >>> Stanislav Kinsbursky writes:
> >>>
> 22.05.2013 21:33, Eric
23.05.2013 15:31, Jeff Layton пишет:
On Thu, 23 May 2013 14:35:53 +0400
Stanislav Kinsbursky wrote:
23.05.2013 14:00, Eric W. Biederman пишет:
Stanislav Kinsbursky writes:
22.05.2013 21:33, Eric W. Biederman пишет:
Stanislav Kinsbursky writes:
Usermode helper executes all binaries in g
On Thu, 23 May 2013 14:35:53 +0400
Stanislav Kinsbursky wrote:
> 23.05.2013 14:00, Eric W. Biederman пишет:
> > Stanislav Kinsbursky writes:
> >
> >> 22.05.2013 21:33, Eric W. Biederman пишет:
> >>> Stanislav Kinsbursky writes:
> >>>
> Usermode helper executes all binaries in global "init"
23.05.2013 14:00, Eric W. Biederman пишет:
Stanislav Kinsbursky writes:
22.05.2013 21:33, Eric W. Biederman пишет:
Stanislav Kinsbursky writes:
Usermode helper executes all binaries in global "init" root context. This
doesn't allow to call a binary from other root context (for example in a
Stanislav Kinsbursky writes:
> 22.05.2013 21:33, Eric W. Biederman пишет:
>> Stanislav Kinsbursky writes:
>>
>>> Usermode helper executes all binaries in global "init" root context. This
>>> doesn't allow to call a binary from other root context (for example in a
>>> container).
>>> Currently, b
22.05.2013 22:35, Eric W. Biederman пишет:
ebied...@xmission.com (Eric W. Biederman) writes:
I am missing a lot of context here and capturing the context of a
process at time time we mount the filesystem and reconstituing it in
call user mode helper seems like something we could do.
If we wan
22.05.2013 21:33, Eric W. Biederman пишет:
Stanislav Kinsbursky writes:
Usermode helper executes all binaries in global "init" root context. This
doesn't allow to call a binary from other root context (for example in a
container).
Currently, both containerized NFS client and NFS server require
"J. Bruce Fields" writes:
> On Wed, May 22, 2013 at 11:35:56AM -0700, Eric W. Biederman wrote:
>> ebied...@xmission.com (Eric W. Biederman) writes:
>>
>> > I am missing a lot of context here and capturing the context of a
>> > process at time time we mount the filesystem and reconstituing it in
On Wed, May 22, 2013 at 11:35:56AM -0700, Eric W. Biederman wrote:
> ebied...@xmission.com (Eric W. Biederman) writes:
>
> > I am missing a lot of context here and capturing the context of a
> > process at time time we mount the filesystem and reconstituing it in
> > call user mode helper seems li
ebied...@xmission.com (Eric W. Biederman) writes:
> I am missing a lot of context here and capturing the context of a
> process at time time we mount the filesystem and reconstituing it in
> call user mode helper seems like something we could do.
If we want to do something like this the only sane
Stanislav Kinsbursky writes:
> Usermode helper executes all binaries in global "init" root context. This
> doesn't allow to call a binary from other root context (for example in a
> container).
> Currently, both containerized NFS client and NFS server requires an ability to
> execute a binary in
On 05/22, Stanislav Kinsbursky wrote:
>
> +static int umh_set_fs_root(struct subprocess_info *info, struct cred *new)
> +{
> + set_fs_root(current->fs, info->data);
> + return 0;
> +}
> +
> +/*
> + * Call a usermode helper with a specific fs root.
> + *
> + * The caller must hold extra refe
Usermode helper executes all binaries in global "init" root context. This
doesn't allow to call a binary from other root context (for example in a
container).
Currently, both containerized NFS client and NFS server requires an ability to
execute a binary in a container's root context. Root swap can
23 matches
Mail list logo
