[patch -mm 1/5] mqueue namespace : add struct mq_namespace
Eric W. Biederman
ebiederm at xmission.com
Tue Oct 2 03:59:35 PDT 2007
Cedric Le Goater <clg at fr.ibm.com> writes:
> Hello Kirill,
>
> Kirill Korotaev wrote:
>> Cedric,
>>
>> how safe does it intersect with netlinks from network namespace?
>> I see mqueues can send netlink messages, have you checked how safe it is?
>
> a ref is taken on the 'struct sock' in the mq_notify() syscall and the
> skbuff which will be send to notify the user is also allocated in the
> mq_notify() syscall. So we should be in the same net namespace when we
> register the notification and when we notify.
>
> I hope the net guys can confirm or we will easily check in the next
> -lxc patchset which will merge this patchset with netns.
>
> however, we have an issue with the signal notification in __do_notify()
> we could kill a process in a different pid namespace.
So I took a quick look at the code as it is (before this patchset)
and the taking a reference to a socket and the taking a reference to
a struct pid should do the right thing when we intersect with other
namespaces. It certainly does not look like a fundamental issue.
In practice the patchset as written does conflict with the network
namespace work in the net-2.6.24 tree so some adjustments will need
to be made.
Eric
More information about the Containers
mailing list