Re: [PATCH v4] pidns: introduce syscall translate_pid

From: Andy Lutomirski
Date: Tue Oct 17 2017 - 18:02:56 EST

Next message: Jaegeuk Kim: "Re: [PATCH] f2fs: expose some sectors to user in inline data or dentry case"
Previous message: David Daney: "Re: [PATCH] mdt: slram: use memremap() instead of ioremap()"
In reply to: Prakash Sangappa: "Re: [PATCH v4] pidns: introduce syscall translate_pid"
Next in thread: prakash sangappa: "Re: [PATCH v4] pidns: introduce syscall translate_pid"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Oct 17, 2017 at 8:38 AM, Prakash Sangappa
<prakash.sangappa@xxxxxxxxxx> wrote:
>
>
> On 10/16/17 5:52 PM, Andy Lutomirski wrote:
>>
>> On Mon, Oct 16, 2017 at 3:54 PM, prakash.sangappa
>> <prakash.sangappa@xxxxxxxxxx> wrote:
>>>
>>>
>>> On 10/16/2017 03:07 PM, Nagarathnam Muthusamy wrote:
>>>>
>>>>
>>>>
>>>> On 10/16/2017 02:36 PM, Andrew Morton wrote:
>>>>>
>>>>> On Sat, 14 Oct 2017 11:17:47 +0300 Konstantin Khlebnikov
>>>>> <khlebnikov@xxxxxxxxxxxxxx> wrote:
>>>>>
>>>>>>>>> pid_t translate_pid(pid_t pid, int source, int target);
>>>>>>>>>
>>>>>>>>> This syscall converts pid from source pid-ns into pid in target
>>>>>>>>> pid-ns.
>>>>>>>>> If pid is unreachable from target pid-ns it returns zero.
>>>>>>>>>
>>>>>>>>> Pid-namespaces are referred file descriptors opened to proc files
>>>>>>>>> /proc/[pid]/ns/pid or /proc/[pid]/ns/pid_for_children. Negative
>>>>>>>>> argument
>>>>>>>>> refers to current pid namespace, same as file /proc/self/ns/pid.
>>>>>>>>>
>>>>>>>>> Kernel expose virtual pids in /proc/[pid]/status:NSpid, but
>>>>>>>>> backward
>>>>>>>>> translation requires scanning all tasks. Also pids could be
>>>>>>>>> translated
>>>>>>>>> by sending them through unix socket between namespaces, this method
>>>>>>>>> is
>>>>>>>>> slow and insecure because other side is exposed inside pid
>>>>>>>>> namespace.
>>>>>>
>>>>>> Andrew asked why we might need this.
>>>>>>
>>>>>> Such conversion is required for interaction between processes across
>>>>>> pid-namespaces.
>>>>>> For example to identify process in container by pid file looking from
>>>>>> outside.
>>>>>>
>>>>>> Two years ago I've solved this in project of mine with monstrous code
>>>>>> which
>>>>>> forks couple times just to convert pid, lucky for me performance
>>>>>> wasn't
>>>>>> important.
>>>>>
>>>>> That's a single user who needed this a single time, and found a
>>>>> userspace-based solution anyway. This is not exactly compelling!
>>>>>
>>>>> Is there a stronger case to be made? How does this change benefit our
>>>>> users? Sell it to us!
>>>>
>>>> Oracle database is planning to use pid namespace for sandboxing database
>>>> instances and they need an API similar to translate_pid to effectively
>>>> translate process IDs from other pid namespaces. Prakash (cced in mail)
>>>> can
>>>> provide more details on this usecase.
>>>
>>>
>>> As Nagarathnam indicated, Oracle Database will be using pid namespaces
>>> and
>>> needs a direct method of converting pids of processes in the pid
>>> namespace
>>> hierarchy. In this use case multiple
>>> nested PID namespaces will be used. The currently available mechanism
>>> are
>>> not very efficient for this use case. For ex. as Konstantin described,
>>> using
>>> /proc/<pid>/status would require the application to scan all the pid's
>>> status files to determine the pid of given process in a child namespace.
>>>
>>> Use of SCM_CREDENTIALS's socket message is another way, which would
>>> require
>>> every process starting inside a pid namespace to send this message and
>>> the
>>> receiving process in the target namespace would have to save the
>>> converted
>>> pid and reference it. This mechanism becomes cumbersome especially if the
>>> application has to deal with multiple nested pid namespaces. Also, the
>>> Database needs to be able to convert a thread's global pid(gettid()).
>>> Passing the thread's pid(gettid()) in SCM_CREDENTIALS message requires
>>> CAP_SYS_ADMIN, which is an issue.
>>>
>>> So having a direct method, like the API that Konstantin is proposing,
>>> will
>>> work best for the Database
>>> since pid of a process in any of the nested pid namespaces can be
>>> converted
>>> as and when required. I think with the proposed API, the application
>>> should
>>> be able to convert pid of a process or tid(gettid()) of a thread as well.
>>>
>>
>> Can you explain what Oracle's database is planning to do with this
>> information?
>
>
> Database uses the PID to programmatically find out if the process/thread is
> alive(kill 0) also send signals to the processes requesting it to dump
> status/debug information and kill the processes in case of a shutdown abort
> of the instance.

What I'm wondering is: how does the caller of kill() end up
controlling a task whose pid it doesn't know in its own namespace?

>
> -Prakash.
>
>

Next message: Jaegeuk Kim: "Re: [PATCH] f2fs: expose some sectors to user in inline data or dentry case"
Previous message: David Daney: "Re: [PATCH] mdt: slram: use memremap() instead of ioremap()"
In reply to: Prakash Sangappa: "Re: [PATCH v4] pidns: introduce syscall translate_pid"
Next in thread: prakash sangappa: "Re: [PATCH v4] pidns: introduce syscall translate_pid"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]