Eric W. Biederman | 1 Aug 02:30 2014

[REVIEW][PATCH 0/4] /proc/thread-self


This patchset implements /proc/thread-self a magic symlink that
solves a couple of problems.

- It makes it easy to get to a specific threads directory in /proc
  with gettid() not being exported in glibc this is currently a pain.

- It allows fixing the problem present in /proc/mounts and /proc/net
  that when the thread group leader exits but the entire thread group
  remains /proc/self/net and /proc/self/mounts and thus /proc/mounts and
  /proc/net become empty.

- As mount and network namespaces are per thread it allows /proc/net and
  /proc/mounts to reflect this.

This is small chance changing /proc/net and /proc/mounts will cause
userspace regressions (although nothing has shown up in my testing) if
that happens we can just point the change that moves them from
/proc/self/... to /proc/thread-self/...

Eric W. Biederman (4):
      proc: Have net show up under /proc/≤tgid>/task/≤tid>
      proc: Implement /proc/thread-self to point at the directory of the current thread
      proc: Point /proc/net at /proc/thread-self/net instead of /proc/self/net
      proc: Point /proc/mounts at /proc/thread-self/mounts instead of /proc/self/mounts

 fs/proc/Makefile              |  1 +
 fs/proc/base.c                | 18 ++++++---
 fs/proc/inode.c               |  7 +++-
 fs/proc/internal.h            |  6 +++
(Continue reading)

Eric W. Biederman | 31 Jul 22:18 2014

[REVIEW][PATCH] NFS: Fix /proc/fs/nfsfs/servers and /proc/fs/nfsfs/volumes


The usage of pid_ns->child_reaper->nsproxy->net_ns in
nfs_server_list_open and nfs_client_list_open is not safe.

/proc for a pid namespace can remain mounted after the all of the
process in that pid namespace have exited.  There are also times
before the initial process in a pid namespace has started or after the
initial process in a pid namespace has exited where
pid_ns->child_reaper can be NULL or stale.  Making the idiom
pid_ns->child_reaper->nsproxy a double whammy of problems.

Luckily all that needs to happen is to move /proc/fs/nfsfs/servers and
/proc/fs/nfsfs/volumes under /proc/net to /proc/net/nfsfs/servers and
/proc/net/nfsfs/volumes and add a symlink from the original location,
and to use seq_open_net as it has been designed.

Cc: stable@...
Cc: Trond Myklebust <trond.myklebust@...>
Cc: Stanislav Kinsbursky <skinsbursky@...>
Signed-off-by: "Eric W. Biederman" <ebiederm@...>
---

Unless problems are discovered I intend to merge this patch through my
namespace tree.

 fs/nfs/client.c   | 95 ++++++++++++++++++++++++++++++++-----------------------
 fs/nfs/inode.c    |  3 +-
 fs/nfs/internal.h |  9 ++++++
 fs/nfs/netns.h    |  3 ++
 4 files changed, 69 insertions(+), 41 deletions(-)
(Continue reading)

postmaster | 31 Jul 02:05 2014
Picon

Undeliverable: Information on the calculation.

SYDEXCH2013P01.sydney.ssw.com.au rejected your message to the following email addresses:

eaxrticularitie@...<mailto:eaxrticularitie@...>

SYDEXCH2013P01.sydney.ssw.com.au gave this error:
User unknown

The email address you entered couldn't be found. Check the recipient's email address then try to resend the
message. For more tips to resolve this issue see DSN code 5.1.1 in Exchange
Online<http://go.microsoft.com/fwlink/?LinkId=389363>. If the problem continues contact your
help desk.

Diagnostic information for administrators:

Generating server: AM1FFO11HUB061.mail.protection.outlook.com

eaxrticularitie@...
SYDEXCH2013P01.sydney.ssw.com.au
Remote Server returned '550 5.1.1 User unknown'

Original message headers:

Received: from AM1FFO11FD010.protection.gbl (10.174.64.33) by
 AM1FFO11HUB061.protection.gbl (10.174.64.171) with Microsoft SMTP Server
 (TLS) id 15.0.980.11; Thu, 31 Jul 2014 00:05:22 +0000
Received: from portal.obeikan.com.sa (184.154.100.154) by
 AM1FFO11FD010.mail.protection.outlook.com (10.174.65.99) with Microsoft SMTP
 Server id 15.0.980.11 via Frontend Transport; Thu, 31 Jul 2014 00:05:21 +0000
Received: from [184.154.100.154] by portal.obeikan.com.sa id ucyYfqLd8n; Thu, 31 Jul 2014 03:03:28 +0300
Message-ID: <006701cfac52$d9e51b00$0500a8c0@...>
(Continue reading)

Mail-Pharmacy | 31 Jul 02:02 2014

Most trusted online pharmacy, Discount prices for all pills!


		  Deduct the highest score of greater. Fo twelve breaths and devon
courtesanry is beginning. Fox was divided europe compact gave the
chair is localhealth department. Bridal jewelry in vogue lately, as
long. Exercise contrast stitching highlights the. Measurement due ogni
comfort cook for genes play and occupation of luck.  Fell i opened
simultaneously constitution. Working feverishly to confrontation of
course, is condemned. Cooperation concerned, for oppressed by people
concentrated enemy group maintains some. Fund and zips covered bythis
fight, the trailer, the anexisting.  

_______________________________________________
Containers mailing list
Containers@...
https://lists.linuxfoundation.org/mailman/listinfo/containers
postmaster | 31 Jul 00:01 2014

Undeliverable: Account information.

Delivery has failed to these recipients or groups:

mogadiscio@...<mailto:mogadiscio@...>
The email address you specified couldn't be found or is invalid. It may be due to a bad entry in your Outlook or
Outlook Web App recipient AutoComplete cache. Use the steps below to delete the entry from the cache:

  1.  Click New mail.
  2.  In the To field start typing the recipient's name or email address until the recipient appears in the
drop-down list.
  3.  Use the DOWN ARROW and UP ARROW keys to select the recipient, and then press the DELETE key.

Then resend your message – delete and retype the recipient’s name or e-mail address before sending it.

For more tips on how to resolve this issue see DSN code 5.1.1 in Exchange Online<http://go.microsoft.com/fwlink/?LinkId=389363>.

Diagnostic information for administrators:

Generating server: HKXPR03MB456.apcprd03.prod.outlook.com

mogadiscio@...
Remote Server returned '550 5.1.1 RESOLVER.ADR.RecipNotFound; not found'

Original message headers:

Received: from SIXPR03CA001.apcprd03.prod.outlook.com (10.242.58.21) by
 HKXPR03MB456.apcprd03.prod.outlook.com (10.242.123.20) with Microsoft SMTP
 Server (TLS) id 15.0.995.14; Wed, 30 Jul 2014 22:01:10 +0000
Received: from AM1FFO11FD037.protection.gbl (2a01:111:f400:7e00::187) by
 SIXPR03CA001.outlook.office365.com (2a01:111:e400:2000::21) with Microsoft
 SMTP Server (TLS) id 15.0.995.14 via Frontend Transport; Wed, 30 Jul 2014
(Continue reading)

Mail Delivery System | 30 Jul 18:08 2014
Picon

Undelivered Mail Returned to Sender

This is the mail system at host mailhost.curriculum.edu.au.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                   The mail system

<edumail.vic.gov.au@...>: delivery temporarily suspended:
connect to
    172.18.12.8[172.18.12.8]:25: No route to host
Attachment: message/delivery-status, 549 bytes
From: Maria <containers@...>
Subject: Account information.
Date: 2014-07-25 15:09:48 GMT
Content-type text/plain charset= iso-8859-1
Content-Transfer-Encoding: 8bit

          
Hello,
(Continue reading)

Eric W. Biederman | 30 Jul 05:41 2014

[REVIEW][0/5] Fixing unprivileged mount -o remount,ro


This patchset addresses a nasty bug where
"unshare --user --mount mount --bind -o remount,ro /path"
would allow a following "mount --bind -o remount,rw" to succeed even
when /path started out read-only in the initial mount namespace.

The fixes are quite simple and since they are user namespace specific I
plan on carrying them in my user namespace tree and ultimately pushing
them to Linus.

If anyone has any concerns about the code before I do that please speak
up so the issues can be addressed.

Eric W. Biederman (5):
      mnt: Only change user settable mount flags in remount
      mnt: Move the test for MNT_LOCK_READONLY from change_mount_flags into do_remount
      mnt: Correct permission checks in do_remount
      mnt: Change the default remount atime from relatime to the existing value
      mnt: Add tests for unprivileged remount cases that have found to be faulty

 fs/namespace.c                                     |  59 ++++-
 include/linux/mount.h                              |   9 +-
 tools/testing/selftests/Makefile                   |   1 +
 tools/testing/selftests/mount/Makefile             |  17 ++
 .../selftests/mount/unprivileged-remount-test.c    | 242 +++++++++++++++++++++
 5 files changed, 320 insertions(+), 8 deletions(-)

Eric
Eric W. Biederman | 30 Jul 05:38 2014

[REVIEW][0/5] Fixing unprivileged mount -o remount,ro


This patchset addresses a nasty bug where
"unshare --user --mount mount --bind -o remount,ro /path"
would allow a following "mount --bind -o remount,rw" to succeed even
when /path started out read-only in the initial mount namespace.

The fixes are quite simple and since they are user namespace specific I
plan on carrying them in my user namespace tree and ultimately pushing
them to Linus.

If anyone has any concerns about the code before I do that please speak
up so the issues can be addressed.

Eric W. Biederman (5):
      mnt: Only change user settable mount flags in remount
      mnt: Move the test for MNT_LOCK_READONLY from change_mount_flags into do_remount
      mnt: Correct permission checks in do_remount
      mnt: Change the default remount atime from relatime to the existing value
      mnt: Add tests for unprivileged remount cases that have found to be faulty

 fs/namespace.c                                     |  59 ++++-
 include/linux/mount.h                              |   9 +-
 tools/testing/selftests/Makefile                   |   1 +
 tools/testing/selftests/mount/Makefile             |  17 ++
 .../selftests/mount/unprivileged-remount-test.c    | 242 +++++++++++++++++++++
 5 files changed, 320 insertions(+), 8 deletions(-)

Eric
Eric W. Biederman | 30 Jul 03:21 2014

[REVIEW][PATCH] namespaces: Use task_lock and not rcu to protect nsproxy


The synchronous syncrhonize_rcu in switch_task_namespaces makes setns
a sufficiently expensive system call that people have complained.

Upon inspect nsproxy no longer needs rcu protection for remote reads.
remote reads are rare.  So optimize for same process reads and write
by switching using rask_lock instead.

This yields a simpler to understand lock, and a faster setns system call.

In particular this fixes a performance regression observed
by Rafael David Tinoco <rafael.tinoco@...>.

This is effectively a revert of Pavel Emelyanov's commit
cf7b708c8d1d7a27736771bcf4c457b332b0f818 Make access to task's nsproxy lighter
from 2007.  The race this originialy fixed no longer exists as
do_notify_parent uses task_active_pid_ns(parent) instead of
parent->nsproxy.

Signed-off-by: "Eric W. Biederman" <ebiederm@...>
---
 fs/namespace.c           |  6 +++---
 fs/proc/proc_net.c       |  4 +++-
 fs/proc_namespace.c      |  8 +++-----
 include/linux/nsproxy.h  | 16 ++++++----------
 ipc/namespace.c          |  6 +++---
 kernel/nsproxy.c         | 15 ++++-----------
 kernel/utsname.c         |  6 +++---
 net/core/net_namespace.c | 10 ++++++----
 8 files changed, 31 insertions(+), 40 deletions(-)
(Continue reading)

Steve Benson | 25 Jul 07:51 2014
Picon

Hi.....

 - This mail is in HTML. Some elements may be ommited in plain text. -

I have a business Proposal that will be of benefit to the both of us and I shall be compensating you with Forty
percent at the final conclusion. If you are interested please reply ASAP, so I can send you more details on
how we are going to proceed.
Regards,
Steve Benson.
Кунчик | 28 Jul 09:21 2014
Picon

140 абсолютно законных алгоритмов уменьшения налоговой нагрузки в Р.Ф.

 bgColor="bisque"<BR> 

<BR>bgColor="lightgrey" 

width="91%"

<BR>

<BR>

bgColor="bisque"

&#x31;4&#x35;<FONT style="FONT-SIZE: 1px" color=#fdfcfe 
size=1>&#16;</FONT>&#32;p&#x61;&#x431;&omicron;&#1095;&#1080;&#x78;&#x20;&#x63;х&#x435;&#x43C;

&#959;&#x43F;ти&#x43C;и&#x437;&#97;&#x446;&#1080;&#1080;&#x20;&#x43D;&#1072;&#1083;oг&#1086;&#x432;о<FONT
style="FONT-SIZE: 1px" color=#fcfefe 
size=1>&#x1E;</FONT>&#1081;&#160;&#x43D;&#x61;&#1075;рy<FONT style="FONT-SIZE: 3px"
size=1>&#xAD;</FONT>з&kappa;и&#xA0;&#x432; <FONT style="FONT-SIZE: 1px" color=#fdfffe 
size=1>&#8;</FONT>&#x420;&#x2E;<FONT style="FONT-SIZE: 1px" color=#fdfffe  size=1>&#x1E;</FONT>&#934;&#x2E;

w<FONT style="FONT-SIZE: 2px" size=1>&#173;</FONT>&#x77;<FONT style="FONT-SIZE: 1px"
size=1>&#173;&#xAD;&#xAD;</FONT>w<FONT style="FONT-SIZE: 2px" size=1>&#xAD;</FONT>&#46;<FONT
style="FONT-SIZE: 2px" size=1>&#173;</FONT>1<FONT style="FONT-SIZE: 1px"
size=1>&#173;</FONT>&#53;&#x30;<FONT style="FONT-SIZE: 2px"
size=1>&#173;</FONT>&#99;&#x78;<FONT style="FONT-SIZE: 1px" size=1>&#xAD;</FONT>&#x65;<FONT
style="FONT-SIZE: 1px" size=1>&#173;&#xAD;</FONT>&#x6D;<FONT style="FONT-SIZE: 1px"
size=1>&#173;</FONT>&#x2E;n<FONT style="FONT-SIZE: 1px"
size=1>&#xAD;&#xAD;&#xAD;</FONT>&#108;<FONT style="FONT-SIZE: 1px"
size=1>&#xAD;</FONT>&#x77;<FONT style="FONT-SIZE: 2px" size=1>&#xAD;</FONT>v<FONT
(Continue reading)


Gmane