kernel-packages team mailing list archive

Thread
Date

[Bug 1560489] [NEW] cgroup namespaces: add a 'nsroot=' mountinfo field

To: kernel-packages@xxxxxxxxxxxxxxxxxxx
From: Tim Gardner <tim.gardner@xxxxxxxxxxxxx>
Date: Tue, 22 Mar 2016 13:34:56 -0000
Reply-to: Bug 1560489 <1560489@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

    
    [ note - this is a version of the patch I just sent to lkml ported to
      our xenial tree.  It's needed for things like docker and lxc to
      be certain of which cgroup tasks file is their own in certain nesting
      situations.  We currently work around it by blindly assuming that
      there are no legacy container managers running on cgroup-ns-enabled
      kernels ]
    
    One practical problem I've found with cgroup namespaces is that there
    is no way to disambiguate between a cgroupfs mount which was done in
    a cgroup namespace, and a bind mount of a cgroupfs directory.  So
    whether I do
    
    unshare --cgroup -- bash -c "mount -t cgroup -o freezer f /mnt; cat /proc/self/mountinfo"
    
    or whether I just
    
    mount --bind /sys/fs/cgroup/freezer/$(awk -F: '/freezer/ { print $3 }' /proc/self/cgroup) /mnt
    
    'mount root' field (field 3) in /proc/self/mountinfo will show the
    same thing, the result of awk -F: '/freezer/ { print $3 }' /proc/self/cgroup.
    
    This patch adds a 'nsroot=' field to cgroup mountinfo entries, so that
    userspace can distinguish a mount made in a cgroup namespace from a bind
    mount from a cgroup subdirectory.

** Affects: linux (Ubuntu)
     Importance: Undecided
     Assignee: Serge Hallyn (serge-hallyn)
         Status: Fix Committed

** Affects: linux (Ubuntu Xenial)
     Importance: Undecided
     Assignee: Serge Hallyn (serge-hallyn)
         Status: Fix Committed

** Also affects: linux (Ubuntu Xenial)
   Importance: Undecided
       Status: New

** Changed in: linux (Ubuntu Xenial)
       Status: New => Fix Committed

** Changed in: linux (Ubuntu Xenial)
     Assignee: (unassigned) => Serge Hallyn (serge-hallyn)

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1560489

Title:
  cgroup namespaces: add a 'nsroot=' mountinfo field

Status in linux package in Ubuntu:
  Fix Committed
Status in linux source package in Xenial:
  Fix Committed

Bug description:
      
      [ note - this is a version of the patch I just sent to lkml ported to
        our xenial tree.  It's needed for things like docker and lxc to
        be certain of which cgroup tasks file is their own in certain nesting
        situations.  We currently work around it by blindly assuming that
        there are no legacy container managers running on cgroup-ns-enabled
        kernels ]
      
      One practical problem I've found with cgroup namespaces is that there
      is no way to disambiguate between a cgroupfs mount which was done in
      a cgroup namespace, and a bind mount of a cgroupfs directory.  So
      whether I do
      
      unshare --cgroup -- bash -c "mount -t cgroup -o freezer f /mnt; cat /proc/self/mountinfo"
      
      or whether I just
      
      mount --bind /sys/fs/cgroup/freezer/$(awk -F: '/freezer/ { print $3 }' /proc/self/cgroup) /mnt
      
      'mount root' field (field 3) in /proc/self/mountinfo will show the
      same thing, the result of awk -F: '/freezer/ { print $3 }' /proc/self/cgroup.
      
      This patch adds a 'nsroot=' field to cgroup mountinfo entries, so that
      userspace can distinguish a mount made in a cgroup namespace from a bind
      mount from a cgroup subdirectory.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1560489/+subscriptions

Follow ups

[Bug 1560489] Re: cgroup namespaces: add a 'nsroot=' mountinfo field
From: Launchpad Bug Tracker, 2016-03-29