About this list Date view Thread view Subject view Author view Attachment view

From: Alex Lyashkov (shadow_at_psoft.net)
Date: Thu 14 Aug 2003 - 18:34:31 BST


On Thursday 14 August 2003 13:46, Paul Sladen wrote:
> On Thu, 14 Aug 2003, Herbert P÷tzl wrote:
> > On Thu, Aug 14, 2003 at 01:38:36AM +0200, Bodo Eggert wrote:
> > > Maybe you could change /proc/mounts into a symlink to /etc/mtab.
> >
> > would also be an option ... other suggestions?
>
> `/proc/mounts' is actually already a symlink to `/proc/self/mounts' which
> is the individual calling processes' namespace; this could probably be
> hard-coded to `../etc/mtab' [BUT, see below]:
>
> $ grep 'self/mounts' fs/proc/*.c
> fs/proc/proc_misc.c: proc_symlink("mounts", NULL, "self/mounts");
>
> The problem is that that would do it globally (it is done on bootup when
> procfs is first mounted), whereas leaving `/proc/mounts' pointing at the
> task's namespace will make it easier to do it per-task (really
> per-context).
>
> I think the fiddling needs doing in `fs/name{space,i}.c', although I
> haven't found where... There various things along the line of:
>
> while (mnt->mnt_parent != mnt)
> mnt = mnt->mnt_parent;
>
> So if it is within the current chroot, it stops iterating upwards,
> otherwise if it is outside. --We need to remove it if it is outside.
>
or create private disknamespace.
void s_context_init_vroot(struct s_context *s_context, struct nameidata *nd)
{
   memcpy(&s_context->vroot.vrootname, VROOTNAME, sizeof(VROOTNAME));
   s_context->vroot.vrootname[sizeof(s_context->vroot.vrootname)]=0;
/* sb start*/
   s_context->vroot.osb = nd->mnt->mnt_sb; /* for destroy/map */
/* sb end */

   #define vfs s_context->vroot.rootvfs
/* vfs start */
   /* vfs */
   vfs = clone_mnt(nd->mnt,nd->dentry);
   /*simple hack for fake device name*/
   kfree(vfs->mnt_devname);
   vfs->mnt_devname = &s_context -> vroot.vrootname[0];
   vfs->mnt_sb = s_context->vroot.vsb;
/* vfs end */

/* namespace start */
   /* cloned from namespace.c:init_mount_tree() */
   atomic_set(&s_context->vroot.names.count, 1);
   INIT_LIST_HEAD(&s_context->vroot.names.list);
   init_rwsem(&s_context->vroot.names.sem);
   list_add(&vfs->mnt_list,&s_context->vroot.names.list);

   s_context->vroot.names.root = mntget(vfs);
/* namespace end */

   s_context->vroot.vsb->s_type = nd->mnt->mnt_sb->s_type;
   s_context->vroot.vsb->s_root = vfs->mnt_root;
   s_context->vroot.vsb->s_op = s_context->vroot.osb->s_op;
   atomic_inc(&s_context->vroot.vsb->s_active);

   #undef vfs
}

> Also, have a quick skim (read) over:
>
>
> http://www.paul.sladen.org/vserver/aspcomplete/2000-08-25/ve-0.4.2-for-2.4.
>0-test6.diff.gz
>
> I just looked at it recently and noticed there are a couple of things in
> there. -It seems that virtuozzo sys_reboot() is causing all the processes
> in that context to be killed (something we could do with a function to
> cause).
>
> Secondly, grepping the virtuozzo diff, there's some patching to:
>
> follow_dotdot(), in fs/namei.c
>
> +#ifdef CONFIG_VE
> + if (nd->dentry == current->envid->fs_root &&
> + nd->mnt == current->envid->fs_rootmnt) {
> + read_unlock(&current->fs->lock);
> + break;
> + }
> +#endif
>
> [envid is equivalent to vserver's ctx]
>
> which maybe related...? (Or that could be chroot() protection).
>
chroot protection.
see what function patched.
"static inline void follow_dotdot(struct nameidata *nd)"
function using to follow nameidata structure when you walk up on directory
structure.

-- 
With best regards,
Alex


About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Fri 15 Aug 2003 - 00:07:42 BST by hypermail 2.1.3