Re: [PATCH V5 13/13] Documentation: add a section for /proc/<pid>/ns/
On 14/10/13, Serge E. Hallyn wrote:
Quoting Richard Guy Briggs (rgb(a)redhat.com):
> ---
Acked-by: Serge Hallyn <serge.hallyn(a)canonical.com>
(some nitpicking below)
Thanks, Richard. IMO this patchset is great at the moment. Now if I
checkpoint a container, migrate it to another machine, and restart it
there, the serial numbers will no longer match, but as the creations are
all logged, userspace can track the changed snum, so I don't believe
that is a problem. (Pretty sure we've discussed that before, mostly
mentioning it here to think through it myself)
In fact, these last two are included for completeness, but deprecated,
since as has been pointed out it is visible from inside the container.
I am expecting to drop the last two patches since the necessary
information is available to the audit logs in previous patches, which
can be made available to docker or other container supervisor.
> Documentation/filesystems/proc.txt | 16 ++++++++++++++++
> 1 files changed, 16 insertions(+), 0 deletions(-)
>
> diff --git a/Documentation/filesystems/proc.txt
b/Documentation/filesystems/proc.txt
> index ddc531a..c4bfd6f 100644
> --- a/Documentation/filesystems/proc.txt
> +++ b/Documentation/filesystems/proc.txt
> @@ -42,6 +42,7 @@ Table of Contents
> 3.6 /proc/<pid>/comm & /proc/<pid>/task/<tid>/comm
> 3.7 /proc/<pid>/task/<tid>/children - Information about task
children
> 3.8 /proc/<pid>/fdinfo/<fd> - Information about opened file
> + 3.9 /proc/<pid>/ns/<ns>{,_snum} - Information about process
namespaces
>
> 4 Configuring procfs
> 4.1 Mount options
> @@ -1744,6 +1745,21 @@ pair provide additional information particular to the objects
they represent.
> optional and may be omitted if no marks created yet.
>
>
> +3.9 /proc/<pid>/ns/<nstype>{,_snum} - Information about process
namespaces
> +--------------------------------------------------------------------------
> +These files provides information about the namespaces within which the process
s/provides/provide/
> +is contained. The files named only with the namespace type <nstype> contain
a
> +link that lists the containing namespace' inode number in its proc filesystem.
s/'/'s/
... Maybe add "And which can be used with setns(2)."
> +The files with suffix _snum contain a link that lists the containing
> +namespace' instance serial number, unique per kernel since boot. The
s/'/'s/
> +namespace types are self-describing.
> +
> +The output format of the inode links is:
> + <nstype>:[<inode_number>]
> +The output format of the serial number links is:
> + <nstype>_snum:[<serial_number>]
> +
> +
> ------------------------------------------------------------------------------
> Configuring procfs
> ------------------------------------------------------------------------------
> --
> 1.7.1
- RGB
--
Richard Guy Briggs <rbriggs(a)redhat.com>
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545