Handling unshare() and kernel namespaces

Robert O'Callahan robert at ocallahan.org
Sat Apr 18 03:13:13 UTC 2015


This is fixed on master now.

Getting pid namespaces to work was a bit of a pain. We can no longer use
the pids returned by system calls (i.e. fork/clone) because they might be
in a different pid namespace. Instead we observe the
PTRACE_EVENT_FORK/CLONE and stash a pointer to the new task where
process_fork/clone can find it.

ptrace is broken for non-initial pid namespaces, because our ptrace
emulation would require translation of pids between namespaces. It could be
fixed, but it won't be a big deal for sandbox use-cases since they
generally can't use ptrace so I'll ignore it for now. If people start using
rr on Linux containers it might become relevant.

Rob
-- 
oIo otoeololo oyooouo otohoaoto oaonoyooonoeo owohooo oioso oaonogoroyo
owoiotoho oao oboroootohoeoro oooro osoiosotoeoro owoiololo oboeo
osouobojoeocoto otooo ojouodogomoeonoto.o oAogoaoiono,o oaonoyooonoeo
owohooo
osoaoyoso otooo oao oboroootohoeoro oooro osoiosotoeoro,o o‘oRoaocoao,o’o
oioso
oaonosowoeoroaoboloeo otooo otohoeo ocooouoroto.o oAonodo oaonoyooonoeo
owohooo
osoaoyoso,o o‘oYooouo ofooooolo!o’o owoiololo oboeo oiono odoaonogoeoro
ooofo
otohoeo ofoioroeo ooofo ohoeololo.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/rr-dev/attachments/20150418/bd30488b/attachment.html>


More information about the rr-dev mailing list