)]}'
{
  "commit": "44c9f058dae9dc5ca0ee82ecff458b9eb4f1bc23",
  "tree": "0fd7bc7574ee9a07fc2f208d8c350bb650ee68a1",
  "parents": [
    "62b4ef863a21f2947604f9ea3d3f525b7e0ceddb"
  ],
  "author": {
    "name": "Konstantin Khlebnikov",
    "email": "khlebnikov@yandex-team.ru",
    "time": "Fri Jun 01 22:18:02 2018 +0300"
  },
  "committer": {
    "name": "Eric W. Biederman",
    "email": "ebiederm@xmission.com",
    "time": "Sat Aug 11 02:05:53 2018 -0500"
  },
  "message": "pidns: introduce syscall translate_pid\n\nEach process have different pids, one for each pid namespace it belongs.\nWhen interaction happens within single pid-ns translation isn\u0027t required.\nMore complicated scenarios needs special handling.\n\nFor example:\n- reading pid-files or logs written inside container with pid namespace\n- writing logs with internal pids outside container for pushing them into\n- attaching with ptrace to tasks from different pid namespace\n\nGenerally speaking, any cross pid-ns API with pids needs translation.\n\nCurrently there are several interfaces that could be used here:\n\nPid namespaces are identified by device and inode of /proc/[pid]/ns/pid.\n\nPids for nested pid namespaces are shown in file /proc/[pid]/status.\nIn some cases pid translation could be easily done using this information.\nBackward translation requires scanning all tasks and becomes really\ncomplicated for deeper namespace nesting.\n\nUnix socket automatically translates pid attached to SCM_CREDENTIALS.\nThis requires CAP_SYS_ADMIN for sending arbitrary pids and entering\ninto pid namespace, this expose process and could be insecure.\n\nThis patch adds new syscall for converting pids between pid namespaces:\n\npid_t translate_pid(pid_t pid, int source, int target);\n\nPid-namespaces are referred file descriptors opened to proc files\n/proc/[pid]/ns/pid or /proc/[pid]/ns/pid_for_children.\nNegative argument points to current pid namespace.\n\nSyscall returns pid in target pid-ns or zero if task have no pid there.\n\nError codes:\nEBADF    - file descriptor is closed\nEINVAL   - file descriptor isn\u0027t pid namespace\nESRCH    - task not found in @source namespace\n\nTranslation could breach pid-ns isolation and return pids from outer pid\nnamespaces iff process already has file descriptor for these namespaces.\n\nExamples:\ntranslate_pid(pid, ns, -1)      - get pid in our pid namespace\ntranslate_pid(pid, -1, ns)      - get pid in other pid namespace\ntranslate_pid(1, ns, -1)        - get pid of init task for namespace\ntranslate_pid(pid, -1, ns) \u003e 0  - is pid is reachable from ns?\ntranslate_pid(1, ns1, ns2) \u003e 0  - is ns1 inside ns2?\ntranslate_pid(1, ns1, ns2) \u003d\u003d 0 - is ns1 outside ns2?\ntranslate_pid(1, ns1, ns2) \u003d\u003d 1 - is ns1 equal ns2?\n\nSigned-off-by: Konstantin Khlebnikov \u003ckhlebnikov@yandex-team.ru\u003e\nReanimated-by: Nagarathnam Muthusamy \u003cnagarathnam.muthusamy@oracle.com\u003e\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "3cf7b533b3d1304b44b5eefe7ab55cc09398b2c2",
      "old_mode": 33188,
      "old_path": "arch/x86/entry/syscalls/syscall_32.tbl",
      "new_id": "a2084708b49bc8ecb8f179921f9576eb4ef4767c",
      "new_mode": 33188,
      "new_path": "arch/x86/entry/syscalls/syscall_32.tbl"
    },
    {
      "type": "modify",
      "old_id": "f0b1709a5ffb2b0901d7f2492252876d17bc25a0",
      "old_mode": 33188,
      "old_path": "arch/x86/entry/syscalls/syscall_64.tbl",
      "new_id": "a9459e4632d452e06841be1feddf2613f1534e2b",
      "new_mode": 33188,
      "new_path": "arch/x86/entry/syscalls/syscall_64.tbl"
    },
    {
      "type": "modify",
      "old_id": "73810808cdf266e5cdcfc1e0c6b3af126a0bf4b1",
      "old_mode": 33188,
      "old_path": "include/linux/syscalls.h",
      "new_id": "a2b257d481185687480436c6d6d5776bfee84289",
      "new_mode": 33188,
      "new_path": "include/linux/syscalls.h"
    },
    {
      "type": "modify",
      "old_id": "2a2ac53d8b8bb845f25581b549a1ea4136564692",
      "old_mode": 33188,
      "old_path": "kernel/pid_namespace.c",
      "new_id": "3b872cbbe2640ddb8401152c3ea4189cfee22042",
      "new_mode": 33188,
      "new_path": "kernel/pid_namespace.c"
    },
    {
      "type": "modify",
      "old_id": "df556175be506902ae501f9bd2b0ddd01483c34c",
      "old_mode": 33188,
      "old_path": "kernel/sys_ni.c",
      "new_id": "ecf14093727482b0f7959c53ebe7e952fa448242",
      "new_mode": 33188,
      "new_path": "kernel/sys_ni.c"
    }
  ]
}