Bug 854604

Summary: [LXC] Containerize the value of /proc/sys/kernel/random/boot_id per PID namespace
Product: Red Hat Enterprise Linux 7 Reporter: Daniel Berrangé <berrange>
Component: kernelAssignee: Aristeu Rozanski <arozansk>
Status: CLOSED WONTFIX QA Contact: Red Hat Kernel QE team <kernel-qe>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.0CC: lpoetter
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-01-29 14:31:41 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Daniel Berrangé 2012-09-05 12:23:42 UTC 
Description of problem:
The /proc/sys/kernel/random/boot_id file provides a UUID that changes on each boot of a machine. The original intent was to allow emacs to determine if a lockfile for a PID was stale. systemd now also uses this UUID to tag log messages in the journal allowing query of logs per boot up.

The data for this file needs to be containerized so that apps can sensibly use it inside an LXC container. Based on discussion on the containers mailing list:

http://lists.linuxfoundation.org/pipermail/containers/2012-September/030194.html

We need to patch the kernel such that

 - Associate '/proc/sys/kernel/random/boot_id' with the pid namespace

 - Allow boot_id to be written to, only if it has not yet been
   read in the current pid namespace. (for migration use case)

 - Lazy generate a UUID for boot_id on first read in the current pid
   namespace, only if it has not previously been written to.

 - Add file to Documentation/ explaining the use case for the boot_id
   file and its semantics wrt to namespaces.

Version-Release number of selected component (if applicable):
kernel-3.5.0-0.24.el7

How reproducible:
Always

Steps to Reproduce:
1. cat /proc/sys/kernel/random/boot_id
2. unshare --pid cat /proc/sys/kernel/random/boot_id
  
Actual results:
Same UUID

Expected results:
Different UUIDs

Additional info:
Comment 1 Lennart Poettering 2012-09-11 15:46:27 UTC 
Hmm, I am not actually convinced that this really should be fixed in the kernel rather than in userspace.

PID namespaces have many users, beyond systems wich try to boot-up systems in them. For example web browsers use them to sandbox javascript apps. And for GNOME we want to add sandboxed native apps based on this too. In both cases the boot ID should probably not be different from the host system, as for these uses PID namespaces are more an isolation than a virtualization technique...

Overmounting the boot id in userspace is very easy, so I'd suggest doing this all in userspace where necessary.
Comment 2 Aristeu Rozanski 2013-01-29 14:25:03 UTC 
Daniel, any objections? If not, I'll close the bug.
Comment 3 Daniel Berrangé 2013-01-29 14:31:41 UTC 
Yeah, upstream didn't paticularly want to do it this way either