Bug 854604 - [LXC] Containerize the value of /proc/sys/kernel/random/boot_id per PID namespace
Summary: [LXC] Containerize the value of /proc/sys/kernel/random/boot_id per PID names...
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: kernel
Version: 7.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: ---
Assignee: Aristeu Rozanski
QA Contact: Red Hat Kernel QE team
Depends On:
TreeView+ depends on / blocked
Reported: 2012-09-05 12:23 UTC by Daniel Berrangé
Modified: 2013-01-29 14:31 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2013-01-29 14:31:41 UTC
Target Upstream Version:

Attachments (Terms of Use)

Description Daniel Berrangé 2012-09-05 12:23:42 UTC
Description of problem:
The /proc/sys/kernel/random/boot_id file provides a UUID that changes on each boot of a machine. The original intent was to allow emacs to determine if a lockfile for a PID was stale. systemd now also uses this UUID to tag log messages in the journal allowing query of logs per boot up.

The data for this file needs to be containerized so that apps can sensibly use it inside an LXC container. Based on discussion on the containers mailing list:


We need to patch the kernel such that

 - Associate '/proc/sys/kernel/random/boot_id' with the pid namespace

 - Allow boot_id to be written to, only if it has not yet been
   read in the current pid namespace. (for migration use case)

 - Lazy generate a UUID for boot_id on first read in the current pid
   namespace, only if it has not previously been written to.

 - Add file to Documentation/ explaining the use case for the boot_id
   file and its semantics wrt to namespaces.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. cat /proc/sys/kernel/random/boot_id
2. unshare --pid cat /proc/sys/kernel/random/boot_id
Actual results:

Expected results:
Different UUIDs

Additional info:

Comment 1 Lennart Poettering 2012-09-11 15:46:27 UTC
Hmm, I am not actually convinced that this really should be fixed in the kernel rather than in userspace.

PID namespaces have many users, beyond systems wich try to boot-up systems in them. For example web browsers use them to sandbox javascript apps. And for GNOME we want to add sandboxed native apps based on this too. In both cases the boot ID should probably not be different from the host system, as for these uses PID namespaces are more an isolation than a virtualization technique...

Overmounting the boot id in userspace is very easy, so I'd suggest doing this all in userspace where necessary.

Comment 2 Aristeu Rozanski 2013-01-29 14:25:03 UTC
Daniel, any objections? If not, I'll close the bug.

Comment 3 Daniel Berrangé 2013-01-29 14:31:41 UTC
Yeah, upstream didn't paticularly want to do it this way either

Note You need to log in before you can comment on or make changes to this bug.